- Following up on reporting the PS4 Vulnerable to Heartbleed
rumor, today PlayStation 4 developer cfwprophet
made available a PS4 AC1D Flash Tool Manager GUI application which can read and write from the PS4 Macronix NOR Flash chip with the use of a Teensy++ 2.0 USB development board and judges
' SPIWay.py script
/ PS4 AC1D Flash Tool
(Mirror) / PS4 AC1D Flash Tool GIT
/ Useful Libraries
/ Useful Libraries GIT
PS4 AC1D Flash Manager
(c) cfwprpht [Free to use for Every One !!]
What it is?
This is a Tool to handle the PS4 Macronix NOR Flash. It can Read/Write the Chip with use of Teensy++ 2.0 USB Dev Board. But there for the Tool is more only a GUI cause it use @judges SPIWay.py script for the Read/Write part.
Then the Tool can validate a PS4 NOR Dump and Display the infos of your Console in the GUI. If you want you can also store your console infos in a database text file.
It comes with the Python 2.7 and Python Serial Installer and will check if you have both installed or not. But at least it hase a own extracter and can extract a PS4 NOR Dump file as well a SLB2 Container. The validator Routine isn't perfect right now and even give me on my own dump on 3 of 33 Arrays to check a false negative. This is mostly to do that there need to be done more investigation on Console specific Marks and such they are present on all Consoles.
But right now there isn't much use for the end user so i still have time to correct that. In case of your a Dev and want to write a Dump to your consoles flash that do not validate, then just create a empty txt file with the name "developer.conf". This will enable the Tool to activate all blocked buttons.
So you may ask for what the SPIway.bat will be ?
- ConsoleControle.dll - is a librarie from Dave Kerr
- ProcessInterface.dll - is a librarie from Dave Kerr
- SPIway.py - is a script from Judges
- Log.dll - is a librarie from me (cfwprophet)
- Tools.dll - is a librarie from me (cfwprophet)
- nor4ps.dll - is a librarie from me (cfwprophet)
- SLB2.dll - is a librarie from me (cfwprophet)
It's simpli. VisualStudio can't handle the python script. For that a python integration to Visual Studio
will be needed. There are allready projects for that but in a beta phase. So we use the .batch to kind
of spoof the python script. In case VS understand and can handle .bat's we just do the same within the .bat what we otherwise would do with the python script in VS. We do a "Call" and execute the python script with the needed arguments.
What to do?
Credits and Greets:
- Adjust the validator Routine for the PS4 NOR flash.
- Include a Flash Patcher Routine.
- (Or) Activate diff Write. (which is already included into judges SPIway.py script).
- Finish the vdump function which will verify the dumped data against the data on Chip.
- Modify Console Control to match even more needs. (Like a way to check and wait for the current process to be done without the affect that your whole code stops and will cause a crash of your app).
- Judges for his SPIway.py script (many thx)
- Dave Kerr for his Console Controle Class librarie
- eussNL for his affinity about the DevWiki (woop woop)
- flatz for his PS4 unPKG.py script
- grafchockolo for all his amazing work on the PS3 (i will always credit you in any scene releaded stuff thank you for everything you have done. We would need more guys like you in the Sony PlayStation Hacking Scene)
- KDSBest for beeing a Mentor and a god friend to me
- GotNoUsername you know why and that's enough
- All Devwiki Contributors !! (information have to be free to every one)
- Pockets69, Sandungas, Helsing9, GregoryRasputin, t000, Ada, _NiceShot, ******.net, ******.net, psx-scene.com and everyone else i forgot....(wink, wink)
Some usefull Libraries also Released !!
Finally, from cfwprophet
: First the PS4 is a little bit diff guys. And one importend part i've learned this GEN - a Flash Chip shouldn't be readed from the Device it self. It all Depends on the used device but in case of PS4 the Macronix Flash is within a circuit of some other Chip.
Especially is he in the same sircuit like the MediaCon. If you know trie to boot the Macrnoix Flash while the console is off you will also boot the MediaCon or parts of it. In the end you won't get any data nor a signal nor a ping from the teensy it self and in worst case you even could maybe damage something on the MB.
But at the point we would need a flash on the PS4, there will be modders, as every time, like me they will you solder a socket onto your PS4 MB for around 20€. If you don't want to buy a flasher and already have a socket on your MB you just need to send me your FW, i'll patch it and if your come i just flash the already patched CFW onto your Macronix with the help of the socket for around 5€ for the flash part.
Hell it's just a socket where you do a kind of hot swap with the flash chip and done. About the speed, a normall Dump will take arround 2.50 min's. A write process arround 4 min's. So fast enough for a 20€ Open Source Flasher
o.O There isn't even a exploit nor that we have a way to decrypt any of the internal PS4 files nor that we have access to any of them. So no there is not a CFW coming.