Editing System Software Downgrade
Jump to navigation
Jump to search
The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.
Latest revision | Your text | ||
Line 1: | Line 1: | ||
= Firmware Revert = | = Firmware Revert = | ||
By dumping with hardware Syscon memory and flash memory of a specific PS4 console, one can update the System Software of this PS4 to any version then whenever | By dumping with hardware Syscon memory and flash memory of a specific PS4 console, one can update the System Software of this PS4 to any version then whenever he wants, restore the dumps in order to restore the older firmware. Then it is required to either restore a HDD dump from that Firmware or to reinstall Firmware with PUP. | ||
= Actual Downgrade = | = Actual Downgrade = | ||
Line 11: | Line 11: | ||
=== SNVS modification === | === SNVS modification === | ||
Current Firmware version is stored in Syscon | Current Firmware version is stored in Syscon SNVS. SNVS is an area encrypted with per-console keys. SNVS encryption is handled by SAMU. | ||
See the research done by fail0verflow on PS4 Syscon. [https://fail0verflow.com/blog/2018/ps4-syscon] | See the research done by fail0verflow on PS4 Syscon. [https://fail0verflow.com/blog/2018/ps4-syscon] | ||
Line 17: | Line 17: | ||
=== SPKG decryption === | === SPKG decryption === | ||
Modoru is a | Modoru is a PSVita Firmware downgrader made by TheFloW. It relies on the fact that PSVita checks current Firmware version in its secure processor, but even on such error it decrypts successfully SPKG and returns data to kernel. All modoru has to do is to hook some functions in the updater. It does not require a secure processor hack at all, except for 3 things: | ||
- when TheFloW made modoru, he had access to all | - when TheFloW made modoru, he had access to all PSVita secure processor keys and binaries, allowing him to ensure downgrade would work. Doing it blind would have been dangerous for his tester' PSVitas and he could not even have been sure it would work. | ||
- when downgrading from a recent Firmware to a very old Firmware where SPKG keys where different: need old secure processor keys to decrypt SPKGs in modoru directly without asking secure processor as it does not contain these old keys. | - when downgrading from a recent Firmware to a very old Firmware where SPKG keys where different: need old secure processor keys to decrypt SPKGs in modoru directly without asking secure processor as it does not contain these old keys. | ||
- when downgrading from a very recent Firmware, checks have been added in secure processor: need secure processor patching to bypass current Firmware check. | - when downgrading from a very recent Firmware, checks have been added in secure processor: need secure processor patching to bypass current Firmware check. | ||
See | See PSVita downgrader: Modoru by TheFloW. [https://github.com/TheOfficialFloW/modoru] | ||
== Official Current Firmware Version Bypass == | == Official Current Firmware Version Bypass == | ||
Line 28: | Line 28: | ||
=== ConsoleId === | === ConsoleId === | ||
PS4 non-retail models like TestKit, DevKits and Prototypes are allowed to downgrade. If PS4 ConsoleId becomes editable, thanks to a SAMU hack maybe, that would unlock official way of | PS4 non-retail models like TestKit, DevKits and Prototypes are allowed to downgrade. If PS4 ConsoleId becomes editable, thanks to a SAMU hack maybe, that would unlock official way of bitchid? | ||
=== QA flags === | === QA flags === | ||
Any QA flagged PS4 can downgrade. | Any QA flagged PS4 can downgrade. |