Editing System Software Downgrade

Jump to navigation Jump to search
Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.

Latest revision Your text
Line 1: Line 1:
= Firmware Revert =
= Firmware Revert =


By dumping with hardware Syscon memory and flash memory of a specific PS4 console, one can update the System Software of this PS4 to any version then whenever necessary, restore the dumps in order to restore the older firmware. Then it is required to either restore a HDD dump from that Firmware or to reinstall Firmware with PUP.
By dumping with hardware Syscon memory and flash memory of a specific PS4 console, one can update the System Software of this PS4 to any version then whenever he wants, restore the dumps in order to restore the older firmware. Then it is required to either restore a HDD dump from that Firmware or to reinstall Firmware with PUP.


= Actual Downgrade =
= Actual Downgrade =
Line 11: Line 11:
=== SNVS modification ===
=== SNVS modification ===


Current Firmware version is stored in Syscon Secure [[Non Volatile Storage]]. SNVS is an area encrypted with per-console keys. SNVS encryption is handled by SAMU.
Current Firmware version is stored in Syscon SNVS. SNVS is an area encrypted with per-console keys. SNVS encryption is handled by SAMU.


See the research done by fail0verflow on PS4 Syscon. [https://fail0verflow.com/blog/2018/ps4-syscon]
See the research done by fail0verflow on PS4 Syscon. [https://fail0verflow.com/blog/2018/ps4-syscon]
Line 17: Line 17:
=== SPKG decryption ===
=== SPKG decryption ===


Modoru is a PS Vita Firmware downgrader made by TheFloW. It relies on the fact that PS Vita checks current Firmware version in its secure processor, but even on such error it decrypts successfully SPKG and returns data to kernel. All modoru has to do is to hook some functions in the updater. It does not require a secure processor hack at all, except for 3 things:
Modoru is a PSVita Firmware downgrader made by TheFloW. It relies on the fact that PSVita checks current Firmware version in its secure processor, but even on such error it decrypts successfully SPKG and returns data to kernel. All modoru has to do is to hook some functions in the updater. It does not require a secure processor hack at all, except for 3 things:
- when TheFloW made modoru, he had access to all PS Vita secure processor keys and binaries, allowing him to ensure downgrade would work. Doing it blind would have been dangerous for his tester' PS Vitas and he could not even have been sure it would work.
- when TheFloW made modoru, he had access to all PSVita secure processor keys and binaries, allowing him to ensure downgrade would work. Doing it blind would have been dangerous for his tester' PSVitas and he could not even have been sure it would work.
- when downgrading from a recent Firmware to a very old Firmware where SPKG keys where different: need old secure processor keys to decrypt SPKGs in modoru directly without asking secure processor as it does not contain these old keys.
- when downgrading from a recent Firmware to a very old Firmware where SPKG keys where different: need old secure processor keys to decrypt SPKGs in modoru directly without asking secure processor as it does not contain these old keys.
- when downgrading from a very recent Firmware, checks have been added in secure processor: need secure processor patching to bypass current Firmware check.
- when downgrading from a very recent Firmware, checks have been added in secure processor: need secure processor patching to bypass current Firmware check.


See PS Vita downgrader: Modoru by TheFloW. [https://github.com/TheOfficialFloW/modoru]
See PSVita downgrader: Modoru by TheFloW. [https://github.com/TheOfficialFloW/modoru]


== Official Current Firmware Version Bypass ==
== Official Current Firmware Version Bypass ==
Line 28: Line 28:
=== ConsoleId ===
=== ConsoleId ===


PS4 non-retail models like TestKit, DevKits and Prototypes are allowed to downgrade. If PS4 ConsoleId becomes editable, thanks to a SAMU hack maybe, that would unlock official way of downgrading.
PS4 non-retail models like TestKit, DevKits and Prototypes are allowed to downgrade. If PS4 ConsoleId becomes editable, thanks to a SAMU hack maybe, that would unlock official way of bitchid?


=== QA flags ===
=== QA flags ===


Any QA flagged PS4 can downgrade.
Any QA flagged PS4 can downgrade.
Please note that all contributions to PS4 Developer wiki are considered to be released under the GNU Free Documentation License 1.2 (see PS4 Developer wiki:Copyrights for details). If you do not want your writing to be edited mercilessly and redistributed at will, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource. Do not submit copyrighted work without permission!

To protect the wiki against automated edit spam, we kindly ask you to solve the following hCaptcha:

Cancel Editing help (opens in new window)