Homebrew Enabler: Difference between revisions

From PS4 Developer wiki
Jump to navigation Jump to search
No edit summary
No edit summary
Line 18: Line 18:


Older versions are available at:
Older versions are available at:
* [https://github.com/SiSTR0/ps4-hen-vtx/tree/672 PS4HEN v2.1.3 for 6.72 by vortex and Sistro (2020-08-08)]
* [https://github.com/SiSTR0/ps4-hen-vtx/tree/672 PS4HEN v2.1.3 for 6.71-6.72 by vortex and Sistro (2020-08-08)]
* [https://github.com/xvortex/ps4-hen-vtx PS4HEN v2.1.3 for 4.05/4.55/5.05 by vortex and Sistro (2020-03-13)]
* [https://github.com/xvortex/ps4-hen-vtx PS4HEN v2.1.3 for 4.05/4.55/5.05 by vortex and Sistro (2020-03-13)]
* [https://github.com/VV1LD/PS4HEN PS4HEN by wildcard (2018-10-24)]
* [https://github.com/VV1LD/PS4HEN PS4HEN by wildcard (2018-10-24)]
Line 37: Line 37:
**Large support: PS4 versions from 7.00 to 11.00
**Large support: PS4 versions from 7.00 to 11.00
**Homebrew Enabler (HEN)
**Homebrew Enabler (HEN)
**Jailbreak ?i.e.?
**Process sandbox escape
**Process sandbox escape
**Debug Settings
**Debug Settings
Line 101: Line 100:
Supported in EchoStretch's repository.
Supported in EchoStretch's repository.


== MiraCFW ==
== Mira HEN / CFW ==


The Mira Project is a set of tools that grants you more power and control over your jailbroken PlayStation 4. It is the result of all the hard work by the OpenOrbis team.
The Mira Project is a set of tools that grants you more power and control over your jailbroken PlayStation 4. It is the result of all the hard work by the OpenOrbis team.
Line 198: Line 197:
* Settings menu hooks: LightningMods, Sistro
* Settings menu hooks: LightningMods, Sistro
* Plugins, daemons and modules linking: valentinbreiz, LightningMods, Sistro, kiwidog, golden, Seremo
* Plugins, daemons and modules linking: valentinbreiz, LightningMods, Sistro, kiwidog, golden, Seremo
* CE-30391-6 Error CMOS Fix: ?
* CE-30391-6 Error CMOS Fix: ?Sistr0?
* Internal PKG installation support (/data/pkg): OSM
* Internal PKG installation support (/data/pkg): OSM
* debugging tools, RPC, ptrace, GDB: jogolden/xemio, OSM for Orbis Toolbox, ChendoChap, 2much4u, m0rph3us1987, ChendoChap, sleirsgoevy
* debugging tools, RPC, ptrace, GDB: jogolden/xemio, OSM for Orbis Toolbox, ChendoChap, 2much4u, m0rph3us1987, ChendoChap, sleirsgoevy
Line 239: Line 238:
z80
z80
</pre>
</pre>
= HEN Features =
This section describes the most common features of PS4 Homebrew enablers.
== Homebrew Enabler (HEN) ==
* allows retail/unactivated Kit PS4 to run fSELF
* llows retail/unactivated Kit PS4 to install fPKG
== Process sandbox escape ==
* fSELF has system permissions, for example RW access to all filesystem partitions
== Bypass Firmware Checks ==
The PS4 System Software is full of version checks, and it should be noted that a best practice is to disable version checks than to spoof a specific version.
=== Newer SDK fPKG installation Allowed ===
fPKGs built with a more recent SDK cannot be installed on a PS4 running an older System Software version.
This feature disables some version checks.
=== PS VR Support ===
To enable PS VR on out-of-date PS4, version checks must be disabled.
* Good method that disables SceSblSysVer check: https://github.com/EchoStretch/ps4-hen-vtx/blob/1e78e06cce1a58718eafc978609272203fd9a937/kpayload/source/patch.c#L278
=== Remote Play Enabler ===
To enable Remote Play, it is required to disable version checks and internet connection check.
* https://github.com/EchoStretch/ps4-hen-vtx/blob/1e78e06cce1a58718eafc978609272203fd9a937/kpayload/source/patch.c#L389
== Debug Settings ==
* https://github.com/EchoStretch/ps4-hen-vtx/blob/1e78e06cce1a58718eafc978609272203fd9a937/kpayload/source/patch.c#L374
== External HDD Support ==
== External HDD Format Support ==
== Remote Package Install ==
== Rest Mode Support ==
This is not really a feature but a lack of bug.
== Debug Trophies Support ==
Enable Debug trophies on non Kit/QA PS4 consoles.
* https://github.com/EchoStretch/ps4-hen-vtx/blob/1e78e06cce1a58718eafc978609272203fd9a937/kpayload/source/patch.c#L266
== sys_dynlib_dlsym Patch ==
The sys_dynlib_dlsym should be already included in any kernel exploit, not in a HEN.
== UART Enabler ==
== Never Disable Screenshot ==
Circumvents the "HDMI CEC" protection that disables the PS4 screenshot feature during some movie scenes.
* https://github.com/EchoStretch/ps4-hen-vtx/blob/1e78e06cce1a58718eafc978609272203fd9a937/kpayload/source/patch.c#L272
== FW Update Block ==
Prevents the automatic or accidental download of newer System Software update package ([[PUP]] file) to avoid definitely losing HEN after reboot.
* Method 1 by Silica and CelesteBlue: https://github.com/EchoStretch/ps4-hen-vtx/blob/1e78e06cce1a58718eafc978609272203fd9a937/installer/source/main.c#L241
* Method 2 (probably better) by jogolden: https://github.com/jocover/ps4-hen-vtx/blob/1e44ea9af2ecaa951601c8dae4c723b7586b2589/installer/source/main.c#L103

Revision as of 23:44, 26 October 2024

An homebrew is any piece of code that has not been directly done by Sony. For example, PS4Xplorer is a fan made file manager in form of a application.

A HEN, abbreviation of Homebrew ENabler, is a software or hardware method that unlocks the ability to execute homebrews. On PS4, HEN are mainly some kernel payloads that must be run once on each console boot, and executed through a kernel exploit. It works differently to the custom firmware experience on PlayStation 3, where CFW would be installed on the system via modified PUP files (e.g. Rebug CFW PUP). However once the framework is installed and ran, it gives users the same functionality they were previously used to.

List of PS4 homebrew enablers

The choice of the HEN to use for a PS4 console relies on which System Software version is installed and on which exploit chain is used to launch the HEN.

For non-developers, PS4HEN is the default choice whilst for developers it might be MiraCFW. GoldHEN is a closed source alternative to PS4HEN that might have more features (to be documented).

PS4HEN

PS4HEN is the first modern HEN released for PS4, based on flatz's writeups on how to enable PS4 fPKG installation and loading.

Source code

The source code of the latest version of PS4HEN is available on EchoStretch's github repository (2024-08-23).

Older versions are available at:

Supported versions

PS4HEN v2.1.3 by vortex and Sistro supports:

4.05, 4.55, 5.05, 6.71, 6.72.

PS4HEN v2.1.5 by EchoStretch supports every PS4 versions from 7.00 to 11.00:

7.00, 7.02, 7.50, 7.51, 7.55, 8.00, 8.01, 8.03, 8.50, 8.52, 9.00, 9.03, 9.04, 9.50, 9.51, 9.60, 10.00, 10.01, 10.50, 10.70, 10.71, 11.00.

Features

    • Large support: PS4 versions from 7.00 to 11.00
    • Homebrew Enabler (HEN)
    • Process sandbox escape
    • Debug Settings
    • External HDD Support
    • VR Support
    • Remote Package Install
    • Rest Mode Support
    • External HDD Format Support
    • Bypass Firmware Checks
    • Debug Trophies Support
    • sys_dynlib_dlsym Patch
    • UART Enabler
    • Never Disable Screenshot
    • Remote Play Enabler
    • FW Update Block

<= 1.76

2.00-3.70

There is currently no supported HEN for 2.00-3.70 PS4 because of the initial lack of usermode or kernel exploits supporting these versions.

A possibility would be to directly backport the pppwn exploit (from 9.00), or to chain the BD-JB usermode exploit (from 9.00) with the exFAThax kernel exploit (from 9.00).

4.00-4.01

To be backported from 4.05.

4.05

Supported in vortex's repository.

4.06-4.07

To be ported from 4.05.

4.50-4.55

Supported in vortex's repository.

4.70-4.74

Used to be ported from 5.05 by CelesteBlue on zecoxao's repository which was removed.

5.00-5.03

To be backported from 5.05.

5.05-5.07

Supported in vortex's repository.

6.00-6.71

To be backported from 6.72.

6.72

Supported in Sistro's repository.

7.00-11.00

Supported in EchoStretch's repository.

Mira HEN / CFW

The Mira Project is a set of tools that grants you more power and control over your jailbroken PlayStation 4. It is the result of all the hard work by the OpenOrbis team.

Source code

Supported versions

4.05 (WiP), 4.55 (WiP), 4.74, 5.01, 5.03, 5.05, 6.20 (WiP), 6.72

Features

    • Homebrew Enabler (HEN)
    • Emulated Registry (EmuReg)
    • Emulated NVS (EmuNVS)
    • Kernel Debugger
    • Remote GDB
    • System-level FUSE implementation (Experimental, WIP)
    • Load SPRX modules + IAT + Function Hooking
  • Additional features include:
    • Mount and decrypt local gamesaves (WIP)
    • Transfer files to and from the HDD
    • Implement your own kernel plugins (RPC using protobuf)
    • Implement your own usermode trainers (hooks included)
    • Dump per-console HDD encryption keys

GoldHEN

GoldHEN is a closed source derivative of PS4HEN based on vortex's which adds more features.

Source code

GoldHEN is closed source.

Supported versions

5.05, 6.71, 6.72, 9.00, 9.60, 10.00, 10.01, 11.00

Features

    • Homebrew Enabler (HEN)
    • Debug Settings
    • VR Support
    • Remote Package Install
    • Rest Mode Support
    • External HDD Support
    • Official External HDD Format Support
    • Debug Trophies Support
    • sys_dynlib_dlsym Patch
    • UART Enabler
    • Never Disable Screenshot
    • Remote Play Enabler
    • FW Update Block
    • FTP Server on 2121 port
    • BinLoader Server on 9090 port
    • Klog Server on 3232 port
    • CE-30391-6 Error CMOS Fix
    • Integrated Cheat Menu
    • Integrated FPS Counter
    • Plugins support
    • TitleId label feature
    • Scanlines overlay
    • Internal pkg installation support (/data/pkg)

Warnings

  • The BinLoader server is in an experimental phase but in any case there are several payloads around, some even not very well done, which can also be harmful and in the best case only crash the console. So use it with caution. Developers have tried to work out to support all payloads possible but no guarantees can be given on this. Obviously, the developers do not take any responsibility in case of use of payloads not made by reputable sources.
  • The Cheat Menu is experimental so use with caution. Please report cheat related issues to the cheat author(s).

Credits

This sections aims to thank every contributor that made HEN on PS4.

Exploits makers

Without usermode and/or kernel exploits, HEN on PS4 would not have been possible apart from running only on activated PS4 TestKit and DevKit machines. So any contributor to PS4 Vulnerabilities discovery and implementation can be thanked.

Features maker

This section is a WiP.

Credits are here classified by features unlocked by HEN.

  • payload SDK: CTurt, vortex, AlAzif, ...
  • fPKG installation and HEN: hitodama, psxdev, flatz, idc, wildcard, zecoxao, maxton, CrazyVoid, kiwidog, TheoryWrong, balika011, Zer0xFF, ...
  • Debug Settings: z80, zecoxao, ...
  • FW Update Block: Silica (from PS Vita scene) and CelesteBlue
  • Never Disable Screenshot: Biorn1950
  • FTP Server: xerpi, Hippie68, ...
  • Settings menu hooks: LightningMods, Sistro
  • Plugins, daemons and modules linking: valentinbreiz, LightningMods, Sistro, kiwidog, golden, Seremo
  • CE-30391-6 Error CMOS Fix: ?Sistr0?
  • Internal PKG installation support (/data/pkg): OSM
  • debugging tools, RPC, ptrace, GDB: jogolden/xemio, OSM for Orbis Toolbox, ChendoChap, 2much4u, m0rph3us1987, ChendoChap, sleirsgoevy
  • RE tools: aerosoul, AlexAltea, SocraticBliss, Astrelsky, kozarovv
  • Game patches: Illusion
  • Cheat manager: Sistro, bucanero, ctn123 (see [1]), zy1911, hurrican6, Shinigami, PS4 game cheat developers who shared their trainers
  • Keys dump (EAP HDD, etc.): flatz
  • Offsets porting: zecoxao, AlAzif, samsepi0l/ethylamine, kozarovv, Joonie, z80, CelesteBlue, EchoStretch, BestPig and many more
  • Unclassified yet: sugarleaf, eeply, lordfriky
  • Maybe related: mistawes, apache, hydrogen

Maintainers

Maintaining a HEN consists in adding support to more and more System Software versions, fixing reported HEN bugs, adapting HEN to new exploit chains and ensuring homebrews compatibility.

By reverse chronological order:

  • EchoStretch
  • Joonie
  • AlAzif
  • Sistr0
  • vortex
  • wildcard
  • idc
  • hitodama

Testers

This section is a WiP. 

SCORPION (https://twitter.com/SCORPION1399)
KiiWii (https://twitter.com/defaultdnb)
Leeful74 (https://twitter.com/leeful74)
Big_Wadger
EchoStretch
Opoisso893 (https://twitter.com/opoisso893)
mbcrumb
MODDED WARFARE
vapour
z80

HEN Features

This section describes the most common features of PS4 Homebrew enablers.

Homebrew Enabler (HEN)

  • allows retail/unactivated Kit PS4 to run fSELF
  • llows retail/unactivated Kit PS4 to install fPKG

Process sandbox escape

  • fSELF has system permissions, for example RW access to all filesystem partitions

Bypass Firmware Checks

The PS4 System Software is full of version checks, and it should be noted that a best practice is to disable version checks than to spoof a specific version.

Newer SDK fPKG installation Allowed

fPKGs built with a more recent SDK cannot be installed on a PS4 running an older System Software version.

This feature disables some version checks.

PS VR Support

To enable PS VR on out-of-date PS4, version checks must be disabled.

Remote Play Enabler

To enable Remote Play, it is required to disable version checks and internet connection check.

Debug Settings

External HDD Support

External HDD Format Support

Remote Package Install

Rest Mode Support

This is not really a feature but a lack of bug.

Debug Trophies Support

Enable Debug trophies on non Kit/QA PS4 consoles.

sys_dynlib_dlsym Patch

The sys_dynlib_dlsym should be already included in any kernel exploit, not in a HEN.

UART Enabler

Never Disable Screenshot

Circumvents the "HDMI CEC" protection that disables the PS4 screenshot feature during some movie scenes.

FW Update Block

Prevents the automatic or accidental download of newer System Software update package (PUP file) to avoid definitely losing HEN after reboot.

Retrieved from "http://www.psdevwiki.com/ps4/index.php?title=Homebrew_Enabler&oldid=294039"