If you go back to the very first article ever posted on psx-place you will seen developer bigboss (aka psxdev) released details & information on reverse engineering of the PS4 EyE Toy. Now, The developer has released today Part 1: of Reversing PlayStation VR Device We know bigboss from various research on PlayStation Hardware, The PS4 EyE Toy, PS Move Controllers among others, but not the developer has set his sights on the PlayStatiion VR (PSVR), so reverse engineering of the Processor Unit that communicates to the PS4 is the target of discussion in Part 1. bigboss motivation and end goal with this research is having the ability to use the PSVR on other platforms.
First i need to give thanks to:
The title of this blog article explains very well about which is the main purpose of this blog entry. PlayStation VR (before known by Morpheus) is the new device from Sony for Virtual Reality marketplace. As you know there are a few actors right now in this marketplace:
- tokkyo_tw who shared usb dump captures from PlayStation VR and published the first code to begin work at https://github.com/tokkyo/PSVRTest
- nathan_the_red who shared a repository with interesting stuff about PlayStation VR at https://github.com/nathanleroux/PSVR_api
- Sony shared some open source code for PlayStation VR at http://doc.dl.playstation.net/doc/psvr-oss/
- Others vendors.
PlayStation VR need different parts:
- VR headset.
- Processor Unit.
- PlayStation 4
- PlayStation 4 Camera
- PlayStation Move and PlayStation dualshock
- TV with hdmi
Connection schema from Sony:
I have spoken already about PlayStation Move and PlayStation Camera here in this blog and about its new design in my twitter account:
So now we are going to speak about usb connection between Processor Unit and PlayStation 4 because we want to use PlayStation VR in other platform different than PlayStation 4.
Processor Unit is a black box, if you want to know more about it you will need two things:
1 was already published and 2 was shared by tokkyo_tw so...
- Information about hardware. Sony published morpheus_bridge source for 1.50 and 2.0 and it will give you good information about how usb device is build and detailed information about all their 9 interfaces.
- An usb dump made with a usb protocol hardware analyzer.
LET THE GAME BEGIN
What happen when you connect usb connector from Processor Unit to a Mac/PC?
Easy you can see a new usb device with these usb descriptors
You can check in morpheus_bridge source code that all information is already there.
Usb dump was done with:
- Software: USB Protocol Suite 7.35
USB Protocol Suite can be downloaded from here you must register your user to dowload it.
- Hardware: USBTrace 2500H
We are going to work with files from dump:
- connect-to-ps4 (psvr off).usb
- connect-to-ps4 (psvr on in game (rez))-then-vrmode-on.usb
- connect-to-ps4 (psvr on in game (rez)).usb
We will choose connect-to-ps4 (psvr off).usb file first opening it with USB Protocol Suite.
- switch-to-vr-mode (in rez).usb
With PlayStation Camera we got dump from beagle hardware analyzer from totalphase and their tool is multiplatform and easy to use for me.
USB Protocol Suite is for windows only and it is a little hard to use but task can be done with it.
After opening file, choose in menu View Apply Decoding Scripts and check that you have following interfaces and their usb class applied:
and in the endpoint option the same:
A problem that i find with this tool is that sometimes it can't put the right type of endponint , class and packet size , so check it with usb descriptors first.(Some weird sometimes identify some endpoint with bulk type when they are interrupt type check with usb descriptor that info is correct)
Choose in menu View Transfer Level and Hide all except Transfers options and in menu Report Detail, View Data and Decode Field View options.
After that we can go transfer by transfer to make our analysis.
I am not going to tech you how usb protocol works for that you have plenty of information, if you don't know about it stop here.
First transfers are about get device and config ,interaface and endpoint descriptors, basically a dump for all descriptors
For your reference these standard request transfer give you all information about device:
All these transfer can give you all usb descriptor for this device and you can compare with information in morpheus_bridge source and lsusb output. It is the same. Check Decoded Field View Tab to see values from these standard requests transfers.
- Transfer 4 device descriptor
- Transfer 11 configuration descriptor
- Transfer 12 all descriptor
- Transfer 13 status
Translation to c/c++ code with libusb api call is direct with all information from dump. All repoorts are described in morpheus_bridge source code so it's confirm all is fine.
TO BE CONTINUED
PS4 Part 1: Reversing PlayStation VR (PSVR) device [by bigboss]
By STLcardsWS on Oct 2, 2017 at 9:41 PM
Custom PKG on Retail PS4 - New method shown by flatz via videoHacker flatz is well known in the PlayStation Hacking community for many advancements and projects now is doing some things on his PS4 that contains 4.55 firmware. On his YouTube channel he released a new video titled "Custom PKG on retail PS4" which covers a demonstration on a PS4 (4.55) of an Installation of a Custom & also a Re-Packaged PKG file. While this is being demoed on a 4.55 flatz does state this should be easy to port to other firmwares (when a current firmware is exploited) and is a "bullet proof method in comparison" to 1.76. Flatz will soon share a write-up to achieve this task.Continue reading
Firmware 5.00 Userland Webkit Exploit on PS4 teased by qwertyoruiop (no Kernel Exploit)Here is some PS4 news/teases for 5.00 firmware, as a userland webkit exploit is shown via a screenshot from PS4 Hacker qwertyoruiop Twitter. You may recall this dev also showcased an exploit to v4.XX firmware in that past that was never released. Which the hacker was more then willing to share the news he had exploited the PS4 but did not have the same feeling of sharing the actual exploit as much as the news, sadly.. Will this 5.00 exploit be made public or will this exploit also be kept secret? Only time will tell as no details about a potential release has been stated at this point. About the exploit itself its only a userland webkit exploit that is being shown, so this means it will still require a kernel exploit to be like open in the same sense as 1.76. qwertyoruiop also states he has found a bug to exploit the kernel in v5.00, but has not did the exploiting of the bug quite yet. While this is exciting news and great work by the hacker. I would caution about getting too excited because this has the potential of never being released like the work in 4.XX previously detailed, but things are moving for the Ps4 so who knows....Continue reading
Zelda Time to Triumph: New Port from usineurFollowing the released ports of Zelda ROTH (Return of the Hylian) & Zelda Oni Link's Begin for Vita/Pstv, the third port comes to the community from developer usineur with the release of Zelda Time to Triumph to complete the three game trilogy of the fan-made created series that extends the story of Zelda from Vincent Jouilat's perspective, This is a welcome port to the Vita as it serves as great editions to the ealier work of both usineur and Rinnegatamante.Continue reading
Share This Page
- 4.81 cfw
- henkaku homebrew
- homebrew game
- playstation 2
- playstation 2 emulator
- playstation 2 resources
- playstation portable
- playstation portable cfw
- playstation portable emulator
- playstation portable resources
- playstation tv
- ps tv
- ps vita
- ps2 emulator
- ps2 resources
- ps3 cfw
- ps3 homebrew
- psp cfw
- psp emulator
- psp resources
- pstv homebrew
- vita homebrew
- vita tv
- webman mod
- xmb mod
- User Record:
- Latest Member:
MegaMan- War of the Past OpenBOR OPL ready ISO -Neill Corlett
A simple upgrade for the official shell