Possible exploit?

Discussion in 'PS4 Jailbreak, Exploits & Hacks' started by Cashthepressure, Nov 5, 2019.

  1. 4
    2
    7
    Cashthepressure

    Cashthepressure Forum Noob

    Joined:
    Nov 5, 2019
    Messages:
    4
    Likes Received:
    2
    Trophy Points:
    7
    Gender:
    Male
    Just recently watched a set of videos on YouTube about how to create a custom patch on a jailbroken PS4 and a video on psx download helper. Might have discovered a loop hole to get custom patches on a non exploitable system. The whole act of psx download helper is to route files from your computer instead of genuine PlayStation servers right? So if you were to replace said game patch using download helper could you get the custom game patch. I know you’d risk a ban but I thought maybe it might be possible to try it. For the developers that can afford that type of thing.
     
    Yugonibblit likes this.
  2. 2,471
    2,451
    372
    Berion

    Berion Developer

    Joined:
    Feb 3, 2015
    Messages:
    2,471
    Likes Received:
    2,451
    Trophy Points:
    372
    Gender:
    Male
    Location:
    Poland
    No, You cannot because You cannot properly sign the package, You cannot create package which put files outside game meta and resources dirs, and You cannot sign executable to run it. If this would be allowed, PS4 would be hacked 1st day after launch. :P
     
  3. 12,394
    4,993
    497
    pinky

    pinky Retired Developer

    Joined:
    Mar 8, 2015
    Messages:
    12,394
    Likes Received:
    4,993
    Trophy Points:
    497
    Gender:
    Male
    Location:
    The Great Gig in the Sky
    afaik, the custom patch files are used to modify the original game without having to repackage the game. as you may know, games come as app.pkg on the system. the files are not decrypted from it until you run the game. I think that's why the app dumper works the way it does. the game must be bootable (legit pkg and license) or you can't dump the game.
     
    Yugonibblit likes this.
  4. 7,847
    9,084
    797
    DeViL303

    DeViL303 Developer PSX-Place Supporter

    Joined:
    Jan 23, 2016
    Messages:
    7,847
    Likes Received:
    9,084
    Trophy Points:
    797
    You answered your own question there. The Youtube videos you watched were about a "jailbroken system". That stuff is not possible on a "non exploitable system".
     
    Yugonibblit likes this.
  5. 2,471
    2,451
    372
    Berion

    Berion Developer

    Joined:
    Feb 3, 2015
    Messages:
    2,471
    Likes Received:
    2,451
    Trophy Points:
    372
    Gender:
    Male
    Location:
    Poland
    @pinky As I understand him, he want replace on the fly installing package from i.e game update to custom package camouflaged as it by 'man in the middle' attack (PS4 >> asking for files Sony servers >> PC spoof them and feed it by requested file (but our file not this from Sony >> PS4 installing it thinking that is kosher ^^ >> PS4 is hacked)). So he wants trick the PS4 to installed in official way something which wasn't blessed by guys from Sony by "their" secret number. And something like this is impossible from reasons I mentioned above. Just like on PS3 on fw beyond 3.55 (because on PS4 we never have private keys to do it so this is true for all her firmwares).
     
    Last edited: Nov 5, 2019
    Yugonibblit likes this.
  6. 4
    2
    7
    Cashthepressure

    Cashthepressure Forum Noob

    Joined:
    Nov 5, 2019
    Messages:
    4
    Likes Received:
    2
    Trophy Points:
    7
    Gender:
    Male
    the way I understood the signing process for update packages was through psx download helper because anything coming from a source other than psn wouldn’t be a signed package. Psx is a middle man like you said it freezes the authentication while it’s downloading on your pc to be pushed to the PS4 via Ethernet. With the authentication freeze wouldn’t it be possible to inject your own file structure into it?
     
    Yugonibblit likes this.
  7. 2,471
    2,451
    372
    Berion

    Berion Developer

    Joined:
    Feb 3, 2015
    Messages:
    2,471
    Likes Received:
    2,451
    Trophy Points:
    372
    Gender:
    Male
    Location:
    Poland
    You cannot "freeze authentication". The same moment when PS4 asks for *.pkg is the same moment, when it gets (so You must known what exactly direct network address to spoof), after getting it fully to HDD (or before, just probing the header alone) she taste it, if it's bad, reject it. You can do nothing on non jailbroken console in this matter. You need some kind of hack first like on i.e PSV (and if You would have, then Your idea loosing sense of doing it ;)).
     
    Yugonibblit likes this.

Share This Page