Skip to content

Al-Azif/ps4-cfw-toolkit

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits

.vscode

.vscode

 
 

external

external

 
 

include

include

 
 

src

src

 
 

.clang-format

.clang-format

 
 

.gitignore

.gitignore

 
 

.gitmodules

.gitmodules

 
 

CMakeLists.txt

CMakeLists.txt

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

keys.json.template

keys.json.template

 
 

Repository files navigation

"CFW" Toolkit

Codacy Badge

With the proper keys, all of which can be obtained from the console, you can decrypt AND properly encrypt the following binary images:

  • EAP KBL (Kernel Boot Loader)
  • EAP Kernel
  • EMC IPL (Initial Program Load)
  • Syscon (Both Patch and Full)

What's missing as far as custom code running EVERYWHERE, that's not currently supported within this repo:

  • SAMU IPL (Encrypted with PCKs within Sflash and signed with private keys)
    • Required for PS3 style CFW where you just install a PUP
    • Private keys are NOT on the console
    • Seven revisions
  • SELF Files (Encrypted and signed with private keys)
    • Would not matter if SAMU IPL is broken/custom
    • Private keys are NOT on the console
  • Bluetooth/WiFi FW (Not encrypted or signed. One of them is packed, it's just a ZIP)
    • Three revisions
  • BD Drive FW (Haven't looked at it)
    • Six revisions
  • USB SATA Bridge FW (Haven't looked at it)
    • One revision
  • Communication Processor FW (Haven't looked at it)
    • Devkit only
    • One revision

Requirements

  • C++ Compiler (Clang >= 9.00 Recommended)
  • CMake >=3.10.2
  • gflags
  • glog
  • OpenSSL (1.1.1 Recommended)
    • >=3.0.0 will raise warnings for depreciated low level API usage. With the included C++ flags warning are errors.

EAP

Synopsis

Decrypts/Encrypts EAP KBL (Kernel Boot Loader) images. Located at /dev/sflash0s0x33

Usage

Flags

-decrypt (Run in decryption mode) type: bool default: false
-encrypt (Run in encryption mode) type: bool default: false
-input (Path of the EAP KBL file to load) type: string default: "C0010001"
-keys (Path of the key file to load) type: string default: "keys.json"
-output (Path to save the output EAP KBL file) type: string default: "C0010001.modified"
-revision (Which southbridge revision keyset to use. Only used for encryption ("AEOLIA", "BELIZE", "BELIZE 2", or "BAIKAL")) type: string default: ""

EAPK

Synopsis

Decrypts/Encrypts EAP Kernel images. Located at /dev/da0x2

Usage

Flags

-decrypt (Run in decryption mode) type: bool default: false
-encrypt (Run in encryption mode) type: bool default: false
-input (Path of the EAP kernel file to load) type: string default: "eap_kernel"
-keys (Path of the key file to load) type: string default: "keys.json"
-keyset (Which keyset to use. Only used for encryption ("0", "1", "2", or "3")) type: int32 default: -1
-output (Path to save the output EAP kernel file) type: string default: "eap_kernel.modified"

EMC

Synopsis

Decrypts/Encrypts EMC images. Can apply "Godmode" patches during either operation. Located at /dev/sflash0s0x32b

Usage

Flags

-decrypt (Run in decryption mode) type: bool default: false
-encrypt (Run in encryption mode) type: bool default: false
-godmode (Should "Godmode" patches be applied) type: bool default: false
-input (Path of the EMC IPL file to load) type: string default: "C0000001"
-keys (Path of the key file to load) type: string default: "keys.json"
-output (Path to save the output EAP KBL file) type: string default: "C0000001.modified"
-revision (Which southbridge revision keyset to use. Only used for encryption ("AEOLIA", "BELIZE", "BELIZE 2", or "BAIKAL")) type: string default: ""

Syscon

Synopsis

Decrypts/Encrypts SYSCON images. Inaccessible from filsystem

Usage

Flags

-decrypt (Run in decryption mode) type: bool default: false
-encrypt (Run in encryption mode) type: bool default: false
-input (Path of the SYSCON file to load) type: string default: "40000001"
-keys (Path of the key file to load) type: string default: "keys.json"
-output (Path to save the output SYSCON file) type: string default: "40000001.modified"

Notes

  • This is tested on WSL with Clang 10 and OpenSSL 1.1.1, support for anything else is not guaranteed.
  • Output binary files will be located in bin/
  • The input binary for encryption doesn't do any checks beyond checking to see if the file magic is correct and the file size will fit the free space available when installed. It's your responsibility to make sure the binary you're feeding it is built correctly/valid.
  • This is stripped out of a larger project so somethings may not make since/be optimal in this context, however it should function as expected. I did my best minimizing it without rewriting any of it. Any major changes in functionality may not work within the context of the larger program (Or already be done) so send me a DM before starting to work on major changes.
    • Some features were removed to not step on toes and will likely be added at a later date. No ETA.
  • Keys not included, check the dev wiki or something. This is on purpose... do not submit them please, update the wiki if you're adding new ones.
  • Be sure to have a way to restore from a backup if you are using real hardware

About

Decrypt/Encrypt various PlayStation®4 firmware files

Resources

Readme

License

View license
Activity

Stars

82 stars

Watchers

4 watching

Forks

5 forks
Report repository

Languages