Hacking Is it possible to create a licence to execute a pkg from its (non 0) passcode?

[BeautfalHorsa]

I know that if I have the passcode I can just create a fpkg, but I wanted to try this way.
I remember ps3 had .rep files to unlock an encrypted .pkg. Would it be possible to generate the equivalent file of ps4 from a pkg passcode and run the original .pkg directly?

 

[godreborn]

if you mean making an official pkg run, then yes, sometimes. I've done it with official themes, and it works with some dlc. you just need psdlc. it requires orbis dependencies. as far as games and patches though, no. there's no way to generate a rap. you'd need the license to begin with, and there's no way to generate a rap anyway. on the ps3, it requires the act.dat, idps, and rif keys.

 

[cearp]

Sure it is possible, but unfortunately no one has developed that for the community yet.
We are in the same position as we were with Vita games at the beginning of it's piracy, we have to decrypt the contents to be able to use them.

Just like you said, on PS3 we could play the regular, encrypted contents, using hacked licenses. Now, it is the same with Vita.
This is great because it saves time (no need to decrypt), content doesn't need to be altered (better for archival), and whenever we need a new update for the game, we can just take the update pkg straight from psn.

Hopefully we will get to that stage with PS4, but who knows when

if you mean making an official pkg run, then yes, sometimes.

sure, if it's a 'free' pkg, similar to a legit cia.

 

[godreborn]

the vita uses zrif keys, which seem to be their version of a passcode, so it can decrypt the contents. afaik, it's related in some way to the work.bin. I think that's how nonpdrm works. pkgj contains the zrif key. I'd say the ps4 passcodes that can be broken are more like ps3 c00 files, because in both cases, all you need is the content id.

 

[BeautfalHorsa]

If I have the ".self" file of the executable, is it possible to just extract the .pkg content in a folder somewhere and just run the .self from there? Instead of making and installing a new .pkg every time I edit something?

 

[godreborn]

If I have the ".self" file of the executable, is it possible to just extract the .pkg content in a folder somewhere and just run the .self from there? Instead of making and installing a new .pkg every time I edit something?

afaik, you can make a fake pkg like the backports that exist, but you still have to make a pkg.

 

[BeautfalHorsa]

afaik, you can make a fake pkg like the backports that exist, but you still have to make a pkg.

My problem is that the app crashes, and I have no idea why. I want to find out from the logs/dumps, and hopefully seeing a call stack.
The original .self also includes debugging symbols, but once it goes through the publishing tools to generate a package of it (and renaming it to eboot.bin), symbols are stripped and the size shrinks by like 5-10 times.
So I need a way to run the .self directly, so that I have debug symbols, or to make sure the package doesn't strip the symbols from the eboot.bin. I thought some homebrews were released directly as .self, so I thought it was possible.

 

[godreborn]

My problem is that the app crashes, and I have no idea why. I want to find out from the logs/dumps, and hopefully seeing a call stack.
The original .self also includes debugging symbols, but once it goes through the publishing tools to generate a package of it (and renaming it to eboot.bin), symbols are stripped and the size shrinks by like 5-10 times.
So I need a way to run the .self directly, so that I have debug symbols, or to make sure the package doesn't strip the symbols from the eboot.bin. I thought some homebrews were released directly as .self, so I thought it was possible.

the eboot.bin is a self file. it's the main executable as well. fake pkgs are using fself, I believe, which is like a fake encrypted self file. I think that's what homebrew usually uses on the ps3 as well instead of nonpdrm. you might have to ask @KiiWii though. I've never logged errors before with the ps4. I have a basic understanding of how to do it with the ps3 with prog dg.

 

[KiiWii]

Short answer: no.

Long answer: https://www.psdevwiki.com/ps4/Content_License

... tldr... not without keys, but then with keys... wouldn’t need it...

 

[godreborn]

if it's a homebrew, you can probably just 0 out the passphrase, then extract the content. I'm confused by what you're asking really.

 

[BeautfalHorsa]

if it's a homebrew, you can probably just 0 out the passphrase, then extract the content. I'm confused by what you're asking really.

See my first post (582930) to understand

 

[godreborn]

you can't extract an app without the passcode, but if it's a homebrew, why would the passcode be different?

 

[BeautfalHorsa]

From what I gathered, once you extract a pkg with a non zero passcode, the eboot.bin isn't encrypted, at least not with a game specific key. From the SDK it's also possible to build .selfs and run them directly on a devkit, an I'm pretty sure they work by loading the new .self inself of the eboot.bin, but they still read the data from the corresponding .pkg.
Once you rename a .self into eboot.bin and package it in a pkg, it strips the debug symbols from it, which apparently are the only difference, so it basically becomes identical to the original eboot.bin. Or so I think, maybe it just compresses it, but I'm pretty sure it's actually stripping debug info from it, and shrinking it down.
I need a way to run this .self directly to get more appropriate logs/debug information, and possibly a callstack of the crash.

For you last question: I have the passcode. It's a commercial app.

--------------------- MERGED ---------------------------

I think that the .self I have isn't encrypted with any additional game specific key, because I can just build it into a fpkg and run it, and even if it turns it into an eboot.bin, that would not have been possible if the .self was encrypted. Or maybe it's encrypted with an all 0 pass.

Edit: no, the .self I have isn't encrypted at all, because I can read pure strings into it (which are the debugging symbols). Maybe the actual code is encrypted, but I doubt they encrypt part of the file, and again, definitely not with a game specific key.

 

[godreborn]

well, the reason I tagged @KiiWii is because he knows more about debugging an app crashing than I do. I thought that was the entire point of your questions.

--------------------- MERGED ---------------------------

afaik, orbis or fake pkg generator as some call it is using sony code, it's just hacked. when you build a pkg that's not encrypted correctly, it will say that the eboot is stripped. this includes fself.

 

[BeautfalHorsa]

Short answer: no.

Long answer: https://www.psdevwiki.com/ps4/Content_License

... tldr... not without keys, but then with keys... wouldn’t need it...

So with the guides here:
https://gbatemp.net/threads/aio-ps4-exploit-guide.497858/
could I run the self either from USB or from the internal drive directly? I think it's got dynamically linked libraries to prx files though.

 

[KiiWii]

So with the guides here:
https://gbatemp.net/threads/aio-ps4-exploit-guide.497858/
could I run the self either from USB or from the internal drive directly? I think it's got dynamically linked libraries to prx files though.

Let’s establish some stuff..

if it’s a legit game pkg, even if you had the password to extract the contents it would be encrypted.

What type of pkg is it? Game, dlc, fake game or fake app? I don’t understand what you’re doing either.

LM made a tool to resolve and run a homebrew (elf) from USB, but I doubt it works for PRX linkage:

“Obtain ELFLOADER GL PKG by Lightningmods, install it via debug menu. Place a homebrew ELF on the root of your USB HDD, plug it in and boot ELF LOADER GL. Enjoy.”

 

[BeautfalHorsa]

Let’s establish some stuff..

if it’s a legit game pkg, even if you had the password to extract the contents it would be encrypted.

What type of pkg is it? Game, dlc, fake game or fake app? I don’t understand what you’re doing either.

LM made a tool to resolve and run a homebrew (elf) from USB, but I doubt it works for PRX linkage:

“Obtain ELFLOADER GL PKG by Lightningmods, install it via debug menu. Place a homebrew ELF on the root of your USB HDD, plug it in and boot ELF LOADER GL. Enjoy.”

It's a "development" package of a game, so the eboot.bin is not encrypted nor the data. I have the passcode and I also have a .self (alongside the pkg) which is identical to the eboot.bin (coming from the same source) but also includes debug symbols.

 

[KiiWii]

It's a "development" package of a game, so the eboot.bin is not encrypted nor the data. I have the passcode and I also have a .self (alongside the pkg) which is identical to the eboot.bin (coming from the same source) but also includes debug symbols.

I’m getting Deja Vu here..... someone asked this a while back I’m sure....

 

[BeautfalHorsa]

Me:
https://gbatemp.net/threads/turn-se...ion-of-commercial-game-into-eboot-bin.582930/
I got the game to run but now it crashes and I need to get to the bottom of it. A log without debug symbols won't be useful.