Sponsored Links

Sponsored Links

Page 1 of 2 12 LastLast
Results 1 to 10 of 14



  1. #1
    Forum Moderator PS3 News's Avatar
    Join Date
    Apr 2005
    Posts
    28,098
    Sponsored Links

    PS4 NOR Flash Dump MX25L25635FMI-10G for CXD90025G Arrives

    Sponsored Links
    Following up on the previous PS4 Macronix MX25L25635FMI-10G and MX25L1006E NOR Flash dumps, today Sony PlayStation 4 hacker cfw prophet has made available a PS4 NOR Dump 1.06 (without MAC Address & Console-ID) serial flash MX25L25635FMI-10G for CXD90025G dump with some analysis details below.

    Download: [Register or Login to view links] (27.59 MB)

    To quote: Subject: Dump of serial flash MX25L25635FMI-10G for CXD90025G

    Reference file: PS4 NOR Dump 1.06 (without MAC Address & Console-ID)

    Notes:

    Size: 0x2000000 filesize / 0x1D40000 datasize
    Statistics: 2.64-2.66% 00s / 11.83% FFs / < 0.38% rest
    Entropy: 6.96569 (87.0711%) - 7.52856 (94.107%)
    Redundancy: 12.9289% - 5.893%
    A. Mean: 131072
    StdDev: 454103 - 245647
    Strings: Flash-Main/strings
    Observation:

    [Register or Login to view code]

    From modrobert (via eurasia.nu/modules.php?op=modload&name=Forums&file=viewtopic& topic=7171&forum=103#33454): I have analyzed the binary and there seem to be an interesting area not mentioned:

    Starting at offset 0x144200 there is a pretty big area which doesn't seem to be encrypted. I found the area by making a raw image conversion to get a better visual view of the data.


    The arrow marks the area which doesn't seem to be encrypted.


    Here's a close-up of the same area, look at the top bar, grains look lumpy there, not even as the encrypted area below.

    If you want to have a look, you can find the hi-res image here. Here's a hex dump of the first part of the suspect area.

    [Register or Login to view code]

    This looks more like executable code to me, not sure what the target device might be.

    [Register or Login to view code]

    Yes, looks this executable indeed, check the strings up there, embedded Linux maybe.

    [Register or Login to view code]

    Wireless/Bluetooth firmware!? Unencrypted?! We can't be that lucky.
    • Generic Bluetooth SDIO driver

    Source code: kerneldox.com/kdox-linux/d3/d99/btsdio_8c_source.html

    By the looks of it, this flash can be read by several PS4 devices accessing different offsets, so maybe we can use that to our advantage and modify data on the fly only when the decrypted area is accessed without breaking checksum in the original flash as a whole.

    I'm thinking of a hardware device between the PS4 Wifi/Lan/Bluetooth circuit (or whatever it is) and the MX25L25635FMI-10G flash chip.

    I found the Verilog model for the MX25L25635F flash from the manufacturer, so should be possible to emulate the flash in an FPGA for interesting manipulation. Also attached (PDF / ZIP), if their files suddenly disappear: macronix.com/en-us/Product/Pages/ProductDetail.aspx?PartNo=MX25L25635F

    Thanks goes to cfwprophet on IRC, I learned a lot of new stuff about the PS4. A block diagram of the MediaCon functions is also attached.

    Finally, from smhabib:

    [Register or Login to view code]

    OF PUP!

    1st 40 bytes are encrypted with aes-256-cbc and the result is used as erk and riv for the next 240 bytes. now that is decrypted through aes-128-ctr and now you can find the location for encrypted sections+hmac key+erk/riv keys. the rest sections are also encrypted with aes-128-ctr. enjoy! j/k

    PS4 NOR Flash Dump MX25L25635FMI-10G for CXD90025G Arrives

    More PlayStation 4 News...
    Attached Thumbnails<br><br> Attached Thumbnails

    ps4_mediacon_block_digram.png   MX25L25635F, 3V, 256Mb, v1.3.pdf   ps4nordmp_1_06_raw_gfx_marked.png   ps4nordmp_1_06_raw_gfx_zoom.png  
    Attached Files Attached Files

  2. #2
    Senior Member Taufik's Avatar
    Join Date
    Nov 2010
    Posts
    54
    Sponsored Links
    Sponsored Links
    Hopefully I will not fall behind PS4 information.

    Thank you very much of its information.

  3. #3
    Member lionsfan420's Avatar
    Join Date
    Jul 2011
    Posts
    31
    Sponsored Links
    Sponsored Links
    I have a feeling the PS4 won't take near as long as the PS3, but I will wait till the slim model comes out before I buy one. lol

  4. #4
    Forum Moderator racer0018's Avatar
    Join Date
    Aug 2007
    Posts
    703
    This really doesn't mean anything as far as hacking goes. I have dumped my ps4 a while ago. It may or may not be a step in the right direction. Thanks.

  5. #5
    Senior Member StevenTj's Avatar
    Join Date
    Jul 2013
    Posts
    148
    Sign ?

  6. #6
    Senior Member kalberto's Avatar
    Join Date
    Sep 2012
    Posts
    98
    why was so many differs between consoles on the same version ?

    it is because of a different random encrypt in every console on the same version.

    You must decrypt it first then compare it.

  7. #7
    Senior Member BBoy Chrif's Avatar
    Join Date
    Jan 2012
    Posts
    134
    No way.. The PS4 Still Young

  8. #8
    Contributor anamsel007's Avatar
    Join Date
    Dec 2010
    Posts
    7
    PLAYSTATION hack i think is dead... SONY is the Winner... take GeoHOtz sample... hmmmmm...

  9. #9
    Banned User RetroA's Avatar
    Join Date
    Jan 2014
    Posts
    29
    Hacking Anything Is Always Possible, But people are scared of sony, that they will sew them, THEIR IS NOTHING THAT CAN'T BE HACKED

  10. #10
    Senior Member Tek9's Avatar
    Join Date
    Sep 2010
    Posts
    121
    Wow why am I not surprised that hackers are already figuring out ways to get into the PS4 system next thing you know homebrew appears

 

Sponsored Links

Page 1 of 2 12 LastLast
Advertising - Affiliates - Contact Us - PS3 Downloads - Privacy Statement - Site Rules - Top - © 2014 PlayStation 3 News