Post: Create PS4 ELFs from PlayStation 4 Process Dumps Guide by Zecoxao
Options
10-13-2016, 02:15 PM
#1
Hydrogen
Super Mod
Wassup guys, so today PS4 Developer Zecoxao has shared a new tutorial out to the community on How to Create ELFs from Process Dumps. To quote his guide, here it is!
You'll need:
- You must login or register to view this content.
- You must login or register to view this content. (the one with process dump support)
- You must login or register to view this content. ftp payload (or you can use FileNinja but You must login or register to view this content. is a better client for this purpose)
- a brain
Step 1:
Go to your playground of choice (in this case my playground is You must login or register to view this content. one)
Step 2:
Grab your ELF or SELF that you want to make a forgery of (i'm going to use SysCore for this)
Step 3:
Look closely at the header and pick ONLY the elf header chunk of the file. Note here: the ELF header must contain all of it's necessary bytes EXCEPT the last 32!
Step 4:
Add the necessary number of bytes until the file has EXACTLY 0x4000 bytes.
Step 5:
If necessary restart PS4 so you can clean the payload's memory and then start PS4 file ninja.
Step 6:
Go to the process of choice (in this case SceSysCore) by going to Tools->Processes, picking SceSysCore and attaching to the process.
Step 7:
Dump the first process offsets, and ONLY those in the LOWER memory range. Here's my example:
Step 8:
Copy the first segment and add it after the end of the ELF forged header. Do the same for the other segments.
Step 9:
You have now a forged elf you can use in IDA for analysis.
Some Notes:
- You can use readelf to check on how good your ELF looks.
- First section has libexec magic. Second section has ORBI magic.
MAJOR Thanks to @Zec for sharing this amazing tutorials with everyone in the scene!
Last edited by
Hydrogen ; 10-13-2016 at 03:14 PM.
The following 2 users say thank you to Hydrogen for this useful post:
10-13-2016, 03:04 PM
#2
Jon Snow
Di DonDadda
Originally posted by Hydrogen
Introduction:
Wassup guys, so today PS4 Developer Zecoxao has shared a new tutorial out to the community on How to Create ELFs from Process Dumps. To quote his guide, here it is!
You'll need:
Step 1:
Go to your playground of choice (in this case my playground is You must login or register to view this content. one)
Step 2:
Grab your ELF or SELF that you want to make a forgery of (i'm going to use SysCore for this)
Step 3:
Look closely at the header and pick ONLY the elf header chunk of the file. Note here: the ELF header must contain all of it's necessary bytes EXCEPT the last 32!
Step 4:
Add the necessary number of bytes until the file has EXACTLY 0x4000 bytes.
Step 5:
If necessary restart PS4 so you can clean the payload's memory and then start PS4 file ninja.
Step 6:
Go to the process of choice (in this case SceSysCore) by going to Tools->Processes, picking SceSysCore and attaching to the process.
Step 7:
Dump the first process offsets, and ONLY those in the LOWER memory range. Here's my example:
Step 8:
Copy the first segment and add it after the end of the ELF forged header. Do the same for the other segments.
Step 9:
You have now a forged elf you can use in IDA for analysis.
Some Notes:
MAJOR Thanks to @Zec for sharing this amazing tutorials with everyone in the scene!
Wassup guys, so today PS4 Developer Zecoxao has shared a new tutorial out to the community on How to Create ELFs from Process Dumps. To quote his guide, here it is!
You'll need:
- You must login or register to view this content.
- You must login or register to view this content. (the one with process dump support)
- You must login or register to view this content. ftp payload (or you can use FileNinja but You must login or register to view this content. is a better client for this purpose)
- a brain
Step 1:
Go to your playground of choice (in this case my playground is You must login or register to view this content. one)
Step 2:
Grab your ELF or SELF that you want to make a forgery of (i'm going to use SysCore for this)
Step 3:
Look closely at the header and pick ONLY the elf header chunk of the file. Note here: the ELF header must contain all of it's necessary bytes EXCEPT the last 32!
Step 4:
Add the necessary number of bytes until the file has EXACTLY 0x4000 bytes.
Step 5:
If necessary restart PS4 so you can clean the payload's memory and then start PS4 file ninja.
Step 6:
Go to the process of choice (in this case SceSysCore) by going to Tools->Processes, picking SceSysCore and attaching to the process.
Step 7:
Dump the first process offsets, and ONLY those in the LOWER memory range. Here's my example:
Step 8:
Copy the first segment and add it after the end of the ELF forged header. Do the same for the other segments.
Step 9:
You have now a forged elf you can use in IDA for analysis.
Some Notes:
- You can use readelf to check on how good your ELF looks.
- First section has libexec magic. Second section has ORBI magic.
MAJOR Thanks to @Zec for sharing this amazing tutorials with everyone in the scene!
u might want to screenshot those screenshot
y r u so smart Copyright © 2024, NextGenUpdate.
All Rights Reserved.
