(adsbygoogle = window.adsbygoogle || []).push({});
Introduction:
Wassup guys, so today PS4 Developer
Zecoxao has shared a new tutorial out to the community on How to Create ELFs from Process Dumps. To quote his guide, here it is!
You'll need:
- You must login or register to view this content.
- You must login or register to view this content. (the one with process dump support)
- You must login or register to view this content. ftp payload (or you can use FileNinja but You must login or register to view this content. is a better client for this purpose)
- a brain
Step 1:
Go to your playground of choice (in this case my playground is
You must login or register to view this content. one)
Step 2:
Grab your ELF or SELF that you want to make a forgery of (i'm going to use SysCore for this)
Step 3:
Look closely at the header and pick ONLY the elf header chunk of the file. Note here: the ELF header must contain all of it's necessary bytes EXCEPT the last 32!
You must login or register to view this content.
Step 4:
Add the necessary number of bytes until the file has EXACTLY 0x4000 bytes.
Step 5:
If necessary restart PS4 so you can clean the payload's memory and then start PS4 file ninja.
Step 6:
Go to the process of choice (in this case SceSysCore) by going to Tools->Processes, picking SceSysCore and attaching to the process.
Step 7:
Dump the first process offsets, and ONLY those in the LOWER memory range. Here's my example:
You must login or register to view this content.
Step 8:
Copy the first segment and add it after the end of the ELF forged header. Do the same for the other segments.
Step 9:
You have now a forged elf you can use in IDA for analysis.
Some Notes:
- You can use readelf to check on how good your ELF looks.
- First section has libexec magic. Second section has ORBI magic.
MAJOR Thanks to @Zec for sharing this amazing tutorials with everyone in the scene!