Post: Understanding The PS4 Processor SAMU
08-16-2017, 02:38 PM #1
Hydrogen
Super Mod
(adsbygoogle = window.adsbygoogle || []).push({});
You must login or register to view this content.


Introduction

Hello and welcome everyone to my first guide understanding how SAMU functions on the PlayStation 4 console. I'm glad to be sharing this guide specifically on NextGenUpdate, but if you're going to share this outside in public please make sure to post your credits where you got the thread from. This thread will be specifically aiming at teaching everyone what SAMU is overall in a nutshell. I'll try to simplify things for everyone, and if you have any questions remember you can always try to ask me. I'm here to mentor and teach those who are not up-to-date with things here with us in the PS4 Scene.

Notice: This thread is for educational purposes only, and I don't have the responsibility for anyone hacking this in any way. Since this is a very key point to taking control most of the console, it could be very dangerous if you were to release anything to the public. So, for the responsibility that I have, I won't add anything that will leak private information on this. This is strictly learning what it is. No extreme details will be made such as PS4 details, locations, methods, vulnerabilities, nor weaknesses. Let's jump into this thread, shall we?

You must login or register to view this content.

What is SAMU?


When it comes to the PlayStation 4, what holds the main encryption to the console is a separate processor named SAMU. This stands for Secure Asset/Access Management Unit. This is a really tough processor to actually hack into, and it's the real reason why we aren't seeing crazy modifications happening to the console at the moment. I spoke with You must login or register to view this content. a while back, and he shed some light upon SAMU.

He told us that until someone handles SAMU, there won't be any online (spoofing, passphrase keys, index.dat spoofing, etc), since everything is there, and won't get out. There is a lot more stuff it has inside since of course, you can just imagine it as a factory. It runs and operates a massive amount of information in there! To simplify it, a few things to understand what's in there:

Contains:


  • Spoofing - Trick the system to allow you to go online with a modified console thinking it's running on an OFW (Official Firmware).


  • Passphrase Keys - Protects Private Information, and also controls operations in the PS4 that contain cryptographic systems. If we have the key, we can control this easily with patience.


  • Index.dat Spoofing - I posted a thread recently about the DevKit Debug Settings had a specific button combo to show more in-depth info about the console. That information pattern comes from index.dat. You can check what I mean You must login or register to view this content.

You must login or register to view this content.


Hardware Secure Module


The Secure Asset Management Unit is an HSM (Hardware Secure Module), developed by the Semiconductor Company, You must login or register to view this content.. HSM is a very amazing typical piece of hardware that usually runs through firmware or software that binds itself to a computer or server. From there, it starts to fabricate and supply you with cryptographic functions it can do. I'll post some definitions I found on the Internet so they can be fully explained to you. Cryptographic Operations they contain are:


  • Digital Signatures - a type of electronic signature that encrypts documents with digital codes that are particularly difficult to duplicate.


  • Hashing - is the transformation of a string of characters into a usually shorter fixed-length value or key that represents the original string.


  • Encryption - the process of converting information or data into a code, especially to prevent unauthorized access.


  • MAC (Message Authentication Codes) - is a cryptographic checksum on data that uses a session key to detect both accidental and intentional modifications of the data.




You must login or register to view this content.

Marcan's Presentation
[/U][/B]

You must login or register to view this content., member from You must login or register to view this content., had created a hacking presentation about the PlayStation 4 months ago for us. He had explained a ton of neat stuff, and how they managed to break through Sony's code. On the picture above, Marcan stated that the Hypervisor from the PlayStation 3 is kinda different, but not the same as SAMU. It's something you can't ignore since if you're trying to gain access to keys of any sort, it's going to likely not give you access.

You can view all the PS4 Hacking Slides here: You must login or register to view this content.

Furthermore, even the famous security researcher, You must login or register to view this content., had spoken words upon SAMU in his write-ups for hacking the PS4. I'll drop all his HTML Links to his hacking guides for understanding the PS4. To quote off of his write-ups:

    "[I]Even with a kernel exploit, the SAMU processor is one of the few areas which we don't have complete control over. 
Although we can interact with it to decrypt almost everything
it is impossible to extract any keys so that decryption could be done externally.[/I]"


Hacking the PS4, Part 1 - Introduction to PS4's security, and userland ROP: You must login or register to view this content.
Hacking the PS4, part 2 - Userland code execution: You must login or register to view this content.
Hacking the PS4, part 3 - Kernel exploitation: You must login or register to view this content.





Conclusion

Overall, SAMU is a strong processor that holds almost everything everyone in the PS4 Scene wants. If someone ever handles SAMU, modding has the chance to go online, but I don't know how things would work with the banning and the CIDs. We already had a few discussions speaking about the PSID awhile back. We know You must login or register to view this content. and You must login or register to view this content. had discovered Partial IDPS from the kernel memory, including the PSID since it's there as well. To read more about that old post, you can view it You must login or register to view this content.

You can dump it from the kernel memory with a certain payload, and I will not be providing any payload in order to so. In addition, You must login or register to view this content. had explained to us you could do the same with it running the dl close. Use memcpy in the Kernel Mode, and use sys sendto. This should send it to your computer.

Approximately, most things that were done on PlayStation 3 is of course, possible on the PlayStation 4. If this ever gets decrypted and fully hacked. Yes, you'd see a lot of new innovations being brought on to the table. That's of course if someone releases it first. This is a little guide explaining what SAMU is, and what it does. Hopefully, this clears out the questions from the air I've always got. Always remember, SAMU is a tough nut to crack!

Big thanks to You must login or register to view this content. for his awesome inspiration and always giving me some useful tips!
Last edited by Hydrogen ; 02-12-2018 at 03:58 PM.

The following 16 users say thank you to Hydrogen for this useful post:

/SneakerStreet/, alemetal, dah, Dog88Christian, GelsonSilva, gluesniffinpete, LordVirus420, NGU GHOST, Norway-_-1999, Oblituarius, seb5594, STVBDKD, VampSnake, xkoeckiiej, xxmcvapourxx, zundappchef

Copyright © 2024, NextGenUpdate.
All Rights Reserved.

Gray NextGenUpdate Logo