PS4 6.72 vs 9.00 JB in 2023

[daft]

Hi, I recently got my hands on a few PS4 Pro CUH-7216B in pristine condition running out of the box firmware 6.51 with everything else still sealed in original packaging (the consoles have been powered on to check firmware only). I was already the owner of two PS4 Pro (CUH-7016B and CUH-7216B) running the 9.00 exploit. I do find the 9.00 exploit very stable although the USB insertion is a bit annoying (yes I'm aware you can buy a jig to act as a USB emulator to do this for you).

So I would like to ask the question... should I stay on 6.72? (in 2023). The reason why I am saying in 2023 is because I believe the 7.02 and 7.55 exploits use different kernel exploits compared to 6.72, so in my head I am thinking in theory the 6.72 exploit chain will have been made more stable since? And I know the general consensus is 5.05 > 9.00 > 6.72 > 7.xx . Any figures of % for 6.72 success rate, how less stable/successful is it than 9.00.

I also know the 9.00 update includes the CMOS bomb fix, but IIRC GoldHEN now reinstates that for FW lower than 9.00. The only real thing I would be missing out on is HDR? And of course having to backport.

Thoughts?

 

[Berion]

Besides that, on 6.72 You can dump PFS keys which later is not possible (or just unknown how to do). Including key used in encryption of first half of partitions.

 

[daft]

Besides that, on 6.72 You can dump PFS keys which later is not possible (or just unknown how to do). Including key used in encryption of first half of partitions.

Ah ok, so kind of a nice-to-have if we ever discover true permanent CFW for PS4. Very good point.

Done some more digging, apparently Sliersgoevy refined the 6.72 exploit chain to be extremely reliable compared to on release. In which case I think the right thing to do in my situation would be stay on 6.72 for these new Pros, and keep the 9.00 ones around for games not backported/particular payloads only on 9.00

 

[Brijac]

(yes I'm aware you can buy a jig to act as a USB emulator to do this for you).

How does this work?

 

[daft]

How does this work?

This video explains is pretty well. I think you can use either a Raspberry Pi or a couple of boards like ESP32-S2. Makes the 9.00 JB almost fully automated

 

[Berion]

@daft If You will not plan to use this 6.72 console, could You consider to dump EAP and SAMU keys? And uploading somewhere the HDD image? Or at least test this: https://www.psx-place.com/resources/ps4-hdd-decryption-helper.1294/ I'm not sure if I've chose proper filesystems (I based only on samples for second half partitions, and dev wiki information's for first part).

 

[daft]

@daft If You will not plan to use this 6.72 console, could You consider to dump EAP and SAMU keys? And uploading somewhere the HDD image? Or at least test this: https://www.psx-place.com/resources/ps4-hdd-decryption-helper.1294/ I'm not sure if I've chose proper filesystems (I based only on samples for second half partitions, and dev wiki information's for first part).

I do plan to use it (well them, there's actually 5 of these 6.72):

If I can commit the time I will try it out.

 

[Berion]

@daft Wow. So maybe You could specially for me put there smallest possible HDD? If You don't have any tiny, You could limit it by setting up HPA by:

sudo hdparm -N p33554432 --yes-i-know-what-i-am-doing /dev/sdx

• Between p and decimal number there is no space.
• Logical sector size is 512 bytes so 33554432 is 16GiB (smaller probably be rejected).
• Replace sdx by Your device name.
• Disk must be in unfrozen state. If You get error about frozen, just hibernate Linux and wake him up, this should automatically lift the lock.
• Some motherboards automatically removing HPA on BIOS/UEFI level, so after You change it, turn of computer and remove drive.
• hdparm is also for Windows, syntax should be similar, yet I'm not sure if device is in disk0 format or UNC format.

After that, make sector by sector image of it for me, dump EAP (eg taking it out from PSitarch temp dir after launch) and SAMU keys (Flatz python script), and send those unicorns to me. I would be glad for such help.

 

[popio]

Hi, I recently got my hands on a few PS4 Pro CUH-7216B in pristine condition running out of the box firmware 6.51 with everything else still sealed in original packaging (the consoles have been powered on to check firmware only). I was already the owner of two PS4 Pro (CUH-7016B and CUH-7216B) running the 9.00 exploit. I do find the 9.00 exploit very stable although the USB insertion is a bit annoying (yes I'm aware you can buy a jig to act as a USB emulator to do this for you).

So I would like to ask the question... should I stay on 6.72? (in 2023). The reason why I am saying in 2023 is because I believe the 7.02 and 7.55 exploits use different kernel exploits compared to 6.72, so in my head I am thinking in theory the 6.72 exploit chain will have been made more stable since? And I know the general consensus is 5.05 > 9.00 > 6.72 > 7.xx . Any figures of % for 6.72 success rate, how less stable/successful is it than 9.00.

I also know the 9.00 update includes the CMOS bomb fix, but IIRC GoldHEN now reinstates that for FW lower than 9.00. The only real thing I would be missing out on is HDR? And of course having to backport.

Thoughts?

how much?

 

[Maeli]

@daft Wow. So maybe You could specially for me put there smallest possible HDD? If You don't have any tiny, You could limit it by setting up HPA by:

sudo hdparm -N p33554432 --yes-i-know-what-i-am-doing /dev/sdx

• Between p and decimal number there is no space.
• Logical sector size is 512 bytes so 33554432 is 16GiB (smaller probably be rejected).
• Replace sdx by Your device name.
• Disk must be in unfrozen state. If You get error about frozen, just hibernate Linux and wake him up, this should automatically lift the lock.
• Some motherboards automatically removing HPA on BIOS/UEFI level, so after You change it, turn of computer and remove drive.
• hdparm is also for Windows, syntax should be similar, yet I'm not sure if device is in disk0 format or UNC format.

After that, make sector by sector image of it for me, dump EAP (eg taking it out from PSitarch temp dir after launch) and SAMU keys (Flatz python script), and send those unicorns to me. I would be glad for such help.

In this article: "Partitions - PS4 Developer wiki (psdevwiki.com)" it says that "Note: A raw dump of a HDD from a never booted PS4 would take 500,1 GiB (500,107,861,504 bytes), which would 7z compress nicely to around 1,2 GB (1,168,407,328 bytes)"
I think he could dump the hdd of one of the consoles whitout booting it up, then compress it to a much smaller size for an easier and less time consuming upload of the file, and finally get the EAP and SAMU keys after updating/jailbreaking the console.
I don't know if copying the hdd before/after the update or booting the console affects the size of the compressed file, but anyway, I thought this might help.

 

[Berion]

@Maeli That's true but to test decryption it is important to have encrypted all partitions fully like in normal usage of a console. So that's why is worth to limiting space first for the drive or put some smaller drive if someone don't have so much free space for an image and/or slow upload. I'm be happy with any kind of dump in any size. With SAMU keys even super happy. ^^

I can promise that I will delete image and keys once prove my script working as intended.

 

[D3adB33f]

@daft If You will not plan to use this 6.72 console, could You consider to dump EAP and SAMU keys? And uploading somewhere the HDD image? Or at least test this: https://www.psx-place.com/resources/ps4-hdd-decryption-helper.1294/ I'm not sure if I've chose proper filesystems (I based only on samples for second half partitions, and dev wiki information's for first part).

Wait I'm on 5.05 updated from 2.03 but am still learning the ps4 but haven't heard of any keys, what are these keys and there use pls sorry if this is a noob question just better dump them if I can, for if there needed.

 

[Berion]

@D3adB33f AFAIK now, there is no ready to use method to dump SAMU HDD Key (only some keystorage on 6.72 max but I don't get it yet), only EAP HDD Key (on any hackable fw). And this one can be dumped via Linux (it doing it automatically) or via some app or payloads.

Just run Linux Psxitarch and copy "/etc/cryptsetp/eap_hdd_key.bin" to "/mnt/usb0". This key is needed to be able decrypt some partitions (but fortunately, this includes user data partition called "/user") on PC using Linux or Windows with WSL2.

To simplify it, I made toolkit:
https://www.psx-place.com/resources/ps4-hdd-decryption-helper.1294/
https://www.psx-place.com/threads/tutorial-hdd-mounting-and-decryption-on-linux.42314/#post-381506

 

[D3adB33f]

@D3adB33f AFAIK now, there is no ready to use method to dump SAMU HDD Key (only some keystorage on 6.72 max but I don't get it yet), only EAP HDD Key (on any hackable fw). And this one can be dumped via Linux (it doing it automatically) or via some app or payloads.

Just run Linux Psxitarch and copy "/etc/cryptsetp/eap_hdd_key.bin" to "/mnt/usb0". This key is needed to be able decrypt some partitions (but fortunately, this includes user data partition called "/user") on PC using Linux or Windows with WSL2.

To simplify it, I made toolkit:
https://www.psx-place.com/resources/ps4-hdd-decryption-helper.1294/
https://www.psx-place.com/threads/tutorial-hdd-mounting-and-decryption-on-linux.42314/#post-381506

Thanks hope these keys also, dump on 5.05, don't want to update really to 6.x for them, but will take a read of the link and see what i learn thank you.

 

[D3adB33f]

@D3adB33f AFAIK now, there is no ready to use method to dump SAMU HDD Key (only some keystorage on 6.72 max but I don't get it yet), only EAP HDD Key (on any hackable fw). And this one can be dumped via Linux (it doing it automatically) or via some app or payloads.

Just run Linux Psxitarch and copy "/etc/cryptsetp/eap_hdd_key.bin" to "/mnt/usb0". This key is needed to be able decrypt some partitions (but fortunately, this includes user data partition called "/user") on PC using Linux or Windows with WSL2.

To simplify it, I made toolkit:
https://www.psx-place.com/resources/ps4-hdd-decryption-helper.1294/
https://www.psx-place.com/threads/tutorial-hdd-mounting-and-decryption-on-linux.42314/#post-381506

Also not done Linux on ps4 yet as I thought it would have meant losing ps4 OS but seems it runs from USB so will give it a bash, sounds cool as hell running Linux and actually have the ps4 gfx supported, well I assumed its supported due to seeing some games on YouTube videos people playing 3d games, so more study, thank you for info and your contributions been a dev, great stuff respect for your time and effort you put into this scean and other stuff.

 

[Berion]

@D3adB33f
Yes You can use 5.05 to run Linux.

No, You will not loose OrbisOS. PS4 is not PC, firmware(s) lies on flash, OS partially on HDD but cannot be replaced, and disk cannot be repartitioned.

Thanks. You're welcome. ^^

 

[D3adB33f]

@D3adB33f
Yes You can use 5.05 to run Linux.

No, You will not loose OrbisOS. PS4 is not PC, firmware(s) lies on flash, OS partially on HDD but cannot be replaced, and disk cannot be repartitioned.

Thanks. You're welcome. ^^

Thank you.