The Playstation 4 Jailbreak that is not really a Hack…
In the last months a few reports from a brazilian Playstation “Jailbreak”, if you want to call it that, have emerged.
While they sound promising, you should keep in mind that their Tricks are neither a “Jailbreak”, nor a real hack, per se. What I am exactly talking about can be read below…
Prelude:
Without going to argue why or why not it should or should not be called a “Jailbreak“, I am just going to focus on the part why the so called “Playstation 4 Jailbreak/Hack” is nothing more than a cheap trick, at best.
Being able to dump & restore the NOR is of course a hard thing. I am in now way discrediting anyone who worked on being able to read the NOR of the PS4!
A hardware hack is a real tough job, which requires precision & dedication.
The thing that is not only grinding my gears, but also other people’s, is that a simple trick is being sold to you as a fully fletched “PS4 Jailbreak” or even “Hack“, while it is neither.
If you have a (rather modern) Playstation device (PSP, PSPgo, PS Vita, PS VitaTV, PS3 or PS4), you will have noticed that you have to activate your device, before you are able to run any DRM-content (basically bought / account bound content). You are usually limited to 3 stationary (PS3/PS4) and 3 handheld (PSP, PSPgo, PS Vita, PS VitaTV) devices à PSN account.
This means, before you are able to use a 4th device with your account, you would usually have to disable one of your 3 devices prior to activating a fourth one.
In theory and even in reality this enables you to share one PSN account with 2 other people, which should reduce the cost of games by 3 (basically times 1/3rd).
But this being limited to only 2 other people, next to yourself – of course, is not really a profitable way of selling pirated games.
I am going to show in an example how easy it is to trick the Sony activation servers, as long as you are able to read & restore the Nand of your Playstation device.
Simply said: If you are able to create a nand dump, and restore it at a later date, you will be able to activate as many Playstation device to one account as you want.
If you want a longer explanation, then watch or read on:
How to link (virtually) infinite PS device to one PSN account:
Since the most open, rather modern, Playstation device is the Playstation Portable, I am going to use said PSP for my example.
Like I have said above, you are limited to having 3 portable devices à PSN account. If we are going to act like the PS Vita would not exist, this would mean that you can link up to 3 different PSPs to one PSN account, before being forced to disable one of the already enabled devices.
If you are able to dump the Nand of the device, but also able to restore said Nand at a later date, you will be able to circumvent said activation limit of 3 devices.
It does not matter if you dump & restore the Nand via external devices (Hardware mod/flashers), or via a simple software dumper & flasher, e.g. via a Custom Firmware.
For my example my PSP 3000 is going to run the most recent official PSP firmware, system software 6.61, since it is required to visit the PSN store.
I am only going to ‘abuse’ the usage of a Custom Firmware, 6.61 LME-2.3 in this case, for dumping and restoing the Nand dump. Everything else will be showcased on the OFW itself.
Requirements:
- Being capable of accessing & using the PSN services
- Being capable of dumping and restoring the devices Nand (via Hardware mods or via software dumper tools)
- Being capable of abusing Sony’s activation server
So a PSP running system software 6.61, access to the 6.61 LME CFW & having a Nand dumper homebrew is virtually everything you need.
The so called “Hack”:
At first you do the same as a normal PSN user would do. Set up your PSP on firmware 6.61, connect to the Wifi and login into your PSN account.
Then go ahead and download some games. After you are done, be sure to check if they successfully boot (they should).
If they don’t, go into your Account management and manually activate your device for the usage of PSN titles (PSP & PS1 games in this case).
After we have confirmed that everything is working as intended, we are going to boot into the CFW and use the Nand dumper homebrew to create a Nand dump.
The next step would be connecting to the PSN servers once again (login into your PSN account), from which we are going to disable our device.
It should be available in the account management options, from which we are going to manually disable our device from using PSN content.
After disabling our device, the software, that was working a few minutes ago, should now report that it cannot be used, unless we (re-)activate our device.
We are not going to reactivate our device by connecting to the PSN servers, since this would fill one of our three slots for the portable devices.
Instead we are going to abuse being able to restore the just created Nand dump, which conveniently stores if the device is activates or not.
So we are going to boot back into the CFW, which enables us the restore the Nand dump.
After the Nand has been successfully restored, we will, once again, be able to boot the linked PSN accounts content, despite officially not being activated anymore.
In the end it is important to mention that connecting to the Internet, well… or at least to the Sony servers, will either re-activate your device by its own, or simply tell your device that it has been disabled, and therefore stops the software from working again (the more likely thing to happen).
Conclusion:
So in the end we are abusing the fact that Sony is storing the devices activation status on the device itself, rather than being forced to verify our device on every boot with the Sony servers (something similar to this is necessary with the PSM Dev app on the PS Vita), to ensure that we are not trying to trick them.
Before the Playstation 4, WiiU and Xbox One – which is still a *** name, by the way – had been officially released, there was the talk of them having an always online ‘feature’, which pretty much required you on every boot to connect to the companies servers, and verify that your device, account and co. are used like intended.
Due to most people not being a fan of this feature, they did not implement it (or removed it at an early date, depending on the console), which in the end is now the culprit for allowing the thing I just described. In hindsight, they better should have implemented this inconvenient feature into their consoles, to ensure that piracy is not going to happen, or at least very very limited (3 devices à account, in Sony’s case).
Back to the so called “revolutionary brazilian Playstation 4 ‘Jailbreak'”.
While it is not 100% confirmed what way of injecting the pirated games they are using, it is very likely that they are using a method similar to the one I just described:
Abusing being able to dump a Nand, restore a Nand and tricking the activation servers (which can be blocked in your router, thus technically enabling you to fully use the PSN account on the 4th, 5th, … Zth activated device).
Those were my 2 eurocents, heh, about this topic. Feel free to discuss in the comments section if you would agree with me, or if you think that I am being too close minded about this topic.
Firstttttt
that grammar though
That happens when you type this at 4am ^^
F*** the grammar, this needed to be said, lol… And it will probably have to be said a million times more before people get it >_>
Annoys the *** out of me whenever someone calls this “jailbreak” or “hack” or ANYTHING that makes it sound special…
Don’t *** that grammar, send it off some one to check or use one of the many online websites that are available.
In the other article, they said that’s what everyone is used to, so that is what it is staying as.
Wololo.net gave people the Jailbreak AIDS, now all the stupid uneducated websites have Jailbreak AIDS, just because people need to grab attention instead of telling the truth and posting an article with facts.
I need to stop posting here >.<
yes, let’s call it the PS4 trick.. but the nand dump and and restore is a hack itself. Since its purpose is for the PS4, then it is technically a PS4 hack. hack or mod or trick… call it what you want to call it. Just stop thinking that hack is for programmers only. technical hacking is done on hardware and yet needs programming skills to run that raspian program. The point of the matter is IF YOU CAN’T DO IT YOURSELF, GO PAY SOMEONE ELSE TO DO IT FOR YOU.
This “trick” works very well with ps vitas with lover firmwares also… Without manipulating the nand you can connect more than 3 vitas to the same account as long you not connect the “disabled” vitas to the psn network and use QCMA and a PS3 to transfer your contents from the akctivated devices… But since Rejuvenate and the the OFW 3.52 no one connect a vita with lover firmware to the sony network…
its was great topic but for me its hard to tell that it is hack or not.
PSM ended as of today
I guess they insist to call it “Jailbreak” or “Hack” because for most people (at least in Brazil) they are synonyms to “run pirated content”.
I disagree wholeheartedly about always on DRM. But I do believe that Sony needs to stop ignoring basic client-server programming guidelines like “never trust the client”. A simple cid verification on login would be enough to prevent this “hack”, I think.
yes, with timestamped w/ encryption should make a good countermeasure.
I could of sworn it used to be 5, then way back they changed it to 2, not 3?
Indeed. 5 got changed to 2, then back to 3.
It was 5 PS3s then changed to 2. It never changed back to 3 as you do not count the PS4 as it uses a different setup.
The portable limit was also 2 that changed to 3 later on.
The PS4 is setup like the 360 and XB1 are. You can have 1 PS4 set as primary to allow anyone else on that PS4 to use your games or you can play any of your games on any other PS4 as long as you’re logged in.
The reason it shouldn’t be called a “jailbreak” is cause a PS4 is not an Apple device 😉
Kind of a silly thing to say seeing as the term “jailbreak” is a “jargon expression for (the act of) overcoming limitations in a computer system or device that were deliberately placed there for security, administrative, or marketing reasons”. This applies to quite a few devices and isn’t specific to the Apple brand. heck, there’s even a page on wikipedia for playstation jailbreaks.
As you you are talking
Psx = Playstation One
When in real life:
Psx = Playstation 2 Recorder
http://media.moddb.com/cache/images/groups/1/4/3243/thumb_620x2000/Sony-PSX.jpg
When did I mention the PSX? I’m confused.
Jailbreak = Apple devices.
Other devices have their very own hacking terms, e.g. flashing a PSP/Vita, Xbox360 drive, and technically even the PS3.
Nintendo stuff has softmods & flash cards, while the Xbox360 also has the JTag.
Android phones/tablets are rooted.
Dont try to use foreign terms with unfitting consoles, it makes you look unprofessional & uninformed.
See, you still kept trying to dignify your stance with every grammar.
Hey, unprofessional and uninformed?
Professional people would make less noise and please, nobody can be informed overnight, over on article comment. Be realistic.
What I can only see you’re referring to standard is professional, which makes utterly no sense. Enough deluding yourself.
Knowing so much of this for what? Are your parents are proud of you for this matter?
Well, you know yourself more than we do.
Actually it’s called Jailbreak because the first PS3 hack was developed by GeoHot, one of the first guys to get a jailbreak on the iPhone 3G (i think, i don’t exactly remember), and he decided to call it Jailbreak. So… technically it’s not wrong to call it jailbreak. I wish he called it something else tho
WRONG, WRONG, WRONG
The PS3 hack was NOT developed by GeoHot, he was just some a*shole who came along and took fail0verflows work releasing the second scene CFW, then proceeded to glory wh*re, ending up with him take d*ck from Sony.
It was called a jailbreak the day the original iPhone was jailbroken, not only as of the “3G” & Geohot.
Except none of the terms you mentioned are specific to any one console.
Softmods are software modifications, this applies to anything that doesn’t rely on hardware to bypass limitations, including most iOS jailbreaks, some of the Wii’s many hacks (BannerBomb for example), the 3DS’ browser, Mii Plaza, or MSET hacks, the PS Vita’s Rejuvenate, etc.
Flash cards/carts were named after development cartridges used in creating/prototyping applications for consoles because they do (or did originally) the same thing.
JTAG is a just the name of the debug port on most electronics, and again, isn’t specific to the Xbox 360. Neither is exploiting said port for science and/or glory. (see DD-WRT/OpenWRT for example)
Rooting is literally just gaining access to the OS’ built in root account. This applies to anything that has a “root” account in which the user normally cannot access.
Flashing is a generic term for writing data to a reprogrammable storage device.
Even RGH is no longer specific to the Xbox 360 as there’s been talk of using the method on the New 3DS to get access to the 9.6+ crypto keys. I would not be even slightly surprised if this were being applied to other systems.
Please try not to sound like a condescending ***, it makes you look unprofessional & uninformed. All I did was point out that the term can (and does) apply to more than just Apple products nowadays.
The case of the ‘PS3 Jailbreak’ dongle, they used the word Jailbreak to grab attention and make people look.
In the case of the PS4, they have gone to different levels of stupidity.
When one Jailbreaks, they get the f*ck out of their prison, they break those gates the f*ck down and escape, this is not the case of with the PS4, the PS4 is still in Jail, no files were touched, nothing was done, apart from a basic copy/paste, that is not Jailbreaking.
+1
cool.
Best article i have read here in a while 🙂
Dear The zett, I can always see you are trying so hard to please your readers.
You’re not really close minded, but self-minded.
Obviously there was already a public software solution to dump nand from your device.
Well, whom made that possible? Who actually made that dumper for you? Who discovered your theory?
But don’t always think of your 2 cents self when you feel that you have a need to say, and imprint your mindset on to Wololo and the Vita community.
We know you are trying to stand out from the scene crowd and prove your self worth, but please do so in a good intention and genuine way.
For starters, discover your own exploits and learn to code (at least).
By the way, the thing you’re trying so hard to refer to, is called exploitation. A PS4 Brazillian Exploitation.
“The PS4 Exploitation Concept” best fits the title of this layman article. 0 cents involved.
Sincerely, from a Malaysian.
What the *** are you talking about? The Zett never claimed that any of those were unimportant or made by him or anything. All he said was that this was *not* a jailbreak/hack/etc. Being able to dump and flash the PS4’s NOR is neat, *like he said*, but is not the groundbreaking thing so many people think it is.
:(:(:(:(!
Hah! Try again, Brazil. Hack =/= jailbreak =/= lame spoofing trick.
does this mean you can flash multiple PS4s with a Nand backup from another PS4 ?
how does one do it without bricking the system?
People also said the brazilians did it without opening the console, how’s that even possible?
Nevermind what i said, each console use’s it’s own activated NAND backup.
Once the console is activated to the account with the games on it, a nand backup is made, then said console is deactivated and the nand is restored back to the point when the console was activated, staying invisible to sony’s radar.
but the part where it’s said they did it without opening the case still boggles me.
It can be done without desoldering NOR chip, but you still have to open, solder to the dump points and event cut some tracks.
I am Brazilian with a horrible English, but I agree and disagree with this text.
I agree that it should not be called ” JAILBREAK ” by the very definition of this word in the scene hack.
But I disagree with talk that is not a ” JAILBREAK ” Brazilian , as that term is defined in Brazil is only run pirated games, ie without buying legally.
Then the pure definition in Pt -Br is rather a ” JAILBREAK ” even though the hack scene definition is not .
Sorry if I was not well understood. Sorry for poor English. Sorry also for people of this little study, in which the rulers are corrupt and not allow improvements . Thanks for listening.
what about a nor server ?
or an activation server (for offline spoofing)
ot what about a games server that runs in psphomebrewmode
(no need for activia just m33 it)
…
not is a jailbreack .is a cheat code XD
How did you know!?
Cover blown.
↑ ↑ ↓ ↓ ← → ← → B A
An ‘exploit’ at best, but the hassle of paying for something that relies so heavily on a trick is not worth it.
In the ps3 world activating or deactivating sends an https request to commerce.np.ac.playstation.net. This can easily be used to make a program to deactivate you from the servers but keep your console activated (as no act.dat is removed and the flash remains untouched). This way you can get infinite activations.
In the ps3 thanks to having cfw it’s really easy to take a look at the encrypted https.
In the ps4 or vita we’ll need some sort of exploit or https vulnerability.
The games aren’t injected. You leave the console at the piracy seller, he’ll activate your console as primary device, download the games that you want from a list (the contents from the seller’s psn account) and then return your console with his games installed.
Every time you want to change a game you should bring back your console so the seller will redo the spoofing, delete some games that you don’t want anymore and install new games.
But as reported in this link http://jogos.uol.com.br/ultimas-noticias/2015/05/19/apos-repercussao-pirataria-do-ps4-some-em-sao-paulo.htm this piracy method seems to be abandoned since May, some sellers said that there was actually an action on Sony behalf to stop the piracy, others said that the modded consoles were bricking (I remember that it was reported that a newer PS4 OFW was bricking consoles that attempt to do the NAND rewrite).
Forgot to use past tense when talking about the “injection” method.
And I think that sony and microsoft should had tried and different approach to the “always online” checks.
Instead of requiring the user to always connect periodically to the company servers and locking the user out of the games when there’s no access, the console should check the licenses whenever there’s the opportunity to do so, i.e. whenever the user is online, run the check.
But since they couldn’t push the “always online” method that’s actually easier to implement, they didn’t afford to try the “check when possible” approach.
This can also be done with Nand dumps & restoring.
wololo concentrate on the psp the ps4 and for other
Whether elegant or not, a hack is a hack, no? Other “hackers” could further develop this into a more automated process to make it easier for the average Joe to use.
The real potential lies in allowing knowledgeable folks to fiddle with the PS4’s code (and learn about how it works), and be able to revert to a working state if they break something.
I am genuinely thankful to the holder off tnis web page who has shared this fantastc article at aat this place.
https://play.google.com/store/apps/details?id=com.app.app1b51e8451d38