PS5: MP4/A53 Dumper release by Astrelsky + a53.elf dumps released
Not an actual PS5 chip
The PS5 scene has been moving at quite a fast pace recently, and today we’re seeing the release of a utility to Dump a53.elf from the A53 Processor on the PS5. Following this utility release by Astrelsky, dumps of A53 Firmware have been published.
What is MP4/A53 in the context of the PS5 and why does it matter ?
MP4/A53 is an ARM Cortex-A53 Chip on the PS5 that handles “various tasks”.
The PlayStation dev wiki tells us that its overall purpose is not fully understood. Some of the things it includes are debugging (mdbg), video encode/decode, and other various memory-management related things.
But several hackers have stated that MP4/A53 on the PS5 is involved with decrypting, installing, and/or running PS5 games. It is believed that better understanding of this chip’s firmware could lead to FPKG (“Fake PKG”) support on the PS5, or in other words, a convenient way to install pirated games (and, down the line, homebrew as well, but I’d be naive to think this is the real motivation for most people).
It is worth mentioning that pirated games are already a possibility on the PS5, but FPKG support would make it much more convenient to install them. FPKG support might be pie in the sky though, as lots of other things need to be figured out to bring such support to Jailbroken PS5s. Astrelsky has summarized it on Discord recently:
While it could lead to fakepkg, the level of re and effort required to do so is relatively high. High enough to the point where I feel comfortable releasing it knowing none of you would be able to do it. Besides, flatz said he was looking into another way that should be easier. Also the write memory sdbg command was added in mp4 at some point between the prototype and 4.50. so some lower versions may not even be able to write to mp4 memory this way. Which is unfortunate because it’s very convenient and they even flush the instruction cache for you.
Download MP4/A53 Firmware Dumper & Dump files
Generally speaking, the dumper itself will not be useful for the vast majority of people reading this, in particular considering that most firmware revisions have been dumped by now. For people looking into reverse engineering the A53 Firmware, the dumped ELF files for each firmware revision are what you want to look into.
- A53 Dumps (ELF Files for PS5 Firmwares 4.02 to 7.61) – source Zecoxao
- Dumper source code (initial release by Astrelsky, not cleaned up yet) – for binary payloads head over to the PS5 R&D discord
Does this mean we might possibly get PS5 FPKGs without hacking the hypervisor? :O
is it just me or does it seem like this site has seem a massive downturn of articles n just general news
It’s not you. I’ve been on the scene for almost 20 years and to be honest my interest is waning
the scene isnt what it used to be for many reasons. i still appreciate popping your site up a few times a month and seeing whats going on, even though i dont do much of anything with my consoles anymore. The last thing i hacked was a switch. Its still awesome to see that people keep at it
Can confirm, we be old….
A11 devices on latest 16 usermode
using : …
git clone git://git.buildroot.net/buildroot && cd buildroot
Download and copy this Buildroot .config to .config
If using a toolchain path different than /opt/armv7-eabihf–glibc–bleeding-edge-2023.08-1:
make menuconfig
Navigate to Toolchain —>
Properly set the Toolchain path, save and exit
Create a rootfs-overlay directory. Everything you put inside will be part of the rootfs.
make -j
This will generate output/images/rootfs.cpio.xz
is … error postponed weston jpeg profile
make -j
>>> weston 14.0.1 Building
GIT_DIR=. PATH=”/opt/buildroot/output/host/bin:/opt/buildroot/output/host/sbin:/usr/local/vitasdk/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin:/snap/bin:/opt/armv7-eabihf–glibc–bleeding-edge-2024.05-1/bin” PYTHONNOUSERSITE=y /opt/buildroot/output/host/bin/ninja -C /opt/buildroot/output/build/weston-14.0.1//buildroot-build
ninja: Entering directory `/opt/buildroot/output/build/weston-14.0.1//buildroot-build’
[2/308] Compiling C object shared/libcairo-shared.a.p/image-loader.c.o
FAILED: shared/libcairo-shared.a.p/image-loader.c.o
/opt/buildroot/output/host/bin/arm-linux-gcc -Ishared/libcairo-shared.a.p -Ishared -I../shared -I. -I.. -Iinclude -I../include -I/opt/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/include -I/opt/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/include/pixman-1 -I/opt/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/include/cairo -I/opt/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/include/freetype2 -I/opt/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/include/libpng16 -I/opt/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/include/pango-1.0 -I/opt/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/include/harfbuzz -I/opt/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/include/glib-2.0 -I/opt/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/lib/glib-2.0/include -I/opt/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/include/libmount -I/opt/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/include/blkid -I/opt/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/include/fribidi -fdiagnostics-color=always -Wall -Winvalid-pch -Wextra -Wpedantic -std=gnu99 -O3 -Wmissing-prototypes -Wno-unused-parameter -Wno-shift-negative-value -Wno-missing-field-initializers -Wno-pedantic -Wundef -fvisibility=hidden -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -Os -g0 -fPIC -pthread -MD -MQ shared/libcairo-shared.a.p/image-loader.c.o -MF shared/libcairo-shared.a.p/image-loader.c.o.d -o shared/libcairo-shared.a.p/image-loader.c.o -c ../shared/image-loader.c
../shared/image-loader.c: In function ‘load_jpeg_icc’:
../shared/image-loader.c:163:14: error: implicit declaration of function ‘jpeg_read_icc_profile’ [-Wimplicit-function-declaration]
163 | if (!jpeg_read_icc_profile(cinfo, &profdata, &proflen)) {
| ^~~~~~~~~~~~~~~~~~~~~
[4/308] Generating git-version.h with a custom command
fatal: not a git repository: ‘.’
[9/308] Compiling C object shared/libcairo-shared.a.p/frame.c.o
ninja: build stopped: subcommand failed.
make[1]: *** [package/pkg-generic.mk:273: /opt/buildroot/output/build/weston-14.0.1/.stamp_built] Error 1
make: *** [Makefile:83: _all] Error 2