Possible way to hack Playstation 4
October 9, 2013 Console

In my previous article I told you in great detail why not all Playstations can be updated with custom firmware and promised to show a way to run homebrew on newer console revisions.


There really is a way. Actually, that was your comments that made me to do this video. One of the viewers asked about the so called optical drive emulators (ODE). They hit the market this year, and even though they do allow to run pirated games, the didn’t allow to run homebrew. Until recently. At that led to some confused comments as I told you in the previous video that you can install CFW only on certain consoles. So this video is complimentary to the previous one, make sure you watch that one as well to get the complete picture. We’ll talk about all this in a bit, and now I just want to say thank you for your comments. I learn a lot from them and they really help me make this an even better channel. So if you want to say something, spill it, don’t hold inside. And don’t forger to like my videos and subscribe to my channel. So, optical drive emulators. Personally, I came up with the idea a couple years back, when I was struggling with a dead laser head in my PS3’s blu-ray drive. You may not now, but early BD drives used the same laser for playing both blu-rays and cd/dvd discs. For some reason, these combined heads had a very short life span, and the laser module had to be replaced. Why replacing the head and not the whole blu-ray drive was so important? The thing is, all blu-ray game discs, as well as movie discs are encrypted, and they are decrypted by a special crypto key built in every drive. The key is unique and the whole sign and encrypt process works in a similar way to which I described in the previous video, so watch it if you haven’t already. So this BD drive key is tied to the mainboard key. So if you completely change the drive, you will have to reassign the drive and mainboard keys in a special way – the slang term is to remarry the drive, and obviously it is only possible if the console can run homebrew. So in most cases the only way to fix a console with broken blu-ray drive was either to replace the optical head, or rip out the lower electronic board which hold the key from the old drive and install it on the new one. An idea came up to me while rewiring the laser head – and why can’t we wire some kind of laser emulator, which will produce signals requested by the mainboard, similar to those normal laser head makes – bits and bytes – but from some other storage like a flash drive or HDD. Why can’t we replace optical laser reading with electrical flash drive reading? Unfortunately, I failed to see anything like this back then, and after the PS3 was jailbroken, the idea kind of became useless. By way, you may know that many pirated copies – or the politically correct term – backups – still require any legal game disc present in the drive to mount them? Well, those game rips you normally see at torrents are made to run on CFW consoles and they are not exact bit-to-bit copies of the original disc they are ripped from. They are just files, copied from the original disc right on the console after it completely decrypted them. So this is not a exact rip, but merely a copy. Of course such copies do not contain any DRM protection, as it already has been removed during decryption, and some games check DRM before launching, that’s why you need a game disc. Why any official game works and not the one we try to mount remains a mystery, may be some design flaw. Anyway, DRM is checked even on jailbroken consoles. PS3 revisions 3k/4k cannot be flashed with custom firmware, that’s true. And here comes 3k3y company, obviously pronounced as “three key”, which release an optical drive emulator. Basically they made the device I thought about a couple year ago, and presented a little more elegant solution. The emulator circuit board is connected in between the optical drive and the mainboard, and it hijacks requests that the mainboard sends to the blu-ray drive, providing expected game data stored on a flash drive, and not on the game disc. To use jailbreak RIPs, you have to restore them to a complete game rip by including a so called IRD. Notice that to decrypt the game rip you still need the drive key, that’s why the emulator also requires a game disc present in the drive. There is a list of compatible games to be used for this sole purpose of mounting other games from a flash drive connected to the emulator hardware. Game selection is a funny process: you go to picture gallery on your PS3, select the picture of the game you want to play, then access the PS button menu and select eject disc from there. After this the game backup appears in the XMB as if it was a game disc. This is the only way to run backups regardless of console revision, and this is the optical disc emulator main feature. Yes, as I told before, the console still cannot be flashed to run custom firmware, it is just tricked to believe legit data comes from the blu ray, while in fact it comes from another storage. 3k3y has another advantage – as it does not install any software or leave any traces, you can use any official firmware without any modification. This means ODE cannot be detected while playing online. From this point of view, the 3k3y main competitor – a similar emulator from Cobra called Cobra ODE – is not better, as it uses backup manager that may leave traces it has been run, besides being so ugly. Whenever your login to PSN, data on everything you played, watched or run on the console is immediately transferred to Sony servers, so bogus software can easily be detected. Well, if the developer didn’t take countermeasures to stealth the app by using a legit app ID. The ugliness of the manager led to a breakthrough. The breakthrough was made by DeanK. He is mostly known as the author of multiman – best backup manager for the PS3. But his reputation is somewhat tainted, as he sold out to that Cobra company. Before the ODE, Cobra made special USB dongles, similar to True Blue, which allowed to run many new games that the fee pirate scene didn’t know how to hack yet. But to do that, you needed to purchase a Cobra dongle, which came at a price. To avoid copying their device, Cobra used a DRM check… in essence, making the same move Sony makes. It was this DRM and the lust for money which made Cobra one of the hated companies in PS3 circles, as both are in contrast to the very spirit of piracy. Well I distracted. So this DeanK dude managed to pack a homebrew app – his multiman manger – in an .iso file to run on Cobra ODE. And then helped to port Showtime in the same way. How did he make it – that’s another topic, but probably he used the exploit found in 3.55 firmware about a year ago, that allowed to sign any file in a way any PS3 will run it as legal one. Anyway, if you mask the app ID, PSN will never know anything about the launch. The main thing you have to understand is that the consoles remain unable to run CFW. But with optical disc emulator – 3k3y or Cobra – you can run both homebrew and backups on them. No CFW required. I would like to draw you attention that, even though the results are similar, ODE is completely different from CFW way I described in the previous video, and doesn’t contradict it in any way. Last time I said that CFW console allows to run any code without console manufacturer signature. You’re the boss, the master of your hardware. The ODE method is trying to mask your code as legitimate. Like a wolf in sheep’s skin, you’re not the boss, you’re a fraud. But anyway, from practical point of view, optical drive emulators made CFW and non-CFW console owner equal, and also gave a safe way to play online. Which could be easily repossessed by introducing online codes like those printed on legal copies of online PC games, like Counter Strike. As soon as any two players with identical codes connect to the game server, both get banned. Nothing stands in the way of implementing similar protection for console games, and some already use it. However, from single player point of view, PS4 and Xbox One hacking future is a bit brighter with the ODE. It’s highly probably Sony won’t have time or skill to protect the PS4 from optical drive emulator installations, and the same ODE boards could potentially be used to play backups on the new generation consoles. This is still a speculation though. Time will tell.

Leave a Reply

You must be logged in to post a comment.

*