Introduction:
Wassup guys, so today PS4 Developer Zecoxao has shared a new tutorial out to the community on How to Create ELFs from Process Dumps. To quote his guide, here it is!
You'll need:
Go to your playground of choice (in this case my playground is extreme-modding.de one)
Step 2:
Grab your ELF or SELF that you want to make a forgery of (i'm going to use SysCore for this)
Step 3:
Look closely at the header and pick ONLY the elf header chunk of the file. Note here: the ELF header must contain all of it's necessary bytes EXCEPT the last 32!
Step 4:
Add the necessary number of bytes until the file has EXACTLY 0x4000 bytes.
Step 5:
If necessary restart PS4 so you can clean the payload's memory and then start PS4 file ninja.
Step 6:
Go to the process of choice (in this case SceSysCore) by going to Tools->Processes, picking SceSysCore and attaching to the process.
Step 7:
Dump the first process offsets, and ONLY those in the LOWER memory range. Here's my example:
Step 8:
Copy the first segment and add it after the end of the ELF forged header. Do the same for the other segments.
Step 9:
You have now a forged elf you can use in IDA for analysis.
Some Notes:
Cheers, Snow!
Wassup guys, so today PS4 Developer Zecoxao has shared a new tutorial out to the community on How to Create ELFs from Process Dumps. To quote his guide, here it is!
You'll need:
- HX-D
- PS4 FileNinja v2.0 (the one with process dump support)
- Extreme-modding.de ftp payload (or you can use FileNinja but FileZilla is a better client for this purpose)
- a brain
Go to your playground of choice (in this case my playground is extreme-modding.de one)
Step 2:
Grab your ELF or SELF that you want to make a forgery of (i'm going to use SysCore for this)
Step 3:
Look closely at the header and pick ONLY the elf header chunk of the file. Note here: the ELF header must contain all of it's necessary bytes EXCEPT the last 32!
Step 4:
Add the necessary number of bytes until the file has EXACTLY 0x4000 bytes.
Step 5:
If necessary restart PS4 so you can clean the payload's memory and then start PS4 file ninja.
Step 6:
Go to the process of choice (in this case SceSysCore) by going to Tools->Processes, picking SceSysCore and attaching to the process.
Step 7:
Dump the first process offsets, and ONLY those in the LOWER memory range. Here's my example:
Step 8:
Copy the first segment and add it after the end of the ELF forged header. Do the same for the other segments.
Step 9:
You have now a forged elf you can use in IDA for analysis.
Some Notes:
- You can use readelf to check on how good your ELF looks.
- First section has libexec magic. Second section has ORBI magic.
Cheers, Snow!
Have any questions? Feel free to PM me! / Knowledge is Power