Introduction:
Wassup guys, so today PS4 Developer Zecoxao has shared a new tutorial out to the community on How to Create ELFs from Process Dumps. To quote his guide, here it is!
You'll need:
Go to your playground of choice (in this case my playground is extreme-modding.de one)
Step 2:
Grab your ELF or SELF that you want to make a forgery of (i'm going to use SysCore for this)
Step 3:
Look closely at the header and pick ONLY the elf header chunk of the file. Note here: the ELF header must contain all of it's necessary bytes EXCEPT the last 32!
![[Image: dzpybjl-png.1263]](https://www.psxhax.com/attachments/dzpybjl-png.1263/)
Step 4:
Add the necessary number of bytes until the file has EXACTLY 0x4000 bytes.
Step 5:
If necessary restart PS4 so you can clean the payload's memory and then start PS4 file ninja.
Step 6:
Go to the process of choice (in this case SceSysCore) by going to Tools->Processes, picking SceSysCore and attaching to the process.
Step 7:
Dump the first process offsets, and ONLY those in the LOWER memory range. Here's my example:
![[Image: lyrenso-png.1264]](https://www.psxhax.com/attachments/lyrenso-png.1264/)
Step 8:
Copy the first segment and add it after the end of the ELF forged header. Do the same for the other segments.
Step 9:
You have now a forged elf you can use in IDA for analysis.
Some Notes:
Cheers, Snow!
Wassup guys, so today PS4 Developer Zecoxao has shared a new tutorial out to the community on How to Create ELFs from Process Dumps. To quote his guide, here it is!
You'll need:
- HX-D
- PS4 FileNinja v2.0 (the one with process dump support)
- Extreme-modding.de ftp payload (or you can use FileNinja but FileZilla is a better client for this purpose)
- a brain
Go to your playground of choice (in this case my playground is extreme-modding.de one)
Step 2:
Grab your ELF or SELF that you want to make a forgery of (i'm going to use SysCore for this)
Step 3:
Look closely at the header and pick ONLY the elf header chunk of the file. Note here: the ELF header must contain all of it's necessary bytes EXCEPT the last 32!
Step 4:
Add the necessary number of bytes until the file has EXACTLY 0x4000 bytes.
Step 5:
If necessary restart PS4 so you can clean the payload's memory and then start PS4 file ninja.
Step 6:
Go to the process of choice (in this case SceSysCore) by going to Tools->Processes, picking SceSysCore and attaching to the process.
Step 7:
Dump the first process offsets, and ONLY those in the LOWER memory range. Here's my example:
Step 8:
Copy the first segment and add it after the end of the ELF forged header. Do the same for the other segments.
Step 9:
You have now a forged elf you can use in IDA for analysis.
Some Notes:
- You can use readelf to check on how good your ELF looks.
- First section has libexec magic. Second section has ORBI magic.
Cheers, Snow!
Have any questions? Feel free to PM me! / Knowledge is Power
![[-]](https://weleaks.info/images/collapse.png)
![[Image: FTYbRmR.gif]](http://i.imgur.com/FTYbRmR.gif)