Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

after payload sent, files in pendrive console shutdown #7

Open
helloitu opened this Issue May 28, 2018 · 42 comments

Comments

Projects
None yet
10 participants
@helloitu
Copy link

helloitu commented May 28, 2018

idk why, the ps4 just turn off literally, :/

@helloitu

This comment has been minimized.

Copy link
Author

helloitu commented May 28, 2018

and, isn´t a mira bug, this is after ps4 payload sent

@helloitu

This comment has been minimized.

Copy link
Author

helloitu commented May 28, 2018

PS4 kLog
``cred...
Disable write protection
kexec init
Now init kexec
kernel_init()
Kernel base = ffffffffdf80c000
Direct map base = ffffe87000000000
pmap_protect patch successful (found at 0xffffffffdfaef0ca)
pmap_protect(pmap, 0xffffffffe0328000, 0xffffffffe0330000, 7)
Testing global variable access (write protection)...
OK.
Kernel interface initialized
Installing sys_kexec to system call #153
kexec_init() successful

PS4 Linux Loader for 5.05 by valentinbreiz
kernel base is:0xffffffffdf80c000
uaddr is:0x000000020034c000
<118>[SceShellUI] I/PSM.UI : ** Unload enqueue: WebBrowserPlugin : WebBrowserPlugin
<118>[SceShellUI] I/PSM.UI : OnFocusActiveSceneChanged [SystemArea : SystemAreaScene] -> []
<118>SetDeviceIndexBehavior: mode=SpecificUser, param=0x10000000
<118>[SceShellUI] W/PSM.UI : SystemSound called when there is no FocusActiveScene !
sys_kexec invoked
sys_kexec(0x888734020, 5265840, 0x888c44020, 2029577, "panic=0 clocksource=tsc radeon.dpm=0 console=tty0 console=ttyS0,115200n8 console=uart8250,mmio32,0xd0340000 video=HDMI-A-1:1920x1080-24@60 consoleblank=0 net.ifnames=0 drm.debug=0")
Copying PFP firmware
NOP handler at 0xff0
Copying ME firmware
Copying CE firmware
NOP handler at 0x7f0
Copying MEC firmware
NOP handler at 0xff0
Copying MEC2 firmware
NOP handler at 0xff0
Copying RLC firmware
Copying SDMA firmware
Copying SDMA1 firmware
Failed to copy in cmdline
[KERNEL] dmem_handle_vmspace_exited pid: 68, ptype=2, 0xffffe8700429b5e8->pt_loaded is TRUE``

@valentinbreiz

This comment has been minimized.

Copy link
Owner

valentinbreiz commented May 28, 2018

All seems good :/

@valentinbreiz

This comment has been minimized.

Copy link
Owner

valentinbreiz commented May 28, 2018

it shuts down directly or after some time?

@helloitu

This comment has been minimized.

Copy link
Author

helloitu commented May 28, 2018

directly "Failed to copy in cmdline" this is good?

@valentinbreiz

This comment has been minimized.

Copy link
Owner

valentinbreiz commented May 28, 2018

Oh no

@helloitu

This comment has been minimized.

Copy link
Author

helloitu commented May 28, 2018

can i spoke with u in discord? @valentinbreiz

@valentinbreiz

This comment has been minimized.

Copy link
Owner

valentinbreiz commented May 28, 2018

yes!

@fasif

This comment has been minimized.

Copy link

fasif commented May 29, 2018

I have the similar issue. just don't shutdown. No video output. the klog output .


kexec successfully armed. Please shut down the system.


[KERNEL] dmem_handle_vmspace_exited pid: 67, ptype=2, 0xffffdc2006a55068->pt_loaded is TRUE
[KERNEL] dmem_handle_vmspace_exited map #0 0xffffdc2006a552c0
[KERNEL] dmem_handle_vmspace_exited map #1 0xffffdc2006a55068
[KERNEL] dmem_handle_vmspace_exited pid: 67, app_maps_count[2], 2 -> 1
Context.cc:189 (ajmContextCleanup) - Codec Opus CELT Encoder was not properly unregistered.
[KERNEL] dmem_handle_vmspace_exited pid: 66, ptype=2, 0xffffdc2006a552c0->pt_loaded is TRUE
Context.cc:189 (ajmContextCleanup) - Codec Opus CELT Decoder was not properly unregistered.
Context.cc:189 (ajmContextCleanup) - Codec CELP8 Decoder was not properly unregistered.
[KERNEL] dmem_handle_vmspace_exited map #0 0xffffdc2006a552c0
Context.cc:189 (ajmContextCleanup) - Codec CELP8 Encoder was not properly unregistered.
[KERNEL] dmem_handle_vmspace_exited pid: 66, app_maps_count[2], 1 -> 0
Context.cc:189 (ajmContextCleanup) - Codec CELP(16) Decoder was not properly unregistered.
Context.cc:191 (ajmContextCleanup) - More codecs were not properly unregistered...
Context.cc:189 (ajmContextCleanup) - Codec MPEG4 AAC Encoder was not properly unregistered.
[KE]sceCameraDevKill::2775 ERROR: sceCameraProcConfigStop 0x802e0006 i=0 handle=257 pid=43
Context.cc:174 (ajmContextCleanup) - Instance 114689 was not properly destroyed.
Context.cc:174 (ajmContextCleanup) - Instance 16389 was not properly destroyed.
Context.cc:189 (ajmContextCleanup) - Codec AC3 Encoder was not properly unregistered.
Context.cc:189 (ajmContextCleanup) - Codec MP3 Decoder was not properly unregistered.
Context.cc:189 (ajmContextCleanup) - Codec ATRAC9 Decoder was not properly unregistered.
Context.cc:174 (ajmContextCleanup) - Instance 163842 was not properly destroyed.
Context.cc:189 (ajmContextCleanup) - Codec DTS Encoder was not properly unregistered.
<5>Limiting closed port RST response from 441 to 200 packets/sec
<118>[SceSysCore mini] forcibly unmount 1 nullfses
<118>[SceSysCore mini] forcibly unmount /mnt/usb0
<118>[SceSysCore mini] sceKernelPollEventFlag(reboot_flag): failed 80020010
<118>[SceSysCore mini] call reboot(4000)
[REGMGR] 000006 ...
[REGMGR] ( 340.932 sec) 010006 ...
[REGMGR] ( 0.011459 sec) 010007 ...
[REGMGR] 000108 ...
Waiting (max 60 seconds) for system process SceVnlru' to stop...done Waiting (max 60 seconds) for system process SceBufdaemon2' to stop...SD Manual Tuning done. MaxPassWindowSize=23, TunePoint=11 CORE_CTRL=0x58408b
done
Waiting (max 60 seconds) for system process SceBufdaemon1' to stop...done Waiting (max 60 seconds) for system process SceBufdaemon0' to stop...done
Waiting (max 60 seconds) for system process `SceSyncer' to stop...
Syncing disks, vnodes remaining...2 0 0 sched_sync: flush softdep (iter=2)
sched_sync: flush softdep (iter=1)
done
All buffers synced.
Uptime: 5m48s
icc post sync:Thermal alert LED off

@valentinbreiz

This comment has been minimized.

Copy link
Owner

valentinbreiz commented May 29, 2018

Are you sure @helloitu you have bzimage and initramfs.cpio.gz in a FAT32 USB key?

@valentinbreiz

This comment has been minimized.

Copy link
Owner

valentinbreiz commented May 29, 2018

And @fasif it's really weird, it seems that it doesn't want to reboot for you :/

@fasif

This comment has been minimized.

Copy link

fasif commented May 29, 2018

I have to press power button about 20 second to close ps4.

@valentinbreiz

This comment has been minimized.

Copy link
Owner

valentinbreiz commented May 29, 2018

@helloitu and @fasif what are your PS4 model and firmware version?

@fasif

This comment has been minimized.

Copy link

fasif commented May 29, 2018

@valentinbreiz cuh-2006a 5.05

@helloitu

This comment has been minimized.

Copy link
Author

helloitu commented May 29, 2018

yes, the bzimage and initramfs.cpio.gz are in the Fat32 USB root, my ps4 model is CUH-2015A, FW 5.05

@shadow2560

This comment has been minimized.

Copy link

shadow2560 commented Jun 4, 2018

Exactly same problem as @fasif for me, log atached.

My console is a PS4 Pro CUH-7116B on 5.05 firmware.

ps4_linux_loader_5.05_load_klog.txt

@valentinbreiz

This comment has been minimized.

Copy link
Owner

valentinbreiz commented Jun 4, 2018

@jlozes and @fasif I created an issue (#8) with your problem because it seems to not be the same as @helloitu

@c4pt00

This comment has been minimized.

Copy link

c4pt00 commented Jun 17, 2018

I have the same problem with the PS4 having a panic and shutting down after sending the payload, it seems as though the screen goes black as though its going to start to load Linux and maybe go to a rescue shell but it turns out the model (CUH-1215A)

@c4pt00

This comment has been minimized.

Copy link

c4pt00 commented Jun 18, 2018

I had no video output on CUH-1215A turns out to be 720p I think ?

I just recompiled a 5.05 Linux Loader based on this code, but for 720p
because I was just experiencing the same problem in the last few days trying to load Fedora,

^ this is for the Linux Loader for 5.05 in 720p for CUH-1215A models, probably most CUH-12XX models,
you have to switch your PS4 video resolution from 1080p to 720p
its working for me, using the same initrd and bzImage for 5.05

PS4-Linux-Loader-5.05.720p.bin
https://mega.nz/#!P3wEWCLL!fGI_LSwbNo7qwW7X_didKKs59XTp_6qkVnkF79eSIzo

bzImage and initrd

5.05-fat32-files-for-720p-1080p-loader.zip
https://mega.nz/#!Sixg1aBD!HDtq6qDA8NR-Ta3Rpukt1mB6GNx-euTQnXUipG3YH70

@tonyyoyo

This comment has been minimized.

Copy link

tonyyoyo commented Oct 10, 2018

Helloitu, I see you're a PS4 developer, did you ever make any progress on this? We both have the same model/firmware. I'm desperate for a fix.

@shadow2560

This comment has been minimized.

Copy link

shadow2560 commented Oct 11, 2018

@tonyyoyo : The problem is probably not the payload itself, it's working as intended. The problem is the kernel initializing wich seems to have a driver miss or something like that causing Linux boot problem on this model.

@tonyyoyo

This comment has been minimized.

Copy link

tonyyoyo commented Oct 11, 2018

So if it is indeed the kernel, this would be a problem for eeply, right?

  • Can someone get in contact with him?
  • Is he aware of the problem?

He says he supports CUH-2XXX, but he, clearly, does not.

@tonyyoyo

This comment has been minimized.

Copy link

tonyyoyo commented Oct 11, 2018

Hey, you guys, check out his announcement tweet. It's worded slightly different, with clear instructions. I think c4pt00 was on to something!

Commited a fix for CUH-12XX PS4 models. 720p is also supported.(Modify commandline in ps4-linux-loader to 1280x720).

@tonyyoyo

This comment has been minimized.

Copy link

tonyyoyo commented Oct 11, 2018

I tried c4pt00's links, and still no luck. This time I also tried it with my front room TV (Roku), in addition to my bedroom TV (PlayStation Display).

What in the fuck is modify command line, does anyone know? 😕

@mirh

This comment has been minimized.

Copy link

mirh commented Oct 11, 2018

@tonyyoyo

This comment has been minimized.

Copy link

tonyyoyo commented Oct 13, 2018

Here's my klog, using c4pt00's 720p payload.

PS4 Linux Loader for 5.05 by valentinbreiz
kernel base is:0xffffffffdefc4000
uaddr is:0x00000002003dc000
sys_kexec invoked
sys_kexec(0x888a0c020, 5984752, 0x888fcc020, 3093817, "panic=0 clocksource=tsc radeon.dpm=0 console=tty0 console=ttyS0,115200n8 console=uart8250,mmio32,0xd0340000 video=HDMI-A-1:1280x720-24@60 consoleblank=0 net.ifnames=0 drm.debug=0")
Copying PFP firmware
NOP handler at 0xff0
Copying ME firmware
Copying CE firmware
NOP handler at 0x7f0
Copying MEC firmware
NOP handler at 0xff0
Copying MEC2 firmware
NOP handler at 0xff0
Copying RLC firmware
Copying SDMA firmware
Copying SDMA1 firmware

kexec parameters:
    Kernel image size:   5984752 bytes
    Initramfs size:      3187873 bytes (3093817 from user)
    Kernel command line: panic=0 clocksource=tsc radeon.dpm=0 console=tty0 console=ttyS0,115200n8 console=uart8250,mmio32,0xd0340000 video=HDMI-A-1:1280x720-24@60 consoleblank=0 net.ifnames=0 drm.debug=0
    Kernel image buffer: 0xffffa6f350800000
    Initramfs buffer:    0xffffa6f30f400000
kernel_hook_install(0xffffffffdfae27f2, 0xffffffffdf008020)
  Using 64bit absolute jump
******************************************************
kexec successfully armed. Please shut down the system.
******************************************************

[KERNEL] dmem_handle_vmspace_exited pid: 66, ptype=2, 0xffffa6f307591c20->pt_loaded is TRUE
Context.cc:189 (ajmContextCleanup) - Codec Opus CELT Encoder was not properly unregistered.
[KERNEL] dmem_handle_vmspace_exited map #0 0xffffa6f307591e78
Context.cc:189 (ajmContextCleanup) - Codec Opus CELT Decoder was not properly unregistered.
[KERNEL] dmem_handle_vmspace_exited map #1 0xffffa6f307591c20
[KERNEL] dmem_handle_vmspace_exited pid: 66, app_maps_count[2], 2 -> 1
Context.cc:189 (ajmContextCleanup) - Codec CELP8 Decoder was not properly unregistered.
Context.cc:189 (ajmContextCleanup) - Codec CELP8 Encoder was not properly unregistered.
[KERNEL] dmem_handle_vmspace_exited pid: 65, ptype=2, 0xffffa6f307591e78->pt_loaded is TRUE
Context.cc:189 (ajmContextCleanup) - Codec CELP(16) Decoder was not properly unregistered.
[KERNEL] dmem_handle_vmspace_exited map #0 0xffffa6f307591e78
Context.cc:189 (ajmContextCleanup) - Codec MPEG4 AAC Encoder was not properly unregistered.
Context.cc:191 (ajmContextCleanup) - More codecs were not properly unregistered...
[KE]sceCameraDevKill::2775 ERROR: sceCameraProcConfigStop 0x802e0006 i=0 handle=257 pid=44
[KERNEL] dmem_handle_vmspace_exited pid: 65, app_maps_count[2], 1 -> 0
Context.cc:174 (ajmContextCleanup) - Instance 16390 was not properly destroyed.
Context.cc:189 (ajmContextCleanup) - Codec MP3 Decoder was not properly unregistered.
Context.cc:189 (ajmContextCleanup) - Codec ATRAC9 Decoder was not properly unregistered.
Context.cc:174 (ajmContextCleanup) - Instance 114689 was not properly destroyed.
Context.cc:189 (ajmContextCleanup) - Codec AC3 Encoder was not properly unregistered.
Context.cc:174 (ajmContextCleanup) - Instance 163842 was not properly destroyed.
Context.cc:189 (ajmContextCleanup) - Codec DTS Encoder was not properly unregistered.
<118>[SceSysCore mini] forcibly unmount 1 nullfses
<118>[SceSysCore mini] forcibly unmount /mnt/usb0
<118>[SceSysCore mini] sceKernelPollEventFlag(reboot_flag): failed 80020010
<118>[SceSysCore mini] call reboot(4000)
[REGMGR] 000006 ...
[REGMGR] (    171.723 sec) 010006 ...
[REGMGR] (   0.011507 sec) 010007 ...
[REGMGR] 000108 ...
Waiting (max 60 seconds) for system process `SceVnlru' to stop...done
Waiting (max 60 seconds) for system process `SceBufdaemon1' to stop...done
Waiting (max 60 seconds) for system process `SceBufdaemon0' to stop...SD Manual Tuning done. MaxPassWindowSize=23, TunePoint=11 CORE_CTRL=0x58408b
done
Waiting (max 60 seconds) for system process `SceSyncer' to stop...
Syncing disks, vnodes remaining...0 0 sched_sync: flush softdep (iter=2)
sched_sync: flush softdep (iter=1)
done
Waiting (max 60 seconds) for system process `SceBufdaemon2' to stop...done
All buffers synced.
[PFS] umount[0x00005c9c651dacd7] finished 0
[PFS] umount[0x00005c9c652a8338] finished 0
Uptime: 2m56s
icc post sync:Thermal alert LED off
[REGMGR] 000007 @2@ ...
icc08-4001 0802
icc:failed to disabled reset button notification: 0005
icc:disabled thermal notification
@helloitu

This comment has been minimized.

Copy link
Author

helloitu commented Oct 14, 2018

Helloitu, I see you're a PS4 developer, did you ever make any progress on this? We both have the same model/firmware. I'm desperate for a fix.

actually not, exams on university sucks, xD, but this is a thing to do in vaccations.

@Valeryy

This comment has been minimized.

Copy link

Valeryy commented Mar 3, 2019

I also report SCE_KERNEL_ERROR_EBUSY 0x80020010 Device busy
CUH-7116B.
Here https://www.psdevwiki.com/ps4/Template:CE
the corresponding "official" error code is CE-30016-0
If we google it PS4 users complain about the problems with external storage USB drive, either when they format it with PS4 or afterwards.
Here https://playstations.repair/errorcode/ps4/ce-30016-0
it says to "Rebuild Database".

So facts:

  1. Other people with CUH-7116B succeeded to launch linux;
  2. CE-30016-0 related to USB drive;
  3. When changing/recompiling linux-loader to 720p problem stays.
    --
    I will try to use 1TB USB3 drive "Transcend".
    First I will try to format is as external storage with official PS4 means.
@steffen83

This comment has been minimized.

Copy link

steffen83 commented Mar 3, 2019

for sure a noob question, how do i get a klog like the posted ones ?
I'm loading mira, then the binloader, then start "nc 192.168.178.48 9998 > klog.txt" on my win10-pc
then sending the payload with my android-phone. After the ps4 only show the white light,
my klog.txt is about 65kbytes.

@tonyyoyo

This comment has been minimized.

Copy link

tonyyoyo commented Mar 3, 2019

I tried Rebuild Database to no avail.

Beware, this should leave your data intact, but you'll have to use PS4_db_rebuilder to restore fpkgs.

@Valeryy

This comment has been minimized.

Copy link

Valeryy commented Mar 3, 2019

steffen83 I read klog like this:

  1. ps4-exploit-host -> Original -> MiraFW_Orbis505.bin
  2. After this telnet 192.168.178.21 9998 gives me the klog.
  3. ps4-exploit-host -> Original -> linux-loader.bin
@Valeryy

This comment has been minimized.

Copy link

Valeryy commented Mar 3, 2019

I tried to boot PSXITARCH V2 today from 1TB USB3 drive "Transcend". No luck :-(
Same
<118>[SceSysCore mini] forcibly unmount 1 nullfses
<118>[SceSysCore mini] forcibly unmount /mnt/usb0
<118>[SceSysCore mini] sceKernelPollEventFlag(reboot_flag): failed 80020010
<118>[SceSysCore mini] call reboot(4000)

Before formating it to FAT32 and copying three files of psxitarch v2, I let the PS4 to format it as External Drive and it succeeded, so we can say PS4 "accepted this drive" ;-)

What else I want to try is I want to recompile linux-loader and add delay before these lines:

//Reboot PS4
int evf = syscall(540, "SceSysCoreReboot");
syscall(546, evf, 0x4000, 0);
syscall(541, evf);
syscall(37, 1, 30);

This delay would allow me to just unplug manually the drive before start rebooting.

@Valeryy

This comment has been minimized.

Copy link

Valeryy commented Mar 4, 2019

Couple of more observations:
In youtube there are a couple of videos where a guy with white CUH-7116 5.05 setup different linux Manjaro V1, V2, PSXITARCH V1,V2 and there are no problem with "device busy".

He uses SSD Samsung connected with SATA-to-USB3 adapter with dedicated power supply.

Have anybody tried to use SSD? Mybe SSD drive is just faster than FLASH and HDD drives and it is enough time for it to "forcibly unmount" and sceKernelPollEventFlag(reboot_flag) does not fail with 80020010?

@tonyyoyo

This comment has been minimized.

Copy link

tonyyoyo commented Mar 4, 2019

A cheaper alternative that might give comparable speeds is a MicroSD-to-USB3.0 adapter. I tried the only one I have laying around the house, USB2.0, and it failed.

@jersonjunior

This comment has been minimized.

Copy link

jersonjunior commented Mar 5, 2019

I suspect that the problem is not related to boot via usb because I tried with the direct payload in memory without the use of usb dongle

@jersonjunior

This comment has been minimized.

Copy link

jersonjunior commented Mar 5, 2019

https://github.com/ps4gentoo/PS4-5.05-Linux-Loader

PS4-5.05-Linux-Loader boot in to RescueShell without a USB Stick

@tonyyoyo

This comment has been minimized.

Copy link

tonyyoyo commented Mar 5, 2019

jersonjunior, you still get device busy even without a USB stick?! We're fucking doomed! 😢

@jersonjunior

This comment has been minimized.

Copy link

jersonjunior commented Mar 5, 2019

Yes, same problem: sceKernelPollEventFlag(reboot_flag): failed 80020010 and ps4 led white!

@jersonjunior

This comment has been minimized.

Copy link

jersonjunior commented Mar 6, 2019

Anyone with UART to help us, or any ideas?

@tonyyoyo

This comment has been minimized.

Copy link

tonyyoyo commented Mar 6, 2019

ps4gentoo, could you please post a successful klog, that way we can compare against the failed?

@jersonjunior

This comment has been minimized.

Copy link

jersonjunior commented Mar 6, 2019

I tested USB 3.0 with SSD and did not succeed non-SLIM CUH-2016B

@tonyyoyo

This comment has been minimized.

Copy link

tonyyoyo commented Mar 6, 2019

ps4gentoo, could you please post a successful klog, that way we can compare against the failed?

It's possible device busy is true for everybody, even on a successful boot.

I'm also curious about these unregistered codec errors. I installed PS4 Media Player for non-activated consoles, is it related to that?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.