PS4 Dumping auth_info

Lately I found that the US version of Plex no longer requires PSN access to start, however, I soon found out that the dump is broken, where as the video will start with sound but no video support... the issue was lack of correct executable privilege for codec support, this blog is will go in very small detail about what auth_info is, how to to fix your dump if indicated.

This blog is mainly for media app, but my also be relevant for games with special features, something like usb access.

auth_info is as the name would suggest, authorisation information, which is found on self files associated with PS4, what it does is rather simple, it allows the PS4 to know what kind of access that executable has, such as codec, usb, filesystem access etc etc

we dont know much about auth_info beside it's structure provided by @flatz

#define SIZEOF_SELF_AUTH_INFO 0x88

TYPE_BEGIN(struct self_auth_info, SIZEOF_SELF_AUTH_INFO);
	TYPE_FIELD(uint64_t paid, 0x00);
	TYPE_FIELD(uint64_t caps[4], 0x08);
	TYPE_FIELD(uint64_t attrs[4], 0x28);
	TYPE_FIELD(uint8_t unk[0x40], 0x48);
TYPE_END();

paid stands for program authentication id, caps is probably capability, attrs for attribution and unk is unknown.

unfortunately, we don't have any public documentation on what values are associated with which privileges, none the less we have means to dump them from original PS4 selfs binaries and means to use them in decrypted binaries to generate fselfs, courtesy of @flatz:

Having done exactly that I was able to fix black video screen in a dumped version of Plex.

the same can be done to any other media player, such as Netflix, CrunchyRoll, YouTube, Media Player etc etc

Requirements

  • PS4 with ability to arbitrary code execution with kernel privileges (jailbreak)
  • ability to run legit/original pkg of app you want to get auth_info from
  • This [Payload]
  • ability to run python server to recieve auth_info

Note: if you have auth_info and a dump you can skip to step 6
Here is a list of auth_info from my console, it includes Plex, Netflix, Sky TV, Youtube and Media Player

How-To

  1. Dump your game/app as you would normally do
  2. keep the official/original app open
  3. start the listening python server included with AlexAltea dumper found on Github
  4. send the dumper_sandbox_psfmnt_auth_info.bin payload to PS4
  5. look at the logs for auth_info
    • the logs would look something like this:

      Decrypting /mnt/sandbox/pfsmnt/CUSA01703-app0-patch0-union/eboot.bin AUTH_INFO.
      AUTH_INFO:
        0000  a7 06 c2 ac 03 00 00 36 00 00 00 00 70 00 00 10  .......6....p...
        0010  00 ff 00 00 00 00 00 02 00 00 00 00 00 00 00 00  ................
        0020  00 00 00 00 00 00 00 00 00 00 00 40 00 40 00 40  ...........@.@.@
        0030  00 00 00 00 00 00 00 40 03 00 00 00 00 00 80 00  .......@........
        0040  00 40 ff ff 00 00 00 f0 00 00 00 00 00 00 00 00  .@..............
        0050  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
        0060  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
        0070  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
        0080  00 00 00 00 00 00 00 00                          ........
      
      • the 1st column 0000->0080 is just data offset
      • then followed by the data in hex stringified
      • followed by data encoded as text characters
      • from that we need to get just the stringified hex data, which would look like this
        dc07c2ac03000036000000007000001000ff000000000002000000000000000000000000000000000000004000400040000000000000004003000000000080000040ffff000000f000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
        
  6. Now we need to apply this auth_info to our dumped eboot.bin
    • I usually start by renaming eboot.bin to eboot.bin.orig
    • then run the python script provided by @flatz
    python make_fself.py --auth-info dc07c2ac03000036000000007000001000ff000000000002000000000000000000000000000000000000004000400040000000000000004003000000000080000040ffff000000f000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 PATH/TO/eboot.bin.orig PATH/TO/eboot.bin
    
    • Note: if you dump your game/app and patch separate you only need to patch the patch eboot.bin as it will be the active one
  7. Now continue packing this dump into pkg as you would normally do
    • Note: that publishing tool needs to be patched to allow the use of self files else you'd get the following error [Error] Format of the elf file is not valid. (eboot.bin, already converted from elf file to self file)
    • @flatz has detailed what needs patching in his write-up, but you could also find the patched tool floating online
  8. Install the resultant PKG and enjoy your game/app

P.S. HEN uses a default auth_info which seems to work for most games, as such there is almost no indication to do so most of the time, it might also be possible to update this to enable codec in media players without having to patch them individually.