simple and short blog entry.
If you haven't been living under a rock, You've probably heard that about 5.05 kexploit being released few days ago.
slides from my @0x41con talk describing ps4 5.0x kernel exploit https://t.co/txM4WUHHUO
— qwertyoruiop (@qwertyoruiopz) May 21, 2018
ps4 5.05 kernel exploit (BPF setf double free) implementation by @SpecterDev: https://t.co/kesIdQXHs4 (incl. Mira + XVortexHEN)
— qwertyoruiop (@qwertyoruiopz) May 27, 2018
The 5.05 kernel exploit stack is now released! It includes the kexploit and autolaunches homebrew patches and mira. On subsequent page loads it listens for payloads. Source is up here https://t.co/lUqveOs46A
— Specter (@SpecterDev) May 27, 2018
And one of the 1st things I checked/backuped on my PS4 is my licenses and, while doing so, I noticed the PSPLUS game license were still on PS4 even after my subscription has ended, I figured if we can change the internal clock (aka rtc: real time clock) we could get the games to work again.
well last night I did just that, I spent few hours looking at sceSblSrtcSetTime() which seems to have been updated somewhere between 1.76 and 5.05 with few SAMU-side checks to prevent time manipulation, yet Sony left a reset function (which I assume is needed for some internal work), which we can call (which reset the time), then we can call sceSblSrtcSetTime() and set our own time and vola.
you can find the code on Github and payload.
Basic How-To-Run Tutorial
you need a 5.05 console, open http://crack.bargains/505k/ (if you see All Set, close and open the page and it should say Awaiting Payload...) or any other exploit page that also has payload loader.
Send payload with (change 192.168.1.1 to your PS4 IP)
socat FILE:reactPSPLUS.bin TCP:192.168.1.1:9020
Notes
the payload would set the internal clock to 2012/2013 and your PS+ games would start working, you wouldn't even need to have HEN enabled to use these games since they're legit games and would work normally like any digital game. if you're not connected to the internet, you will not need to run this exploit again since the time change is permanent. it might be worthwhile dumping your games to make sure you never lose access to them.
Small Memes
P.S. that sceSblSrtcSetTime(0) would set the time to 1/1/2012 (PS4 epoch time :P) I wonder if it has any signifcant to PS4 development.
Small Update
As of today 21st June 2018 I've also released a web interface for reactPSPLUS which allows you to specify the date and time you want, as it's been noted that trophy times are sync'ed to internal clock, and preloaded games would end up getting locked as well.