Well had an idea that we might be able to debug the official playstation app that came out recently.
Think SKFU also mentioned analysing the app to get some info how the console recieves data from external devices.
Now i dont have an Ps4 but set up an small guide that people could test.
First get Ida Pro debugger
then download Android SDK x86 version
https://developer.android.com/sdk/index.html
then we have to set up an Android Virtual Device (AVD) for use in the emulator
Remember after you install the sdk you have to click on the Window Menu, and then click on Android SDK Manager
then get the sdk tools
then follow this guide
https://developer.android.com/tools/devices/managing-avds.html
when thats done you should have an fully virtual device.
Then we install the offisial app on the emulator
Start the emulator, and when the emulator is running, use the command “adb devices” to make sure the Android Debug Bridge (adb) is working properly. You should see the emulator listed if it works. It is also best if only one device is connected, so if you see multiple devices, disconnect the extra ones.
Start the emulator again using the following command: “emulator –avd [AVD_NAME] –partition-size 512”. It is possible to use a partition size lower (or higher) than 512
Via cmd
Run the following commands.
The commands above will begin by mounting the system partition as read-write, and then push the file android_server to the /system folder. This file can be found in the dbgsrv folder of IDA. Next, it will create a shell, make the android_server file executable and then run it.
Minimize the windows where android_server is running and open a new command prompt / terminal, and type this command: “adb forward tcp:23946 tcp:23946”. This will allow connections to localhost:23946 and forward those to the emulator.
To attach IDA to a running process, just load the library in IDA, go into the debugger options and select the “Remote ARM Linux/Android debugger”, go into “Process Options” in the debugger menu, and set the hostname to localhost. If you used the same ports as above, you should not need to change anything else.
Go into the debugger menu again, this time choose “Attach to process…” and you should see a list of all running processes. Select the one you are interested in, attach and start debugging.
It is possible to do a memory dump from the process into IDA and save the IDB. This may be good for future analysis, and there is always a risk of a crash somewhere that can terminate the debug session. Also, if you have the library or file to be analyzed open in IDA before the debugger is attached, IDA should identify the memory address shift (due to ASLR) and ask if you want to rebase the file / library
The app should be able to connect to the console just like an normal phone.
Think SKFU also mentioned analysing the app to get some info how the console recieves data from external devices.
Now i dont have an Ps4 but set up an small guide that people could test.
First get Ida Pro debugger
then download Android SDK x86 version
https://developer.android.com/sdk/index.html
then we have to set up an Android Virtual Device (AVD) for use in the emulator
Remember after you install the sdk you have to click on the Window Menu, and then click on Android SDK Manager
then get the sdk tools
then follow this guide
https://developer.android.com/tools/devices/managing-avds.html
when thats done you should have an fully virtual device.
Then we install the offisial app on the emulator
- Start the console, Run -> type cmd, and move to the platform-tools folder of SDK directory.
- Paste the APK file in the 'android-sdk\tools' or 'platform-tools' folder.
- Then type the following command.
Example:Code:adb install [apk file name]
Code:adb install bubber.apk
Start the emulator, and when the emulator is running, use the command “adb devices” to make sure the Android Debug Bridge (adb) is working properly. You should see the emulator listed if it works. It is also best if only one device is connected, so if you see multiple devices, disconnect the extra ones.
Start the emulator again using the following command: “emulator –avd [AVD_NAME] –partition-size 512”. It is possible to use a partition size lower (or higher) than 512
Via cmd
Run the following commands.
Code:
adb remount
adb push android_server /system/
adb shell
su (probably not needed for the emulator but is necessary if doing this on a rooted device)
cd /system
chmod 755 android_server
./android_server
The commands above will begin by mounting the system partition as read-write, and then push the file android_server to the /system folder. This file can be found in the dbgsrv folder of IDA. Next, it will create a shell, make the android_server file executable and then run it.
Minimize the windows where android_server is running and open a new command prompt / terminal, and type this command: “adb forward tcp:23946 tcp:23946”. This will allow connections to localhost:23946 and forward those to the emulator.
To attach IDA to a running process, just load the library in IDA, go into the debugger options and select the “Remote ARM Linux/Android debugger”, go into “Process Options” in the debugger menu, and set the hostname to localhost. If you used the same ports as above, you should not need to change anything else.
Go into the debugger menu again, this time choose “Attach to process…” and you should see a list of all running processes. Select the one you are interested in, attach and start debugging.
It is possible to do a memory dump from the process into IDA and save the IDB. This may be good for future analysis, and there is always a risk of a crash somewhere that can terminate the debug session. Also, if you have the library or file to be analyzed open in IDA before the debugger is attached, IDA should identify the memory address shift (due to ASLR) and ask if you want to rebase the file / library
The app should be able to connect to the console just like an normal phone.