The road so far... A long journey

Orbis development

---

If you want piracy, stop here buy originals.

Note: Other articles:

• Luke No... I am PlayStation Camera, part 1 - Introduction to PlayStation Camera
• Luke No... I am PlayStation Camera, part 2
• Fuse is Alive!!!! on PlayStation 4 Retail

See also for historical purposes. All was done at that time in user land, and with usb traffic sniffer:

• Reversing PlayStation 4 Camera
• Reversing sceLibCamera

Brief History

I began my research on PlayStation 4 with PlayStation Camera in 2013. All done on macos side without PlayStation 4 user execution code publically available at that time. I was porting fMSX emulator to PlayStation Vita using a port from psp by Akop Karapetyan in parallel with PlayStation 4 research.

After that the first user's land webkit exploit was released around July 2015. The Ps4-playground allowed us, initially, to make memory dump of sprx modules loaded on PlayStation 4 user's process. I used that to get camera stuff done on that limited environment with the PS4-SDK from @CTurt. Cool don't you? PlayStation 4 homebrew execution PlayStation 4 Camera POC

The PS4-SDK had many limitations, it was payload oriented and gcc based, and binary payload loader was a real pain in the ass, and with camera plug in, it was a real mess with default load address used xD.

Hitodama began work in libps4 around November 2015 evolving to PS4SDK. Finally a proper sdk with elf generation features. So i decided to switch to Hitodama's PS4SDK because it was better option for what i was developing. I created ps4link a set of libraries based in old stuff that we used in the past in ps2/psp/ps3 to get host file system and elf loader features. I was making some camera stuff too and to get frames saved in a easy way from PlayStation 4, ps4link's remote file system features was the best option and loading my code in elf format with commands from ps4sh was much better and easy than that fucking binary payloads. So ps4link/debugnet/ps4sh were the tools in that time to work in proper way for me.

Switch to clang and gnu freebsd cross compiling binutils for linker was the next right choice. This generation has the best compiler directly from Sony using the same llvm code released by Sony in llvm/clang master branch. So we had a proper toolchain using clang and we were generating freebsd/ps4 valid elf non signed code that we can load in PlayStation 4. This was done in January 2016 switching ps4liink to clang.

Kernel exploit information for 1.76 was available on december 2015 by CTurt and others and finally on April 2016 we had kernel execution on 1.76. Hitodama made a very good job to incoporate kernel land features on PS4SDK so it was a very fun time learning new things about PlayStation 4 internal architecture.

We had lack of graphics a many other things so i began to work in liborbis, a set of little libraries to get my fMSX port for PlayStation 4 done. We got a method to load elfs generated with Hitodama's PS4SDK and liborbis with PlayRoom game, so finally we use it to load elf plain code generated with clang and liborbis with pad, audio, basic framebuffer and remote file system. Finally the initial graphic elf using liborbis2d was published all build with open source toolchain based on clang and gnu binutils and open source sdk!!!

No comments :P pic.twitter.com/qxGEbwmVSm

— bigboss (@psxdev) September 28, 2017

After that fMSX port source was released and published on december 25th all done with open source toolchain and open source PS4SDK with liborbis for firmware 1.76.

[Release] fMSX port for PlayStation 4 with liborbis https://t.co/5O2wTKuuNE

— bigboss (@psxdev) December 25, 2017

Msx Emulator for PlayStation 4 based on fmsx using liborbis is almost finished :) . All assets are loaded from host. pic.twitter.com/kZT1LWNSrL

— bigboss (@psxdev) November 26, 2017

Later @flatz released pkg installer,the tauon and gl es stuff with piglet:

opengl es on ps4 : https://t.co/mC8rpkM6nv

— Alexey Kulaev (@flat_z) December 9, 2018

I wrote orbisgl library incorporating to liborbis and PS4SDK for 5.05 firmware. We had only one problem, orbislink was the loader to load plain elfs but there was not open solution available to build the pkg and orbislink. Tauon was used for that so that was a problem to publish it, i didn't release the pkg for that reason, but all elfs build with Hitodama's PS4SDK were plain freebsd ps4 compliant elf. However they couldn't run directly in PlayStation without a proper loader. Orbislink is reading from host the homebrew.elf. Elf was done with open tools and load it in memory and jump to the entry in its own thread, like we are done in the past on other PlayStation consoles.

After that I released source for orbisGlPerf porting from raspberry pi code done by Steve Chamberlin

An video of orbisGlPerf pic.twitter.com/PiORIOMxeK

— bigboss (@psxdev) December 24, 2018

With a gl backend @frangar and me were working in libretro with liborbis incorporating changes to retroarch master branch.

pic.twitter.com/vUjIMCdDPJ

— bigboss (@psxdev) January 2, 2019

A lot of fun tryng to figure out the problem. Thanks to @frangar fixed ugly bug Sameboy core on PlayStation 4 #liborbis #retroarch pic.twitter.com/Y6J0EJ8YVq

— bigboss (@psxdev) January 5, 2019

Pokemon on Sameboy core pic.twitter.com/mxZdw4h5Iy

— bigboss (@psxdev) January 5, 2019

A new msx port was released, the msxorbis a bluemsx port for PlayStation 4. It was presented in Sevilla in MSX RU06 May 18th 2019, check the video at the end of link (in spanish sorry)

Later in 2019 article about fuse on retail and liborbisNfs was released

And for my birthday something special a modern graphic backend was needed so i choose to port raylib to PlayStation 4 and orbisGl2 was released.

Release time!!!! #orbisGl2 based on #raylib 3.0 for #liborbis PlayStation 4 #homebrew https://t.co/skzgM7fFAX thanks to @raysan5

— bigboss (@psxdev) March 31, 2020

Almost here :P #raylib #liborbis #homebrew for PlayStation 4 pic.twitter.com/5MoZp0Z3ay

— bigboss (@psxdev) March 30, 2020

@raysan5 orbisGl2 library a #raylib port for #liborbis #hombrew for PlayStation 4 is almost here with basic samples for textures,shapes,text,models... and spine port based on work from @WEREMSOFT pic.twitter.com/MctrI7Bqgb

— bigboss (@psxdev) March 29, 2020

#madewithspine #liborbis #raylib #homebrew spineboy :) pic.twitter.com/Y1JuBkxoGV

— bigboss (@psxdev) March 20, 2020

After orbisgl2 was released and in the middle of Covid pandemic @frangar,@fjtrujy,@masterzorag and me decided to make our own tool to generate sony compliant self using lief and a custom tool to generate all stub. Finally our own tools in open source way were done

20/04/2020 to 23/05/2020 @frangar @fjtrujy @masterzorag thank you for all your help these days !!! #orbisdev

— bigboss (@psxdev) May 23, 2020

New orbisdev sdk a new hope :P

Finally June 13th my name day San Antonio orbisdev team(@frangar,@fjtrujy,@masterzorag and me) bring to developers:

• Orbislink GL NFS SE a system app with self loader features build all from open source tools
• liborbis for new sdk
• orbisGl2 raylib graphic backend for new sdk
• orbisGl old graphic backend for new sdk
• headers for new sdk
• new sdk builder
• orbis-elf-create tool
• @flatz signing tool and @maxton pkg builder

A lot of fun for devs

Thanks

• @hitodama ps4sdk master
• @masterzorag, @frangar and @fjtrujy orbisdev partners aka "los nenes"
• @cturt and all people involved in the first steps on PlayStation 4 reverse engineering
• @flatz for fself signing, patching and gl stuff a lot of fun thanks to him!!!!
• @maxton for liborbispkg tool to create valid pkg
• @z80, @droogie , @zecoxao, @wildcard, @shadowdancer fun times guys all these years :P
• all ps3dev and ps2dev all comrades
• openorbis team thanks to make us finish this, we didn't think in do our own tools 2 months ago. Congrats for all your work
• paella and msx time PlayStation 5 is waiting proper msx support!!!! ;P