PlayStation hacker SpecterDev has shared a Binary Ninja loader for AMD-SP and AMD-PSP binaries. For those of you actively digging into PS5 Reverse engineering, this is definitely worth looking into.
What’s AMD-SP and AMD PSP?
AMD Secure Processor (AMD-SP) formerly Platform Security Processor (PSP) is a tiny microcontroller coprocessor integrated within AMD’s own chips that provide the necessary functionality needed for remote corporate asset management, dedicated security subsystem, and secure booting. (source).
AMD-SP is believed to be integrated within the PS5 APU, which is why any tool relevant for the AMD-SP, or any AMD-SP vulnerability is potentially relevant for the PS5 Hacking scene.
SepcterDev’s release is a tool for popular decompiler Binary Ninja. From the plugin’s readme:
Binary Ninja loader for AMD Secure Processor (SP) / Platform Security Processor (PSP) firmware binaries. It will try to load AGESA Bootloader (ABL) and Bootloader blobs and will setup the correct load addresses.
The ABL loader will also optionally annotate syscalls using the dictionary in ./data/syscalls.json.
Download and install Binary Ninja AMD-SP/AMD-PSP Loader
Note: You can purchase Binary Ninja on their website here. (Wololo.net isn’t affiliated with Binary Ninja.)
To install this plugin, go to Binary Ninja’s plugin directory (can be found by going to Tools -> “Open Plugin Folder”), and run the following command:
git clone https://github.com/dayzerosec/AMD-SP-Loader
Note you’ll probably need to restart Binary Ninja for the plugin to load.
This loader is intended to be used with binaries extracted via PSPTool, as this loader will not extract firmware from UEFI or perform any decompression before loading.
Simply load an
PSP_FW_BOOTLOADER_* binary to use the loader. Your view name on the top left of the disassembly pane should have an
AMD-SP prefix. If your particular firmware blob doesn’t load and/or loads at an incorrect address, please file an issue.