PS4 BadIRET Kernel exploit leaked
A source code version of the BadIRET Kernel exploit for PS4 (which existence was initially revealed by hacker CTurt a few months ago), has been leaked online a few hours ago.
CTurt has confirmed on his twitter account this is the real deal. According to Hackinformer, in a tweet that now appears to have been deleted, CTurt also stated that this code is missing a few components that aren’t too hard to add, and that Fail0verflow’s PS4 Linux won’t boot with the exploit in its current state.
Cturt said this is mostly code from another hacker that he helped working through the exploit that he had precisely documented.
@cfwprophet Leaked BadIRET code comes from someone I helped privately after they read my articles. Mostly their code, with parts of mine.
— CTurt (@CTurtE) March 2, 2016
PS4 Kernel exploit – is it good news for you?
If you’re an en user with no programming skills, this exploit won’t be useful for you. You’d have to compile it and run it on a PS4 on firmware 1.76, through the 1.76 webkit userland exploit. (The Kernel exploit might work up to firmwares 2.xx, but then you’d need to find an unpatched userland exploit in order to run it)
If you have some programming skills and happen to own a PS4 1.76 however, this could be a nice entry point for you to understand how these things are done. If you get to display the debug message from the kernel exploit (Entered Critical Payload), you’re pretty much ahead of 99.99% of the PS4 homebrew community today.
More generally however, as I’ve stated before, people with the right set of skills could probably have figured out the exploit thanks to CTurt’s detailed explanation. This release probably doesn’t change much who’s going to work on exploiting the PS4 in the foreseeable future.
How the leak happened
Rumors say someone was able to grab passwords from several well known hackers of the PS4 scene, and managed to work his way into a private github where the files were stored. There is a strong reminder here for all of us that you should have different passwords on all the sites you visit, to avoid becoming the weakest link in such a situation.
There’s a group of people who believe leaking such information is a good thing for the scene as it spreads the information. In my opinion, hackers often have very good reasons to not share their hacks, often because they are not ready for public consumption, and as such are useless to the vast majority of users. A hack that leaks at the wrong time could typically be patched by the manufacturer before it is even made usable for the scene. The BadIRET exploit however has already been patched by Sony a long time ago, so it leaking is probably not a massive problem for the scene… What do you think?
This is exciting news, but also a bit sad given the circumstances of the release