Looking for new exploits on the latest PS4 firmwares
Now that Linux on PS4 is a thing, and native PS4 exploits are going on for PS4 firmware 1.76, the PS4 scene is getting excited, and more and more people are looking for exploits on the latest firmwares.
There are basically two components to getting full access to your PS4: a “userland” exploit, that lets you access the current process, and a “kernel” exploit, or privilege escalation, that gives you root control to all processes on the machine. The two exploits are distinct, but you’ll always need one of each.
The commonly known user exploit on PS4 1.76 is a webkit exploit that was disclosed a while ago, and patched in further firmwares. The Kernel exploits used on 1.76 are BadIRET and dlclose, both revealed by hacker CTurt a few months ago. These two exploits would most likely still work on firmwares 2.xx, if a matching userland exploit was revealed on these firmwares.
Future kernel exploits could be discovered in firmwares 3.xx, but even today, revealing a userland exploit on firmwares 2.xx could help more people as this would give them access to the Kernel exploits as well.
It’s in this context that some people are busy, looking for more webkit exploits on the latest PS4 firmwares. for example, veteran scene member zecoxao has been digging for known Chrome/webkit vulnerabilities and is asking people to test which ones crash their PS4.
these are the files used: https://t.co/wf1l24mwAu you can find all of them here: https://t.co/pcQwu6Y26H
— José Miguel (@zecoxao) April 11, 2016
People are also testing these crashes on the PS Vita, because why not…
Other people have contacted me over the past few weeks with links to attempts at breaking the webkit engine on the PS4. There’s a long way from a crash to an exploitable vulnerability of course, but only the people looking for an exploit have a chance at finding one 🙂
People claim some of these files crash their PS4 on firmware 3.xx. Which, from a hacker’s perspective, is a good thing. But a crash is not always a usable vulnerability, and does not always lead to a successful exploitation.
I haven’t tried those files myself. Early reports suggest that some of these files trigger an “out of memory” message from the browser, which to me is not necessarily a crash: arguably, it means the browser is dealing properly with the malicious javascript, but this definitely should be looked into by people with the right set of skills.
Getting a new userland vulnerability released soon would probably help deal with the increasing prices of PS4 1.76 models. But for now, no such release has been announced by any of the known hackers.
if true then say the clue that gave this cturt worth, hack can not be limited to a firmware more exploitable loophole to all firmwares!
“people with the right set of skills” Sounds like we need Liam Neeson LOL
I was thinking the same thing lol
no you werent, ya needy tit
Would it be crazy if the Ps4 and Vita were connected somehow. Just like the 3ds & WiiU….. Was just a thought xD I seriously doubt it tho…
Well if u think a little more about PS Vita and PS4 u will come up to something that they are really close , really close. i think by hacking PS4 we will have better opertunity to hack PS Vita
The trick is that both consoles uses the same WebKit so it’s basiclly a 2 for 1 deal Xd
We need a one experienced hacker to bring the scene back and when that happens we will be set and all of humanity will be happy once again!
Keep this on mind : PS3 > 3.55 are still not hacked, I hope you will be patient because nothing will come out for a loooong time.
I’ll just run Linux on my PC ffs
The “problem” is for now there is only linux for the 1.76FW and not a CFW for 1.76 with possibility to run games.
I think it’s a matter of time they come up with cfw since there is kernel access.
The “problem”
“problem”
now is that impatient people such as yourself hear “jailbreak” and think of “CFW”. Those terms are not interchangeable as they are both two COMPLETELY different things. Be patient, or do us all a favor and become one of those cryogenic test cases and go freeze to death. Kthanks
Chill…..hehe…
I still keep my 2nd limited Metal Gear Solid PS4 on 2.XX. Never updated. Hope they find something soon.
Anybody who does or knows something neat can always get in touch with me 🙂 I will collect and exemplify stuff.
Just hope that Rebug come up with a CFW soon. There the only real group that releases CFW now. Running Linux is useless. Who wants to run emulators to play old rooms on a PS4 when you can do that on a PC. Only real hack will be to run PS4 code
Real hack runs fully working Steam OS on PS4 :v
white knight hackers and their followers..
i’m all in for psvita homebrew
It would be better if developments on finding of exploits on higher firmware starts after the release of ps4.5 , lets hope.
Many sample codes, but only this one displays the memory warning
http://pasha4ur.org.ua/temp/ps4test/test1_ps4.html
Works on Vita (FW?) and PS4 untill FW 3.15
This message may have many causes/origins. The bug on the 1.76 PS4 webkit (1st entry point) had the same warning.
so its is not working on last fw ps4 right ?
Modded ps4 running with cool Linux
With steam sounds mint
give us some tutorial about how we start
i have ps4 last fw and vita last fw . i know besic stuff about css and javascript so where i should start
if you are Iranian send your email or something for contact !
meysam25@yahoo.com
Hey guys just to let you know I made a video on the entry Point working on ps4 3.50 OFW
https://youtu.be/O7c093o3Eis
Wololo I like your articles in general, but with this one I don’t agree.
You are mainly talking about a new Userland exploit on latest Firmwares 4.00, but that is the “easiest” part to Jailbreak the PS4. We had many Webkit exploit on 2.xx & 3.xx FW, and at least 3 or 4 webkit vuln. that could lead to a userland exploit on 4.xx.
The most difficult part is the kernel exploit !
And where are we today about kexploit?
– BadIret and DLClose have been patched on 2.xx
– The only possible kernel exploit on 4.01 has been founded by Chaitin 2 months ago, but nobody know what vulnerability they used ?!
I’m pretty sure that if the Chatin Vuln. was public, it would take less than 2 weeks to have a working Jailbreak on 4.01 (even maybe 4.05).
What people really should do is what marcan revealed in his 33c3 talk. His PCIE MITM attack. He was able to gain code execution, dump freeBSD and and the WebKit and OS libs. It’s a hardware hack so I’d assume it’s possible on higher firmwares and marcan really does reveal a lot of information on how he was able to do this.
It iss perfwct time too mzke a feew plans foor tthe ffuture aand itt iis time tto bbe happy.
I’ve lsarn tis pst and iff I ccould I dessire too recommendd you somne attention-grabbing idsues oor suggestions.
Perhgaps yyou ccan wriye nsxt articlees relating too his article.
I ant to learn evenn more things approximately it!
It iis tthe best time to maake soje pans forr tthe futfure andd itt iss tjme too bbe happy.
I havee read this post and iif I cpuld I wanbt to sugggest yyou soome interesting things orr advice.Perhaps
yoou can rite nnext artticles referring tto this article.
I desire tto rerad evenn ore thins abiut it! Wonderful work!
Thhis iis tthe type off iformation tuat aare meabt tto bbe
shwred across tthe internet. Disgrace on Google for not poitioning
thhis puut up higher! Comee on ocer annd conult wikth mmy sitge .
Thqnk yoou =) http://cspan.org
Thank you for the article, Aurora. Looking forward to future updates.
Hello every one, here every one is sharing these know-how,
therefore it’s good to read this blog, and I used to pay a visit this website all the time.
You’ve gotten the most effective web-sites. http://zoldkave.info/