More Details surface on the PS4 4.01 Jailbreak, potentially enough for a public release “soon”
The PS4 scene has been doing a bit of detective work to understand the exploits behind the 4.01 Jailbreak that was demonstrated yesterday in Shanghai. After the hackers of Taichin Tech announced they would disclose the exploits to Sony, people were able to find data about the exploit on the FreeBSD mailing list and bug tracker.
Of course, not everyone can do much with this information, but in theory the details of how the bug was fixed should be enough information for people with the right set of skills to cause a kernel panic on the PS4. How that is later used to gain control of the PS4 will be let as an exercise to the people who know what they’re doing. Oh, and naturally, you’d also need a user entry point, some sort of Webkit exploit or something, in order to be able to execute the code in the first place.
The Kernel exploit itself apparently relies on a CVE (CVE-2016-1885) that was revealed back in April. It seems that this was not properly patched and this is one of the flaws the security researchers at Taichin Tech used to gain access to the PS4 system.
The argument validation in r296956 was not enough to close all possible overflows in sysarch(2)
Modified: stable/9/sys/amd64/amd64/sys_machdep.c Directory Properties: stable/9/ (props changed) stable/9/sys/ (props changed) Modified: stable/9/sys/amd64/amd64/sys_machdep.c ============================================================================== --- stable/9/sys/amd64/amd64/sys_machdep.c Tue Oct 25 17:16:08 2016 (r307940) +++ stable/9/sys/amd64/amd64/sys_machdep.c Tue Oct 25 17:16:58 2016 (r307941) @@ -612,6 +612,8 @@ amd64_set_ldt(td, uap, descs) largest_ld = uap->start + uap->num; if (largest_ld > max_ldt_segment) largest_ld = max_ldt_segment; + if (largest_ld < uap->start) + return (EINVAL); i = largest_ld - uap->start; mtx_lock(&dt_lock); bzero(&((struct user_segment_descriptor *)(pldt->ldt_base)) @@ -624,7 +626,8 @@ amd64_set_ldt(td, uap, descs) /* verify range of descriptors to modify */ largest_ld = uap->start + uap->num; if (uap->start >= max_ldt_segment || - largest_ld > max_ldt_segment) + largest_ld > max_ldt_segment || + largest_ld < uap->start) return (EINVAL); }
There are lots of “ifs” here, but with the kernel exploit pretty much in the open, it sounds like a public release is now in the realm of the possible, assuming the right people decide to work on a release.
Relevant links:
- FreeBSD Security Advisory
- CVE-2016-1885
- Bug fix with details on what was broken
As far as I’m concerned, I’m already wondering if I should get a second PS4. Any PS4 you buy new today is guaranteed to ship with a firmware 4.01 or less.
Source: via psxhax, thanks to everyone who pointed me to the article.
Very freaking interesting! let’s see if someone has the guts to release something lol!
I still have a 3.5 fat c-chassis….
In case of a release, I’m gooing to buy a slim one.
Now we can only hope that something can be done on the new Pro.. 😐
Well I believe the chances that all Pros will be shipped with 4.05 or above is likely 110%, so this exploit will be meaningless for those. Here’s hoping though “if” something does come of this, it can be ported somehow to later firmwares.
Sony will let them do it? I guess no.
Lucky I got 2 PS4, 1.75 and 4.00
Arffffffff Ahoy!! -_-
So there is going to be jailbreak for ps4 under the current firmware possibly piracy.
The practicality of that in the recent future is slim…..I would at least expect access to other OS hopefully by the end of the year. Piracy will be a HUGE thing and I’m sure that will have to be taken very lightly if at all possible.
my ps4 is on fw 4.01 and there is a new fw update i guess sony is trying to patch this
Where to get FW 4.01 now?
Can you found it?
Here:
http://webcache.googleusercontent.com/search?q=cache:o5idhs0UfzwJ:fuk01.ps4.update.playstation.net/update/ps4/list/uk/ps4-updatelist.xml&num=1&hl=en&gl=uk&strip=0&vwsrc=1
I havent touched my ps4 for a VERY VERY long time! this is exiting!
Yes, I’ll show you the door… (^_^;)
better hope the thing hasn’t updated like mine did.
It is sure it was patched on 4.05 already? can someone confirm?
thanks
I wonder if it is possible to download game updates/dlc somehow if I stay on 4.01?
Game updates, yes. DLC, no, sadly 🙁
I have two PS4’s, one with latest 4.05 and another still on the same firmware it was delivered with at launch, 1.01.
Someone first has to test that CVE on a 3.50 or 3.55 http://www.securityfocus.com/archive/1/archive/1/537812/100/0/threaded
– it leads to a “zero overflow” bzero(…
– Cturt said that Sony patched it
… so that’s not that’s not that CVE-2016-1885
hmm i might jump online and get PS4 firmware before sony takes it down like they did 3.60 on the psvita
DAM they all ready have lol
google search:
“ps4 update xml uk” (swap “uk” for what ever regjon you’re in)
load up a cached result then look at the source code of the xml from there it should be obvious
Can we play pirate games ??
Yes We Can!
No, we can’t, we will only have what we with with 1.76
then no point of this hack right
Why buy the system if you cannot afford the games for it? That’s an investment only a fool would make. That’s like buying a car, but you cannot afford to pay for insurance or gas. Gaming is an expensive hobby.
Yeah, bit what if gas costs $50 a gallon and you have JUST enough to pay for ONE weekend trip. Wouldn’t you prefer to go someplace you know you like? (I know a good # of gamers who only pirate games without demos and only until they can see if it *** or worth supporting the programmers behind it.) Heck, I’ve done so in the past. Saved me from buying some games that looked great but we’re horrible to play. Now if they would just start releasing demos again… I’d see no reason for piracy at all. Personally I just want Linux on mine for Steam and a proper web browser with a new version of flash etc.
So poor people shouldn’t be allowed to play? Just you elite who can pay to play? How does somebody thats struggling to pay their bills as it is, who wont be buying any games either way, how does that hurt developers? It doesnt cost them any resources when a poor kid copys his friends blu-ray disk to a flash disk, does it? How will that hurt a big multinational corporation? What about sports, maybe they should get rid of all those programs that help poor kids get sports equipment. *** them too, right? They can’t afford to play, then tough ***. They should spend all that free time getting jobs, right?
Where we can download update 4.01?
http://www.gxarena.com/Firmwares/PS4/
It’s coming! And your body knows!
Dammit, i just updated mine yesterday.
I do wonder if it would be possible to exploit PS4 with rowhammer attach. Recently there was an android app release, that would root the device without any special privileges.
No, just no lol
mwahahahahahaha people who don’t read this blog daily…mwahahahahahaha….heck i remember thinking prior to henkaku…
Sean you are silly why check a website EVERY morning…then henkaku came that fateful morning…
my life has been better ever since…and that’s why,….excuse me while I take my ps4 offline….time for a neo…
I blame ps+ auto update for this. And besides, can’t really play online unless you’re update, so not much choice.
can anybody help me to still get ofw 4.01 i am still on 1.76 and would like to have 4.01 to be sure cheers
So, what will it changed if we get an exploit on 4.01??? 1.76 is “hacked” since month and there are almost no news. No piracy, no keys published, no memory dumps. Does noone from the hacking community wants to deliver a hacked firmware? What about those rebug guys? I think PS4 hacking will be delayed for years, like with the VITA. Only when it’s almost dead, some hacks will be developed.
I see no point in even hacking a PS4. Couldn’t you just use a PC for everything that can be done via PS4, better? I mean its awesome and all that, but I just don’t see the need for it aside from piracy. Love all the Vita stuff thats been surfacing though.
“Couldn’t you just use a PC for everything that can be done via PS4, better?”
Kinda. There are a few problems with PC game piracy right now. For one, the games have to be cracked first. This can take months (or years) thanks to Denuvo and its ilk. With the PS4 and its predecessors, you could just plop an ISO or directory on a drive and you’re off. Two, there are games that aren’t going to be released on the PC. A few upcoming games that I’m looking forward to aren’t going to be released for the PC, so I’m following Wololo’s news pretty close.
Good thing I still have my main PS4 (FW 4.01) and my unopened Launch Day PS4 (the seal hasn’t even been touched).
I’d sell it, but being a mint-in-box Launch Day PS4, it won’t be going for $300.
I’d like to buy your spare PS4.
Look elsewhere. ChevyCam94 said “it won’t be going for $300” so clearly he thinks it’s particularly valuable. The lowest (public) exploitable firmware is 1.76 and there are all kinds of bundles that come with 1.76 new. A launch day console doesn’t mean *** as far as hacking goes. Maybe some collector in 20 years will care if it’s unopened, but you shouldn’t if all you’re looking for is a console with 1.76. There’s been a recent announcement relating to 4.01 firmware so hold onto your hat and wait to see where that goes. If it pans out, there’s tons of used PS4 on 4.01 or lower. I have seen them at pawnshops for less than $200.
Hurray about time 😀
Should I just update to that available version?
does anybody know where to get the full ofw 4.01 for if i want to change my hdd
cheers
From Chaitin Tech twitter: https://github.com/chaitin/pro
Piracy is indeed doable even with the 1.76. The issue is that so few have has a chance to study the system that are interested in such things. Now quit whining and buy your games. Why is it the only thing most anyone who is on these paves assume something’s useless because it doesn’t immediately allow you to steal games?
Can we download games for free (pirated)?
??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
http://dus01.ps4.update.playstation.net/update/ps4/image/2016_0926/sys_8b4ef90dc5994ba89028558030e31180/PS4UPDATE.PUP
??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
http://pastebin.com/7i1eBYyr
Found this
Nothing to deal with SONY, that’s BAPI for SAP
My ps4 is on The 4.0 firmware, i Will not upgrade.
Would regular PS4 be more compatible than the slim? or vice versa. Debating into which one to buy.
Any suggestion would be appreciated.
Which one is better?
If it ever will come the 4.01 jailbreak will this be the also for all ps4 also the ps4 pro
When a man is deeply considering women he’ll allow herr to make decisions that
he’d normally choose to make. Let’s admit it girls,
if you would like to obtain a guy to wish you, you’ve to
look just like possible. Yoou can’t be his life partnewr with no commitment that you would like in place.