PS4 Jailbreak: qwertyoruiop progresses on PS4 Webkit hack, states he has a 4.50 kernel exploit
A lot has happened over the past few days since hacker qwertyoruiop publicly released a Webkit exploit on the PS4 for firmwares 4.07 and below.
Maybe more importantly, qwertyoruiop stated he has a kernel exploit on the PS4, which according to him is a 0 day vulnerability and as such should work on firmware 4.50. The hacker tweeted a couple days ago: “Nothing to kernel in 5 days. GG sony”, then confirmed on twitter the exploit should work on 4.50.
As a reminder however, the webkit exploit he uses only works up to firmware 4.07, and the developer himself runs on 4.06. One needs both a usermode entry point (in this case, the 4.0xwebkit exploit) and a privilege escalation vulnerability (the kernel exploit) to gain full access to the console.
Although the Webkit exploit is very real and public, nothing has been mentioned so far about a release for the kernel exploit.
However, many points confirm the hacker does indeed have kernel access. People have speculated that his announce might have been an April’s fool, but with his twitter account mentioning the exploit in tweets spanning more than 48 hours now, this is very unlikely to be a bad joke, and qwertyoruiop’s reputation in the iOS world speaks for itself.
Nothing to kernel in 5 days. GG sony
— qwertyoruiop (@qwertyoruiopz) March 31, 2017
@ChronicleArc 0day, it should work on 4.50 too
— qwertyoruiop (@qwertyoruiopz) April 1, 2017
(not an april’s fools)
— qwertyoruiop (@qwertyoruiopz) April 2, 2017
More importantly, famed ps4 hacker CTurt posted today that he is updating his PS4 console from firmware 1.76 to 4.06. This, a few days after updating his PS4 SDK after almost a year of inactivity.
1.76 -> 4.06 pic.twitter.com/zyV0hC97kY
— CTurt (@CTurtE) April 2, 2017
1.76 is the firmware for which CTurt had revealed two kernel exploits in 2015, and the only firmware which is publicly fully hacked. In other words, if CTurt is updating his console to 4.06, it means qwertyoruiop is onto something. It’s worth mentioning that the two hackers were already working together on the kernel exploits being used for 1.76.
Will the 4.50 PS4 Jailbreak be released?
What about a release, then? Let’s summarize a few things:
- The Webkit exploit works up to firmware 4.07
- The Kernel exploit allegedly works up to firmware 4.50, since it is a 0 day exploit
- You need both exploits to get full control of the console, so people on firmware 4.50 are out of luck, however usermode exploits are historically much easier to find than kernel.
- CTurt and qwertyoruiop both have track records of releasing their exploits (CTurt released his exploits for PS4 1.76, qwertyoruiop has released Jailbreaks for iOS)
- however in general their releases happened for known and/or patched vulnerabilities.
The fact that the kernel exploit works on the latest PS4 firmware might lead the hackers to reconsider doing any sort of release until it gets patched. With that being said, it seems staying on your current firmware could be a bright idea at this point: people on 4.07 or lower have a higher chance of seeing something soon, and hope exists for 4.50 users.
In parallel, Chaitin Tech, the hackers behind the undisclosed 4.05 PS4 Jailbreak (and who disclosed the exploit to Sony, leading to it being patched in 4.06) are doing a talk at zer0con in a few weeks. It is unclear if they will reveal anything about the internals of their jailbreak.
We’ll update our PS4 Jailbreak page as we get more information on this topic.