PS4 Webkit hack: SpecterDev explains 4.0x exploit, releases updated PoC with multi-FW support
A few days ago, hacker qwertyoruiop released a Webkit exploit for the PS4, compatible up to firmware 4.07 included. He has since then improved the exploit to include a ROP Chain and basic syscalls, but providing only compatibility for 4.06, the firmware on which he is personally working.
Developer SpecterDev, self described as a programmer interested in exploitation and infosec, and who in the past has provided accurate analysis of other PS4 hacks, has released a writeup of qwertyoruiop’s exploit, and released his own version of the exploit, with added compatibility for multiple firmwares.
SpecterDev’s Proof of concept builds on top of the initial exploit and adds Rop/gadget support for firmwares 3.50, 3.55, 3.70, 4.00, and 4.07 (in addition to 4.06 which was already supported in the initial PoC). Visibly no support for firmware 4.05, but a quick glance at the source tells me it shouldn’t be too difficult to add for people who feel like it.
Additionally, the developer released a writeup about qwertyoruiop,s exploit, and it’s a great read. What’s particularly interesting here is that SpecterDev, as he states himself, is still fairly new to exploits in general and webkit in particular (although you will see from the writeup that he is being humble here 🙂 ). As a result, the write up is reasonably easy to read because the author makes no unrealistic assumptions on the technical level of the reader. I’d say it’s a great introduction to understanding how the exploit works, if you have basic coding/system knowledge.
You can read SpecterDev’s writeup here.
Download/test the Webkit Exploit for 3.50, 3.55, 3.70, 4.00, 4.06, 4.07
You can download the source for the exploit on SpecterDev’s github here. Keep in mind that this is a rewrite of qwertyoruiop’s original exploit which will probably remain the source of truth and of major updates for now.
To run the exploit from the source (from SpecterDev’s readme):
setup a web-server on localhost using xampp or any other program and setup these files in a directory. You can then go to your computer’s local IPv4 address (found by running ipconfig in cmd.exe) and access the exploit.
Stay tuned on our PS4 Jailbreak page for more details!