PS4 Webkit hack: SpecterDev explains 4.0x exploit, releases updated PoC with multi-FW support
A few days ago, hacker qwertyoruiop released a Webkit exploit for the PS4, compatible up to firmware 4.07 included. He has since then improved the exploit to include a ROP Chain and basic syscalls, but providing only compatibility for 4.06, the firmware on which he is personally working.
Developer SpecterDev, self described as a programmer interested in exploitation and infosec, and who in the past has provided accurate analysis of other PS4 hacks, has released a writeup of qwertyoruiop’s exploit, and released his own version of the exploit, with added compatibility for multiple firmwares.
SpecterDev’s Proof of concept builds on top of the initial exploit and adds Rop/gadget support for firmwares 3.50, 3.55, 3.70, 4.00, and 4.07 (in addition to 4.06 which was already supported in the initial PoC). Visibly no support for firmware 4.05, but a quick glance at the source tells me it shouldn’t be too difficult to add for people who feel like it.
Additionally, the developer released a writeup about qwertyoruiop,s exploit, and it’s a great read. What’s particularly interesting here is that SpecterDev, as he states himself, is still fairly new to exploits in general and webkit in particular (although you will see from the writeup that he is being humble here 🙂 ). As a result, the write up is reasonably easy to read because the author makes no unrealistic assumptions on the technical level of the reader. I’d say it’s a great introduction to understanding how the exploit works, if you have basic coding/system knowledge.
You can read SpecterDev’s writeup here.
Download/test the Webkit Exploit for 3.50, 3.55, 3.70, 4.00, 4.06, 4.07
You can download the source for the exploit on SpecterDev’s github here. Keep in mind that this is a rewrite of qwertyoruiop’s original exploit which will probably remain the source of truth and of major updates for now.
To run the exploit from the source (from SpecterDev’s readme):
setup a web-server on localhost using xampp or any other program and setup these files in a directory. You can then go to your computer’s local IPv4 address (found by running ipconfig in cmd.exe) and access the exploit.
Stay tuned on our PS4 Jailbreak page for more details!
Source: SpecterDev
Thank you for the update, Wololo.
Thanks. Let’s hope it will be the door to greater things to come
no support for 4.0.7 :((
afaik it is confirmed also for 4.07 – only 4.5+ is not exploitable as of now…
This actually looks interesting since they were willing to share it like a community should without sjw, secretive v.i.p. and drama ***. First worthy thing since eons. The only way progress will be made is if every *find* is shared so that everyone can poke at it. The legal stuff doesn’t matter since Sony will patch it easily with the next update/revision like always anyway and people will be locked out of online play and newer firmware games like always. I don’t know why they make such a drama too.
4.07 Confirmed Working 🙂
4.07 but 4.05
4.01 work?
does your brain work? they listed version numbers in the article…. or just see title, see the comments and think “uhhhh, whats reading comprehension?”
I’m confused, “4.01 work?”
Work? Work what exactly?
(Not being rude but I’m noob)
What are any of the posters confirming working?
Just asking what has been achieved…
what is released is the webkit exploit which allows you to try and install a kernal exploit there is a working kernal exploit which has not been released. This exploit is 0 day and has been confirmed working on all firmwares. Right now we only have a webkit to try and use that exploit up till 4.07. To install the kernal exploit on higher firmwares will require a new webkit exploit to be found. Hope this helps. Basically sit tight. What you are looking for is highest firmware possible that will work with both hacks. Remains to be seen but that might be 4.50….
Thank you so much for your response! Your explanation really helped me to understand this better. Thank you again and thanks for your time too!
looks like 3.11 isn’t part of the upgrade, will wait abit longer before pushing another flash drive update