Fail0verflow: Dumping a PS4 Kernel in “only” 6 Days
PS4_enthusiast over on the fail0verflow blog has posted a detailed explanation on how he was able to dump (and decrypt) the PS4 Kernel from userland (Webkit exploit).
The stunt leverages a vulnerability in the “crashdump” functionality of the console. The code that lets the PS4 log some information in case of a crash allows an attacker to leak a very small amount of kernel data (16 bytes per process). Additionally, flaws in the encryption process of the crashdump made it feasible to actually decrypt the data after it was dumped.
More interestingly than the exploit itself, is how ps4_enthusiast automated his system to dump the whole kernel. The hacker calculated that with such a tiny information leak, and given the size of the Kernel, it would require roughly 11 days (6 days after trimming some fat) to dump. He moved forward by automating PS4 crashes, reboots, and dumps to a hard drive, which itself was connected to the hacker’s PC, which was reconstructing the kernel, literally byte by byte.
The hacker states that one of the flaws he leveraged has been corrected around firmware 4.50, and decryption of the kernel is not possible anymore in recent firmware.
Check out the entire article at the source below.
source: Fail0verflow
This is such amazing news. I got two PS4’s unopened and on lower firware waiting for this day to come so we can all finally pirate games. This is what the PS4 is made for to pirate. First!!!!!!!!
You won’t be able to play pirate games,even with the exploit,I can guarantee you that…
maybe he will be able like it is possible on 1.76 but again it will take weeks or months – also still no Multiman or CFW for PS4 🙁
You sure bro, just after few days you are rekt.
Hopes for 4.55!
There are already 5.00 and 5.01 fully exploit by the developer team. Be patient. 🙂
if you mean by qwerty guy dude, keep on dreaming…
dunno why that dude keep spamming twitter “hey i did this, hey i did that” but didn’t do any release, i mean what the point? atleast sell the exploit to sony
4.55 slim for the win. Having high hopes for it in 2018. FakeDNS + some browser exploit and a rebug cfw would be great.
what does dumping the kernel help in if the firmware is already hacked like in 4.05?
It’s an amazing technical achievement in itself.
Although based on the info we’re given, this could be still used to dump the kernel of firmwares between 4.05 and 4.50, which don’t yet have a public exploit available.
wow! that does sound great. hopefully they dumb 4.5 and make an exploit for it 🙂
My Ps4 Pro is on 4.07…. I can still hope!
Same 4.07 here! Hope they release one in the future.
Im on 4.70 , im waiting for the release of the 5.00 or 5.01 exploit so i can update it 😀 (Good or bad idea?)
That’s insane. The Kernel (at least one dump I found) is 4.24 MB big. That suggests it took a total of 265,000 crashes (approximately) to dump the entire kernel. Kudos to you all.
are you insane? if you read up you would find the interval between crashes was 5 minutes; from that and knowing it took 6 days we can calculate it it took no more than about 1732 crashes
1hr / 5 = 12;
24 x 12 = 288 crashes per day;
288 x 6 = 1728 crashes total over 144 hours // 6 days
to begin with i gave a 20 minute margin of error for +4 crashes
I just took a dump in 6 minutes, I think I got them beat…
Nobody! Even no crack for the firware 3.55!…
Firware 4.55…
wow…..If it is that easy to do, then you know the games under 4.50 will be easily decrypted and playable in a fairly short amount of time which is not really a good thing.I would prefer it take hackers a year or more again at least…..To each their own though. I would rather buy any games worth buying and just have custom GUI hacks and custom plugins if I am going to play any PS4 games with the lower firmware systems.
I specifically purchased these boxes for Linux but I would really love a new XMB style GUI without all that hideous facebook blue everywhere.. Ewww….. Overclocking, underclocking, custom GUI and hud, game mods, PSP like special GUI menu’s, added PS3 Blu ray remote support, KODI or Movian media player that may be able to work directly with the linux kernel with some modifications….Emulators as well….
There are so many amazing and useful tools that can be done here to improve quality of life in the games and expand upon the consoles ability with a simple and fully functional linux distribution that has full GFX processor kernel support and properly patched kernels for the rest of the hardware. I am really looking forward to having steam run on these still. In fact, just having that alone is perfect. I think a virtual box in Linux could also allow some limited windows apps to be run which would allow some simpler 2D games to run at close to full speed if the memory requirements are low enough.
Does this mean I’m good with a Ps4 with 4.50? I don’t want to have to look for Ps4 with a
lower fw.