I’m beyond late on posting this one, and the only culprit is myself: I’ve been severely procrastinating with the blog articles lately. Nonetheless, enough people have called me out on this, and this is important, so I have to swallow my pride, be ready for all the “old!” and “late!” and “othersite.com talked about it a week ago, Wololo is so lame” comments, and get on with it.
PS4 6.20 Webkit exploit
Hacker SpecterDev, known for his involvement with the PS4 scene, in particular the first public release of the 5.05 kernel exploit, has released a Webkit exploit for PS4 6.20 owners.
The Exploit has been patched with Firmware 6.50, which is why the dev chose to release this.
If you are on firmware 6.20 or below, you can give this a try and play with it. If you are on firmware 5.05 or below, of course, stay put since you can actually run a full PS4 Jailbreak.
Indeed, a webkit exploit is “only” a usermode exploit which will not give you access to the kind of functionality you would typically expect from a “Jailbreak”, or kernel exploit. Nevertheless, it gives you an entry point into unsigned code execution, which is cool to play with, or for developers to dig into kernel exploits.
Details on the vulnerability itself can be found in the Readme of the exploit. Important notes from the readme:
This vulnerability was patched in 6.50 firmware!
This only gives you code execution in userland. This is not a jailbreak nor a kernel exploit, it is only the first half.
This exploit targets firmware 6.20. It should work on lower firmwares however the gadgets will need to be ported, and the p.launchchain() method for code execution may need to be swapped out.
In my tests the exploit as-is is pretty stable, but it can become less stable if you add a lot of objects and such into the exploit. This is part of the reason why syscalls.js contains only a small number of system calls.
Download and use the PS4 6.20 exploit
You will need to download the files from the developer’s github and host them on a server somewhere, this can be done on your local computer or with a tiny tool such as an ESP8266 (details here)
Source: SpecterDev, again with my apologies for blogging about this only now.