In 2015, will the PS4 be (natively) hacked before the PS vita?
It has always been considered that the PS4 and the Vita have a pretty strong security in place, that cannot be compared to what the PS3 and PSP had. It’s also always been assumed that both the PS4 and the Vita would be equally secure. If anything, based on the PS3 and PSP, one could assume that the PS4’s security is stronger than the Vita’s. After all, the PS4 already has a bigger install base than the Vita, despite being released about a year ago. It would be normal for Sony to protect it’s juicier business.
The PS Vita has proven a tough nut to crack for hackers, even if the PSP emulator installed on it has been wide open for a while (including the recent bubble hacks and 3.36 kernel exploit). Of course, the recent PS Vita Webkit exploit has given the scene new hopes, but that remains quite constrained inside the Webkit process for now (the same exploit has been confirmed to work on older versions of the PS4 firmware).
The PS vita has several pieces of security in place, including support for ASLR and NX.
But what does the security on the PS4 look like? Not so much is publicly known about it, except for a few “hints” like this tweet a few weeks ago from Yifanlu:
No KASLR, no stack canaries, kernel open source, kstack leak from sysctl… PS4 is much less secure than Vita. It should be hacked soon.
— Yifan (@yifanlu) January 3, 2015
Although YifanLu himself has stated that the above is “not news”, his tweet got massively rewteeted/favorited, and similar claims cannot be found easily anywhere else. Clearly, some people know stuff that we, the regular scene members, don’t.
So, What are those things that YifanLu is talking about?
- KASLR is Kernel ASLR, check the wiki link above. We’ve talked about ASLR quite a few times on this blog already.
- Stack Canaries are a “checkpoint” value that, when destroyed by a buffer overflow, prove to the system that a buffer overflow happened, letting it make a decision to stop the process at this point (I assume in reference to canaries in mines…)
- The sysctl leak is a bit mysterious to me… how a memory leak can be used to exploit is open to interpretation, as those typically only lead to DoS.
The PS4 OS is based on freebsd. It is safe to assume that vulnerabilities in freeBSD are also present in the PS4. How fast and often the PS4 gets patches for the OS though, is one of the unknowns.
The PS Vita OS is also loosely based on FreeBSD, but if YifanLu is to be believed, Sony’s engineers somehow did a better job at securing this one…
It is unfortunately impossible to confirm YifanLu’s claims above, except for the handful of people who have been involved on PS4 hacking so far. Wait and see…
Note: stop contacting us about the Reckz0r hack, it is fake. It was fake in 2013 when we debunked it, it is still fake today. Don’t trust the low quality sites that try to “refresh” it by adding new names to it, such as pretending it has been orchestrated by Lizard Squad…
Of course it will. There’s more interest in the PS4 and more of a market for it
BTW…….FIRST!!!!!
^^ couldn’t help it 🙂
someone on ps3hax is calmed to already hacked it and will release it in 2015 this year.
Claiming* sorry for my English
PS3HaX is full of idiots, liars and thieves, who only take pleasure in leaking other peoples unfinished work.
There is no one on that website with the ability to hack anything.
It was the same when you were there. I’m sorry you got your feelings hurt but nobody cares
Read the note at the end.
You’re talking about the lizard squad thing, like those guys could hack anything
This is the problem with the gaming scene. You stupid hackers are killing it just so you can play free games and deny that that’s what you intend to do. I hope each one of you gets thrown in federal prison for the rest of your lives.
Why does it take hackers to unlock the full potential $ony restricts…Care about what the consumer wants and maybe we would not be on the band wagon to hack everything =D
I agree y’all ppl BETTER not touch one piece of software on the ps4.
And what will come of this…I will tell you: !!!!NOTHING!!!!
This system is awesome as it is.
If you hate hackers so much, why are you on a site that is mostly dedicated to home-brew, custom firmware and console hacking? There is nothing wrong with hacking or modding your own game console. Alot of times there are some consequences for those that hack their system. Like with the Xbox 360, if you do a JTAG/RGH, you cannot take it on Xbox Live. On the PS3, you run the risk of getting your account banned if you take it online. When the GateWay for 3DS was new, you couldn’t take the ROM files online but you could take legit cartridges online.
N, what drugs are you on son? Your an idiot if you truely belive what you said. When someone buys a device, they want something they could use, and not a locked down ***. I hope the rich scumbag ceos of sony and the MPAA get thrown in prsion for the rest of their lives since they take away rgeular peoples rights to get more cash. Screw closed access and drm; we want something thats usable not locked down.
Let’s stop lying here and tell the truth. Sony doesn’t SELL you a console, they LEASE it to you on the condition that you buy more games with it.
Assume that someone made and marketed (with permission from the government) a personal ATM that would print money as a result of credit transactions. Obviously it would be difficult to hack… but OH you BOUGHT IT, it is your RIGHT to HACK it so you can print free money?
Really now, “Sony” isn’t a greedy little company, the CEOs are… MOST CEOs are. That’s what they do, drain money out of companies for their own personal wealth. But development costs money, they don’t hire kiddy scripters and computer technicians to put together their consoles or networks; there is a large amount of work represented in what they produce and to call it greed simply because it costs you money is disgusting.
I will say that yes, I hold the opinion that the majority of the REAL hackers (not the followers) know that the majority of the people who use their hacks will use them to pirate games; and I find this offensive (especially when the person in question brings it to light several times as if saying that’s what he is doing).
I have absolutely nothing against homebrew, but I do understand the notion of underselling to make up costs on use; as well as trying to keep a network secure from all ends; ultimately though, this is something that the CEO should be faulted with; and some people who kept f’ing with sony when they tried appeasing the homebrew audience.
I agree. There’s nothing wrong with doing it for yourself or the satisfaction of hacking, but don’t release it because everyone will just use it to pirate games.
If this is your attitude regarding the modding scene why are you even here?
hey n thats a pretty rude thing to say ,i wonder when will you understand that if you buy a piece of hardware you can do whatever you wish with it .at least in europe we can do whatever we want with our paid things, considerign the overpriced prices of games and the fact that piracy didnt yet killed the pc gaming industry your petty ideas are not true ,learn your facts and then speak ,ps vita was not hacked but is almost dead ,why ? cause sony doesnt support ,with memory cards as micro sd they got greedy and released their own format that cost twice the price of micro sd, if you consider now that a game cost 1/12 of a salary i can see why piracy still lurks in the corner.
Not the Hackers itself are the Problem, the Crackers are the Problem, they want the Hacks to use it for illegal Copies of Games or to cheat online. Hackers not really interested on that, they only want to crack the Hardware itself, that is the fun they want. And Homebrew is really nice.
And I think a mobile Console like the Vita and a “dead” one, is much more interesting for hacking, because the Vita would be so much more if we can run Homebrew on it with the full Vita Hardware. It could be a boost for selling Vitas too, a Chance to make the Vita more alive and so we get longer Games for it.
Sony give up the Vita and didn’t support it anymore, so it’s Sony’s fault when we are more interested that the Vita get hacked. Look at Nintendo, they have similar Problems with WiiU and 3DS in the Beginning but they didn’t give up and push there Systems with Games. And what do Sony? They give up and never really try to push the Vita. But they still selling the Vita… and their much too expensive Memory Cards… only to get Money from the People, but itself they do nothing anymore for their System, only fix Security Holes, remove Features and add not very well working Features.
No, the WiiU will be first.
that was hacked last year with the UDE/WIIKEY U being released sometime soon
I guess we’ll see. I would love to see custom themes on the vita and emus running on full vita hardware. In time. gonna keep that 3.18 till something happens all my games work on it and 2015 line up looks sad to me. Oh well if only I was smarter I could help dig at it.
Hi, same question, again and again; is it worth to stay on PSVita 3.18?
Same answer, again and again, decide for yourself. Lower firmware version = less security checks. No right or wrong answer, weigh the benefits and make your own decision…
In my oppinnion 3.18 is the golden firmware You have access to TNV10 or Ark 2 ECFW The Ps1 Loader which is boss. Also making custom bubles if you want.
dude if your fw hacked then our fw will be hacked soon .
infact you fw will give hacker so many information and hacker can use that info to hacked new fw
so dont bother youself with keeping that fw 3.18
3.18 is definitely the “golden age” firmware, I agree. If you recall the webkit exploit stops working at any firmware above that. Many believe that if a native hack does come about as a result of this exploit it will indeed be on only 3.18 or lower so keep that in mind when deciding on whether or not to update. I myself bought a second Vita recently that stays on ofw and my first is kept at 3.18 for if/when a native exploit comes.
If we can learn encryption algorithm on 3.18 we can share our backups freely.
That’s why there is no point in staying on 3.18 if you just a mere user.
Exactly, stick with 3.18, unless possibly longer wait, if any, downgrades.
Huh… So if that is true, why hasn’t the PS3 FW 3.56+ been exploited yet then? I mean it’s been 4 years.
Thanks guys.
Hope we didn’t need any exploitable game to use next exploits.
still have my psp3k so its doesn’t bother me to have access to tnv or not..bit confused about the webkit thing though, but it cant do much today, guess well have to trust our cost saving hackers to do that thing for us, everybody needs time, especially if your not paid..
instresting , i can not geuse wich one will hacked first . but i hope it will be ps vita 😀
Of course PS4 will be hacked first
By just consider this thing
-Popularity
Mention vita anywhere and you get “vita is ded”
No matter how tight security is
If there’s a lot of people who want to hack it
And hacker unite then it’s will be hacked
Wait what? Why Sony engineers didn’t add KASLR on PS4? PS Vita has KASLR (But it was added later), even 4.X iPhone firmware has KASLR and we are talking in 2010 with single core 800mhz iPhones :S
It’s not up to sony to add. FreeBSD does not have it (until really recently). Sony just used a modified version of FreeBSD
I think that base PS4 structure is Vita – Vita was like security test device.
Since PS4 not a portable device (and not much powerfull) there is missing some secure components for sake of next-gen graphics…
“…and not much powerfull…” – I mean if PS4 was more powerfull it could handle next-gen graphics AND full security.
It’s the matter of time adding something similar and light.
Nope, you thought wrong. PS4 is forked from FreeBSD (similar to PS3). Vita is forked from PSP.
PS4 OS is much like MAC OS.
There are around 616 syscalls:
– the first ~530 syscalls are freebsd syscalls, it is well documented and opensource.
– above ~530 syscalls are sony syscall (example syscall 594 = loadStart sprx …)
However, almost apps are sandboxed (webkit, game, …), with custom sony sandbox which use :
– Chroot -> restrict webkit process to a folder (with random mount point “/RANDOM/common/lib/”)
– IPC to communicate with services
– MAC -> restrict syscalls ( we can not mprotect/mmap memory as exec )
– They disabled some syscalls
So we can not load payload/full homebrew in memory without gaining root privilege.
But, Sony engineers make some mistakes …
PS4 Webkit have JIT, isn’t it ?
If so, RWX pages must be present in the webkit process adress space 🙂
Can you share the allowed syscall to see if FreeBSD 10 Exploit would work or not ?
Sorry about my questions, I don’t have PS4…
>In 2015, will the PS4 be (natively) hacked before the PS vita?
I really want to believe that native hack of Vita is coming soon(er than PS4’s). Most of what you can get from current gen consoles is also available on PC, but there’s no alternative for current gen handhelds at all.
Sure, Vita doesn’t have much to offer in the West on the native side gaming-wise that’s not multiplatform, but the device itself has the potential to become the ultimate emulation machine — something that Sony will never realize/release officially, sadly.
Nvidia Shield, while close to that, is not really portable and touch-only interfaces of phones/tablets simply don’t work for anything more involving than Solitaire.
I also don’t think that piracy on Vita is really an issue – the (very) few games worth pirating are either already bought or won’t break one’s wallet if bought legally. Physical releases are becoming increasingly rare nowadays even with no native piracy possible atm.
Moreover, Vita doesn’t look like it has a (bright) future ahead regardless of the availability of the native hack.
What is the point? it has no decent games you can’t play on pc…
ps4,vita? if there is no exclusive game PC is the best.
but still…,I hope there will be hack/emulator for PSV,lot of good exclusive game >.<
Seems pretty likely the Vita will never have a native exploit at this point. Suffers from the same problem the 3DS did. People thinking they’re saving the platform from piracy.
Problem is the PS4 being “hacked” is completely uninteresting. All you get from that is piracy. Homebrew? so what? It’s not portable so you might as well just use a computer.