PS4 hack: what we know of the kernel exploit so far
Several devs close to the recently revealed PS4 Kernel exploit have spoken up on IRC and other communication channels, to clarify the current status of this PS4 hack.
Probably the most important piece of information is that the Kernel exploit announced by CTurt this week is already patched on recent firmwares. It is believed that the exploit will run on PS4s up to firmware 1.76. Oh, and several sources have now confirmed that this exploit is real (not that we doubted it given that Cturt is a trusted source, but it’s good to have multiple confirmations)
Now, it being patched does not mean this exploit is a waste, quite the contrary. We’ve learned that several groups have discovered and started investigating the exploit roughly at the same time, several months ago. It is safe to assume this exploit has enabled them to investigate the PS4 firmware in depth, and understand more of its inner workings.
In other words: hackers now have access to the entire PS4 system, and can study its security mechanism, kernel, and libraries, at will.
Down the road, this could allow them to reverse engineer parts of the PS4 system firmware, and find more exploits (some of which would be available on recent firmwares), as well as setting the basics for a scene-driven PS4 SDK, which would later on let people write homebrews.
Can I get a woop woop!?
absolutely not
Ricky D
I <3 just for that comment
black fin and THIS made my week. (i still hate the idea of dongles.. I mean it is a DRM device used to break DRM… crazy right? ).
anyway, keep the updates coming!!!
PS: Thanks for the PSN code wololo… 🙂
hope it doesnt lead to a dongle like the vita scene.
the problem is $ony will just ban accounts more if they see any kind of exploits being ran. they did that with the PS3 and i bet the ban hammer will be worse with the PS4
I know this might be a touchy subject, but when a device has kernel access or at least the ability to run backups in some way (Gateway and it’s unprivileged user-mode) I wonder why devs won’t utilize the exploit and make a backup loader.
The trouble that geohot and bunnie got into might be the answer and I wouldn’t want to see devs go through what they go through just to give users complete access over the device they paid for and own not rent out like these companies seem to think. I honestly do view companies like Gateway a lesser evil than Sony and so on so I have no issue giving them money and paying for a second hand gaming console.
It’s greedy business practices that’s going to destroy gaming (on disc dlc, rip off season passes, locking away features for the sake of monz/cause it was there and now it’s not) and consumer ignorance that buys into these horrible practices, not piracy. The day these corporate giants gtfo of the gaming industry is the day of great celebration.
you can barely call that a scene.
First!?
so.. What are the ps4s that comes under 1.76FW?
Are there any serial numbers to look on to the boxes?
Appreciate your replies..
Killzone and infanous bundles .
Thanks!! I almost forgot those launch games!
Now I have 3 to choose from including TLoU bundle, people said that it’s also <1.76FW..
Luckilyy I stayed on 1.76 with one of my PS4 systems 😀
The problem with the “scene” it is completely wired for fame. Rarely people work openly, everybody races against an imaginary competition (there is almost no open source community). The exploit and any future exploits for more recent firmwares would land much quicker if the knowledge was shared. Instead, they disregard how much their work (exploit) and working environment (OS, PC) is actually based on openly shared knowledge software and code and don’t do the same. Instead, everybody needs to implement the same (troublesome) CVE … childish.
I think you’ve missed some events that happened over the past 5 years. It used to be ok for hackers to share their findings back in the PSP days. Since then, Sony has sued hackers for their work on the PS3, and have made their consoles much more reliant on network connectivity and firmware updates.
The result is twofold:
– hackers worried of being sued
– hackers worried that a leak of their work could result in an instant patch on the firmware.
both these things lead to less public sharing of work, I think “fame” has close to nothing to do with it.
Actually fame another reason for the information being kept hush hush is because nowadays the group that comes up woth the code or hack or procedure or whatever to pirate or run a different os can be sold for a profit like gateway for the vita or the recent iphone jailbreak that went for a million dollars
I agree, which is even sadder. It’s either greed or fame, not fear.
Please also release my longer response to the wololo comment above, detailing why I disagree with the assessment that fear is a factor of importance.
The hack is (obviously) a (known) FreeBSD (+ others) exploit which was released already by the initial author long ago and ported. It’s not a zero day. People release all sorts of exploits every day (in this case for example the initial author), and in most countries they are absolutely allowed to do so. Look at failOverflow or individual security experts, you will find exploits publicly. This “fear” excuse is simply not true, esp. in most of Europe. Further more, you could just work anonymously (Tor) and open from the get go. You think Sony is gonna sue multiple github contributers and hundreds of forkers? Even Graf and Hotz hurt them more then end anything (or don’t you have a rebug?).
Graf was harassed, because he was (rightfully) very pushy and political about it, but he didn’t loose in any way shape or form in court. Hotz was a mediocre loudmouth in a money-fascist country and gave in asap. because he was just interested to be in the news. I doubt he would have lost either in higher instances. (Both where supported and likely ended up with more money in the end then they had before, even with all the costs.)
Your argument towards patches is also invalid in this case. The exploit has long been patched (which everybody knew from the get go – it was very obvious). So the only reason of working on it is to gain access to find further exploits (which Sony can’t patch until they are found). The only thing they “could” patch is code execution … and I am not sure they would, for obvious reasons. Even without a release, they can simply guess how that works … its obvious is you created the system.
It’s all about the fame my friend, don’t get sold on the concept and cheap excuse of fear. And to those who actually buy into the fear: If harassment dictates your actions, you have lost already.
To add another example: The recent Google vs. Oracle case basically decided that APIs can be copyrighted (horribly idiotic). Now it was a case-specific decision, but it has wide implications. If we accept this as a potential thread which we should shy away from, Yifan Lu (and others) should probably close shop and drop their SDKs.
Fear is everywhere. Use the internet’s ability to be a dog (https://en.wikipedia.org/wiki/On_the_Internet,_nobody_knows_you%27re_a_dog).
fw 1.70 was preinstalled in ps4 bundles at the precise date when european ps4 bundle last of us got released (i have that one it has 1.70)
so ps4 bundles, still sealed, with a release announced around that date are interesting to hunt
note that american and european ps4 bundles might not have been released at the same date at all
I am running 1.51 🙂
Let’s hope for a release then, since it is patched already i do hope they decide for a release.
What can you even play with 1.51? Can you spoof the FW somehow to be able to player the newer games?
No.
I don’t play newer games anyway, I haven’t been playing ps4 lately.
Will this help the Vita hax in any way? Are there perhaps similarities in the architecture of the two consoles that could be leveraged to open the Vita?
Both are based on FreeBSD. The exploit could be backported to Vita systems.
good luck with backporting x86 bug to arm
Can you say CFW for the ps4 I’m so hype I want to be able to run dreamcast, nes,Sega Genesis etc… on the ps4. I don’t care if I can get on online I have a second one for that this is just my fun box plus it would be cool to have one cfw ps3 and one ps4 side by side each other.
Man what I would do to have a ps4 just like the original xbox… redbox a game, copy it for later. as well as a boat load of awesome emulators like ps 1 2 and dreamcast
Man what I would do to have a ps4 just like the original xbox… redbox a game, copy it for later. as well as a boat load of awesome emulators like ps 1 2 and dreamcast all in HD on a 1tb (or more) ssd
Also, I do wonder if anyone would be interested in making custom drivers for Windows if you can install Windows onto the PS4 since the people working on this have access to the entire system.
Do newer games require you to update to latest firmware just like the ps3? Because if not I might just exchange my current ps4 for a different one if I can secure myself a kernel exploit.
They do, every game on just about every system does
Thanks, is there a place I may be able to look up which games require what firmware? Couldn’t find it on google. In this case I might wait until a firmware spoofer is released.
How do you keep having 1.76 FW? I mean the system does not allow us to use online feature if we stay on 1.76. Right? I have the latest firmware because I play most of the games online. If somehow PS4 got hacked and that CFW only worked on 1.76 then what would we do who have already updated their firmware? 🙁
Either wait for the possibility to downgrade, which means it’s advised to not update further.
Otherwise sell your current ps4 and get one with an older firmware, and again, don’t update.
The same exact thing that happened with literally every other system ever made, this is nothing new. It should be known that if you want the possibility of CFW or exploits you keep the firmware as low as possible.
There are two whole generations of PS3’s that are unhackable for this exact reason. And ODE’s don’t count, those things were a waste of money.
Actually, its “only” 1.5 generations of PS3’s thats “unhackable” – All super slims and all slims 2.5k+ with datecode 1C or above.
All fats, all 2k slim, all 2.1k slim and many 2.5k slims are able to run at least FW 3.56(3.56 is hackable through noFSM method).
waste of time and money. U don’t even know when an exploit would be released to public. could take a year or even worse.
Eh, we had to wait until Geohot worked his magic in 2011/2012. 5-6 years after the launch of the PS3. Just stay determined!
Only killzone and infamous bundles have 1.76 older, are a lot of console with low firm but how to indentify?.
At this moment we are waiting for Cturt news, but to the people who are waiting to develop some apps for PS4 could be grateful if some like a kernel dump (apparently I think that it’s his progress) or anything more complex is shown.
Probably Sony will not fix this issue, they have done this work before, months before. And probably it’s not a kernel exploit for recently firmwares.
I could understand this “quiet” if developers are seeking for other recently “break” in the last firmware to launch this exploit for all people (people who cannot use the webkit exploit to “call the hack”), but… I’m looking in laster commits into github for cturt ps4-sdk and he just has done a progress in file system calls (fchmod and msync) and networking (apparently start supporting ipv6).
We are waiting for progress, instructions and news, but I think the currently situation is there are so much work to do and there is no so much work done. Anyway, there are more people like me than we want to help (I want to port a Kodi to PS4 some day).
It would be nice to see if Kodi running on PS4 could handle 4K files / resolution 🙂
ccccc
Guys, good news for everyone, Cturt tweeted on Tweeter that Ps4 is now jailbreak !!!! you not imagine the happiness I doubt anyone can look on his tweeter ……
The Ps4 now is Jailbreak!!!!!!Thanks woolly,thanks Cturt…..
Extracted from twitter:
Just broke WebKit process out of a FreeBSD jail (cred->cr_prison = &prison0). Guess you could say the PS4 is now officially “jailbroken” 😛
Enough for me at this moment ;). Waiting for the real exploit
http://www.ps3devwiki.com/ps4/CUH-10xxA_series
I leave you people this page here above.
All units listed should come sealed with a < 1.76 firmware. Then there are also a few other bundles like the Last of Us Remastered bundle.
Good luck finding one sealed for a reasonable price.
Who has already a ps4 can kindly post the model type ( the cuh – xxxxxx code) that can be found on the package, usually on the front on the right or left side, and the initial firmware version of the ps4?
CUH-1216A, init firmware 2.56
I couldn’t refrain from commenting. Exceptionally well written!