PS4 hack: Cturt showcases the FileSystem root and processes in RAM
News keep pouring from the recently revealed PS4 Kernel exploit. CTurt, the hacker behind the announce, posted a “tease” on twitter earlier today: a dump of the root Filesystem of the PS4, as well as the processes running in the PS4 RAM. Details below.
The Filesystem root shows some similarities with your standard FreeBSD install, with folders such as /dev or /mnt.
Files that are more PS4 specific also show up, such as SceBootSplash.elf and SceSysAvControl.elf. Elf files are executables, it is safe to assume all these files are encrypted, but it would be interesting to understand how easily they can be replaced (although probably sounds like a bad idea to mess up with those, given that they might be essential at boot time, at a point where the hack is probably not running)
Notice also the “update” folder, pretty much self explanatory, and that already existed on the PSP and the PS3.
[+] Entered shellcode [+] UID: 0, GID: 0 [DIR]: . [DIR]: .. [DIR]: adm [DIR]: app_tmp [DIR]: data [DIR]: dev [DIR]: eap_user [DIR]: eap_vsh [DIR]: hdd [DIR]: host [DIR]: hostapp [FILE]: mini-syscore.elf [DIR]: mnt [DIR]: preinst [DIR]: preinst2 [FILE]: safemode.elf [FILE]: SceBootSplash.elf [FILE]: SceSysAvControl.elf [DIR]: system [DIR]: system_data [DIR]: system_ex [DIR]: system_tmp [DIR]: update [DIR]: usb [DIR]: user
The processes, here again, are a mix of typical stuff and PS4 specific processes. Look for the Sce* stuff for Sony specific processes, as well as orbis_* (hey, Orbis was the development codename for the PS4).
[+] PID 0, name: kernel, thread: mca taskq [+] PID 1, name: mini-syscore.elf, thread: SceRegSyncer [+] PID 2, name: SceHidAuth, thread: SceHidAuth [+] PID 3, name: hidMain, thread: hidMain [+] PID 4, name: SceCameraDriverMain, thread: SceCameraDriverM [+] PID 5, name: SceCameraSdma, thread: SceCameraSdma [+] PID 6, name: hdmiEvent, thread: hdmiEvent [+] PID 8, name: xpt_thrd, thread: xpt_thrd [+] PID 9, name: iccnvs, thread: iccnvs [+] PID 10, name: audit, thread: audit [+] PID 11, name: idle, thread: idle: cpu0 [+] PID 12, name: intr, thread: irq273: xhci2 [+] PID 13, name: geom, thread: g_notification [+] PID 14, name: yarrow, thread: yarrow [+] PID 15, name: usb, thread: usbus2 [+] PID 16, name: md0, thread: md0 [+] PID 17, name: icc_thermal, thread: icc_thermal [+] PID 18, name: sflash, thread: sflash [+] PID 19, name: sbram, thread: sbram [+] PID 20, name: trsw intr, thread: trsw intr [+] PID 21, name: trsw ctrl, thread: trsw ctrl [+] PID 22, name: SceBtDriver, thread: SceBtDriver [+] PID 23, name: pagedaemon0, thread: pagedaemon0 [+] PID 24, name: pagedaemon1, thread: pagedaemon1 [+] PID 25, name: vmdaemon, thread: vmdaemon [+] PID 26, name: bufdaemon, thread: bufdaemon [+] PID 27, name: syncer, thread: syncer [+] PID 28, name: vnlru, thread: vnlru [+] PID 29, name: softdepflush, thread: softdepflush [+] PID 31, name: SceSysAvControl.elf, thread: SceAvSettingPoll [+] PID 33, name: SceSysCore.elf, thread: SysCoreAppmgrWat [+] PID 34, name: orbis_audiod.elf, thread: AoutMonitorPid40 [+] PID 35, name: GnmCompositor.elf, thread: CameraThread [+] PID 36, name: SceShellCore, thread: SceMsgMwSendMana [+] PID 38, name: SceShellUI, thread: SceWebReceiveQue [+] PID 39, name: MonoCompiler.elf, thread: MonoCompiler.elf [+] PID 40, name: SceAvCapture, thread: SceAvCaptureIpc [+] PID 41, name: SceGameLiveStreamin, thread: SceGlsStrmJobQue [+] PID 42, name: ScePartyDaemon, thread: SceMbusEventPoll [+] PID 43, name: SceVideoCoreServer, thread: SceVideoCoreServ [+] PID 44, name: SceRemotePlay, thread: SceRp-Httpd [+] PID 45, name: SceCloudClientDaemo, thread: SceCloudClientDa [+] PID 46, name: SceVdecProxy.elf, thread: proxy_ipmi_serve [+] PID 47, name: SceVencProxy.elf, thread: SceVencProxyIpmi [+] PID 48, name: fs_cleaner.elf, thread: fs_cleaner.elf [+] PID 49, name: SceSpkService, thread: SceSpkService [+] PID 50, name: WebProcess.self, thread: selectThread [+] PID 51, name: orbis-jsc-compiler., thread: SceFastMalloc [+] Triggering second kernel payload [+] Entered main payload
This is not much at this point, it just shows that Cturt has access to the RAM and can look at all the processes running (which would generally confirm root access), but it’s still super exciting to think what could be done moving forward.
The Kernel exploit has been confirmed to work up to PS4 firmware 1.76, and no release date has been announced yet. We explained however how this PS4 exploit could benefit recent firmwares such as 3.11. Stay tuned!
Cool. Thnks.
Better get the emulaters ready.
First cute!
HAX0r! this seems promising!
Seeing as most homebrew devs switched to mobile so they could make money… I don’t think this is that big of a deal.
k
k
The only reason anyone would want to hack a ps4 is soley for piracy or modding games, i see no other reasons since theres nothing else a ps4 can do that a pc can’t
You do know theres real ppl out there that have only tiny weak netbooks for college/work ect and have only a ps4 for gaming….we get it, pc can do everything…geez
Well, the PS4 is also powerful enough to possibly emulate Dolphin and being x86, I imagine porting current PC emulators won’t be too difficult. The Original Xbox was the best thing ever when hacked, being able to be a media center(could do things at 720P as well if you did the right hardware mods) and a beast emulation machine.
The old xbox was even capable of 1080i with the component cable. But only the ntsc version out of the box and the pal version with bios mod or modchip and custom dashboard.
Only on a sidenote, there were even Xboxes modded with a Pentium 3 instead a Celeron.
Even if Cturt doesn’t share it with the world, I reckon some underground groups will eventually enable piracy on PS4.
durr durr durr muh pr-piracy……….there are things called homebrew , emus etc , and fyi not everyone can afford a pc or upgrade it after 2 years or so , troll pls go
Whatever. 🙂
Dope. Deff interesting… seen this on Twitter, curious what steps where taken to get access to the RAM? 😕
So it mean once it’s hacked .we can play pirate games.Right . One thing else how they will produce homebrrw consoles to the world wide .
I saw this: “MonoCompiler.elf”, so this means that the PS4 in way would be compatible with PSM Apps made with PSM Mobile SDK?
This is not yet an official jailbreak that runs manger backup and homebrew? Thanks
good job , guys , keep up the good work .
no geohot this time ?
As I use the exploit kernel guys? I have a mac seems that the terminal is anybody here can post a tutorial? Thanks
Sure. First take a sledge hammer. Second smash your Mac over and over with it until it’s unrecognizable. Third go buy a real computer.
Nothing is known about this exploit besides the teaser snip-its released by Cturts. Don’t expect anything close to a tutorial about anything for a while to come. Important first steps have been made but it’s still going to be a while until anything useful to us, the clueless end users, is released.
You computer advice was brilliant!!!
I like how tongue-in-cheek this post is, also the second paragraph is a good primer for people who don’t know how to interpret this blog post, but there’s plenty you can do on a Mac. In fact, for low level driver access it can be way easier than a PC running Windows. Lot of people I know who do pro web development and coding use Macs running OS X and aren’t scared of terminal. And if you want Windows, Bootcamp it! 😉
It’s gonna be a while to wait and see what becomes of this hack but it’s very promising indeed. Would love to see some real PS2 emulation here rather than having to pay Sony to do so with a limited library of games, unlike the Xbox One where you can pop a working disc in. I might actually start using it again if this were possible. Or being able to run a fully fledged Linux such as Debian… yeah, things are early days but very exciting if you own a PS4, plan to, and care even a little about homebrew.
I know, Mac’s are pretty good computers, the only issue is they’re made by a horrible company. I am a little biased when it comes to that, but I’d still take linux over MacOS any day. They are very simplistic though, perfect for certain people.
I like MacOS over linux. That’s your opinion.
essentially all good things come to those who wait.I am surprise that the ps4 exploit was found far easier than the ps3,The ps3 is still not completely hacked 100% imho.
We need pc,s to hack consoles or some form of a pc;D…does this settle the pc vs game condom .
I love homebrew and been doing it since 1980.I love electronics but i see sony trying to throw a geohot action…..good luck turds(sony)…..preparing for battle.
public class HelloWorld {
public static void main(String[] args) {
System.out.println(“Hello, World”);
}
}
A good Media player would be nice yes.
VLC equivalent.
Am I crazy to see the time to play games with backup manager, homebrews, etc. Cturt could immediately release the jailbreak crowd, so be holding it for too long?
hacking of Ps4 part 3:http://cturt.github.io/ps4-3.s4
Cturt no longer on this! interesting….. I hope others can learn from his work and take it on maybe ?
When it will be that we will have a Ps4 jailbreak?