(Rumor) PS4 Webkit exploit for 3.50 incoming?
Rumors of hacker qwertyoruiop having a Proof of Concept Webkit exploit for the PS4 started to ignite the scene earlier today.
Playstationhax report that the hacker’s recent work on a use after free Webkit exploit is compatible with the PS4. The author on playstationhax (whom I have to assume is GregoryRasputin?) implies that the exploit works on the PS4, on the latest firmware 3.50.
Qwertyoruiop himself hasn’t been so specific. On twitter, he actually seemed to say he wasn’t sure if the exploit would actually work on the PS4 or not. Apparently, the code does crash the PS4, but it’s not guaranteed, based on the hacker’s post, if the crash is exploitable or not:
also bug seems to trigger on ps4- but it’s impossible to distinguish between OOM and segfault on ps4 :/
— qwertyoruiop (@qwertyoruiopz) May 20, 2016
Qwertyoruiop is a trusted dev of the iPhone hacking scene, and has also been credited in the past for helping CTurt on the PS4 kernel exploits.
Some details on the vulnerability are publicly available on the webkit github, so people with the right sets of skills could be able to confirm if this works. A successful approach might be to try the exploit on firmware 1.76 where some (albeit limited) debug tools exist, to avoid having to work on a proof of concept in the dark directly for 3.50.
Qwertyoruiop stated on twitter he would upload the exploit some time later.
btw https://t.co/SqBipbA1uj is the bug i’m playing with. will upload code for the exploit at some point
— qwertyoruiop (@qwertyoruiopz) May 20, 2016
Note that his work is focused on the iPhone currently so it is not sure if the PoC he plans to upload will actually work on the PS4. But, that’s the magic of Webkit: since many devices rely on it, a vulnerability in the web engine means several devices may have the same vulnerability. But again, the hacker has provided no confirmation that anything is in the works, let alone plans to release, for the PS4.
Will PS4 3.50 firmware be hacked soon?
Today the only people enjoying a PS4 Jailbreak are people running on PS4 firmware 1.76. That firmware is fairly old and it is becoming expensive to get your hands on a PS4 running 1.76. (We have a list of links of PS4 models running 1.76 here if you want to get one).
So getting public exploits running on the latest PS4 firmware 3.50 would be really helpful.
A Webkit exploit such as the one described here, however, would not instantly turn firmware 3.50 into the “golden” firmware of PS4 hacking: This would only give us access to the Webkit process, and additional privilege escalation (kernel exploits) would be required to get full access on PS4 3.50, like is possible today on firmware 1.76. On Firmware 1.76 this is achieved through a combination of a webkit exploit and the dlclose kernel exploit.
The dlclose kernel exploit does run on some 2.xx firmwares, so a 3.50 kernel exploit would in theory give kernel access to people running 2.00 and the like.
In the meantime, the release of a 3.50 Webkit exploit sounds to be more and more a question of “when” and “who” than an “if”.
Stay tuned.
interesting 🙂
Correct me if I am wrong, but this could be udeful on the vita too, right?
yeah but none working on it
Sweet
@wololo, if you read the article on playstationhax.it, he´s said: I do currently have the POC but i am not sharing. and the autor of article i think is “ps4bot” which it has posted a few minutes ago: “The thing is… I have spoken to Cturt. There is a new kernel exploit and he is releasing to public.”
a Kernel Exploit still needs an entry point, somewhere to place our Exploit and a way to make sure the Kernel runs it
This is the entry point, thats the reason why this is a big deal.
yes, but ‘abcdf’ is saying that this won’t be shared by ‘qwertyoruiop’ and that ‘Cturt’ has a kernel exploit in the works, the kernel exploit is what i was saying needs an entry point, however if the webkit exploit is not worked on or shared then we’ll be stuck for just a bit longer
Not first
To me, a jailbreak is-> when I am able to play a pirated game from torrents.
Its just me and I am not buying a game for 4000 bucks.
Thanks,
A middle class man.
Torrent? Why use torrents in 2016?
What exactly do you use instead of torrents? Thank you.
Usenet
I use both, and I tend to get better results from torrents now. Lots of stuff is getting pulled from Usenet.
oneclick hoster? there tons of site that provide those links.
Then buy games cheaper, like used games.
Buying used game s hurts game developers just the same as downloading a pirated copy.
Game developers do not get a commission ROM the sale of used games. So to the devs, they see no difference between gamecpiracy and places like gamestop who make their $$ from repeatedly selling the same game overcame over again.
Same as with buying any other used product. The manufacturer does not keep making profit from each time the item is re-sold.
Companies like GameStop are worse for the industry then piracy.
Not really. If you buy a game from someone else, that gives them money that they can spend on more games. Sure, they don’t make money from the used sale directly, but that person who sold is is more likely to buy another game, than if they didn’t sell it.
Nice
Would be cool to see the vita get a little bit of action as a result of this. At least my PSTV is still vulnerable to the old vita webkit exploit anyway… And as I recall, webkit got removed from the vita.
Vita is still running webkit. I really doubt that the replaced the browser with something else.
This may turn into something useful for end users in about…1 to 1.5 years of development. It’s a long wait but looks like the v3.xx firmwares should give the console enough growth in the industry for longevity before exploits begin just like 3.55 for ps3.
I’d wait for PS4 Neo before releasing it. I remember when PSP Slim was announced, and Dark-Alex waited for the console to be launched, and then he released his exploit so it would work on both models. It could be great if this vulnerability is on hold until Ps4 Neo is launched.
Webkit exploit must have been patched beyond 3.5 anyway. (If this exploit we’re talking about actually works on 3.5)
B/C the webkit exploit itself is released already, it’s just a matter of it’s is still usable on PS4 FW3.5 or not.
i am w8 when it will be realse ?
Please do not ask when. They will decide when. Don’t ask them. Leave them alone, really. Be patient. 😉
I’m still on 3.11, is it possible to update via “.pup” like on PS3 ?
Again with the ridiculous speculation I see. This post is frankly click bait, you have posted zero proof to confirm this is working, I suggest you get more information before embarrassing yourselves again.
When several confirmed hackers discuss about it, this is not clickbait and there is proof, not necessarily that this is working, but that relevant people take it seriously. When this happens, the community deserves to know about it imo.
https://psxtools.de/index.php/Thread/71421-PS4-Sicherheitsl%C3%BCcke-bei-BluRay-BDLive/?action=firstNew
Please look at this.