PS4 4.0x Webkit exploit released
Hacker qwertyoruiop just released a Webkit exploit for PS4s running on Firmware 4.0x.
According to the hacker, the exploit works up to firmware 4.06 at least (update: users have independently confirmed this also works on firmware 4.07), but it has been patched in firmware 4.50. People have confirmed the exploit seems to behave as expected on their 4.0x PS4, others have confirmed it works on firmware 3.55 as well.
Users who want to test the vulnerability can point their PS4 browser to http://rce.party/ps4/.
This is what this should look like if your PS4 is vulnerable to the exploit:
screenshot by @DJShinter
On firmware 4.50, this is the (self explanatory) error you’ll get:
Screenshot by @walidboy23
Details on the PS4 4.0x Webkit exploit
I assume people can start digging into the details of the exploit, however qwertyoruiop gave the precision that the exploit is triggered by a Use After Free vulnerability. We might see a writeup on the vulnerability at some point.
bug used is a stack uninit read yielding UaF
— qwertyoruiop (@qwertyoruiopz) March 29, 2017
What does the PS4 4.0x Webkit Exploit mean to the end user?
This is not a full console jailbreak, simply a usermode exploit within webkit at this point. The hacker gave the precision that this gives you arbitrary read/write, meaning hackers can start poking into memory. I would expect an upcoming release of known tools such as PS4 playground for tinkerers to easily start playing.
In other words, this is not something that is directly useful to the end user, and does not imply any jailbreak is coming soon (Firmware 3.55 has had a webkit exploit for quite some time now, but is still not fully hacked). Nevertheless, this is the first public released exploit for PS4 in a very long time (the last release was a 3.55 Webkit PoC in August 2016), and could trigger some further releases if it sparkles interest in the scene.
Note that any PS4 bought new today will ship with a firmware 4.0x or lower.
Stay tuned on our PS4 Jailbreak page for more details as they come.
Source: qwertyoruiop, thanks to everyone that sent this
Awww yissss, let the games begin
lets hope it will open doors not only for Linux but also CFW so we dont have to wait for “beta-hack” from racer 😀
WOW!!! HOLY STEAMING 5H!TBALL5!!!
He has managed kernal exploit/ RW
https://twitter.com/qwertyoruiopz/status/848405769179602945/photo/1
ps4 version of henkaku lol
Working on 4.07 btw..
hilarious indeed
tested and it works on 3.15 OFW
Hi there. A Question, Can I use PSstore with a lower firmware? and how?
No because that’d defeat the entire purpose of firmware updates lol.
This is great that means we can now steal and pirate PS4 games. Yay!!!
You need a facepalm, this means nothing yet, you have a long wait still if all u care about is pirating ps4 games lol
you can steal ps4 games since release. Pirating is not stealing though, and it’s still not possible, sry bout that
please work on 4.50 :((((( external hard drive and boost mode ((((
no chance lul your fault for being updated
Works on 3.50
been waiting for this for some time now, i might have a poke at GTA:V at some point in the future
Works on 4.07 🙂
Does this work for the PS4 Pro too with the appropriate FW?
No Worry there , it will surely release and there will be new exploit for 4.50 after wards , because the ability to mount hard drive and etc will some how temper with the hackers mood to try to digg more on the current latest firmware , for now we dont know anything about the tools or other stuff but we have to wait and give it more time , perhaps some thing new will come or not , who knows
all i can do is thanking everyable body in the scene doing something for people or for their own good , research is research
This is fake, wololo you decided too soon, this exploit not going anywhere, just another useless exploit…Psxhax is officially death.
Why has Wololo been reporting on false exploits as of lately?
… first of all its not an exploit from fakers(pshax) so shut your mounth ^^
second.. If you don’t know about “what is this exploit exactly doing” Shut your mouth >.< !
…The third and Last. NOBODY ASKED YOUR OPINION! SO SHUT YOUR *** MOUTH! YOU DAMN MOOD KILLER!!
for resentful idiots…
This isn’t fake. Luca is known for hacking, he even released jailbreaks for iOS when nobody else could. Go to his Twitter and you’ll see that he’s a genius and deserves the fame.
Fake. Basically reading address space off stack.
why ps4 4.01 noting?
But….. surely he’s made some real progress, with the additional functionality? Take a look at this
https://pbs.twimg.com/media/C8MRP_eXkAAwFYE.jpg
https://pbs.twimg.com/media/C8MRP_eXkAAwFYE.jpg
yes,same.but a work exploit 4.01?
https://www.youtube.com/watch?v=PBQL9NtpzmM
looked slightly different for me. Not sure why people assuming fake same tactic as wii u and switch and vita hacks…
ps4 4.01 not soppurt?please
How do you test this? when I go to the internet browser on my ps4 pro with fw 4.00 it tells me to update my system software. Have tried using PsProxy, but doesnt work?
If you go to settings and access the user guide, you can access the web browser, but you cannot type any url’s in the address bar. But, if you can find a link on the Sony website that leads to Google (Hint: google+ link), you can search for this website and access it.
Thank you for the tip, I’m going to test this tonight. Just wasn’t sure what would happen once I’m online.
I just hope I don’t sit with the same issue here.
Tip to all: Disable Automatic Updates in your settings if you need to go online, or the next time you power up your device will be updated.
try this – https://www.youtube.com/watch?v=8WXuEr5_i0s
You can set up your own DNS server that redirects the Sony online manual page to any other server, too. That will definitely work (I use that system myself) even if there is no links that will take you outside the manual.
Tried that… It doesn’t work. Was removed my Sony.
more like blocked by sony lol! never had time over the weekend to check
Makes no difference… this is just userland, I have a PS4 on fw 1.76. For a year now, no progress has been made
No progress has been made because barely any devs have 1.76 consoles. They also cost like $700 which you can buy 2 ps4s with. He also has a kernel exploit not sure if he has read/write though.
Message exploit succeed my ps4 of 4.01,a working?
This news brings me makes me very happy.
Does this work for PS4 Pro? I still have mine sitting in the shelf with 3.70
yes.
Works on all hardware between 3.50 and 4.07 inclusive
and how can i check on 4.00fw? when when i start the browser, it asking me for update…
go in through support pages. Click on google login. On bottom of page is google help. Click that to get in to google search.
I tried that…looks like it was removed. When i click on support, those links dont pop up anymore
As exciting as all the wekbit exploits on 2.xx & 3.xx
Sadly the hardest part is the kernel exploit and only the Chaitin Team and Marcan from FOF know how to do it.
PS: their kernel exploit has been patched on 4.07, so any webkit exploits working on FW > 4.07 may be useless.
Oh No! Im o 4.07 So cant it be solved ? 🙁
you’re sc***
He says warez is coming soon
Nobody really knows.
We could learn a lot with Chaitin in only 2 weeks (13-14 april)… wait 🙂
http://zer0con.org/#speaker-section
The last public Sony PS4 jailbreak was targeting to version 1.76, which has been released more than two years. As more mitigation is introduced, PS4 jailbreaking is much more challenging. In GeekPWN 2016, I have demonstrated booting a Linux system on latest PS4 console by exploiting multiple vulnerabilities through webkit to kernel. In this talk, I’d like to share some technique details about PS4 hacking.
Before anyone gets too hyped this exact thing already happened with 3.55, it’s even stated in the article. Nothing came from that and I don’t see why it would be different this time
Not much different, this release just made it for sony to sell more console only… Finally people still look at the console box sit at the corner for year by year..
this time will be different cause we have fate!
another useless false hope.
bill says:
linux loader
*The ps4 3.55 also has a exploit but hasnt been fully hacked *
Yeah lel thats because it is dropped and noone is researching the full potential of rop code execution
ofc this comes out a day after my stupid brother updates my ps4 to 4.55 *** it
damn i want to play roms on my PS4 one word i got to say sony.
BASTARDS!!
I do not have the session started on my ps4, so I can not prove the exploit, you *** ***
Let’s load up ps4-kexec and launch Linux!!
I want to jailbreak my PS4 to get unlimited money in GTA, but I find a huge money glitch recently and updated to 4.50, damn!
update: kxploit r/w aquied on 4.06 https://twitter.com/qwertyoruiopz/status/848405769179602945
sorry i mean Kernel R/W
Kernel R/W = Kexploit = Jailbreak (on 4.06) 🙂
The folowing kexploit (= 4.06 Jailbreak) has even been confirmed by Cturt
https://twitter.com/CTurtE/status/848472325007822848
4.07 and above is non-exploitable.
I’ve been following for the last few months. I updated to 4.50 anyway. I figured this time around I’d use ps+ and try playing online…
Not coded for 3.11