PS4: Interview with SpecterDev and update on the 4.05 Exploit
Fail0verflow disclosed the details of a PS4 4.05 Kernel exploit a few weeks ago. Although I was expecting this to lead to a full release very quickly, the scene has not seen anything so far.
PS4 Developer SpecterDev, who revealed he had found the exploit independently a while ago, and also runs a blog where he writes about the inner workings of console exploits, was nice enough to answer some of my questions.
Wololo: Could you introduce yourself for those among our readers who don’t know you?
SpecterDev: I’m just a curious developer who got interested in exploitation and reverse engineering a little over a year ago. The PS4 seemed like a fun place to start and I got started by tinkering with stuff that was already released (most notably FireKaku) and released some projects for those like me who were interested in researching the PS4 such as Playground 3.55. I was lucky enough to have some friends experienced in exploit development guide me along the way to eventually developing a kernel exploit. While at the time I had this I could not disclose details, I did try to spread some knowledge and answer questions where I could about information on higher firmwares.
Wololo: I’ll start with the very obvious question. When Fail0verflow released details about the PS4 4.05 Kernel exploit, myself and lots of people on the scene were expecting a release to happen within days. The exploit is explained in details on Fail0verflow’s blog. What do you think explains that it’s taking (from a naive perspective) “so long” to see a release?
SpecterDev: Well, the 4.05 kernel exploit is very complex and involves a lot of moving parts. While the details f0f disclosed detailed how to arbitrarily free() any address, they did not go into detail on how you would go about obtaining the pointer to a good object to target, which is the most difficult part of the exploit by far. Finding a suitable object to leak while blind takes a lot of guessing and trial and error, making the exploit development a very time consuming process.
Wololo: That exploit was known for a long time, and has been patched by Sony a while ago, in firmware 4.06. Why was it kept secret for a while by multiple hackers?
SpecterDev: It was really just developers who had it not wanting to step on other people’s toes, f0f were the original devs who found the exploit, and many of us received help from either f0f or those who were assisted by f0f, so in respect for everyone involved, we didn’t want to disclose until f0f was ready to.
Wololo: Do you think your plans to release an implementation of the exploit have had an impact on other people willing to dig into it?
SpecterDev: I think they have in the way that some other developers have been asking for insight on how the exploit (or at least certain parts of it) work, and I think that’s cool. Provided I have the time I always try to answer these questions as best I can, as I remember when I was in a similar position not too long ago. [note from wololo: on that topic, we have a thread on /talk where you can ask your technical questions on the exploit]
Wololo: Speaking of your implementation, do you still plan on releasing it? If so, do you have a rough estimate of how far you are? What are the issues you’re dealing with when it comes to this implementation?
SpecterDev: Yes I do, I’m at that point of leaking a good object to ensure the exploit is stable. I do have a good object leaking as well as a trigger for code execution, it’s just a matter of how practical it is to implement into the exploit, which I am currently testing now. After I know the object can be used effectively in the exploit, things get much easier. I hope to get a release out soon (within the next week or so) – I’ve just been busy with real life stuff so with the exception of weekends, I don’t have a lot of time to work on the exploit during the week.
I’ll also be publishing a write-up for the kernel exploit when it is ready, in it I’ll break down how the exploit works step by step. My hope is it will not only be a nice read for security researchers interested in the PS4, but will also give those in the community without a background in infosec a bit more information on how big releases involving kernel exploits work behind the scenes. Maybe it will inspire some to look into software security where they otherwise would not have 😀
Wololo: How many people or groups do you think have access to kernel exploits on 5.xx PS4 firmwares?
SpecterDev: On higher firmwares I can’t say. Qwerty has kernel access on 5.xx firmware as he displayed on his Twitter, but as for other people and groups I’m not sure.
Wololo: What homebrew, tools, plugins would you like to see running on a hacked PS4?
SpecterDev: In terms of homebrew, I think emulators would be neat to have running on the PS4. But the coolest thing I found with PS3 was the custom games that homebrew developers created such as Neo Tanks. It allows people to get creative and make cool things and play it (and share it) on a platform which they otherwise would not be able to publish to.
Thanks to SpecterDev for his answers. Note that you can follow him on twitter here.
So there you have it: hope that we might see a release within the next week or two from him. How cool would that be?
Awesome interview!
yup but cant believe that only one guy is working on this – was expecting hackers from asia to come up with JB to make $ like with PS3:)
Could an exploited system be used to have backwards compatibility?
If someone develops a CFW or a back up loader that supports it, yes.
Not as you’re thinking, emulated maybe
kernel exploit in the club., in the group =)
Nice interview!
excuse my ignorance, i am at fw 3.55, i could upgrade to 4.05 without any problems?
yes. follow this https://www.playstation.com/en-us/support/system-updates/ps4/#update-computerjust make sure you get 4.05 and not 4.55 downloaded.
PS4… PS3… Wait and see. No one releases anything but only blabla to the bla.
😀
and updating to 4.05 which games will you be able to play?
practically everything on bluray until 2017 since 4.06 was out in November so i bet that all of games from 2016 work on 4.05 or lower 🙂
CFW means “welcome back P.T.”
why the heck are people so infuriated with an demo of an scrapped game?
I really cant wrap my head around that, since the demo wasnt really that “complex”
to keep replaying it….
Hey i have P.T and i have back up of the game on my hard drives
ye running emulator on a high-tech console is *** fun.
enough with the ***… exploits are for piracy, if not it’s a waste of time.
all these interviews are useless and u’ve probably noticed you’re losing your crowd.
nobody cares about running damn emulators on your console, at least not the common person.
List of games <4.05 https://amp.reddit.com/r/ps4homebrew/comments/5hms2v/minimum_firmware_versions_for_new_games/
Another link
https://docs.google.com/spreadsheets/d/1c_pYI8455U-RcXv97RHzJQTSs3IEtKE_Mdmo-sRDiDM/htmlview#gid=0
I know Knack 2 updates your device further, i forgot what version i’m currently on.
PS: having a ported VLC for PS4 is what i’m hoping for.
4.71
http://wololo.net/2017/10/04/ps4-firmware-update-5-00-released/
Damm ! Guy hurry up time is up
generation in the of life and nothing so far …
make F@cKing H0mbr3w
GOOD NEWS TANX
a lot of talk for nothing every year
i guarantee all of you. no ps4 jailbreak will release until 2020 or later…. so my suggestion..continue your lives and come back here in a couple of years to seek a ps4 jailbreak …!!!!
@Wololo just found this online, maybe hard drive decryption might not be impossible because of this:
https://www.seagate.com/gb/en/consumer/play/game-drive-ps4/
http://knowledge.seagate.com/articles/en_US/FAQ/007801en?language=en-gb
“Note: The drive is now setup for PlayStation 4 external storage and will be used as the default location for game and app installations. The PlayStation 4 file system is not recognized by Windows or Mac operating systems and will need to be reformatted for use with either.”
Sounds like it’s compatible with all PS4’s from 4.50 and up (maybe linux supported)
lol. Fake !
says who?
I thought the exploit was coming today ?
News on the vine is … it’s proving unstable and too buggy to release.
Oh well..there’s always the switch to put homebrew on
Source?
it’s all over reddit
COuld you link me I’d like to read it.
Shame, was looking forward to 4.05 exploit.
Looking forward to all the xmas fakers coming soon ;/
Seems like nothing’s coming out for 4.05
PS4 scene is a joke.
I bought a nintendo switch today for some homebrew fun.
Can I play backups on switch??? That would be amazing. I need that Zelda game and Mario.
18 days later,any update ?
lol. Yeah, you was SpecDev’d my friend.
Check reddit
What do I put in search?
link?
You fell for it
turns out it wasnt a lie afterall 😉
So sony put the scares on him..is that true?
No. He just attention seeking
Ya he got nothing
hi everyne. where is the relaese?
21st