PS4: SpecterDev releases Webkit exploit for Firmware 6.20, a ray of hope for 6.xx owners
I’m beyond late on posting this one, and the only culprit is myself: I’ve been severely procrastinating with the blog articles lately. Nonetheless, enough people have called me out on this, and this is important, so I have to swallow my pride, be ready for all the “old!” and “late!” and “othersite.com talked about it a week ago, Wololo is so lame” comments, and get on with it.
PS4 6.20 Webkit exploit
The Exploit has been patched with Firmware 6.50, which is why the dev chose to release this.
If you are on firmware 6.20 or below, you can give this a try and play with it. If you are on firmware 5.05 or below, of course, stay put since you can actually run a full PS4 Jailbreak.
Indeed, a webkit exploit is “only” a usermode exploit which will not give you access to the kind of functionality you would typically expect from a “Jailbreak”, or kernel exploit. Nevertheless, it gives you an entry point into unsigned code execution, which is cool to play with, or for developers to dig into kernel exploits.
Details on the vulnerability itself can be found in the Readme of the exploit. Important notes from the readme:
- This vulnerability was patched in 6.50 firmware!
- This only gives you code execution in userland. This is not a jailbreak nor a kernel exploit, it is only the first half.
- This exploit targets firmware 6.20. It should work on lower firmwares however the gadgets will need to be ported, and the
p.launchchain()method for code execution may need to be swapped out.
- In my tests the exploit as-is is pretty stable, but it can become less stable if you add a lot of objects and such into the exploit. This is part of the reason why
syscalls.jscontains only a small number of system calls.
Download and use the PS4 6.20 exploit
Source: SpecterDev, again with my apologies for blogging about this only now.