PS4 7.55 Jailbreak: Sleirsgoevy implements TheFLoW’s hint on FreeBSD 9 (PoC)
Hackers have been making slow progress on implementing a PS4 Jailbreak since hacker TheFloW disclosed a vulnerability in PS4 Firmware 7.55, back in January. A couple days ago, TheFloW dropped a hint on how to implement his exploit, through another bug.
It didn’t take long for Sleirsgoevy to use this information, and release a proof of concept code yesterday (link). The code, as it is right now, is for FreeBSD 9, and will still need to be ported to the PS4. It’s worth noting that this (porting from a FreeBSD 9 exploit to a PS4 exploit) is already what hackers have been trying to do with the original vulnerability, without much success so far. But this new update would in theory be more “portable”, according to Sleirsgoevy: on his code commit, he states:
Another FreeBSD 9 PoC of the SOCK_RAW vulnerability, using TheFlow’s hint. Does not do any zone drains, thus should be more portable.
PS4 7.55 Jailbreak – What next?
TheFloW has dropped a huge hint, and Sleirsgoevy has demonstrated that it apparently “helps” with his FreeBSD 9 sample. The next step would be for hackers to reuse this code and port it to the PS4. They’ll probably do this first on a hacked firmware such as 5.xx, where debugging tools are available, to get it to work and stabilize it, then on 7.55, where a few different “tweaks” might be needed.
And don’t get me wrong, those tweaks could require as much work as everything that came before, given that on that firmware, it’s likely hackers will operate in the dark, with no or limited debugging information.
We’re expecting SpecterDev and Tihmstar to look into this in their next implementation session on twitch (they regularly stream as dayzerosec), or at least to use the information to guide their own investigation.
Very nice, I do still want to see if the zone reclaim strategy is possible on PS4 though, for potential future exploits if nothing else 🙂 https://t.co/fCnwgyEu7Z
— Specter (@SpecterDev) March 3, 2021
Here’s to hoping this is helping the right folks making some progress on what turns out to be a much more difficult ride than we initially expected.
Source: Sleirsgoevy
Since the Switch runs on FreeBSD. Can we expect a port of this to the Nintendo Switch?
“Despite popular misconceptions to the contrary, Horizon is not largely derived from FreeBSD code, nor from Android, although the software license and reverse engineering efforts have revealed that Nintendo does use some code from both in some system services and drivers”
“Even more than that the kernel/secure monitor just have no security bugs, as someone who has produced open source implementations of both.” –SciresM, author of Atmosphere.
Switch hack! Switch hack!
Switch is weak. PS4 is better. 🙂
Yeah, but, come on, Switch hack! Switch hack!
As Les stated above
“Despite popular misconceptions to the contrary, Horizon is not largely derived from FreeBSD code, nor from Android, although the software license and reverse engineering efforts have revealed that Nintendo does use some code from both in some system services and drivers”
“Even more than that the kernel/secure monitor just have no security bugs, as someone who has produced open source implementations of both.” –SciresM, author of Atmosphere.