PS4: Sleirsgoevy releases operational Webkit exploit for Firmware 9.00
Screenshot shamelessly taken from @YakuzaMink’s video
Developer Sleirsgoevy has refined his port of the Webkit FontFace Exploit, and made it fully operational (arbitrary Read/Write) for PS4 Firmware 9.00. Before you keep on reading and jump excitedly, please take the time to read the disclaimer section below.
Disclaimers
TL,DR: Do not update your PS4 just yet. Although this is an awesome technical breakthrough, this is a low reliability, usermode only exploit that for now is not useful to you as the end user. As always, just stay put on as low a firmware as you possibly can.
Only Firmware 9.00 is impacted, this cannot be ported to Firmwares 8.xx
This is a Webkit exploit that works only on Firmware 9.00. Firmwares under this (in particular 8.xx) are apparently “immune” to the vulnerability, according to PS4 Dev Wiki edits from CelesteBlue:
Might have been introduced in PS4 FW 3.50 according to dates (need to check). However the vulnerability cannot be exploited in some conditions depending on how WebKit was compiled. For example, on PS4 FWs 7.55-8.53, the FontFaceSet constructor returns with an exception that is propagated to JavaScript, preventing exploitation this way.
Low reliability in its current state
Although this could get refined in time, in my personal tests, I have failed to run the exploit to completion, after more than 50 attempts.
I’m also seeing reports from people on Twitter who are clearly not getting the expected result (even though they might be believing they are getting the exploit to work, due to the sheer amount of alert boxes that are being displayed in the process). I’ve only seen one confirmed report of success so far in all the screenshots I’ve seen shared by scene members.
This is “only” a Webkit exploit, there is no kernel exploit yet
This is of course the most important aspect here. A Webkit exploit alone is not “enough” for end users. Although in theory such a usermode exploit could allow for a few nice things including some not-too-demanding homebrew, in practice what the scene typically expects is a full Jailbreak.
In order to get a PS4 Jailbreak, this Webkit exploit would need to be coupled with a privilege escalation (kernel exploit), which we do not have at the moment. Although CTurt has hinted that something might come on that front, we currently do not know if his exploit will ever be disclosed, and it’s possible it’s been patched with 9.00
How to test and confirm the FontFace Exploit on your PS4
- In order to run this test, your console needs to be on firmware 9.00, but if you are on a lower firmware, read the “Disclaimers” section above and do not update your console. People on 8.xx won’t be able to test this, but it’s better to stay on a low firmware for now.
- Get the exploit from Sleirsgoevy’s github and put it on your local server, then point your PS4’s browser to the file (alternatively, point your PS4 to one of the public servers hosting the file such as https://kameleonreloaded.github.io/900Test/
- Click on the html button and wait
- You should see a series of Javascript alerts (click ok for each one). They are, in order:
- guessed fontface addr:…
- stringimpl leak:…
- fastmalloc.length =…
- jsvalue leak:…
- array256=…
- butterfly=…
- arrays[257].length=…
- addrof(null)=…
- Last but not least, a series of comma separated numbers
If you see the whole sequence of alerts, in particular the last one (comma separated numbers), congrats, the exploit worked for you! If it fails at any of the steps above (which would be visible by an error message such as “not enough memory”, or the browser not doing anything for a long amount of time), then your attempt failed, and you should reload the page and try again.
Below is the only example I’ve found of the exploit working to completion, thanks to @YakuzaMink:
9.00 :> me like pic.twitter.com/oeZjCFF4wT
— Mink (@YakuzaMink) October 27, 2021
It might take multiple attempts to get the exploit to work for you, there’s lot of randomness involved given the nature of the exploit. With that being said, don’t give up and try a few times before calling it a day 🙂
First !!
ok new game will come for the firmware 9.00 anyway i will stay on 7.55 maybe stable jailbreak will come up on 7.55
Sneaky sneaky Sony, tried to update my console in the background. So turned on my console, had forgotten it had the network saved. Update starts downloading in background. Only noticed when a game put up an update notification. Yanked the router cable out of the plug like a mad man. Checked the downloads section and the system update was at 93%. Nearly had a heartattack
let’s hope that something good comes from this
Damn man(SneakyPony), gotta be extra careful with Sony yes indeed. Have you setup Al Azif’s DNS when configuring your LAN network options? Use that for precaution brother. Im using it on my 8.03fw but still the safest is yanking the cable and ensuring the network option is unchecked in settings.
ironically the update and network options are unchecked, which makes this even more disturbing
excuse me I have to go wrap my PS4 in tinfoil to keep it from updating.
Ouch. That’s REALLY unusual and scary haha. Thanks for your input. I’ll be more careful with my 8.03fw PS4
I’ll have to check my ps4 it’s not been turned on since I got my ps5 so I don’t know what firmware it’s running
This is pretty cool. Now we wait for kxploit.
I was stuck on the 3rd one. Oh well.
same
same, u solve the problem yet?
I don´t want to run pirated games, i would like to run Kodi on my ps4 pro.
i got the 0 with alot comma is that good
YES! that means the xploit is feasible and when kernel xploit comes you have 50% ofthe work done
Worked First try 100% using https://kameleonreloaded.github.io/900Test/ on my Ofw 9.00 Ps4 pro model 7215b from 2018. What a nice feeling. Proof https://www.youtube.com/watch?v=aIyPrf6VIKI
cant wait for a kernel exploit implantation of fontface …
Don’t be so ***!