PS4 9.00 Jailbreak “pOOBs4” released!
In this project you will find an implementation that tries to make use of a filesystem bug for the Playstation 4 on firmware 9.00. The bug was found while diffing the 9.00 and 9.03 kernels. It will require a drive with a modified exfat filesystem. Successfully triggering it will allow you to run arbitrary code as kernel, to allow jailbreaking and kernel-level modifications to the system. will launch the usual payload launcher (on port 9020).
Disclaimer: I (Wololo) have not tested the exploit at the time of this writing (need to update one of our consoles first) so I can’t vouch for its stability (webkit exploits are always a bit flaky) but the source for this information, SpecterDev himself, is a 100% trusted source.
PS4 Kernel Exploit also impacts PS5
A PS4 9.00 Jailbreak is huge, but it doesn’t stop there! Znullptr has stated that the kernel exploit also impacts the PS5. This could actually be a bigger piece of news than the PS4 Jailbreak itself, and we’ll be sure to follow up on that as soon as we have more details (for now, the PS5 exploit is not implemented yet).
Alright, was just a joke about caturday.
The exploit is legit, and as a bonus:
The kernel exploit affects Playstation5 as well!
(no, ps5 is not ready or being released, the lead developer does not currently have a ps5 console)
— Z (@Znullptr) December 13, 2021
PS4 9.00 Jailbreak – download and run
You can download the files for the exploit on the project’s github here. Please note that the exploit comes in two parts:
- A Webkit exploit, that you will need to run by accessing the index.html file through your PS4 browser. This is done either by self-hosting the files on a local host yourself, or going to one of the many public hosts that will have the files shortly. For a public host, you can point your PS4 browser to Al-Azif’s https://cthugha.exploit.menu/ (and select 9.00, obviously)
- A binary file to write on a USB stick, that you will need to insert into your PS4 at the right time. See below.
USB Binary file
This is not your typical PS4 Jailbreak as it will require you to insert a USB dongle at the right time in the console. From the readme:
This exploit is unlike previous ones where they were based purely in software. Triggering the vulnerability requires plugging in a specially formatted USB device at just the right time. In the repository you’ll find a .img file. You can write this .img to a USB using something like Win32DiskImager.
When running the exploit on the PS4, wait until it reaches an alert with “Insert USB now. do not close the dialog until notification pops, remove usb after closing it.”. As the dialog states, insert the USB, and wait until the “disk format not supported” notification appears, then close out of the alert with “OK”.
It may take a minute for the exploit to run, and the spinning animation on the page might freeze – this is fine, let it continue until an error shows or it succeeds and displays “Awaiting payload”.
- You need to insert the USB when the alert pops up, then let it sit there for a bit until the ps4 storage notifications shows up.
- Unplug the USB before a (re)boot cycle or you’ll risk corrupting the kernel heap at boot.
- The browser might tempt you into closing the page prematurely, don’t.
- The loading circle might freeze while the webkit exploit is triggering, this means nothing.
- This bug works on certain PS5 firmwares, however there’s no known strategy for exploiting it at the moment. Using this bug against the PS5 blind wouldn’t be advised.
PS4 9.00 Jailbreak, what next?
Once you have the Jailbreak running, you can run Mira, a CFW/Homebrew enabler for the console. SpecterDev has shared the 9.00 version here: https://mega.nz/file/l2ol0ASY#ky5-0Of_6Qx0jIHr-jnpLOCnEMYdrxRRvyzOM82Km70
I’m on firmware 9.03 (or higher), what do I do?
If you’re stuck on firmware 9.03 or higher, you’re out of luck for the time being. Your best bet is to rush and get a new (sealed) PS4 from any retailer right now, as it will be sure to come with firmware 9.00 or lower. This, of course, will get less true as time goes by, so time is of the essence if you want a Jailbroken PS4.