PS5: Webkit+Kernel exploit is (finally) compatible with firmware 4.00
Until now, 4.00 has been the black sheep of PS5 exploitable firmwares, being the only one between 3.00 and 4.51 that wasn’t working correctly with the Webkit variant of the PS5 Jailbreak. The reason was that the proper location of critical kernel functions (what people often refer to as the offsets) wasn’t known for that firmware. This changed today, with 4.00 getting the proper support.
SpecterDev has updated the repository of the exploit today, to add proper support for Firmware 4.00
The offsets reference the location of specific kernel functions in memory, relative to the beginning of the library they belong to. These values change between firmwares, either because a given firmware has added/modified the code for that specific library, or simply through because of some compilation side effects.
Finding the offsets used to be a “formality” on PS4, but for PS5, things have been made difficult since the kernel memory (.text) is execute only, and cannot be read. The offsets can theoretically be found through bruteforcing, but in this case, I believe that Specter has finally been able to find the missing offsets thanks to his recent breakthrough that allows to decrypt sprx/self files. My guess: I’m assuming the required sprx files were copied to another exploitable firmware, decrypted, and then it was possible to manually find the offsets in the decrypted file.
As it turned out, the offsets for 4.00 are (unsurprisingly) very similar to 4.02 and 4.03. However, the gadget map, required to execute the early stages of the exploit (rop chain), is significantly different. There was no way 4.00 was going to work without these changes.
Download and use the PS5 Exploit
There is no change for people other than those of you on firmware 4.00. If you’re on firmware 4.00, you can download the files here.
To run the exploit, you can do it locally on your computer, via an esp8266, or using a fake DNS and one of the public hosts (which I’m assuming are already getting the updates as I’m typing this)
well when love for a 2.5fw ps5 ?
How far we ARE from run backups?
At this point I think all the elements are here to run backups and I’m surprised nobody has released a loader yet
What do you mean? Znullptr and astrelsky said on discord that allot more work must be done before loading backups are possible.. are you talking about libhijacker?
These guys now more than I do. Maybe I’m wrong. I’m not sure why a game would require extra privileges, but they’ve looked into it and I haven’t.
I’m more interested with Flatz saying “look at what sleirsgoevy is doing with fpkg” when he chatted on discord that day when he revealed that he cracked psp. I see that sleirsgoevy is making something on his github page, but don’t know what exactly.
Wouldn’t the hypervisor get in the way? Would libhijacker get around that?
https://nopaste.net/ZlSIhjaE33
how do i fix the libxml2 or -lintl error ?
nice youtube-dl on vita … but can the vita rtun a ps5 kexploit webkit in python mode ?
Isn’t the problem for running “backups” the Hypervistor? Or are we talking about different “Backups”?