PS5: Webkit+Kernel exploit is (finally) compatible with firmware 4.00
Until now, 4.00 has been the black sheep of PS5 exploitable firmwares, being the only one between 3.00 and 4.51 that wasn’t working correctly with the Webkit variant of the PS5 Jailbreak. The reason was that the proper location of critical kernel functions (what people often refer to as the offsets) wasn’t known for that firmware. This changed today, with 4.00 getting the proper support.
SpecterDev has updated the repository of the exploit today, to add proper support for Firmware 4.00
The offsets reference the location of specific kernel functions in memory, relative to the beginning of the library they belong to. These values change between firmwares, either because a given firmware has added/modified the code for that specific library, or simply through because of some compilation side effects.
Finding the offsets used to be a “formality” on PS4, but for PS5, things have been made difficult since the kernel memory (.text) is execute only, and cannot be read. The offsets can theoretically be found through bruteforcing, but in this case, I believe that Specter has finally been able to find the missing offsets thanks to his recent breakthrough that allows to decrypt sprx/self files. My guess: I’m assuming the required sprx files were copied to another exploitable firmware, decrypted, and then it was possible to manually find the offsets in the decrypted file.
As it turned out, the offsets for 4.00 are (unsurprisingly) very similar to 4.02 and 4.03. However, the gadget map, required to execute the early stages of the exploit (rop chain), is significantly different. There was no way 4.00 was going to work without these changes.
Download and use the PS5 Exploit
There is no change for people other than those of you on firmware 4.00. If you’re on firmware 4.00, you can download the files here.