PS4: 9.00 exploit updated to integrate with PSFree, fast and reliable way to run Jailbreak on 9.00
Scene member Kameleon has released an updated implementation of the pOOBs4 9.00 kernel exploit, integrated with the PSFree webkit exploit. The PSFree exploit replaces the formerly used Webkit exploit, and promises to be faster and more reliable. In other words, while the Kernel exploit itself doesn’t change, if you’re a PS4 9.00 user, this new version of the exploit chain should work better for you in pretty much every scenario.
Echo Stretch and other testers have confirmed this implementation loads fast and reliably on PS4 9.00.
What is PsFree for PS4/PS5
PsFree is a (work in progress) webkit exploit for PS4 firmwares 6.00 to 9.60, and for PS5 1.00 to 5.50. It is based on CVE-2022-22620 by security researchers Sergei Glazunov and Maddie Stone.
A webkit exploit, in the context of PS4/PS5 hacking, is a usermode exploit. It allows limited access to run unsigned code on the console. While in theory it could be used to run homebrew games, in practice such exploits are typically used as entry points or attack vectors for privilege escalation (aka kernel exploits). In other words, a usermode exploit such as this one is usually not very useful on its own for the end user, but once combined with a kernel exploit, can lead to a Jailbreak of the console.
There are kernel exploits publicly available on the PS4 (up to firmware 9.00) and PS5 (up to Firmware 4.51) as of this writing. Although these kernel exploits are already used in combination with other usermode entry points, the benefits of this webkit exploit are as follows:
- On firmwares with an existing entry point/kernel exploit combination, it could be used to replace the existing exploit, possibly offering a more stable implementation (which is what’s happening here with 9.00)
- On firmwares that do not yet have a kernel exploit, it can be used as an entry point in the future, once such kernel exploits are found. For security researchers, it also provides a ready-to use entry point to dig further into the machines
The PS4/PS5 version was implemented by abc
Test PSFree + PS4 9.00 pOOBs4 kernel exploit
To test this new release, head over to https://kmeps4.site/psfree_900/ with your PS4’s browser (using DNS redirection for the User’s guide, as always).
Kameleon has stated he will push the code to github eventually, but if you want to self host you’ll probably want to simply scavenge the files from his site for now.
.. You can send a payload to port 9020… I’ll Integrate a more friendly host as the current one I have for 9.00. Credits ABC for psfree webkit payload and p object to be compatible with ChendoChap ROP and kex.. I’ll add the code later to github.. thx @NekitoKazuya
For the test.
— _Kameleon_ (@Kameleonre_) January 29, 2024