PS4: 9.00 exploit updated to integrate with PSFree, fast and reliable way to run Jailbreak on 9.00

Screenshot of PoobS4 + PSFree running on PS4 9.00, by Echo Stretch
Scene member Kameleon has released an updated implementation of the pOOBs4 9.00 kernel exploit, integrated with the PSFree webkit exploit. The PSFree exploit replaces the formerly used Webkit exploit, and promises to be faster and more reliable. In other words, while the Kernel exploit itself doesn’t change, if you’re a PS4 9.00 user, this new version of the exploit chain should work better for you in pretty much every scenario.
Echo Stretch and other testers have confirmed this implementation loads fast and reliably on PS4 9.00.
What is PsFree for PS4/PS5
PsFree is a (work in progress) webkit exploit for PS4 firmwares 6.00 to 9.60, and for PS5 1.00 to 5.50. It is based on CVE-2022-22620 by security researchers Sergei Glazunov and Maddie Stone.
A webkit exploit, in the context of PS4/PS5 hacking, is a usermode exploit. It allows limited access to run unsigned code on the console. While in theory it could be used to run homebrew games, in practice such exploits are typically used as entry points or attack vectors for privilege escalation (aka kernel exploits). In other words, a usermode exploit such as this one is usually not very useful on its own for the end user, but once combined with a kernel exploit, can lead to a Jailbreak of the console.
There are kernel exploits publicly available on the PS4 (up to firmware 9.00) and PS5 (up to Firmware 4.51) as of this writing. Although these kernel exploits are already used in combination with other usermode entry points, the benefits of this webkit exploit are as follows:
- On firmwares with an existing entry point/kernel exploit combination, it could be used to replace the existing exploit, possibly offering a more stable implementation (which is what’s happening here with 9.00)
- On firmwares that do not yet have a kernel exploit, it can be used as an entry point in the future, once such kernel exploits are found. For security researchers, it also provides a ready-to use entry point to dig further into the machines
The PS4/PS5 version was implemented by abc
Test PSFree + PS4 9.00 pOOBs4 kernel exploit
To test this new release, head over to https://kmeps4.site/psfree_900/ with your PS4’s browser (using DNS redirection for the User’s guide, as always).
Kameleon has stated he will push the code to github eventually, but if you want to self host you’ll probably want to simply scavenge the files from his site for now.
.. You can send a payload to port 9020… I’ll Integrate a more friendly host as the current one I have for 9.00. Credits ABC for psfree webkit payload and p object to be compatible with ChendoChap ROP and kex.. I’ll add the code later to github.. thx @NekitoKazuya
For the test.— _Kameleon_ (@Kameleonre_) January 29, 2024
Source: Kameleon
I’m in 5.05. Should I update to 9.00?
im also on 5.05 will this work for me, last update I did was from 2.03ofw was hoping not to go higher than 5.05.
I did not understand what is the advantage of this hack? How is it different?
Loads faster and more stable than existing solution. If you have no problem with your current 9.00, it will not change anything for you. However, if you regularly have to run the hack 2, 3 times before it works (because of crashes or kernel panic or whatnot), then this will do miracles for you
Great. Waiting for 6.72
I use worez host.. idk if him update for latest goldhen
I wonder if this will be implemented on the other exploitable firmwares too. Too bad that it cant be implemented for 5.05 though.
If you want to try full chains right now: hippie68 has already updated his 9.00 host with GoldHEN 2.4b15 and full PSFree chains with selectable payload loaders: http://hippie68.rf.gd or https://hippie68.github.io
just realese the latest fs the ps4 is dead we will be dead before its release at this point sick to death of gatekeepers
Does this mean the end for the dongle?
No. The dongle is required for the kernel exploit (second step in the Jailbreak). This only improves on what happens before you insert the dongle.
Why nothing for 9.03?
To test this new release, head over to https://kmeps4.site/psfree_900/ with your PS4’s browser (using DNS redirection for the User’s guide, as always).
For example you can use windows as a proxy, and set DNS in its host file.
Can we have it in Raspberry pi 2 zero? Guess first we need a image to write to Raspberry pi 2 zero.
Raspberry pi 2 zero has usb emulation so don’t have to use a usb stick.