PS4/PS5: “Semi permanent” exploits incoming ?
Scene developers Al-Azif and Zecoxao have shared some juicy info about ongoing exploit works for the PS4 and PS5. Now before everyone jumps of joy about “new exploits”, Al-Azif has made it very clear that this ongoing work is closer to an “add-on” for existing exploits to make them “permanent” (understand: load at startup), than entirely new Jailbreak chains. However, the hacker has stated that this works in particular up to the latest PS4 firmware, which brings questions as to whether new exploits are being developed for the PlayStation consoles under the hood.
“Semi Permanent” exploits for the PS4/PS5 are coming?
Zecoxao shared a quite cryptic message this week on Twitter, stating “we might have semi permanence on ps4 and ps5 soon”.
we might have semi permanence on ps4 and ps5 soon.
— Jose Coixao (@notnotzecoxao) September 3, 2024
One of the “holy grails” of console hacking is a Custom Firmware: a permanent hack that loads on the console at startup, in opposition to what has often been named “HEN” (Homebrew ENablers), which typically rely on exploits that need to be run again each time you reboot the console.
In a day-to-day usage, HENs and Custom Firmwares are extremely similar, except HENs are considered “less user friendly” because you need to re-run the exploit every time you reboot the console. In many case, keeping the console in rest/sleep mode addresses the issue, but depending on how stable a given exploit is, not having a permanent Custom Firmware can be a real issue.
In any case, having a permanent exploit chain (or, in this case, “semi permanent”, whatever this means in details is up to the reader’s imagination at this point) could open up new options for PS4 and PS5 owners looking to Jailbreak their consoles.
Details on the semi permanent hack for PS4/PS5 shared by Al-Azif
Al-Azif has shared lengthy details yesterday on what this “exploit add-on” might be, leaving out specifics of course, until a release is actually confirmed. Specifically:
It’s a bolt-on feature for existing exploits, it’s not really an exploit itself so much as a misconfiguration/allowing certain things they shouldn’t. The bolt-on itself is patchable on PS5 for sure, PS4 there *should* always be a work around if they “patch” it.
It’s essential multiple separate components working in tandem to poke each other and overwrite system settings to keep certain things set up a certain way for certain unintended behavior.
For exploits that don’t require any HW, it doesn’t need additional HW. However the exploit needs to have a webkit entry point, so the exfat exploit will work with HW (should work with existing HW with new software flashed to it). But the PPPoE exploit will not work with it.
It prevents DNS hijacking and updates, on boot. I only found one way to “uninstall” it on accident (I may have a way to prevent that even, but I haven’t tested it yet), beyond yanking the HDD, resetting to factory, etc. You basically need to intend to remove it to disable it.
If your console has internet available the bolt-on will automatically update if changes are published to the GitHub repo. I’ll likely add settings for it in the PS4s settings so people can configure it how they like.
It works on PS4 to latest FW, the elements that allow it to function were tested on PS5, so it should work there as well. It was not tested as a whole on PS5 because I want to finish the PS4 implementation first. Because of this I don’t know how/when I want to release it.
I’ll probably wait bundle it with a different unreleased project when that’s ready so there’s a BIG release all at once.
Utility wise, it’s great, but it’s not a huge change if you already use a HW device/caching, don’t make this seem like something bigger than it is. It’s not some bootchain code exec so much as doing some tricky stuff to make things seem like they persist through a reboot.
That’s about all I’ll say for now.
(source)
To summarize, as I understand it:
- This will work in addition to other exploits, in order to make them semi-permanent, which possibly means “automagically run them at startup” (within the Official firmware, to compare to a typical CFW which runs an entirely modified firmware from boot time).
- This requires a Webkit entry point, which means in particular that the PPPoE will not be able to run it (as it doesn’t run within the browser context?). Other exploits generally use webkit in some shape or form (the exFat exploit is an example of using webkit as a usermode entry point, followed by a kernel exploit requiring USB key) and should be able to use this
- It works on PS4 up to the latest FW (Note from Wololo: This seems to imply Al-Azif has access to exploits up to the latest and greatest firmware 11.52? ), and theoretically would work on PS5 (the wording chosen by Al-Azif seems to mean it’s not been confirmed end-to-end on PS5)
- There are plans for a release, just no date for it yet
I think this is very exciting, but as Al-Azif said, “don’t make this seem like something bigger than it is“. This will be a cool addition to our tools used for PS4 exploits, but it doesn’t appear to be a new Jailbreak in itself.