PS4 Hack Could Lead to Jailbreak and Homebrew Soon

3.9
For those that like a little creative control over their console gaming experience, this firmware exploit recently discovered could be right up your alley! The PlayStation 4 4.05 firmware kernel exploit opens the doors for players looking to jailbreak those shiny new systems and customize the way the console works for them.

The download itself can be found on GitHub, though if you're looking for running Homebrew - this code isn't quite there yet. Here's what you need to know about 4.05:

Summary
In this project you will find a full implementation of the "namedobj" kernel exploit for the PlayStation 4 on 4.05. It will allow you to run arbitrary code as kernel, to allow jailbreaking and kernel-level modifications to the system. This release however, does not contain any code related to defeating anti-piracy mechanisms or running homebrew. This exploit does include a loader that listens for payloads on port 9020 and will execute them upon receival.

Patches Included

The following patches are made by default in the kernel ROP chain:

  1. Disable kernel write protection
  2. Allow RWX (read-write-execute) memory mapping
  3. Dynamic Resolving (sys_dynlib_dlsym) allowed from any process
  4. Custom system call #11 (kexec()) to execute arbitrary code in kernel mode
  5. Allow unprivileged users to call setuid(0) successfully. Works as a status check, doubles as a privilege escalation.

Notes

  • This exploit is actually incredibly stable at around 95% in my tests. WebKit very rarely crashes and the same is true with kernel.
  • I've built in a patch so the kernel exploit will only run once on the system. You can still make additional patches via payloads.
  • A custom syscall is added (#11) to execute any RWX memory in kernel mode, this can be used to execute payloads that want to do fun things like jailbreaking and patching the kernel.
  • An SDK is not provided in this release, however a barebones one to get started with may be released at a later date.
  • I've released a sample payload here that will make the necessary patches to access the debug menu of the system via settings, jailbreaks, and escapes the sandbox.

How cool would it be to custom your PS4 to run those physical games without actually having to put the disc in. Since the coding itself doesn't include any way to defeat anti-piracy systems in place, that at least can slow down the use of pirated games used on the system. At least a little. Though it's always fun to get a free title, we also want to keep supporting our favourite developers so we can get our beloved sequels!



Posted:
Related Forum: PlayStation Forum

Source: http://comicbook.com/gaming/2017/12/30/ps4-hack-jailbreak/

Related Articles

Comments

"PS4 Hack Could Lead to Jailbreak and Homebrew Soon" :: Login/Create an Account :: 21 comments

If you would like to post a comment please signin to your account or register for an account.

DragonPosted:

Please let me get my hands on this! I do not even want to use it online, but the fun I used to have with my jailbroken PS3 was unmatched.

2019Posted:

Dang. I'm not surprised. Its dope that their gonna have exploits soon.

KatePosted:

i need to cop me one pretty soon then

SkaPosted:

MushroomElm
Ska Which if this is true, we could be on the beginning steps of emulating the PS4 down the road. ;)


An emulator is a lot to ask for, considering we only just saw the unstable download for RCPS3(PS3 Emulator) and even that is still buggy and unfinished..


It's not like the same people make every emulator, each one has different teams of volunteers. Also I'm not saying an emulator has to be fully stable as soon as this jailbreak is stable, I'm just saying that it could lead to the very start of the process.

drydermataPosted:

It only works on 4.05 i reckon there is a debug settings download in the text called "Here" download the file and install it im giving it a try since i got 3 PS4 so why not try haha.

shadowmist101Posted:

Well, I hate to break the news to you, a firmware exploit is nowhere close to full bare-metal access. Even if you are able to read and write to that specific kernel that does not mean you actually have access to everything. Another thing is, this doesn't speak of which software kernel that is accessible. there are multiple software kernels and hardware kernels on a device like this, Not only that, then you have sub-kernels that handle all of the cross data. If this is simply a firmware kernel exploit only, it's going to be so easily detected and patched. The reason why you would never even be able to gain access to the full system to run unsigned arbitrary code like a developer kit is that the consumer level of the PS4 just like the Xbox one is sandboxed. There is no way around this sandboxed environment to do anything noteworthy.

ZydrinPosted:

NO Way. I never thought I'd see a day where next gen was hacked.

MushroomElmPosted:

Ska Which if this is true, we could be on the beginning steps of emulating the PS4 down the road. ;)


An emulator is a lot to ask for, considering we only just saw the unstable download for RCPS3(PS3 Emulator) and even that is still buggy and unfinished..

SkaPosted:

Which if this is true, we could be on the beginning steps of emulating the PS4 down the road. ;)

ChatPosted:

A lot of great news, I will pick up a PS4 if they make this possible :)


Latest Downloads

Latest Tutorials