The PlayStation 4 research can be found on their blog at Fail0verflow.com in the following pages for those who'd like to read through all the juicy details:
They also credit Volodymyr Pikhur for EAP / EMC work done including side-channel analysis, glitching and ROM recovery in his PS4 IPL AES + HMAC Key Recovery project, the original exploit and Recon Brussels 2018 presentation and PlayStation 4 developer @flatz who aided with reversing, bug hunting and hinted earlier today at signing PS4 CFW (PS4 Custom Firmware) through this research... although @Abkarino of Team Rebug also reminds everyone that more hardware exploiting work is necessary.
PlayStation 4 developer @xxmcvapourxx announced on...
Following the previous release, here are some recent PS4Debug updates to my PlayStation 4 debugger application introducing the Debug Watch utility.
A debugger with software breakpoints, hardware breakpoints, pause, stop, read memory, write memory, and all other sorts of functionality! You can use this along side my old project jkpatch or by itself.
Debug Watch - A simple tool I made to test the debugger out!
To quote from the PS4 5.05 BPF Double Free Kernel ExploitWriteup.md on Github, in part: Conclusion
Another cool bug to exploit. It should have been a trivial exploit, however Sony's new mitigation that prevents exploit devs from pivoting RSP into userland memory while in kernel context is quite effective, and some tricks had to be used to get the chain into kernel memory - but as demonstrated, it is beatable.
This exploit is also a good example of how double free()'s can be exploited fairly easily on FreeBSD if they're on an object of decent size.
Following my ApplicationCache.db release, this is just a simple payload to enable or disable the auto loading of the last page used in the PS4 webbrowser when you open it.
To toggle the enable or disable state just run the payload again and it will turn it on or off.
History Block: Enabled
when enabled the browser will not auto load the last page used when you open it.
the browser will show the Frequently Used Pages tab instead
History Block: Disabled
when disabled the browser will operate normally and auto load the last used page.
Download:
History-Blocker (History_Blocker.bin or History_Blocker.html)
The payload contains a basic set of exploits for anyone that just wants a simple set of exploits.. just run the payload then go to http://cache/index.html or the user guide. If you delete the browser data just run the payload again and it will reinstall the basic exploits.
You don't need to disable the network connection so the ftp payload will still work.
The DB_SG_Backup payload also backs up the cache db, if you already have a offline cache setup you can back that up.
If you delete the browser data you can put the ApplicationCache.db file from the backup on the root of a usb drive and reinstall it using this payload.
For anyone that is looking to make their own db file I have included the SQL File to create a db using DB Browser.
Just modify the sql to suit your needs and create a new database in DB Browser called ApplicationCache.db and execute the sql and save.. you can put the ApplicationCache.db on the root of a usb drive and run the install payload to install it.
If you want to modify the payload to contain your version of the db file just encode your db file with base64 and put the data into the ApplicationCache.h file of the source and compile.
Inbuilt (basic) exploits:
How to Cache PS4 Jailbreak Payloads on Firmware 5.05 or Lower Offline Tutorial