PSXHAX.COM website and domain for sale. Contact Us with your offer!
PS4 Dlclose Exploit for PlayStation 4 Firmware 1.76 is Released!
Not long ago news of a PS4 Root Privilege Escalation & Prison Break / Sandbox Break PoC was confirmed, and today kr105 dropped word in the Shoutbox that a usable dlclose exploit for PS4 Firmware 1.76 is now available to compile with CTurt's open-source work! :D

Download: PS4-dlclose-master.zip / PS4 Dlclose GIT / GIT / Linux Loader Patch for 1.76 / bzImage / initramfs.cpio.gz by kr105 / PS4 Playground / PS4 Playground GIT / ps4link-master.zip / PS4Link GIT
From the ReadMe Files: PS4-dlclose

PS4_Linux_Patched.jpgFully implemented dlclose exploit for PS4 fw 1.76. Compile it with CTurt's.

This is the bare working exploit, you must add your own payload code to make it do anything useful. Enjoy!

Linux loader
Code:
@@ -28,6 +28,15 @@ If you're on Linux, the easiest way is probably to use `netcat`:

After you...
PS4 Root Privilege Escalation & Prison Break / Sandbox Break PoC
Yesterday we reported news of PS4 Dlclose Root Privilege Escalation, and today PlayStation 4 developer BigBoss returns bringing a PS4 proof-of-concept with LibPS4 / PS4Link / PS4SH Dlclose root privilege escalation and prison break plus sandbox break! :D

From GitHub:
Code:
debug.sh
[PS4][INFO]: debugnet initialized
[PS4][INFO]: Copyright (C) 2010,2016 Antonio Jose Ramos Marquez aka bigboss @psxdev
[PS4][INFO]: ready to have a lot of fun...
[PS4][DEBUG]: executing kernel_exec
[PS4][DEBUG]: [PS4LINK] Server payload thread UID: 0x802E5860
[PS4][DEBUG]: [PS4LINK] Server request thread UID: 0x802F83A0
[PS4][DEBUG]: [PS4LINK] Server command thread UID: 0x802ADF20
[PS4][DEBUG]: [PS4LINK] Created ps4link_requests_sock: 114
[PS4][DEBUG]: [PS4LINK] bind to ps4link_requests_sock done
[PS4][DEBUG]: [PS4LINK] Ready for connection 1
[PS4][DEBUG]: [PS4LINK] Waiting for connection
[PS4][DEBUG]: [PS4LINK] Command Thread Started.
[PS4][DEBUG]: [PS4LINK] Created ps4link_commands_sock: 153
[PS4][DEBUG]: [PS4LINK] Command listener waiting for commands...
[PS4][DEBUG]: socket opened is now equeals fd 3840
[PS4][DEBUG]: Created event queue 0x0000000000000F01
[PS4][DEBUG]: Created event queue 0x0000000000000F02
[PS4][DEBUG]: Created event queue 0x0000000000000F03
[PS4][DEBUG]: Created event queue 0x0000000000000F04
[PS4][DEBUG]: Created event queue 0x0000000000000F05
[PS4][DEBUG]: Created event queue 0x0000000000000F06
[PS4][DEBUG]: Created event queue 0x0000000000000F07
[PS4][DEBUG]: Created event queue 0x0000000000000F08
[PS4][DEBUG]: Created event queue 0x0000000000000F09
[PS4][DEBUG]: Created event queue 0x0000000000000F0A
[PS4][DEBUG]: Created event queue 0x0000000000000F0B
[PS4][DEBUG]: Created event queue 0x0000000000000F0C
[PS4][DEBUG]: Created event queue 0x0000000000000F0D
[PS4][DEBUG]: Created event queue 0x0000000000000F0E
[PS4][DEBUG]: Created event queue 0x0000000000000F0F
[PS4][DEBUG]: Created event queue 0x0000000000000F10
[PS4][DEBUG]: Created event queue 0x0000000000000F11
[PS4][DEBUG]: Created event queue 0x0000000000000F12
[PS4][DEBUG]: Created event queue 0x0000000000000F13
[PS4][DEBUG]: Created event queue...
PS4 PoC LibPS4/PS4Link/PS4SH Dlclose Root Privilege Escalation
Following the PS4 BadIRET PoC, today PlayStation 4 developer BigBoss tweeted that they have now achieved LibPS4/PS4Link/PS4SH PS4 PoC Dlclose root privilege escalation! :D


From GitHub:
Code:
debug.sh
[PS4][INFO]: ready to have a lot of fun...
[PS4][DEBUG]: [PS4LINK] Server payload thread UID: 0x80659740
[PS4][DEBUG]: [PS4LINK] Server request thread UID: 0x80607500
[PS4][DEBUG]: [PS4LINK] Server command thread UID: 0x806549E0
[PS4][DEBUG]: executing kernel_exec
[PS4][DEBUG]: [PS4LINK] Created ps4link_requests_sock: 160
[PS4][DEBUG]: [PS4LINK] bind to ps4link_requests_sock done
[PS4][DEBUG]: [PS4LINK] Ready for connection 1
[PS4][DEBUG]: [PS4LINK] Waiting for connection
[PS4][DEBUG]: [PS4LINK] Command Thread Started.
[PS4][DEBUG]: [PS4LINK] Created ps4link_commands_sock: 205
[PS4][DEBUG]: [PS4LINK] Command listener waiting for commands...
[PS4][DEBUG]: socket opened is now equeals fd 3840
[PS4][DEBUG]: Created event queue 0x0000000000000F01
[PS4][DEBUG]: Created event queue 0x0000000000000F02
[PS4][DEBUG]: Created event queue 0x0000000000000F03
[PS4][DEBUG]: Created event queue 0x0000000000000F04
[PS4][DEBUG]: Created event queue 0x0000000000000F05
[PS4][DEBUG]: Created event queue 0x0000000000000F06
[PS4][DEBUG]: Created event queue 0x0000000000000F07
[PS4][DEBUG]: Created event queue 0x0000000000000F08
[PS4][DEBUG]: Created event queue 0x0000000000000F09
[PS4][DEBUG]: Created event queue 0x0000000000000F0A
[PS4][DEBUG]: Created event queue 0x0000000000000F0B
[PS4][DEBUG]: Created event queue 0x0000000000000F0C
[PS4][DEBUG]: Created event queue 0x0000000000000F0D
[PS4][DEBUG]: Created event queue 0x0000000000000F0E
[PS4][DEBUG]: Created event queue 0x0000000000000F0F
[PS4][DEBUG]: Created event queue 0x0000000000000F10
[PS4][DEBUG]: Created event queue 0x0000000000000F11
[PS4][DEBUG]: Created event queue 0x0000000000000F12
[PS4][DEBUG]: Created event queue 0x0000000000000F13
[PS4][DEBUG]: Created event queue 0x0000000000000F14
[PS4][DEBUG]: Created event queue...
PS4 BadIRET PoC with LibPS4 / PS4Link / PS4SH by BigBoss and More
It's not been long since the PS4 BadIRET Kernel Exploit source code surfaced amid PS4 Scene drama, and today PlayStation 4 developer BigBoss tweeted that he has a working PS4 BadIRET Proof-of-Concept (PoC) with LibPS4 / PS4Link / PS4SH among more recent PS3 developments below.


badiret with libps4, ps4link, ps4sh output.txt
Code:
log: [PS4][DEBUG]: [PS4LINK] commands listener received packet size (266)
log: [PS4][DEBUG]: [PS4LINK] Received command execpayload argc=0 argv=
log: [PS4][DEBUG]: [PS4LINK] execpayload command thread UID: 0x80D2A520
log: [PS4][DEBUG]: [PS4LINK] commands listener waiting for next command
log: [PS4][DEBUG]: Loaded on corer 7
log: [PS4][DEBUG]: Setting affinity return 0x00000000
log: [PS4][DEBUG]: xpageEntryHi = ffffffff833249a8
log: [PS4][DEBUG]: mmap codepe0 825fc000
log: [PS4][DEBUG]: mmap codepe1 1825fc000
log: [PS4][DEBUG]: mmap codepe2 2825fc000
log: [PS4][DEBUG]: mmap codepe3 3825fc000
log: [PS4][DEBUG]: mmap codepe4 4825fc000
log: [PS4][DEBUG]: mmap codepe5 5825fc000
log: [PS4][DEBUG]: prefault codepe0
log: [PS4][DEBUG]: prefault codepe1
log: [PS4][DEBUG]: prefault codepe2
log: [PS4][DEBUG]: prefault codepe3
log: [PS4][DEBUG]: prefault codepe4
log: [PS4][DEBUG]: prefault codepe5
log: [PS4][DEBUG]: mmap codepw 200868000
log: [PS4][DEBUG]: payload 93a3030b4
log: [PS4][DEBUG]: dir payload 93a3030b4
log: [PS4][DEBUG]: tramp  0xB4 0x30 0x30 0x3A 0x09 0x00 0x00 0x00
log: [PS4][DEBUG]: prefault criticalPayloadMessage
log: [PS4][DEBUG]: Loaded 2 on core 6
log: [PS4][DEBUG]: Setting affinity return 0x00000000
log: [PS4][DEBUG]: sysarch return 0
[+] Entered critical payload

after this in we are in while(1) code on payload :) kernel execution achieved

sys_dynlib_prepare_dclose poc with clang libps4/ps4link/ps4sh output.txt
Code:
log: [PS4][INFO]: ready to have a lot of fun...
log: [PS4][DEBUG]: [PS4LINK] Server request thread UID: 0x80C43A20
log...
PS4 BadIRET Kernel Exploit Source Code Leaked
Today 'anonymous' hacker AK471337 has leaked the PS4 BadIRET Kernel Exploit source code according to PlayStation 4 developer CTurt, with details below from my post on PS4 News and the related Tweets below!

Download: PS4-Bad-IRET-master.zip / PS4-Bad-IRET-master.zip (Mirror) / PS4 Dongle.txt via choppa / kernel-1.76.rar via DotExE01 / badiret.bin (Compiled) by KUNITOKI via 2424marco / PS4-Bad-IRET-master-2.bin (Updated Mirror) / PS4-Bad-IRET-5fs.bin (Updated Mirror #2)

From Wololo comes some additional details as follows, to quote:

PS4 Kernel exploit – is it good news for you?

If you’re an en user with no programming skills, this exploit won’t be useful for you. You’d have to compile it and run it on a PS4 on firmware 1.76, through the...
Back
Top