PSXHAX.COM website and domain for sale. Contact Us with your offer!
PS4 KHook: Kernel Hooking Payload for Exploit Debugging by SpecterDev
Since his MUSL PS4 Port Low-Level Details and proceeding the recent ipv6-df-3.c proof-of-concept (PoC), today PlayStation 4 Scene developer @SpecterDev shared via Twitter PS4 KHook which is a minimalist kernel hooking payload he wrote for the DayZeroSec Twitch Stream that's handy for exploit debugging! :geek:

Download: PS4-KHook-master.zip / GIT

Here's further details from the README.md, to quote: PS4 KHook

PS4 KHook is a minimalist kernel hooking payload. It targets 5.05 but it can be used with any firmware (or even non-PS4 systems) with modifications. It's primary intent is for exploit development / debugging though it can be used anywhere hooking is needed (though Mira is recommended for long-term hooks for things like homebrew). It doesn't require a daemon to run for state tracking as it uses a code cave and a dispatch table.

⚠️ Warning: the implementation is pretty hacky and it's not yet complete. Feel free to fork and pull request any improvements or TODO items.

Building and running

To build this payload you'll need the PS4 Payload *** from Scene Collective. Once installed, simply build this payload like so:
Code:
$ make clean
$ make
$ cat PS4-KHook.bin | nc [ps4ip:payloadport]
Important caveats

This hooking payload does have some caveats you need to be aware of before writing and installing hooks.
  • Hooks must only have one return path, and it must return 0x1337. Additionally, the payload must be compiled without optimization (-O0). The reason for this is due to the runtime function size calculation for the hooks.
  • Trampolines must be a minimum size of 10 bytes (0xA bytes).
  • Trampolines cannot contain any instructions...
PS4 Exploit Disclosed via TheFloW & PS4 7.55 / 8.00 Payloads - Don't Update!
Following his previous PS4 7.02 Kernel Exploit (KEX), the PS4 7.02 / 7.51 / 7.55 WebKit Exploit, PS4 7.02 Full Stack and PS4JB 7.02 Jailbreak today developer theflow0 via bug bounty site HackerOne.com publicly disclosed a PS4 vulnerability he reported this past July that when properly chained with a WebKit Exploit allows for dumping and running PS4 game backups! 😍

:alert: It's important to note that PS4 Scene developers recommend NOT updating your PlayStation 4 Firmware at this time! :alert:

Download: 7.55&8.00-Payloads.7z (33.97 KB) via Al Azif / Patches755-Loader.cpp / Patches755-Kernel.cpp / ps4punch.7.55.rar (725.65 KB) / 4.00-8.00-Payloads.7z (34.68 KB) / ipv6-df-2.c - FreeBSD 9 PoC of kernel code execution using the new TheFlow vulnerability via Asciinema.org / Linux Loader 7.55 / PS4JB Payloads

Current 7.55 / 8.00 PS4 Payloads Include:
  • app2usb.bin
  • app-dumper.bin
  • backup.bin
  • disable-aslr.bin
  • disable-updates.bin
  • enable-browser.bin
  • enable-updates.bin...
PS4JB: PS4 7.02 Jailbreak Updates by Sleirsgoevy, Kernel Dump and More!
It's beginning to look a lot like Christmas... :music: following the PS4 WebKit 0-Day Exploit, PS4 Userland 7.02 Port fork, 7.02 PS4 Full Stack and 7.02 PS4HEN this weekend PlayStation 4 developer sleirsgoevy updated his PS4JB Github repository with a PS4 7.02 Jailbreak page currently featuring these options: JB+MIRA, JB+HEN, JB+LINUX (VRAM 1GB), JB+LINUX (VRAM 3GB), JB+NETCAT (LEGACY) and JB+NETCAT! 🎁 🎅

On the PS4JB 7.02 Page developer @sleirsgoevy notes the success rate is about 10% so unless you're already on PS4 OFW 7.02 it's advisable to hold off updating your Firmware and use 7.02 Backported PS4 FPKGs for the time being... and @Chronoss09 passed along via Twitter a last_sleirsgoevy_host_only_702.rar (189.44 KB), last_sleirsgoevy_host_only_702_v2_fix.rar (190.85 KB)...
PS4 7.02 WebKit / Kernel Exploit with Game Dumper and FTP Payloads!
Following the latest PS5 Scene Game Dump and recent PS4 7.02 / 7.51 / 7.55 Read-Write updates, PS4 Scene developer sleirsgoevy pushed live a 7.02 Netcat-only release utilizing port 9020 alongside a netcat702.html commit on Github with a Netcat 7.02 Test Page available for those on PS4 OFW 7.02 from the 7.02 WebKit port forked via Synacktiv based on the findings of abu_y0ussef and 0xdagger in their BHEU 2020 presentation. 😍

Today @SocraticBliss also released a 7.02 Full Stack of the PS4 7.00-7.02 Kernel Exploit via Twitter thanking contributing developers including ChendoChap, @zezu420 (aka Znullptr), Synacktiv, @KIWIDOGGIE (aka kd_tech_), Fire30_, theflow0 and @SpecterDev (Twitter)... while a test version of 7.00-7.02 PS4HEN arrived via Znullptr as...
PS4 WebKit Exploit 7.02 with Arbitrary Read / Write Access and Payloads!
Proceeding the This is for the Pwners presentation at Black Hat Europe 2020 and the Talos WebSocket Vulnerability disclosure, PlayStation 4 developer sleirsgoevy shared on Twitter a PS4 WebKit Exploit 7.02 with Arbitrary Read / Write Access that can be used with the previously released PS4 7.02 Kernel Exploit (KEX) at a 10% success rate on 7.02 PS4 OFW prior to his fix for the crash in leakJSC(), alongside 7.02 Mira and Payload Ports via @Al Azif... who reminds everyone NOT to enable IDU Mode (read HERE why) while stating the following on Twitter:

⚠️ "Down time should be minimal but if you are already on an exploitable firmware you should probably hold up a bit to make sure everything is working."

Download: PS4-webkit-exploit-7.02.rar (33.8 KB) / PS4-webkit-exploit-6.XX-master.zip / GIT / PS4-webkit-exploit-7.02-master.zip / GIT (Fork by sleirsgoevy) / Demo /...
Back
Top