Join Us and become a Member for a Verified Badge to access private areas with the latest PS4 PKGs.
PS4 Jailbreaking       Thread starter PSXHAX       Start date Mar 2, 2016 at 5:45 PM       43      
Status
Not open for further replies.
Today 'anonymous' hacker AK471337 has leaked the PS4 BadIRET Kernel Exploit source code according to PlayStation 4 developer CTurt, with details below from my post on PS4 News and the related Tweets below!

Download: PS4-Bad-IRET-master.zip / PS4-Bad-IRET-master.zip (Mirror) / PS4 Dongle.txt via choppa / kernel-1.76.rar via DotExE01 / badiret.bin (Compiled) by KUNITOKI via 2424marco / PS4-Bad-IRET-master-2.bin (Updated Mirror) / PS4-Bad-IRET-5fs.bin (Updated Mirror #2)


From Wololo comes some additional details as follows, to quote:

PS4 Kernel exploit – is it good news for you?

If you’re an en user with no programming skills, this exploit won’t be useful for you. You’d have to compile it and run it on a PS4 on firmware 1.76, through the 1.76 webkit userland exploit. (The Kernel exploit might work up to firmwares 2.xx, but then you’d need to find an unpatched userland exploit in order to run it)

ss+(2016-03-02+at+06.17.26).png If you have some programming skills and happen to own a PS4 1.76 however, this could be a nice entry point for you to understand how these things are done. If you get to display the debug message from the kernel exploit (Entered Critical Payload), you’re pretty much ahead of 99.99% of the PS4 homebrew community today.

But if you’re an “end user” and can get a 1.76 PS4, this could mean someone might be able to release PS4 Linux for you sooner than later.

More generally however, as I’ve stated before, people with the right set of skills could probably have figured out the exploit thanks to CTurt's detailed explanation. This release probably doesn’t change much who’s going to work on exploiting the PSP in the foreseeable future.

How the leak happened

Rumors say someone was able to grab passwords from several well known hackers of the PS4 scene, and managed to work his way into a private github where the files were stored. There is a strong reminder here for all of us that you should have different passwords on all the sites you visit, to avoid becoming the weakest link in such a situation.

PS4-kernel-exploit-1.76.png There’s a group of people who believe leaking such information is a good thing for the scene as it spreads the information. In my opinion, hackers often have very good reasons to not share their hacks, often because they are not ready for public consumption, and as such are useless to the vast majority of users. A hack that leaks at the wrong time could typically be patched by the manufacturer before it is even made usable for the scene.

The BadIRET exploit however has already been patched by Sony a long time ago, so it leaking is probably not a massive problem for the scene... What do you think? This is exciting news, but also a bit sad given the circumstances of the release.

From choppa: I found this ?
Code:
PS4 Dongle

#include
#include

int _netdebug_sock;

#define debug(…)\
do {\
char buffer[512];\
int size = sprintf(buffer, ##__VA_ARGS__);\
sceNetSend(_netdebug_sock, buffer, size, 0);\
} while(0)

/*———————————————————————–*/
/* Program Main */
/*———————————————————————–*/
#define SIZE_OF_BUFFER 512 //64

int _main(void)
{
// Init and resolve libraries
initKernel();
initLibc();
initNetwork();
initUsb();

struct sockaddr_in server;

server.sin_len = sizeof(server);
server.sin_family = AF_INET;
server.sin_addr.s_addr = IP(192, 168, 0, 5);
server.sin_port = sceNetHtons(9023);
memset(server.sin_zero, 0, sizeof(server.sin_zero));

_netdebug_sock = sceNetSocket(“netdebug”, AF_INET, SOCK_STREAM, 0);
sceNetConnect(_netdebug_sock, (struct sockaddr *)&server, sizeof(server));

FATFS fatfs; /* File system object */
FATFS_DIR dir; /* Directory object */
// FILINFO fno; /* File information object */
WORD i;
BYTE buff[SIZE_OF_BUFFER];
FRESULT rc;

FATFS FatFs; /* FatFs work area needed for each volume */
FATFS_FIL Fil; /* File object needed for each open file */

UINT bw, br;

debug(“\nMount a volume.\n”);
rc = f_mount(&fatfs, “”, 0); /* Give a work area to the default drive */
if (rc) debug(“die\n”);

debug(“\nOpen a test file (message.txt).\n”);

// open an existing file with read access
if (f_open(&Fil, “Fuses.txt”, FA_READ | FA_OPEN_EXISTING) == FR_OK) /* Create a file */
{
debug(“\nType the file content.\n”);
for (;;)
{
rc = f_read(&Fil, &buff, SIZE_OF_BUFFER, &br);
if (rc || !br) break; // Error or end of file
for (i = 0; i < br; i++) // Type the data
debug("%c", buff[i]);
}
if (rc) debug("die\n");

f_close(&Fil); /* Close the file */
}
if (rc) debug("die\n");
debug("File Read Complete.\n");

debug("\nTest completed.\n");

disk_deinitialize ();

sceNetSocketClose(_netdebug_sock);

return ;
}

/*———————————————————*/
/* User Provided Timer Function for FatFs module */
/*———————————————————*/

DWORD get_fattime (void)
{
return ((DWORD)(2010 – 1980) << 25) /* Fixed to Jan. 1, 2010 */
| ((DWORD)1 << 21)
| ((DWORD)1 << 16)
| ((DWORD)0 << 11)
| ((DWORD)0 <> 1);
From CTurt: 9/11 Leak was an inside job.

While this may indeed be a legitimate leak, it could also be a planned insider leak with rumors of an upcoming PS4 Cobra USB Game Emulator DRM Device... time will tell for sure. ;)
ps4_kernel_exploit_source_code.jpg
 

Comments

Kakaroto you can try keeping up with this or stop while your ahead cuz we will not stop and using arp poison using Linux was your mistake hope you enjoy the bsod the next will be destructive cuz we will not tolerate
Hmm Hykem twitter is deleted...seems to be true...
According to a few post on Twitter it's removed aswel as WiiU Dev's being raided but is only rumours on there from what I've seen until I see hard evidence
 
You mean kakarotoks? I wouldn't imagine so, as he's against scene-crippling DRM and for-profit dongles:


From KaKaRoToKS: "As far as I understand it, the hate for TB is because what they achieved was to decrypt newer npdrm games and what they did is they patch the games to check for the TB dongle or quit. The TB dongle does *NOTHING* other than a DRM that is completely not needed. The torrent releases that are "TB compatible" just means that they added the DRM check that prevents them from running if you didn't buy a TB dongle. That's not any kind of help to the scene and it's people getting paid by promotong backups"
 
So you think Kakaroto is trying to break in, or trying to shut this site down?
I never said that at all sometimes my msgs are misunderstood and is not hard as we all perceive them differently. In this scene i know what's going on i do watch I also watch various other places aswel as for online hackers and when I see dongle crap in a pc I know the intentions for it.
 
I never said that at all sometimes my msgs are misunderstood and is not hard as we all perceive them differently. In this scene i know what's going on i do watch I also watch various other places aswel as for online hackers and when I see dongle crap in a pc I know the intentions for it.

Ah, I got you. Well, keep us in the loop Chaos, you always keep us informed of what's going down. Thank you for that!
 
You mean kakarotoks? I wouldn't imagine so, as he's against scene-crippling DRM and for-profit dongles:


From KaKaRoToKS: "As far as I understand it, the hate for TB is because what they achieved was to decrypt newer npdrm games and what they did is they patch the games to check for the TB dongle or quit. The TB dongle does *NOTHING* other than a DRM that is completely not needed. The torrent releases that are "TB compatible" just means that they added the DRM check that prevents them from running if you didn't buy a TB dongle. That's not any kind of help to the scene and it's people getting paid by promotong backups"
These drm devices whether it's a dongle or a ode don't matter they are weak against attacks if you know how to attack them the right way dongle is just a bunch of crap try fw from the origonal released ages ago.

If you nail it right and hit it hard the stupid thing is exploited like candy and nomatter what the encryption is can't defend against massive attacks aspecialy if user/users knows the system inside out and this is not on devwiki. So little is unknown n not on the wiki page n not even anything I have done has ever bin posted on this page nor the actual ways to obtain retail keys.

I spent 2 yrs study the hv to understand how it truly works and the kernel is even better and how truly open src it actualy is if ppl took the time to dig around and read they wod understand our systems
 
Status
Not open for further replies.
Back
Top