Join Us and become a Member for a Verified Badge to access private areas with the latest PS4 PKGs.
PS4 Jailbreaking       Thread starter PSXHAX       Start date Sep 5, 2016 at 2:46 AM       6      
Status
Not open for further replies.
Recently @IvarKarl started a PS4 MEMLAYOUT topic for PlayStation 4 developers to collaborate in, while ZiL0G80 hints on the existence of a PS4 E3Mode in addition to the known IDU Mode from his Tweets below.

In May of this year he Tweeted about a mini PS4 Debug Settings menu, and when asked if it's working on PS4 3.55 developer David Ackerman said probably but stated he is currently on PS4 1.76 Firmware so hasn't tested it above that version.

Also awhile back Phrack Magazine authored a piece from BSDaemon on hacking the Cell Broadband Engine Architecture using a PS3, and now argp and karl did an article on Exploiting UMA: FreeBSD kernel heap exploits (Download: phrack66.tar.gz), which according to @Warfareexpert is derived from CTurt's documented FreeBSD work with recent findings including a FreeBSD Kernel Exploit alongside a FreeBSD Compatibility Layers Weakness Analysis.

p$4 mini debug settings menu :)
besides idu mode there is something called e3mode on p$4 :)
P$4 registry -
Code:
IDUMode.Enable->UT.Registry.GetInt(42336512u, -1)
P$4 registry
Code:
IsDebugMenuEnable -> UT.Registry.GetBool(2013448449u, false)
IsShellCrashEnable -> UT.Registry.GetBool(2013448469u, false)
probably work on 3.55 but i am on 1.76 :)
everybody have kernel exploit on 1.76 :D
my last 2 post was about p$4 vsh (gui) registry settings , i dont know why people think it was about new kernel exploit LOL :D
i am sharing what i found while research it may work or not i am not here to teach people how this could be used ..
p$4 kernel (1.76) patch to disable ASLR in new created processes
Code:
*(uint16_t *)0xFFFFFFFF82649C9C = 0x63EB;
ASLR on 1.76 can be probably disabled permanently by settings this registry values to true 0x78028B00LL,0x78028600LL but i cant - error :confused:
p$4 kernel(1.76) patch to disable ASLR in new created processes
Code:
*(uint16_t *)0xFFFFFFFF82649C9C = 0x63EB;
IF you have knowledges use vitasdk and API ... no tuts sorry
Code:
uint64_t (*sceRegMgrSetInt)(uint32_t reg, int val)
btw shellui (vsh) process can be killed and then is automatically restarted w/o aslr :)
part of exec_self_imgact pastebin.com it probably dont past bootparam or sceSblRcMgrIsAllowDisablingAslr
:arrow: Update: Here is a payload to exit PS4 IDU Mode if anyone needs it:
Exits IDU Mode
Should "turn off" when it's done, just hold the power button after the screen turns off. When you turn it back on you should be out of IDU mode

Finally, cheers to @B7U3 C50SS for the heads-up in the PSXHAX Shoutbox!
PS4 Mini Debug Settings Menu.jpg
 

Comments

"Debug settings" requires a kernel exploit.
He did it on his 1.76 PS4, his code has to be released and tested on newer FW.
He will release the debug-menu activator source code ( Or that's what i think ).
For now, 3.55 doesn't have a Kernel Exploit, so nothing for us for now.
 
Status
Not open for further replies.
Back
Top