Recently @IvarKarl started a PS4 MEMLAYOUT topic for PlayStation 4 developers to collaborate in, while ZiL0G80 hints on the existence of a PS4 E3Mode in addition to the known IDU Mode from his Tweets below.
In May of this year he Tweeted about a mini PS4 Debug Settings menu, and when asked if it's working on PS4 3.55 developer David Ackerman said probably but stated he is currently on PS4 1.76 Firmware so hasn't tested it above that version.
Also awhile back Phrack Magazine authored a piece from BSDaemon on hacking the Cell Broadband Engine Architecture using a PS3, and now argp and karl did an article on Exploiting UMA: FreeBSD kernel heap exploits (Download: phrack66.tar.gz), which according to @Warfareexpert is derived from CTurt's documented FreeBSD work with recent findings including a FreeBSD Kernel Exploit alongside a FreeBSD Compatibility Layers Weakness Analysis.
p$4 mini debug settings menu
besides idu mode there is something called e3mode on p$4
P$4 registry -
P$4 registry
probably work on 3.55 but i am on 1.76
everybody have kernel exploit on 1.76
my last 2 post was about p$4 vsh (gui) registry settings , i dont know why people think it was about new kernel exploit LOL
i am sharing what i found while research it may work or not i am not here to teach people how this could be used ..
p$4 kernel (1.76) patch to disable ASLR in new created processes
ASLR on 1.76 can be probably disabled permanently by settings this registry values to true 0x78028B00LL,0x78028600LL but i cant - error
p$4 kernel(1.76) patch to disable ASLR in new created processes
IF you have knowledges use vitasdk and API ... no tuts sorry
btw shellui (vsh) process can be killed and then is automatically restarted w/o aslr
part of exec_self_imgact pastebin.com it probably dont past bootparam or sceSblRcMgrIsAllowDisablingAslr
Update: Here is a payload to exit PS4 IDU Mode if anyone needs it:
Should "turn off" when it's done, just hold the power button after the screen turns off. When you turn it back on you should be out of IDU mode
Finally, cheers to @B7U3 C50SS for the heads-up in the PSXHAX Shoutbox!
In May of this year he Tweeted about a mini PS4 Debug Settings menu, and when asked if it's working on PS4 3.55 developer David Ackerman said probably but stated he is currently on PS4 1.76 Firmware so hasn't tested it above that version.
Also awhile back Phrack Magazine authored a piece from BSDaemon on hacking the Cell Broadband Engine Architecture using a PS3, and now argp and karl did an article on Exploiting UMA: FreeBSD kernel heap exploits (Download: phrack66.tar.gz), which according to @Warfareexpert is derived from CTurt's documented FreeBSD work with recent findings including a FreeBSD Kernel Exploit alongside a FreeBSD Compatibility Layers Weakness Analysis.
p$4 mini debug settings menu
besides idu mode there is something called e3mode on p$4
P$4 registry -
Code:
IDUMode.Enable->UT.Registry.GetInt(42336512u, -1)
Code:
IsDebugMenuEnable -> UT.Registry.GetBool(2013448449u, false)
IsShellCrashEnable -> UT.Registry.GetBool(2013448469u, false)
everybody have kernel exploit on 1.76
my last 2 post was about p$4 vsh (gui) registry settings , i dont know why people think it was about new kernel exploit LOL
i am sharing what i found while research it may work or not i am not here to teach people how this could be used ..
p$4 kernel (1.76) patch to disable ASLR in new created processes
Code:
*(uint16_t *)0xFFFFFFFF82649C9C = 0x63EB;
p$4 kernel(1.76) patch to disable ASLR in new created processes
Code:
*(uint16_t *)0xFFFFFFFF82649C9C = 0x63EB;
Code:
uint64_t (*sceRegMgrSetInt)(uint32_t reg, int val)
part of exec_self_imgact pastebin.com it probably dont past bootparam or sceSblRcMgrIsAllowDisablingAslr
Update: Here is a payload to exit PS4 IDU Mode if anyone needs it:
- i-PUsh-bUTtons-I-SHoUldT.bin (7.9 KB)
Should "turn off" when it's done, just hold the power button after the screen turns off. When you turn it back on you should be out of IDU mode
Finally, cheers to @B7U3 C50SS for the heads-up in the PSXHAX Shoutbox!