Category PS4 Jailbreaking       Thread starter PSXHAX       Start date Oct 25, 2016 at 4:10 PM       18,201       35            
With confirmation that the PS4 4.01 Ksploit has been reported to Sony and likely to be patched, PlayStation 4 developers have been researching the Chaitin Tech 4.01 PS4 jailbreak exploit's entry point in hopes to bring Linux to Firmware 3.50 through 4.01 among other scene advancements. :hearteyes:

@Jeff and @B7U3 C50SS started a collaborative research post HERE, and since then @SpecterDev shared his thoughts thus far on his latest PS4 Development Blog article. :thumbup:

Check it out linked above, and to quote in part: "CVE-2016-1885 is not applicable to the PS4, Sony removed set_ldt after 1.76. Thanks to Red-EyeX32 for pointing this out."

PlayStation 4 developer @theorywrong tweeted the following SVN Commit r307941 via his Twitter which according to @Akaike may be the email with the Chaitin exploit and how to fix it while @mcmrc1 posted HERE he might have stumbled upon the GIT.

According to @Akaike in the Shoutbox the Chaitin Tech Lab exploit was intended to execute code via PS4 kernel mode in conjunction with fail0verflow Linux.

@SpecterDev also noted in the Shoutbox that SAMU handles PlayStation 4 encryption, saves, games, modules, firmware, etc and that the problem with SAMU is although it can be used with kernel access to decrypt files, the keys are locked in SAMU and thus far can't be extracted... meaning external decryption can't be done.

:stop: Keep in mind folks the topic of this article / thread is to research the Chaitin Tech 4.01 PS4 jailbreak exploit's entry point, so much of what's theorized here may change or be corrected at any time.

Thanks to @toni1988 and everyone else I 'mentioned' above along with several others I may have overlooked in the PSXHAX Shoutbox, and don't forget we have a dedicated Discord Server for PlayStation 4 development and other live discussions headed up by @VultraAID and @Lucii! :beer::beer::beer:
PS4 4.01 Kernel and Userland Jailbreak Exploit.jpg
 

Comments

Jeff

Senior Member
Contributor
Entry Point used by Chaitin Tech

Category: core
Module: kernel
Announced: 2016-10-25
Credits: Core Security, ahaha from Chaitin Tech
Affects: All supported versions of FreeBSD.

This vulnerability could cause the kernel to panic. In addition it is
possible to perform a local Denial of Service against the system by
unprivileged processes.

https://www.freebsd.org/security/advisories/FreeBSD-SA-16:15.sysarch.asc

EDIT: https://www.mail-archive.com/[email protected]/msg132464.html

Thanks, @toni1988 on the shoutbox for this. basically an email explaining what was patched and how.

As well as the CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1885 via, Wololo from his blog entry.

(Edit by @B7U3 C50SS)
 
Recent Articles
PS4Modding.net: PS4 Cheats and Modding Platform Trainers with Tools
Since the release of PS4 Reaper (debugger and trainer maker) the goal was to gather modders and gamers around one passion. Today we've come along way: 3 Universal Trainers (PC, Android, iOS)...
Orbis MSX Super Laydock: Mission Striker PS4 Homebrew PKG
Proceeding the MSXORBIS MSX Core from BigBoss and recent Resident Evil CODE: Vita PS4 homebrew game in development by @Markus95, this weekend @oneman123 shared on Twitter a shoot 'em up Orbis MSX...
Golem Gates PS4 Launch Trailer, Hits PlayStation 4 on May 28th
Arriving to PlayStation 4 later this month on May 28th comes Golem Gates, a post-apocalyptic sci-fi blend of action-strategy and card battler pitting conjured armies against otherworldly forces...
Everybody's Golf VR Tees Off in New PlayStation Games Next Week
Fore! Swing for the flag with your PS Move motion controller or DualShock 4 wireless controller in Everybody's Golf VR which tees off as part of the new PlayStation video game releases next week...
Top