Category PS4 Jailbreaking       Thread starter PSXHAX       Start date Oct 25, 2016 at 4:10 PM       18,983       35            
With confirmation that the PS4 4.01 Ksploit has been reported to Sony and likely to be patched, PlayStation 4 developers have been researching the Chaitin Tech 4.01 PS4 jailbreak exploit's entry point in hopes to bring Linux to Firmware 3.50 through 4.01 among other scene advancements. :hearteyes:

@Jeff and @B7U3 C50SS started a collaborative research post HERE, and since then @SpecterDev shared his thoughts thus far on his latest PS4 Development Blog article. :thumbup:

Check it out linked above, and to quote in part: "CVE-2016-1885 is not applicable to the PS4, Sony removed set_ldt after 1.76. Thanks to Red-EyeX32 for pointing this out."

PlayStation 4 developer @theorywrong tweeted the following SVN Commit r307941 via his Twitter which according to @Akaike may be the email with the Chaitin exploit and how to fix it while @mcmrc1 posted HERE he might have stumbled upon the GIT.

According to @Akaike in the Shoutbox the Chaitin Tech Lab exploit was intended to execute code via PS4 kernel mode in conjunction with fail0verflow Linux.

@SpecterDev also noted in the Shoutbox that SAMU handles PlayStation 4 encryption, saves, games, modules, firmware, etc and that the problem with SAMU is although it can be used with kernel access to decrypt files, the keys are locked in SAMU and thus far can't be extracted... meaning external decryption can't be done.

:stop: Keep in mind folks the topic of this article / thread is to research the Chaitin Tech 4.01 PS4 jailbreak exploit's entry point, so much of what's theorized here may change or be corrected at any time.

Thanks to @toni1988 and everyone else I 'mentioned' above along with several others I may have overlooked in the PSXHAX Shoutbox, and don't forget we have a dedicated Discord Server for PlayStation 4 development and other live discussions headed up by @VultraAID and @Lucii! :beer::beer::beer:
PS4 4.01 Kernel and Userland Jailbreak Exploit.jpg
 

Comments

Jeff

Senior Member
Contributor
Entry Point used by Chaitin Tech

Category: core
Module: kernel
Announced: 2016-10-25
Credits: Core Security, ahaha from Chaitin Tech
Affects: All supported versions of FreeBSD.

This vulnerability could cause the kernel to panic. In addition it is
possible to perform a local Denial of Service against the system by
unprivileged processes.

https://www.freebsd.org/security/advisories/FreeBSD-SA-16:15.sysarch.asc

EDIT: https://www.mail-archive.com/[email protected]/msg132464.html

Thanks, @toni1988 on the shoutbox for this. basically an email explaining what was patched and how.

As well as the CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1885 via, Wololo from his blog entry.

(Edit by @B7U3 C50SS)
 
Recent Articles
Built-in Microphone Rumored for DualShock 5 Controller Hints Sony Patent
We've heard rumors of PS5 AI Voice Assistance via PlayStation Assistant for PlayStation 5 before, and the latest Sony patent discovery suggests a built-in microphone may be slated for the upcoming...
Blu-Play DOOM I Port by Sleirsgoevy, Homebrew Games with C / C++
Following the second PS4 Blu-Play homebrew release The UFO Game! from LuBlu Entertainment, developer sleirsgoevy demonstrates that you can create Blu-ray Disc Java homebrew with C or C++ using...
Installing PS4 Gentoo Linux on PlayStation 4 Guide by Mircoho
After the recent PS4 Gentoo Kernel Sources 5.3.7 with Baikal Chip Patches, here is a guide by me (@mircohoooo) covering how to install Gentoo Linux on PlayStation 4 and turn your PS4 into an...
PKGEditor for PS4 Updated by Maxton with EKPFS / XTS Key Support
Since yesterday's PS4 PKG Backporting updates PlayStation 4 scene developer maxton of Maxton.xyz announced on Twitter that he updated the LibOrbisPkg PkgEditor adding support for EKPFS / XTS keys...
Top