Category PS4 Jailbreaking       Thread starter PSXHAX       Start date Jun 30, 2020 at 1:13 PM       19,024       31            
Status
Not open for further replies.
Long ago we saw the Original PS4 Jailbreak for 1.76 FW via BadIRET Exploitation (Github Articles), and following his recent FreeDVDBoot PS2 DVD Player Exploit PlayStation 4 developer @CTurt shared via Twitter thoughts on FreeDVDBoot for PS3 / PS4 after discovering his FreeDVDBoot PREBUILT ISOs (GIT / Blog) also crash the PS4 in a video demonstration from V3dita BR on YouTube... meaning it may be vulnerable to the same bug, although he favors Blu-ray BD-J Attacks due to ASLR in later Firmware versions. 🤩

Previously we've seen PS4 BD-J (Blu-ray Java) Homebrew, some PS4 BD-J (Blu-ray Java) Homebrew Answers, Ukko's Journey Blu-Play Game, Loading PS4 Payloads via Blu-ray (Server-less Option) BD-J, The UFO Game! Blu-Play Game and a Blu-Play DOOM I Port / Homebrew Games with C / C++ with further details on the PlayStation Blu-ray Disc Drive Security and Hacking PS4 / PS3 Blu-ray Drives via the 36c3 Livestream.

From @CTurt via Twitter in the Tweets below, to quote:
  • Regarding PS3/4, Blueray BD-J is what I'd attack. You can run arbitrary Java code by-design and can some native methods with controlled arguments which could be pretty nice attack surface. ASLR can be defeated in this scenario with some info leak bug, like in WebKit scenario.

  • As you say, exploiting DVD player on PS4 is probably impractical on later firmwares with ASLR (so I'd aim for Blu-ray instead), but apparently my DVDs crash PS4 so it might be vulnerable to the exact same bug lol
And from @theorywrong via Twitter from the Tweet below:
  • Probably vulnerable, but it's Userland with some more auth. And you need to deal with ASLR and It's not easy.
Download: dvdplayer.7z (5.35 MB - contains BdvdPlayerCore.elf from PS4 7.00 and bdp_BDVD.self.elf from PS3 4.86)
CTurt on FreeDVDBoot for PS3  PS4 and Blu-ray BD-J Attacks.jpg
 

Comments

Status
Not open for further replies.

chrisrlink

Senior Member
Contributor
Verified
let's say it was passed on it will still be traced back to that dev and they'll still get sued regardless if they themselves released or not even if someone say honestly hacked the dev pulled the files and leaked em that way they could still sue for lack of computer security, given how good these devs are of hacking you'd think they'd be good enough in cybersecurity not get hacked themselves
 

Chaos Kid

Developer
Senior Member
Contributor
Writing an article about security isn't what Sony is worried about its the use of circumvention and when it's done. As this attack still works on firmware 7.01+ as there is no way to patch it without hw upgrades

And Sony won't wanna do new hw upgrades when there ps5 will be out in a few months it's pointless to do from there standpoint but it will be patched on ps5 from working
 

mukasange

Senior Member
Contributor
ps3 ode is long dead but its legacy live on until Hen firmware were introduced, if we back to this method it is like a waste since everybody here already working with hen kex method, and it is pain to download all of 12tb of ps4 ODE game all over again
 

Chaos Kid

Developer
Senior Member
Contributor
@mukasange there is no room for ode as it works as if the game is playing from disc not hard drive and the ps4 games are installed on your system not running from a disc. That's how ode worked in the old days but even they have some advantages as well

@godfist no you can't play latest ps4 games on hen the games exe needs to be for fw 5.05 so a game with 6.20 would kick the security check for your fw and ask you to update your firmware
 
Status
Not open for further replies.
Recent Articles
PS4 Debug Watch App Port for 6.72 Firmware via Withmetta
Based on the Debug Watch utility by jogolden (Twitter) and the PS4Debug 6.72 Fork by GiantPluto (Twitter), recently I (aka withmetta) recompiled PS4 Debug Watch and got it working on PlayStation 4...
PS4 Syscon Loader Python Script for System Controller Files by SocraticBliss
Following the PS4 SysGlitch Tool and SysCon Glitching Pinout and his PS4 Unfself Tool, today PlayStation 4 developer @SocraticBliss is back with a PS4 Syscon Loader via Twitter tested with the IDA...
XNA RPKGMAN: XNA Remote Package Manager by Cypheron
Hey everyone, following PS4 PKG Sender v1.03 I have created XNA RPKGMAN: XNA Remote Package Manager which is a fully dynamic, lightweight package manager that only requires NodeJS/NPM and runs on...
Bad_Hoist PS4 Toolchain Porting Guide for Unsupported Firmware by Sleirsgoevy
Proceeding his PS4 ROP 8CC Port, Bad_Hoist 6.72 PS4 Webkit Exploit Port and preliminary Checklist to Port the Toolchain, today PlayStation 4 developer sleirsgoevy updated his Github repository...
Top