Join Us and become a Member for a Verified Badge to access private areas with the latest PS4 PKGs.
PS4 Jailbreaking       Thread starter PSXHAX       Start date Jun 30, 2020 at 1:13 PM       31      
Status
Not open for further replies.
Long ago we saw the Original PS4 Jailbreak for 1.76 FW via BadIRET Exploitation (Github Articles), and following his recent FreeDVDBoot PS2 DVD Player Exploit PlayStation 4 developer @CTurt shared via Twitter thoughts on FreeDVDBoot for PS3 / PS4 after discovering his FreeDVDBoot PREBUILT ISOs (GIT / Blog) also crash the PS4 in a video demonstration from V3dita BR on YouTube... meaning it may be vulnerable to the same bug, although he favors Blu-ray BD-J Attacks due to ASLR in later Firmware versions. 🤩

Previously we've seen PS4 BD-J (Blu-ray Java) Homebrew, some PS4 BD-J (Blu-ray Java) Homebrew Answers, Ukko's Journey Blu-Play Game, Loading PS4 Payloads via Blu-ray (Server-less Option) BD-J, The UFO Game! Blu-Play Game and a Blu-Play DOOM I Port / Homebrew Games with C / C++ with further details on the PlayStation Blu-ray Disc Drive Security and Hacking PS4 / PS3 Blu-ray Drives via the 36c3 Livestream.

From @CTurt via Twitter in the Tweets below, to quote:
  • Regarding PS3/4, Blueray BD-J is what I'd attack. You can run arbitrary Java code by-design and can some native methods with controlled arguments which could be pretty nice attack surface. ASLR can be defeated in this scenario with some info leak bug, like in WebKit scenario.

  • As you say, exploiting DVD player on PS4 is probably impractical on later firmwares with ASLR (so I'd aim for Blu-ray instead), but apparently my DVDs crash PS4 so it might be vulnerable to the exact same bug lol
And from @theorywrong via Twitter from the Tweet below:
  • Probably vulnerable, but it's Userland with some more auth. And you need to deal with ASLR and It's not easy.
Download: dvdplayer.7z (5.35 MB - contains BdvdPlayerCore.elf from PS4 7.00 and bdp_BDVD.self.elf from PS3 4.86)
PS4 Blu-ray Optical Drive Chip Swap Re-marry by NorthRidgeFix.com
CTurt on FreeDVDBoot for PS3  PS4 and Blu-ray BD-J Attacks.jpg
 

Comments

That's great news. I guess it's not a coincidence that things have started moving again now that the PS4 is in the end of its life cycle.
 
@PSXHAX yes i am still around , just changed up how i do things. following news lately

these days it is front end development, i changed my attitude and outlook on a lot of things and learned how to apply other forms of doctrine to learn from the beginning and move on up.
additional documentation that will aid in user's exploring security research


and there are good videos that go further in depth in regards to detailed breakdowns.

you can also check liveoverflow
or get a pdf copy of designing bsdrootkits and
a guide to kernel exploitation atacking the core

these are recommended reads.
 
Status
Not open for further replies.
Back
Top