Category PS4 Jailbreaking       Thread starter PSXHAX       Start date Aug 14, 2016 at 7:47 PM       17,802       24            
Just over a week back we reported on the 3.55 PS4 HENkaku Exploit, and since then PlayStation 4 developer Fire30 has been updating Github with FireKaku PS4 ports for both 3.15 and 3.50 Firmware as well. :D

Download: / GIT / WhiteOverfl0w GIT

From the ReadMe file: PS4 3.55 Code Execution:

This repo contains a PoC for getting code execution on ps4's with firmware version 3.55 (Now with support for 3.15 and 3.50).

It uses the same webkit vulnerability as the henkaku project. So far there is basic ROP working and returning to normal execution is included.

I have also included some helper methods to make researching a tad easier. Currently the documentation is pretty poor but I will be updating it over time.


You need to edit the dns.conf to point to the ip address of your machine, and modify your consoles dns settings to point to it as well. Then run:
python -c dns.conf
Debug output will come from this process.

Navigate to the User's Guide page on the PS4 and information about the exploit and all loaded modules should be printed out. This is an example of what running it will look like:

If you want to try the socket test to work. Change the IP address at the bottom of ps4sploit.html to your computers and run a command such as netcat -l 8989 -v. You should see something like:
Listening on [] (family 0, port 8989)
Connection from [] port 8989 [tcp/sunwebadmins] accepted (family 2, sport 59389)
Hello From a PS4!
There are a few notes:
  • The exploit is not 100% reliable currently. It is more like 80% which is good enough for our purposes. So if it does not work on first try, try a few more times. Also doing to much allocating after the sort() is called can make it more unstable.
  • The process will crash after the rop is done executing.
  • This is really only useful for researchers. There are many many more steps needed before this will be useful to normal users.

xyz - Much of the code is based off of his code used for the henkaku project
Anonymous contributor - WebKit vulnerability PoC
CTurt - I basically copied his JuSt-ROP idea
xerpi - Used his idea for the socket code
rck`d - Finding bugs such as not allocating any space for a stack on function calls Maxton - 3.50 support and various cleanup Thunder07 - 3.15 support


The code currently is a bit of a mess, so if you have any improvements feel free to send a pull request or make an issue. Also I am perfectly fine if you want to fork and create your own project.

Thanks to @Jeff in the PSXHAX.COM Shoutbox for the heads-up! :)
HENkaku PS4 Exploit.jpg

FireKaku PS4.jpg



Senior Member
in how many months we will see the jailbroken PS4 ??
just asking ...
I'm guessing you are on about full jailbroken ps4 with debug options and stuff, and that will still be along time most likely as we still need a kernel exploit for 3.55 to even do anything worth while with this.
Recent Articles
PS4 IOCTL Nabber IDA 7.0-7.2 Script for IOCTL Requests by SocraticBliss
Proceeding his PS4 Module Dumper Payload and PS4 Kernel Fixup Script, PlayStation 4 developer @SocraticBliss (Twitter) added a PS4 IOCTL Nabber to his Github repository for use with the IDA...
Free Holiday Brush Pack Arrives for Concrete Genie on PlayStation 4
Christmas is still a few weeks away, but the festive folks at Pixelopus announced that a free Holiday Brush Design Pack is now available for Concrete Genie on PlayStation 4! 🎨🖌:santa: Here's the...
Sony CEO Confirms No Interest in Making Another Handheld Console
A few weeks back CEO Jim Ryan revealed Sony's plans to Transition to PS5, and in a recent interview with he confirmed that PlayStation is also no longer interested in making...
Monster Hunter World: Iceborne x Horizon Zero Dawn: The Frozen Wilds PS4
Following the Monster Hunter: World PS4 Pro LE Bundle and Monster Hunter World: Iceborne Expansion, today Capcom announced that the gates to the Tundra Region have opened in Monster Hunter World...