Category PS4 Jailbreaking       Thread starter PSXHAX       Start date Apr 5, 2017 at 2:29 AM       45,156       61            
Status
Not open for further replies.
Since the initial release and PS4 4.50 Kernel R/W Access confirmation by qwertyoruiopz, PlayStation 4 developer @SpecterDev began work on porting it and today he announced on Twitter that the exploit is now ported to 3.50, 3.55, 3.70, 4.00, 4.06, and 4.07 Official Firmware (OFW)! :love:

JailbreakMe PS4 Exploit Links: JailbreakMe PS4 4.0x (Original) / JailbreakMe PS4 3.5x/3.70/4.0x (Port - Mirror by NerdyBitsUK) / JailbreakMe PS4 3.5x/3.70/4.0x (Mirrors by StandardBus) / PS4-4.0x-Code-Execution-PoC-master.zip / GIT

And from the Cryptogenic PS4 4.0x Code Execution PoC README.md, to quote:

PS4 4.0x Code Execution

This repo is my edit of the 4.0x webkit exploit released by qwertyoruiopz. The edit re-organizes, comments, and adds portability across 3.50 - 4.07 (3.50, 3.55, 3.70, 4.00, and of course 4.06/4.07).

The commenting and reorganization was mostly for my own learning experience, however hopefully others can find these comments helpful and build on them or even fix them if I've made mistakes. The exploit is much more stable than FireKaku and sets up the foundation for running basic ROP chains and returns to normal execution. Credit for the exploit goes completely to qwertyoruiopz.

Organization

Files in order by name alphabetically;
  • expl.js - Contains the heart of the exploit and establishes a read/write primitive.
  • gadgets.js - Contains gadget maps and function stub maps for a variety of firmwares. Which map is used is determined in the post-exploitation phase.
  • index.html - The main page for the exploit. Launches the exploit and contains post-exploitation stuff, as well as output and code execution.
  • rop.js - Contains the ROP framework modified from Qwerty's original exploit as well as the array in which module base addresses are held and gadget addresses are calculated.
  • syscalls.js - Contains a system call map for a variety of firmwares as well as a 'name -> number' map for syscall ID's.
Usage

Simply setup a web-server on localhost using xampp or any other program and setup these files in a directory. You can then go to your computer's local IPv4 address (found by running ipconfig in cmd.exe) and access the exploit.

Notes
  • The exploit is pretty stable but will still sometimes crash. If the browser freezes simply back out and retry, if a segmentation fault (identified by prompt "You do not have enough free system memory") occurs, refresh the page before trying again as it seems to lead to better results.
  • This only allows code execution in ring3, to get ring0 execution a kernel exploit and KROP chain is needed.
  • If I've made an error (particularly having to do with firmware compatibility and gadgets) feel free to open an issue on the repo.
  • The exploit has been tested on 3.55 and 4.00, it is assumed to work on other firmwares listed but not guaranteed, again if you encounter a problem - open an issue on the repo.
Credits

qwertyoruiopz - The original exploit, the likes of which can be found here.
Cheers to @GritNGrind, @hyndrid, @mcmrc1, @ombus, @Thisismrnameles and @VultraBabe in the PSXHAX Shoutbox for the tips! :beer: :beer::beer::beer::beer:
JailbreakMe PS4 3.5x 3.70 4.0x Exploit Ports by SpecterDev.jpg
 

Comments

Status
Not open for further replies.

P3T3s

Senior Member
Contributor
Using https://ps4.nerdybits.co.uk on my 4.01 give me:

Error: System may be vulnerable but does not have a valid import map!

Shall I update to 4.06 or 4.07? If yes: which one? Also, how to install manually that update (ONLY if necessary ofc XD)
He has not added the gadget from libxxx for your fw so no map, from what I read try to stay low, works on 4.5, 4.6, 4.7 but was not as stabe on 4.7, would update to 4.5 or wait until kernel exploit lands as we dont know about that yet!
 

umbjolt

Member
Contributor
Thanks you both! So I think the best bet is to stay on 4.01 a bit more and wait for a ring-0 access :p

(We have been waiting a lot, waiting some days or less more doesn't hurt XD)
 

mcmrc1

Senior Member
Contributor
Verified
Using https://ps4.nerdybits.co.uk on my 4.01 give me:

Error: System may be vulnerable but does not have a valid import map!

Shall I update to 4.06 or 4.07? If yes: which one? Also, how to install manually that update (ONLY if necessary ofc XD)
If update then to 4.06 because its the same qwerty is... to manually update download the firmware @ http://darthsternie.bplaced.net/ps4.html

and update via recovery with a fat32 usb drive folder PS4/UPDATE/ps4updat.dat
maybe you must rename the downloaded firmware
 

azoreseuropa

Senior Member
Contributor
Verified
We bought it in Portugal (Azores island) about 2 or 3 years ago and it came with 2.57. Should we leave 2.57 alone for now ? That's what our FW have: 2.57.
 
Status
Not open for further replies.
Recent Articles
Red Dead Redemption 2 Modding Demos by RDR2 Modder JediJosh920
Following the Spider-Man PS4 Models & Textures Tool and IG PS4 Modding Tools, this weekend RDR2 modder @jedijosh920 (Web site / Twitter) shared on his YouTube Channel some demonstration videos of...
Action-RPG Oninaki Joins New PlayStation 4 Games Next Week
Next week Tokyo RPG Factory's latest action-RPG Oninaki hits PlayStation 4 on August 22nd casting you as a Watcher, tasked with helping usher the souls of the departed into their next life. đź—Ľ...
Electric Purple, Red Camouflage, Titanium Blue & Rose Gold DS4 Controllers!
Earlier this year we saw an Alpine Green DualShock 4 PS4 Controller, and now Sony announced their latest batch of DualShock 4 PS4 Controllers will include Electric Purple, Red Camouflage, Titanium...
Iconit: PS4 Tool to Change PlayStation 4 Game Icons by OfficialAhmed
Following his PS4HEN Trophy Calculator release, developer OfficialAhmed shared Iconit v1.00 on Twitter today, which allows jailbroken console owners with PS4 HEN to change PlayStation 4 game icons...
Top