Category PS4 Jailbreaking       Thread starter PSXHAX       Start date Apr 5, 2017 at 2:29 AM       43,427       61            
Status
Not open for further replies.
Since the initial release and PS4 4.50 Kernel R/W Access confirmation by qwertyoruiopz, PlayStation 4 developer @SpecterDev began work on porting it and today he announced on Twitter that the exploit is now ported to 3.50, 3.55, 3.70, 4.00, 4.06, and 4.07 Official Firmware (OFW)! :love:

JailbreakMe PS4 Exploit Links: JailbreakMe PS4 4.0x (Original) / JailbreakMe PS4 3.5x/3.70/4.0x (Port - Mirror by NerdyBitsUK) / JailbreakMe PS4 3.5x/3.70/4.0x (Mirrors by StandardBus) / PS4-4.0x-Code-Execution-PoC-master.zip / GIT

And from the Cryptogenic PS4 4.0x Code Execution PoC README.md, to quote:

PS4 4.0x Code Execution

This repo is my edit of the 4.0x webkit exploit released by qwertyoruiopz. The edit re-organizes, comments, and adds portability across 3.50 - 4.07 (3.50, 3.55, 3.70, 4.00, and of course 4.06/4.07).

The commenting and reorganization was mostly for my own learning experience, however hopefully others can find these comments helpful and build on them or even fix them if I've made mistakes. The exploit is much more stable than FireKaku and sets up the foundation for running basic ROP chains and returns to normal execution. Credit for the exploit goes completely to qwertyoruiopz.

Organization

Files in order by name alphabetically;
  • expl.js - Contains the heart of the exploit and establishes a read/write primitive.
  • gadgets.js - Contains gadget maps and function stub maps for a variety of firmwares. Which map is used is determined in the post-exploitation phase.
  • index.html - The main page for the exploit. Launches the exploit and contains post-exploitation stuff, as well as output and code execution.
  • rop.js - Contains the ROP framework modified from Qwerty's original exploit as well as the array in which module base addresses are held and gadget addresses are calculated.
  • syscalls.js - Contains a system call map for a variety of firmwares as well as a 'name -> number' map for syscall ID's.
Usage

Simply setup a web-server on localhost using xampp or any other program and setup these files in a directory. You can then go to your computer's local IPv4 address (found by running ipconfig in cmd.exe) and access the exploit.

Notes
  • The exploit is pretty stable but will still sometimes crash. If the browser freezes simply back out and retry, if a segmentation fault (identified by prompt "You do not have enough free system memory") occurs, refresh the page before trying again as it seems to lead to better results.
  • This only allows code execution in ring3, to get ring0 execution a kernel exploit and KROP chain is needed.
  • If I've made an error (particularly having to do with firmware compatibility and gadgets) feel free to open an issue on the repo.
  • The exploit has been tested on 3.55 and 4.00, it is assumed to work on other firmwares listed but not guaranteed, again if you encounter a problem - open an issue on the repo.
Credits

qwertyoruiopz - The original exploit, the likes of which can be found here.
Cheers to @GritNGrind, @hyndrid, @mcmrc1, @ombus, @Thisismrnameles and @VultraBabe in the PSXHAX Shoutbox for the tips! :beer: :beer::beer::beer::beer:
JailbreakMe PS4 3.5x 3.70 4.0x Exploit Ports by SpecterDev.jpg
 

Comments

Status
Not open for further replies.

P3T3s

Senior Member
Contributor
People we need the kernel access before we can run any backups...

Once the kernel exploit is released on a new fw, there will be allot more devs with the skills and an exploitable PS4 to work on backups unlike 1.76!

NO KERNEL ACCESS NO BACKUPS!!
 

tonybologna

Sports Freak!
Senior Member
Contributor
I think right now the later people buys ps4 more probably they will come with 4.50
Tiger Direct had a Battefield 4 bundle for $325.00 that had OFW 2.50 on it. How I know was going by the manufacturing date. It was made on 09-16-16. Unless they opened it to update the FW it has to be on 2.50 because 3.00 came out two weeks later.

I was thinking about getting it because our only PS4 in the home is our teenage sons & his has up-to-date FW on it. I think though I want to get a Pro version instead of a regular one. I'm still playing with CFW on a PS3 so waiting on a full CFW for PS4 before jumping but I want to get a Pro version with 2.50 or below. Thanks.
 

NerdyBitsUK

Member
Contributor
Tiger Direct had a Battefield 4 bundle for $325.00 that had OFW 2.50 on it. How I know was going by the manufacturing date. It was made on 09-16-16. Unless they opened it to update the FW it has to be on 2.50 because 3.00 came out two weeks later.

I was thinking about getting it because our only PS4 in the home is our teenage sons & his has up-to-date FW on it. I think though I want to get a Pro version instead of a regular one. I'm still playing with CFW on a PS3 so waiting on a full CFW for PS4 before jumping but I want to get a Pro version with 2.50 or below. Thanks.
There is absolutely no way you will find a Pro console on 2.50 or below. I believe the minimum praxis on Pro models is around 3.70
 
Status
Not open for further replies.
Recent Articles
Stickman Zombie Attack PS4 Homebrew Game PKG by Med33
After a lot of work, I'm announcing Stickman Zombie Attack homebrew game PKG made with Unity for the PS4. 🧟‍♂️🧟‍♀️ Thanks to all the beta testers @jwooh, @DEFAULTDNB and @FFTHEWINNER they helped...
Free-to-Play Action RPG Dauntless Slashes Onto PS4 Tomorrow
Reminiscent of Fortnite, the Behemoth-slaying co-op action RPG Dauntless slashes onto PS4 tomorrow, is free-to-play and offers exclusive cosmetic gear for PS Plus members. 😀 Here's more on...
PS4Modding.net: PS4 Cheats and Modding Platform Trainers with Tools
Since the release of PS4 Reaper (debugger and trainer maker) the goal was to gather modders and gamers around one passion. Today we've come along way: 3 Universal Trainers (PC, Android, iOS)...
Orbis MSX Super Laydock: Mission Striker PS4 Homebrew PKG
Proceeding the MSXORBIS MSX Core from BigBoss and recent Resident Evil CODE: Vita PS4 homebrew game in development by @Markus95, this weekend @oneman123 shared on Twitter a shoot 'em up Orbis MSX...
Top