Category PS4 Jailbreaking       Thread starter PSXHAX       Start date Apr 5, 2017 at 2:29 AM       44,664       61            
Status
Not open for further replies.
Since the initial release and PS4 4.50 Kernel R/W Access confirmation by qwertyoruiopz, PlayStation 4 developer @SpecterDev began work on porting it and today he announced on Twitter that the exploit is now ported to 3.50, 3.55, 3.70, 4.00, 4.06, and 4.07 Official Firmware (OFW)! :love:

JailbreakMe PS4 Exploit Links: JailbreakMe PS4 4.0x (Original) / JailbreakMe PS4 3.5x/3.70/4.0x (Port - Mirror by NerdyBitsUK) / JailbreakMe PS4 3.5x/3.70/4.0x (Mirrors by StandardBus) / PS4-4.0x-Code-Execution-PoC-master.zip / GIT

And from the Cryptogenic PS4 4.0x Code Execution PoC README.md, to quote:

PS4 4.0x Code Execution

This repo is my edit of the 4.0x webkit exploit released by qwertyoruiopz. The edit re-organizes, comments, and adds portability across 3.50 - 4.07 (3.50, 3.55, 3.70, 4.00, and of course 4.06/4.07).

The commenting and reorganization was mostly for my own learning experience, however hopefully others can find these comments helpful and build on them or even fix them if I've made mistakes. The exploit is much more stable than FireKaku and sets up the foundation for running basic ROP chains and returns to normal execution. Credit for the exploit goes completely to qwertyoruiopz.

Organization

Files in order by name alphabetically;
  • expl.js - Contains the heart of the exploit and establishes a read/write primitive.
  • gadgets.js - Contains gadget maps and function stub maps for a variety of firmwares. Which map is used is determined in the post-exploitation phase.
  • index.html - The main page for the exploit. Launches the exploit and contains post-exploitation stuff, as well as output and code execution.
  • rop.js - Contains the ROP framework modified from Qwerty's original exploit as well as the array in which module base addresses are held and gadget addresses are calculated.
  • syscalls.js - Contains a system call map for a variety of firmwares as well as a 'name -> number' map for syscall ID's.
Usage

Simply setup a web-server on localhost using xampp or any other program and setup these files in a directory. You can then go to your computer's local IPv4 address (found by running ipconfig in cmd.exe) and access the exploit.

Notes
  • The exploit is pretty stable but will still sometimes crash. If the browser freezes simply back out and retry, if a segmentation fault (identified by prompt "You do not have enough free system memory") occurs, refresh the page before trying again as it seems to lead to better results.
  • This only allows code execution in ring3, to get ring0 execution a kernel exploit and KROP chain is needed.
  • If I've made an error (particularly having to do with firmware compatibility and gadgets) feel free to open an issue on the repo.
  • The exploit has been tested on 3.55 and 4.00, it is assumed to work on other firmwares listed but not guaranteed, again if you encounter a problem - open an issue on the repo.
Credits

qwertyoruiopz - The original exploit, the likes of which can be found here.
Cheers to @GritNGrind, @hyndrid, @mcmrc1, @ombus, @Thisismrnameles and @VultraBabe in the PSXHAX Shoutbox for the tips! :beer: :beer::beer::beer::beer:
JailbreakMe PS4 3.5x 3.70 4.0x Exploit Ports by SpecterDev.jpg
 

Comments

Status
Not open for further replies.

dtriguero

Member
Contributor
Verified
Not sure if it been shared some where or not but i found a way to access the exploit site. For people like me who has issues with local server working and has never signed into psn so no access to web browser app.

1- connect to internet wireless or lan simple setup is fine and test connection(if all good move on)

2- under settings select network then view status of psn services. it should Load a psn web page.

3- on web page scroll all the way down and click on the g+. Once it loads move on.

4- at top of page in search type google. It will drop down a box with a list of a few options select all the way at bottom (search for anything google). It should load results find the google one with a colorful G and just the word goole on it. Like the 3rd tile i think. If right one it loads googles G+ page.

5- when it loads at top of page in the big box with the pic. At the bottom there is a link u can click. once u click it the main screen will dim and It will open a small info like page window. Scroll down some and click on the google . com link.

6- google site will open search psxhax. Then go to site. i believe pretty much anyone can make it from here. Also it works to go to any site and i tested works on fw 3.55, 4.05, 4.06
 

jinnz2k

Member
Contributor
Are we there yet? I waited for so long and my eyes are blurry. Hopefully we will get kernel access soon, like, before I die! I am middle-aged, so, I suppose a guy can always hope.
 
Status
Not open for further replies.
Recent Articles
PS Vita System Software / Firmware 3.71 Update, Blocks Trinity Exploit!
Following their previous PS Vita System Software update, today Sony released a PlayStation Vita Firmware 3.71 update which scene developer TheFloW has confirmed fixes all of the bugs used in the...
Four Weeks of PSN Deals During PlayStation Store's Summer Sale
Hot on the heels of their PlayStation Store Flash Sale, today Sony announced savings of up to 75% off on select PSN titles including FIFA 19 Ultimate Edition, Grand Theft Auto V, Tom Clancy's The...
Deadpool 60 FPS Mod PS4 Package (PKG) by Wastelander121
Last week he made available a Dishonored: Definitive Edition 60 FPS Mod PS4 PKG, and today @Wastelander121 returns bringing a Deadpool 60 FPS Mod PS4 PKG (CUSA-03528) via Twitter with a...
Wolfenstein: Cyberpilot & Wolfenstein: Youngblood Join Latest PS4 Games
PlayStation VR fans can expect to see Wolfenstein: Cyberpilot arrive on PS VR while Wolfenstein: Youngblood hits PS4... both on July 26th: :) Wolfenstein: Cyberpilot puts you in the action on...
Top