Join Us and become a Member for a Verified Badge to access private areas with the latest PS4 PKGs.
Status
Not open for further replies.
Following the PS4 Playground for Firmware 3.55 and PS4 3.55 File Browser, today PlayStation 4 developer qwertyoruiopz made available a PS4 4.0x WebKit RCE Exploit dubbed JailbreakMe PS4 4.0x with details via Twitter below! :D

PS4 Link (click go 3 times): http://rce.party/ps4/ / local rce.rar (3 KB) via Nesterwork / Local RCE v2.rar (6 KB) via Nesterwork / Local rce v3.rar (12 KB) via Nesterwork

According to the developer's Tweets below, the bug used is a stack uninit read yielding UaF and the actual exploit does nothing but give you read/write/infoleak arbitrary JS object primitives.

He also confirmed the exploit won't work on PS4 4.50 as Sony updated WebKit past a vulnerable version unfortunately, but it's still an entry point for those on PlayStation 4 OFW 3.55 through 4.07. (y)

C8MRP_eXkAAwFYE.jpgThat said, if you give it a try on a PlayStation 4 under 4.50 and receive a ffff000000000539 error prompt it's expected output for the exploit's success.

Spoiler: Related Twitter Tweets
Cheers to @DarkElementPL, @DoxyMarket, @hyndrid, @ryan111, @toni1988 and @vettegast for sharing the news in the PSXHAX Shoutbox! <3
JailbreakMe PS4 4.0x PS4 4.0x WebKit RCE Exploit by Qwertyoruiop.jpg
 

Comments

Nicely done man. That should help @LeoDarkSide.
hey thanks for the video, but i found another way to use the web browser, by checking the playstation network static under network on the ps4 and then by going to the bottom of the page and hitting the google plus button. "BUT I HAVE A NEW ..."?".... "SORRY".... I WENT TO THE WEB KIT PAGE WITH THE BLUE GO BUTTON.

WHEN I HIT IT 3 TIMES, AT THE TOP OF THE PAGE IT SAYS EXPLOIT SUCCEED AND A FEW LINES OF CODING. THEN IT SAYS MAKE A CALL OR CALL THE SYSTEM...... THEN WHEN I HIT ETHER ONE OF THEM... ITS GOES TO A BLUE PLAYSTATION MENU AND SAYS THERE'S NOT ANUFF MEMORY AND CLOSE OUT BACK TO THE EXPLOIT PAGE WITH THE BLUE GO BUTTON. TO JUST REPEAT THE STEPS OVER........ IT ALSO TAKES A FEW TIME TO GET IT UP, BECAUSE IT FREEZE'S A FEW TIMES BEFORE IT DOES THE EXPLOIT PAGE, WHERE IT TELLS ME I CAN CALL THE SYSTEM.

IS THIS ALL THE EXPLOIT DOES RIGHT NOW OR IM I NOT REACHINF THE NEXT STEP WITH THE JAVA SCRIPT PAGE WITH THE NUMBERS, THATS THE PIC FOR THIS EXPLOIT ON PSXHAX.

I KNOW YOU CAN'T DO MUCH AT THE MOMENT, I WAS JUST WANTING TO KNOW I'M I DOING THE RIGHT THING AND IF MY 4.01 ofw PS4 WILL WORK WHEN ITS ALL PUT TOGETHER. THANKS AGAIN FOR THE VIDEO AND IF I MISSING A STEP, DO YOU THINK ITS BECAUSE I USED THIS WAY TO GET TO THE PS4 BROWSER, I FOUND THE BELLOW STEPS AT gbaTEMP.

Steps:

1. Deactivate Automatic Downloads and automatic installs in: Settings > System > Automatic Downloads
2. Connect to internet Wifi or LAN it doesn't matter
3. Go Settings > Network > View Status of Playstation Network services
4. Scroll to the bottom of the page and click the G+ logo
5. In G+ page click the top search bar. You should reach G+ home.
6.I n G+ home page Press OPTION and refresh the page
7. in the top right should have appeared a google apps menu icon (9 dots), click it and click web search
8. You can now search whatever you want!
9. Disable again internet connection once you're done to avoid any furtive update downloads.
 
can any developer or anyone that knows what they are talking about, to confirm whether its now safe to upgrade to 3.55, I am on 2.04. This way I can at least play something.
 
hey thanks for the video, but i found another way to use the web browser, by checking the playstation network static under network on the ps4 and then by going to the bottom of the page and hitting the google plus button.
Haven't you been listening gadgets are only working on 4.06 ;)
can any developer or anyone that knows what they are talking about, to confirm whether its now safe to upgrade to 3.55, I am on 2.04. This way I can at least play something.
I would stay where you are until something is publicly released.
 
so far i have not been able to replicate this on OFW 2.04. Anyone any suggestions? Thanks. I click three times, So the links goes read three times but nothing happens. Maybe 2.04 is too low for it??
 
Probably better you upgrade to 3.55 for now. Its being ported by spectredev. No one is publicly working on the fw you currently have
 
so far i have not been able to replicate this on OFW 2.04. Anyone any suggestions? Thanks. I click three times, So the links goes read three times but nothing happens. Maybe 2.04 is too low for it??
Yes only works from 4.07 to 3.15 if you want update it to 3.15 and hold out for a while and specter hasnt said he is going to release qwerty's ported exploit so stay at 3.15 until he releases it
 
Status
Not open for further replies.
Back
Top