Join Us and become a Member for a Verified Badge to access private areas with the latest PS4 PKGs.
PS4 CFW and Hacks       Thread starter RetroGamer74       Start date May 23, 2018 at 11:29 AM       86      
Status
Not open for further replies.
Following the Developers Release of MiraFW: Project Mira v1.0 by OpenOrbis comes a PS4 4.55 Port by @CrazyVoid (aka CrazyVoidProgrammer) on his Github fork and an ELF and binary compiled by @pearlxcore via Twitter:

Download: MiraFW_Orbis_455.elf (2.06 MB) / MiraFW_Orbis_455.bin (0.05 MB) / ESP8266_PS4_RetroGamerFirmV3 / GIT

I also built the binaries, elf and bin successfully and below is a demonstration video of it running and sniffing for those interested. I also converted bin into js to injected it as a payload thru website.

In the PS4Admin web page (http://ps4admin.retrogamer.tech) I did an update and I added the CFW option menu to inject this MiraHEN.

There is no too much information or any notification when you inject it.

But once you finished you can go to your Windows or Linux and try a "telnet PS4-IP 9998". It means do a telnet connection, again your PS4 IP, and using the port 9998.

Then you should see all of the debugging information from PS4 and also the debug and test messages from MiraHEN. So that means it's working.

If you want to see it live in, I did a live thru YT when I show it. My language is Spanish so if you don't want to be bored listening something you don't understand then jump to minute 8 and so on. You will see it in action.

PS4 4.55 CFW Custom Firmware - PS4ADMIN - RetroGamer
5.05 MiraCFW Ported To 4.55 On PS4 (PS4 Jailbreak Custom Firmware)
How To Use MiraCFW On 4.55 & 5.05 On PS4 Tutorial
Enjoy.
Download: Draqen-Esp8266-fw455.bin (4.0 MB)

MiraHEN PS4 4.55 Port by CrazyVoidProgrammer and Demo Video.jpg
 

Comments

PS4 5.05 Kernel Exploit

Summary

In this project you will find a full implementation of the second "bpf" kernel exploit for the PlayStation 4 on 5.05. It will allow you to run arbitrary code as kernel, to allow jailbreaking and kernel-level modifications to the system. This exploit also contains autolaunching code for Mira and Vortex's HEN payload. Subsequent loads will launch the usual payload launcher.
This bug was discovered by qwertyoruiopz, and can be found hosted on his website here.

Patches Included

The following patches are made by default in the kernel ROP chain:

Disable kernel write protection

Allow RWX (read-write-execute) memory mapping

Syscall instruction allowed anywhere

Dynamic Resolving (sys_dynlib_dlsym) allowed from any process

Custom system call #11 (kexec()) to execute arbitrary code in kernel mode

Allow unprivileged users to call setuid(0)successfully. Works as a status check, doubles as a privilege escalation.

Payloads included

Vortex's HEN (Homebrew Enabler)

Mira

Notes

The page will crash on successful kernel exploitation, this is normal

Contributors

Massive credits to the following:

qwertyoruiopz

Flatz

Vortex

OpenOrbis Team

Anonymous

Quoted from https://github.com/Cryptogenic/PS4-5.05-Kernel-Exploit/blob/master/README.md
 
Status
Not open for further replies.
Back
Top