Category PS4 Jailbreaking       Thread starter PSXHAX       Start date Mar 30, 2018 at 12:13 AM       27,998       70            
Earlier this month we saw the PS4 4.55 WebKit Exploit Write-up by PlayStation 4 developer @SpecterDev, and now he announced on Twitter that he's added the PS4 4.55 / FreeBSD BPF kernel exploit writeup to his GitHub repository crediting qwertyoruiop and stating: "The bug is present on any system running FreeBSD such that you have privileges (which we did on PS4). Could be used on other systems for root to ring0 code execution."

Below is an excerpt from it, with the full documentation available on the Github Repo for those interested in learning more about it! :geek:

To quote: Conclusion

This was a pretty cool bug to exploit and write-up. While the bug is not incredibly helpful on most other systems as it cannot be exploited from an unprivileged user, it is still valid as a method of going from root to ring0 code execution.

I thought this would be a cool bug to write-up (plus I love writing them anyway) as the attack strategy is fairly unique (using a race condition to trigger an out-of-bounds write on the stack). It's also a fairly trivial exploit to implement, and the strategy of overwriting the return pointer on the stack is an easy method for learning security researchers to understand.

It also highlights how while an attack strategy may be old, perhaps this one being the oldest there is - they can still be applied in modern exploitation with slight variations.

Credits
References
Thanks to Edark knight for the heads-up on this earlier today in the forums. (y)
PS4 4.55 BPF Race Condition Kernel Exploit Writeup by SpecterDev.jpg
 

Comments

Recent Articles
AppendumPS4 v2.00 for PlayStation 4 v5.05 Preview by DeathRGH
Proceeding the AppendumPS4 v1.0 release, this weekend PlayStation 4 developer @DeathRGH shared via Twitter a preview of the AppendumPS4 v2.00 mod menu in development on his YouTube Channel. 😍...
PS4 Renesas RL78 Debug Protocol Implementation by Fail0verflow
Following the PS4 SysCon Renesas Chip Image and updates by droogie, PS4 Glitch Pinout research via @juansbeck and their PS4 Aux Hax Parts 1-4 today fail0verflow shared with PlayStation 4 scene...
PS Store Big in Japan Sale Live with Deals on Over 500 PSN Titles
PS Store's latest Big in Japan flash sale features discounts on over 500 PSN titles including Kingdom Hearts All-In-One Package, NieR: Automata Game of the YoRHa Edition, Code Vein and more! 🎎 🗾...
Hello Games Releases No Man's Sky Living Ship Update for PS4 / PS VR
Since the No Man's Sky initial release and No Man's Sky Beyond Update developer Hello Games released a new Living Ship Update for PS4 and PS VR gamers. :cool: Check out their latest PlayStation 4...
Top