Join Us and become a Member for a Verified Badge to access private areas with the latest PS4 PKGs.
PS4 Help       Thread starter sped       11      
Status
Not open for further replies.

sped

Member
Contributor
Verified
We use the browser as an entry point for unhacked consoles, but with enough reversing couldn't we after using the browser entry point find a buffer overflow or some other exploit in say something like a config file that PS4 reads to load up it's user interface or a theme file, to establish a persistent hack that survives through power on/off?

>WebKit exploit
>Kernel exploit
>Modify previously untouchable config/theme file to install persistent exploit

Just curious, it might help with the hack stability as well, considering that it seems the userland exploit in webkit is the unstable part.
 
Solution
A lot of progress was made behind the scene over the years (SAMU pwn'd, PS4 keys, persistent HEN, etc) so it's just a matter of time until those involved decide to finally make them public.

Needless to say there's always a lot of drama surrounding such things, as some want to keep them private while others feel differently so perhaps after the PS5 scene picks up some of the PS4's remaining secrets will be shared... we can only hope anyway. :notworthy:

Update: From kiwidog: To curb hype, there's a heap overflow in a system library, it's been POC on Linux and the version in PS4 6.72 and below is vulnerable, have not verified on anything newer. This may be a huge nothing burger if the heap layout isn't correct or exploitable...
A lot of progress was made behind the scene over the years (SAMU pwn'd, PS4 keys, persistent HEN, etc) so it's just a matter of time until those involved decide to finally make them public.

Needless to say there's always a lot of drama surrounding such things, as some want to keep them private while others feel differently so perhaps after the PS5 scene picks up some of the PS4's remaining secrets will be shared... we can only hope anyway. :notworthy:

Update: From kiwidog: To curb hype, there's a heap overflow in a system library, it's been POC on Linux and the version in PS4 6.72 and below is vulnerable, have not verified on anything newer. This may be a huge nothing burger if the heap layout isn't correct or exploitable and requires more debugging to find out. Idk why @zecoxao always jumps the gun on announcing stuff šŸ˜‚

Spoiler: Related Tweets
 
Solution
Interesting article, I imagine there are private hacks and the ones that would have them would be able to go onto PSN with exploited consoles so long as they reversed the network protocol and defeated any kind of checks, which I imagine you would need private keys to do.

So decapping the samu is all that's needed to extract these private keys? I'm not familiar with the process

The public exploit is good enough, but would be a lot nicer with Persistence. If the userland were reversed we might be able to get a persistent hack on bootup with the public kexploit. I know mono is used for the UI maybe an exploit within the mono VM
 
an exploit that runs on bootup would require an exploit found in the bootloader/boot process, and unlike webkit exploits, these exploits would only work on the PS4's bootloader/boot process (unless say the PS5 would use the exact same one, which is highly unlikely!)

these would be extremely valuable and unlikely to become public, than you'd need a kernel exploit, the current exploit set-up is the best its going to get until way into the future when people can freely work without worrying about Sony suing the heck out of whoever is working on the console.

as for stability, everybody was warned and told not to update, 5.05 has and always will be the most stable, if you actively updated and now are complaining about stability, everybody that has warned you is internally screaming "we told you so"..
 
What's weird is 7.55 seemed to work great... even rest mode, which never worked for me prior to 7.55 at all. It seemed to work well for a couple of months... but now it is difficult to get the ps4 to exploit at all.

Plus now, if I can manage to get it to exploit, after playing and then going to shut down, the system usually kernel panics. Shrugs I guess I spent too much time playing games though... lots of work to do so just as well for now.
 
I think it would be feasible to reuse the current public kernel exploit and find a new more reliable usermode exploit to trigger it.

For instance look at every file that usermode libraries open and read from during boot up and look for exploits in these libsce* libraries that read those files in. Then you could potentially trigger the buggy WebKit exploit for file access, modify one of those files to insert a malicious buffer overflow file in it's place and then chain the current kernel exploit to that. So it triggers everytime you boot without network access and may be more reliable than the usermode WebKit exploit.

If I had better reversing setup I'd be looking into this and probably bricking my PS4 lol
 
Status
Not open for further replies.
Back
Top