Join Us and become a Member for a Verified Badge on Discord to access private areas with the latest PS4 FPKGs.
PS4 Jailbreaking       Thread starter PSXHAX       Start date Dec 16, 2020 at 5:38 PM       112,640       217      
Status
Not open for further replies.
Following the latest PS5 Scene Game Dump and recent PS4 7.02 / 7.51 / 7.55 Read-Write updates, PS4 Scene developer sleirsgoevy pushed live a 7.02 Netcat-only release utilizing port 9020 alongside a netcat702.html commit on Github with a Netcat 7.02 Test Page available for those on PS4 OFW 7.02 from the 7.02 WebKit port forked via Synacktiv based on the findings of abu_y0ussef and 0xdagger in their BHEU 2020 presentation. 😍

Today @SocraticBliss also released a 7.02 Full Stack of the PS4 7.00-7.02 Kernel Exploit via Twitter thanking contributing developers including ChendoChap, Znullptr, Synacktiv, kd_tech_, Fire30_, theflow0 and SpecterDev... while a test version of 7.00-7.02 PS4HEN arrived via Znullptr as @DEFAULTDNB reminded everyone on Twitter that the FRMCHK database has recently been updated with OFW702-confirmed games, some of which are outlined in the lists HERE and HERE via @irefuse. 🥳

From the README.md: PS4 7.00 - 7.02 Kernel Exploit

Summary


In this project you will find a full implementation of the "ipv6 uaf" kernel exploit for the PlayStation 4 on 7.00 - 7.02. It will allow you to run arbitrary code as kernel, to allow jailbreaking and kernel-level modifications to the system. will launch the usual payload launcher (on port 9020).

This bug was originally discovered by Fire30, and subsequently found by Andy Nguyen

Patches Included

The following patches are applied to the kernel:
  1. Allow RWX (read-write-execute) memory mapping (mmap / mprotect)
  2. Syscall instruction allowed anywhere
  3. Dynamic Resolving (sys_dynlib_dlsym) allowed from any process
  4. Custom system call #11 (kexec()) to execute arbitrary code in kernel mode
  5. Allow unprivileged users to call setuid(0) successfully. Works as a status check, doubles as a privilege escalation.
  6. (sys_dynlib_load_prx) patch
Notes
  • The page will crash on successful kernel exploitation, this is normal
  • There are a few races involved with this exploit, losing one of them and attempting the exploit again might not immediately crash the system but stability will take a hit.
Contributors
As many are awaiting a Stable Full 7.02 PS4 Jailbreak Exploit before updating from 5.05 or 6.72, reports of new PS4 FPKG Backports using AutoBackPort 1.08 are already surfacing with Video Footage of PS4 Games Dumped on 7.02 including FF7R (140 GB) by @grabman as outlined in the PS4 7.02 How to Dump a Game Guide using the latest PS4 Dumper and PS4 FTP available in the payloads_1.0.5.zip update of the PS4 Payload Repo via @Al Azif in the Tweets below... so for those who haven't done it yet:

:idea: Be sure to follow the PSXHAX Member Verification & PS4 Fake PKG (FPKG) Sharing Guide to become a Verified Member by getting a Blue Verified Badge (FAQ in the spoiler HERE) through our PSXHAX Floating Discord Channel to access private or restricted areas for the latest FPKG game releases! 🏴‍☠️
For PlayStation 4 Scene developers who enjoy reverse-engineering, below are some early holiday presents as well. 🎄🎁 :geek:
Finally, cheers to @cedsaill4 on Twitter for sharing the screenshot below! 🍻
PS4 7.02 WebKit Kernel Exploit with Game Dumper and FTP Payloads!.png
 

Comments

PSXHAX

Staff Member
Moderator
Verified
I moved most of the Tweets HERE so they only load on Page 1 and linked to that post in the OP now.

It's great Xenforo 2 allows Twitter embedding, but wasn't really intended to display 30+ embeds per page... so when it tries loading all the Tweets performance inevitably suffers.

:alert: That said, from now on let the Staff add new Tweets linked in the OP as time permits so we don't end up with countless posts containing duplicate Tweets.

@grabman With the spoiler files added HERE did you get the FFR backport working or anything else sorted out / fixed due to your chendo being out of date?

Let me know and I'll update the OP with the most recent information later tonight thanks!
 

grabman

Senior Member
Contributor
we need to change the my files link to: new and improved stuff.zip (12.63 MB)

I just played my ff7 dump on 7.02 it works fine

There are four possible outcomes
  • kernel execute
  • awaiting payload in that order
  • sometimes it fails
  • Says relative not found or slave not found the hax failed here
 

DongFangLong

Member
Contributor
Verified
I think we need more devs to take people under their wing. I mean people who have a real passion for programming and reverse engineering. #Thatsajob. Yes it does take time and effort, but think about the outcome of it!!! #Ipicktheflow :p
 

ombus

Senior Member
Contributor
Verified
i know this is starting but hoping sleep mode gets better. had ps4 shut down when i tried... still before it did it okay.. so hit or miss i think.
 
Status
Not open for further replies.
Top