Following the latest PS5 Scene Game Dump and recent PS4 7.02 / 7.51 / 7.55 Read-Write updates, PS4 Scene developer sleirsgoevy pushed live a 7.02 Netcat-only release utilizing port 9020 alongside a netcat702.html commit on Github with a Netcat 7.02 Test Page available for those on PS4 OFW 7.02 from the 7.02 WebKit port forked via Synacktiv based on the findings of abu_y0ussef and 0xdagger in their BHEU 2020 presentation.
Today @SocraticBliss also released a 7.02 Full Stack of the PS4 7.00-7.02 Kernel Exploit via Twitter thanking contributing developers including ChendoChap, @zezu420 (aka Znullptr), Synacktiv, @KIWIDOGGIE (aka kd_tech_), Fire30_, theflow0 and @SpecterDev (Twitter)... while a test version of 7.00-7.02 PS4HEN arrived via Znullptr as @DEFAULTDNB reminded everyone on Twitter that the FRMCHK database has recently been updated with OFW702-confirmed games, some of which are outlined in the lists HERE and HERE via @irefuse.
From the README.md: PS4 7.00 - 7.02 Kernel Exploit
Summary
In this project you will find a full implementation of the "ipv6 uaf" kernel exploit for the PlayStation 4 on 7.00 - 7.02. It will allow you to run arbitrary code as kernel, to allow jailbreaking and kernel-level modifications to the system. will launch the usual payload launcher (on port 9020).
This bug was originally discovered by Fire30, and subsequently found by Andy Nguyen
Patches Included
The following patches are applied to the kernel:
Be sure to follow the PSXHAX Member Verification & PS4 Fake PKG (FPKG) Sharing Guide to become a Verified Member by getting a Blue Verified Badge (FAQ in the spoiler HERE) through our PSXHAX Floating Discord Channel to access private or restricted areas for the latest FPKG game releases!
For PlayStation 4 Scene developers who enjoy reverse-engineering, below are some early holIDAy presents as well.
Finally, cheers to @cedsaill4 on Twitter for sharing the screenshot below!
Today @SocraticBliss also released a 7.02 Full Stack of the PS4 7.00-7.02 Kernel Exploit via Twitter thanking contributing developers including ChendoChap, @zezu420 (aka Znullptr), Synacktiv, @KIWIDOGGIE (aka kd_tech_), Fire30_, theflow0 and @SpecterDev (Twitter)... while a test version of 7.00-7.02 PS4HEN arrived via Znullptr as @DEFAULTDNB reminded everyone on Twitter that the FRMCHK database has recently been updated with OFW702-confirmed games, some of which are outlined in the lists HERE and HERE via @irefuse.
From the README.md: PS4 7.00 - 7.02 Kernel Exploit
Summary
In this project you will find a full implementation of the "ipv6 uaf" kernel exploit for the PlayStation 4 on 7.00 - 7.02. It will allow you to run arbitrary code as kernel, to allow jailbreaking and kernel-level modifications to the system. will launch the usual payload launcher (on port 9020).
This bug was originally discovered by Fire30, and subsequently found by Andy Nguyen
Patches Included
The following patches are applied to the kernel:
- Allow RWX (read-write-execute) memory mapping (mmap / mprotect)
- Syscall instruction allowed anywhere
- Dynamic Resolving (sys_dynlib_dlsym) allowed from any process
- Custom system call #11 (kexec()) to execute arbitrary code in kernel mode
- Allow unprivileged users to call setuid(0) successfully. Works as a status check, doubles as a privilege escalation.
- (sys_dynlib_load_prx) patch
- The page will crash on successful kernel exploitation, this is normal
- There are a few races involved with this exploit, losing one of them and attempting the exploit again might not immediately crash the system but stability will take a hit.
- Specter - advice + 5.05 webkit and (6.20) rop execution method
- kiwidog - advice
- Fire30 - bad_hoist
- Andy Nguyen - disclosed exploit code
- SocraticBliss - Shakespeare dev & crash test dummy
- Znullptr - drunk.dev
- synacktiv - webkit exploit
- sleirsgoevy - ^ ported webkit exploit to 7.02 (and add addrof js prim)
Be sure to follow the PSXHAX Member Verification & PS4 Fake PKG (FPKG) Sharing Guide to become a Verified Member by getting a Blue Verified Badge (FAQ in the spoiler HERE) through our PSXHAX Floating Discord Channel to access private or restricted areas for the latest FPKG game releases!
For PlayStation 4 Scene developers who enjoy reverse-engineering, below are some early holIDAy presents as well.
Finally, cheers to @cedsaill4 on Twitter for sharing the screenshot below!