Join Us and become a Member for a Verified Badge to access private areas with the latest PS4 PKGs.
PS4 Jailbreaking       Thread starter kizabg       Start date Nov 5, 2018 at 8:07 AM       45      
Status
Not open for further replies.
Following Parts 1 through 3 of their PS4 Aux Hax covering hacking Aeolia, Syscon and DS4 today PlayStation 4 hackers fail0verflow shared documentation on PS4 Aux Hax 4 which uses HDMI (High-Definition Multimedia Interface) CEC (Consumer Electronics Control) to get code exec on all PS4 Belize southbridge versions (including PS4 Pro, etc) without requiring other parts of the system to be pwned! :notworthy:

According to Wikipedia, CEC is a feature of HDMI designed to allow users to command and control devices connected through HDMI by using only one remote control... and the bug is in the HDMI CEC code with the path reachable when HDMI-CEC is enabled and active. :ninja:

Be sure to check out the full PS4 Aux Hax 4: Belize via CEC documentation on their latest Blog Entry alongside the PS4 Southbridge Reverse-Engineered Code Examination, and to quote in part:

"So, the overall process is like:
  1. Tap onto CEC-related i2c and irq lines and HDMI encoder power switch
  2. Power up PS4 and enter Rest Mode
  3. Wait for “EAP running” message from custom EAP kernel
  4. Induce the CEC RX interrupt
  5. Feed data to EMC such that it causes a stack buffer overflow
  6. Wait for EMC to copy SRAM to DDR3
  7. Dump copied SRAM out of UART
Of course, this is really EMC code exec, so the dumping is just something to do after the fact :)

This post outlines a way to dump EMC firmware and gain EMC code exec on any hardware revision. While the real root keys (in fuses and ROM) of EMC versions besides the first are still unknown, they could yet be recovered with side channel attacks, if someone really wanted them. Since this method is comparatively much more simple and more generic, it stands on its own as an interesting exploit.

As was hinted at, the CXD90046GG version of EMC employs slightly better security practices. The EMC ROM now wipes the SRAM space used as stack during initial key derivation, and some as-of-yet unknown method is used to unmap the ROM, mitigating it being dumped simply by reading from address 0x00000000. Again, it is likely the key material could still be recovered - if someone cares - but it’s interesting to see that such changes made their way into hardware between revisions."

Spoiler: Related Tweets

PS4 Aux Hax 4 Belize (Southbridge) via HDMI CEC by Fail0verflow.jpg
 

Comments

@Secretc0de
Not as simple as that unfortunately when people only have 1 console and want to keep their Jailbreak.

Now how is it simple ? Well ...you could then say... Just buy another for online ect... Again not simple as some people just can't afford it... So again it's not simple at all.

Why do people say such claptrap? Yes you can buy them games ...But can not play ...you are effectively stuck if you are wanting to keep your JB.

Best Regards,
 
Cmon how much did you save by playing backups?? My quess is more than a couple of Pro consoles. Spend your savings on a used 150 usd ps4 and buy the newer titles that you wanna play. Cant do it? Stop playing games until you can afford it
 
From what i've been reading, I don't think this will lead to CFW or downgrade, but it'll allow HEN type of exploits through modchips on any firmware, supposedly.

@Melo90 instead of whining, just save for 10 years and these games will be cheap enough for you to buy.
 
That mean the exploit may work on all currently released PS4 versions.

We hope the best in a near future ... we will see
 
Lol there will be another kexploit before the next console you can bet your life on it. But to anxiously wait for something not written in stone...is worthless enjoy your vids theres only a handful of games that require fw... the 2 most people want are spidey and red dead... which neither of them are as good as GOW.

sit back enjoy what you have this is just news for devs the average user will not or ever use any of this info... stop flooding 6.00 cfw new games playable blah blah.... patience. I waited for months on end for the 5.05. There will be another release before summer 2019. Count on it!
 
Status
Not open for further replies.
Back
Top