Category PS4 Jailbreaking       Thread starter PSXHAX       Start date Mar 2, 2016 at 5:45 PM       21,473       43            
Today 'anonymous' hacker AK471337 has leaked the PS4 BadIRET Kernel Exploit source code according to PlayStation 4 developer CTurt, with details below from my post on PS4 News and the related Tweets below!

Download: / (Mirror) / PS4 Dongle.txt via choppa / kernel-1.76.rar via DotExE01 / badiret.bin (Compiled) by KUNITOKI via 2424marco / PS4-Bad-IRET-master-2.bin (Updated Mirror) / PS4-Bad-IRET-5fs.bin (Updated Mirror #2)

From Wololo comes some additional details as follows, to quote:

PS4 Kernel exploit – is it good news for you?

If you’re an en user with no programming skills, this exploit won’t be useful for you. You’d have to compile it and run it on a PS4 on firmware 1.76, through the 1.76 webkit userland exploit. (The Kernel exploit might work up to firmwares 2.xx, but then you’d need to find an unpatched userland exploit in order to run it)

ss+(2016-03-02+at+06.17.26).png If you have some programming skills and happen to own a PS4 1.76 however, this could be a nice entry point for you to understand how these things are done. If you get to display the debug message from the kernel exploit (Entered Critical Payload), you’re pretty much ahead of 99.99% of the PS4 homebrew community today.

But if you’re an “end user” and can get a 1.76 PS4, this could mean someone might be able to release PS4 Linux for you sooner than later.

More generally however, as I’ve stated before, people with the right set of skills could probably have figured out the exploit thanks to CTurt's detailed explanation. This release probably doesn’t change much who’s going to work on exploiting the PSP in the foreseeable future.

How the leak happened

Rumors say someone was able to grab passwords from several well known hackers of the PS4 scene, and managed to work his way into a private github where the files were stored. There is a strong reminder here for all of us that you should have different passwords on all the sites you visit, to avoid becoming the weakest link in such a situation.

PS4-kernel-exploit-1.76.png There’s a group of people who believe leaking such information is a good thing for the scene as it spreads the information. In my opinion, hackers often have very good reasons to not share their hacks, often because they are not ready for public consumption, and as such are useless to the vast majority of users. A hack that leaks at the wrong time could typically be patched by the manufacturer before it is even made usable for the scene.

The BadIRET exploit however has already been patched by Sony a long time ago, so it leaking is probably not a massive problem for the scene... What do you think? This is exciting news, but also a bit sad given the circumstances of the release.

From choppa: I found this ?
PS4 Dongle


int _netdebug_sock;

#define debug(…)\
do {\
char buffer[512];\
int size = sprintf(buffer, ##__VA_ARGS__);\
sceNetSend(_netdebug_sock, buffer, size, 0);\
} while(0)

/* Program Main */
#define SIZE_OF_BUFFER 512 //64

int _main(void)
// Init and resolve libraries

struct sockaddr_in server;

server.sin_len = sizeof(server);
server.sin_family = AF_INET;
server.sin_addr.s_addr = IP(192, 168, 0, 5);
server.sin_port = sceNetHtons(9023);
memset(server.sin_zero, 0, sizeof(server.sin_zero));

_netdebug_sock = sceNetSocket(“netdebug”, AF_INET, SOCK_STREAM, 0);
sceNetConnect(_netdebug_sock, (struct sockaddr *)&server, sizeof(server));

FATFS fatfs; /* File system object */
FATFS_DIR dir; /* Directory object */
// FILINFO fno; /* File information object */

FATFS FatFs; /* FatFs work area needed for each volume */
FATFS_FIL Fil; /* File object needed for each open file */

UINT bw, br;

debug(“\nMount a volume.\n”);
rc = f_mount(&fatfs, “”, 0); /* Give a work area to the default drive */
if (rc) debug(“die\n”);

debug(“\nOpen a test file (message.txt).\n”);

// open an existing file with read access
if (f_open(&Fil, “Fuses.txt”, FA_READ | FA_OPEN_EXISTING) == FR_OK) /* Create a file */
debug(“\nType the file content.\n”);
for (;;)
rc = f_read(&Fil, &buff, SIZE_OF_BUFFER, &br);
if (rc || !br) break; // Error or end of file
for (i = 0; i < br; i++) // Type the data
debug("%c", buff[i]);
if (rc) debug("die\n");

f_close(&Fil); /* Close the file */
if (rc) debug("die\n");
debug("File Read Complete.\n");

debug("\nTest completed.\n");

disk_deinitialize ();


return ;

/* User Provided Timer Function for FatFs module */

DWORD get_fattime (void)
return ((DWORD)(2010 – 1980) << 25) /* Fixed to Jan. 1, 2010 */
| ((DWORD)1 << 21)
| ((DWORD)1 << 16)
| ((DWORD)0 << 11)
| ((DWORD)0 <> 1);
From CTurt: 9/11 Leak was an inside job.

While this may indeed be a legitimate leak, it could also be a planned insider leak with rumors of an upcoming PS4 Cobra USB Game Emulator DRM Device... time will tell for sure. ;)
:idea: Reminder: Those without a Verified Badge yet on Discord to access the private areas we recommend Joining Us! Why? The waiting process takes a week for new Members, and there's a lot we're unable to share on public forums including the latest PS4 PKG Games. 🏴‍☠️



Developer(Team Ze0s)
Senior Member
oh no, I feel that Sony will cover all will be in vain. Why put the source .. These codes have long been there, which was not clear to merge. my work is not hurt, because they were a year ago, even back then I knew it. My results will be more and give opportunities interpreter.


Staff Member
I have a feeling all of this is an insider scheme, with Cobra releasing a for-profit PS4 dongle soon anyway.

Then when they charge PS4 sceners for it they can say "you can use our DRM product or make your own with the leaked code" in a lame attempt to save face with the hacking community. :rolleyes:

Time will tell for sure :D


Developer(Team Ze0s)
Senior Member
I have a feeling all of this is an insider scheme, with Cobra releasing a for-profit PS4 dongle soon anyway.

Then when they charge PS4 sceners for it they can say "you can use our DRM product or make your own with the leaked code" in a lame attempt to save face with the hacking community. :rolleyes:

Time will tell for sure :D
Now it is possible to make cfw and even usb dongle, but not for long, these codes are not all the time - that's why I am working lv1


Developer(Team Ze0s)
Senior Member
I'll be on github I lay out all your design, coding hacking ssl, lv1. will only make the convenience of a USB flash drive but I have almost everything ready for the full hacking consoles to version 3.15 to 3.50 through I do not know need to watch the source code. (SOON)
Recent Articles
OrbisSWU: The PS4 Update Tool Developer Research by TheoryWrong
As mentioned previously, following Fail0verflow's Documentation, the PS4 NoBD Updating Method, his PS4 Updater Toolkit release and the PS4 RL78 Syscon implementation PlayStation 4 scene developer...
Sony CEO Jim Ryan States PS5 Price Won't be the Lowest, Reflects Value
With their official PS5 Gaming Showcase set to be unveiled next week, Sony Interactive Entertainment president and CEO Jim Ryan revealed in an interview that the PlayStation 5 Price won't be the...
PlayStation 5 Unveiling Next Thursday, Limited Backwards Compatibility?!
Although not likely to be as next-gen as this PS5 Concept Video for the DualSense PS5 Controller, today Sony finally announced their next-generation PlayStation 5 console unveiling will take place...
PS4HEN 2.1.4 Github Fork with Save Data Mounting by xXxTheDarkprogramerxXx
Following the PS4 HEN 2.1.3 updates, PlayStation 4 homebrew developer @TheDarkprograme shared a PS4HEN 2.1.4 Github fork (from SiSTR0's repository, also forked from xvortex) via Twitter that...