Join Us and become a Member for a Verified Badge to access private areas with the latest PS4 PKGs.
PS4 Jailbreaking       Thread starter PSXHAX       Start date Mar 2, 2016 at 5:45 PM       43      
Status
Not open for further replies.
Today 'anonymous' hacker AK471337 has leaked the PS4 BadIRET Kernel Exploit source code according to PlayStation 4 developer CTurt, with details below from my post on PS4 News and the related Tweets below!

Download: PS4-Bad-IRET-master.zip / PS4-Bad-IRET-master.zip (Mirror) / PS4 Dongle.txt via choppa / kernel-1.76.rar via DotExE01 / badiret.bin (Compiled) by KUNITOKI via 2424marco / PS4-Bad-IRET-master-2.bin (Updated Mirror) / PS4-Bad-IRET-5fs.bin (Updated Mirror #2)


From Wololo comes some additional details as follows, to quote:

PS4 Kernel exploit – is it good news for you?

If you’re an en user with no programming skills, this exploit won’t be useful for you. You’d have to compile it and run it on a PS4 on firmware 1.76, through the 1.76 webkit userland exploit. (The Kernel exploit might work up to firmwares 2.xx, but then you’d need to find an unpatched userland exploit in order to run it)

ss+(2016-03-02+at+06.17.26).png If you have some programming skills and happen to own a PS4 1.76 however, this could be a nice entry point for you to understand how these things are done. If you get to display the debug message from the kernel exploit (Entered Critical Payload), you’re pretty much ahead of 99.99% of the PS4 homebrew community today.

But if you’re an “end user” and can get a 1.76 PS4, this could mean someone might be able to release PS4 Linux for you sooner than later.

More generally however, as I’ve stated before, people with the right set of skills could probably have figured out the exploit thanks to CTurt's detailed explanation. This release probably doesn’t change much who’s going to work on exploiting the PSP in the foreseeable future.

How the leak happened

Rumors say someone was able to grab passwords from several well known hackers of the PS4 scene, and managed to work his way into a private github where the files were stored. There is a strong reminder here for all of us that you should have different passwords on all the sites you visit, to avoid becoming the weakest link in such a situation.

PS4-kernel-exploit-1.76.png There’s a group of people who believe leaking such information is a good thing for the scene as it spreads the information. In my opinion, hackers often have very good reasons to not share their hacks, often because they are not ready for public consumption, and as such are useless to the vast majority of users. A hack that leaks at the wrong time could typically be patched by the manufacturer before it is even made usable for the scene.

The BadIRET exploit however has already been patched by Sony a long time ago, so it leaking is probably not a massive problem for the scene... What do you think? This is exciting news, but also a bit sad given the circumstances of the release.

From choppa: I found this ?
Code:
PS4 Dongle

#include
#include

int _netdebug_sock;

#define debug(…)\
do {\
char buffer[512];\
int size = sprintf(buffer, ##__VA_ARGS__);\
sceNetSend(_netdebug_sock, buffer, size, 0);\
} while(0)

/*———————————————————————–*/
/* Program Main */
/*———————————————————————–*/
#define SIZE_OF_BUFFER 512 //64

int _main(void)
{
// Init and resolve libraries
initKernel();
initLibc();
initNetwork();
initUsb();

struct sockaddr_in server;

server.sin_len = sizeof(server);
server.sin_family = AF_INET;
server.sin_addr.s_addr = IP(192, 168, 0, 5);
server.sin_port = sceNetHtons(9023);
memset(server.sin_zero, 0, sizeof(server.sin_zero));

_netdebug_sock = sceNetSocket(“netdebug”, AF_INET, SOCK_STREAM, 0);
sceNetConnect(_netdebug_sock, (struct sockaddr *)&server, sizeof(server));

FATFS fatfs; /* File system object */
FATFS_DIR dir; /* Directory object */
// FILINFO fno; /* File information object */
WORD i;
BYTE buff[SIZE_OF_BUFFER];
FRESULT rc;

FATFS FatFs; /* FatFs work area needed for each volume */
FATFS_FIL Fil; /* File object needed for each open file */

UINT bw, br;

debug(“\nMount a volume.\n”);
rc = f_mount(&fatfs, “”, 0); /* Give a work area to the default drive */
if (rc) debug(“die\n”);

debug(“\nOpen a test file (message.txt).\n”);

// open an existing file with read access
if (f_open(&Fil, “Fuses.txt”, FA_READ | FA_OPEN_EXISTING) == FR_OK) /* Create a file */
{
debug(“\nType the file content.\n”);
for (;;)
{
rc = f_read(&Fil, &buff, SIZE_OF_BUFFER, &br);
if (rc || !br) break; // Error or end of file
for (i = 0; i < br; i++) // Type the data
debug("%c", buff[i]);
}
if (rc) debug("die\n");

f_close(&Fil); /* Close the file */
}
if (rc) debug("die\n");
debug("File Read Complete.\n");

debug("\nTest completed.\n");

disk_deinitialize ();

sceNetSocketClose(_netdebug_sock);

return ;
}

/*———————————————————*/
/* User Provided Timer Function for FatFs module */
/*———————————————————*/

DWORD get_fattime (void)
{
return ((DWORD)(2010 – 1980) << 25) /* Fixed to Jan. 1, 2010 */
| ((DWORD)1 << 21)
| ((DWORD)1 << 16)
| ((DWORD)0 << 11)
| ((DWORD)0 <> 1);
From CTurt: 9/11 Leak was an inside job.

While this may indeed be a legitimate leak, it could also be a planned insider leak with rumors of an upcoming PS4 Cobra USB Game Emulator DRM Device... time will tell for sure. ;)
ps4_kernel_exploit_source_code.jpg
 

Comments

Here's a piece of advice grab a pair of balls and stop complaining it's getting you nowhere with trash talk cuz the scene is better without it.

And maybe spend some time learning the system rather then complaining might get you somewhere cuz most of us Dev's didn't just sit on our a§§ Gaming we have learned what most have not
 
Ok I nuked a bunch of the bickering posts. I know this is a new site and the rules here aren't as strict as the old one, but please try to 'agree to disagree' and express differences of opinion without personal attacks or flaming others here. :cool:

:alert: The last thing we want are valued members leaving before this site even gets off the ground, because fairly soon I plan to either close or sell the old site since the Co-Admin CJPC is MIA there for months and much of the backend there can't be updated... so this site is all we'll have left then. :(

Thanks in advance all, I want to make this the best site we can for many years to come :)
 
Ok I nuked a bunch of the bickering posts. I know this is a new site and the rules here aren't as strict as the old one, but please try to 'agree to disagree' and express differences of opinion without personal attacks or flaming others here. :cool:

:alert: The last thing we want are valued members leaving before this site even gets off the ground, because fairly soon I plan to either close or sell the old site since the Co-Admin CJPC is MIA there for months and much of the backend there can't be updated... so this site is all we'll have left then. :(

Thanks in advance all, I want to make this the best site we can for many years to come :)

I couldn't agree more buddy. I was just fixing myself to tell these guys to stop the bickering & attacks whether they liked it or not. You're more qualified to do that & I'm glad that you did. Thanks!
 
I personal and a fellow mate of mine feel that you all shod know that this scene has bin bed by everything from mostly all these Dev's who put in alot of hard work aswel as this ODE crew by Gary Opa which was revealed by us by going thro one cfw which gave away both crews.

Now I have personaly myself have full control over the system as much as ode developers who get there work from an inside source which hits the networks very hard and steals a ton of data we have watched and captured.

If you want to be a Dev and do work you shodnt need to steal it from hacking Sony or IBM or whoever do it yourself. This is not work of programmers this is hackers claiming to be programmers.

As much as I have accessed the whole system I felt it shod never be released cuz it gives too much power to one man to control every system this scene is not ready for.

But these ode guys with an actual ps4 ODE device which they lied about which I confirmed after there statement and all the data leads me back to Sony actual source. Along with blackfin for psvita.

Now if this is the intelligence we expect from the scene I can see y it's failing we rely on this crap by ode devs no thanks I wod rather support the true Dev's who made the system then these clowns who need to steal.
 
that should sum it up. and yes we have been watching. i do not have idiot written across my forehead so dont try to pin it on ppl who are more than capable of seeing the entire flow of traffic.

as for sony, you know who i am and you know i already tried my best.

sending your crypto division to monitor me like a hawk only lowers my expectations
because you did pass me over for a cheaper tech sub right?
 
I personal and a fellow mate of mine feel that you all shod know that this scene has bin bed by everything from mostly all these Dev's who put in alot of hard work aswel as this ODE crew by Gary Opa which was revealed by us by going thro one cfw which gave away both crews.

Now I have personaly myself have full control over the system as much as ode developers who get there work from an inside source which hits the networks very hard and steals a ton of data we have watched and captured.

If you want to be a Dev and do work you shodnt need to steal it from hacking Sony or IBM or whoever do it yourself. This is not work of programmers this is hackers claiming to be programmers.

As much as I have accessed the whole system I felt it shod never be released cuz it gives too much power to one man to control every system this scene is not ready for.

But these ode guys with an actual ps4 ODE device which they lied about which I confirmed after there statement and all the data leads me back to Sony actual source. Along with blackfin for psvita.

Now if this is the intelligence we expect from the scene I can see y it's failing we rely on this crap by ode devs no thanks I wod rather support the true Dev's who made the system then these clowns who need to steal.
whats the point to fight with people? if somebody has the knowledge and has access to full system then will find a way to release it... it reminds me the ps3 drama...
 
I see that @B7U3 C50SS nuked some posts today in this thread, not sure if they were requested or if it's just a security thing as (apparently) there is some turmoil in the PS4 scene due to the leaked PS4 BadIRET Kernel Exploit source code from AK471337.

To quote from MeSonySpy: "International Raid of PS4/WiiU Hackers

Major crackdown by gaming companies across borders this week!

Normally, you heard of raids by FBI / ICE or BND after a device like PS Jailbreak or keys get published, but this time groups have been taken down before they can finished their work because of e-fame

Recently, there been alot of news in the PS4 scene, with leaked releases of 'Bad IRET' by CTurt and updates to KEXEC by fail0verflow, and even news of possible PS4 Jailbreak called USB Whistle and before that movement in the Wii U scene with released of 'keys' by Hykem and loaders like 'loadine', but all that has now come crashing down the hill due to e-fame and hackers trying to outdo other hackers for larger Twitter followers and fame, and bigger limelight, and without knowing it they tipped over their own Titanic running it directly into hands of FBI, ICE, Interpol and BND.

As we have recently thanks to MeSonySpy and his anon. sources, uncovered a major International Raid that is still on-going that is involving a number of known public hackers like Hykem and many others that had recently been publicly doxxed by ak47 (Stuart) whom was even selling internal private info to highest bidder on underground dark website, and maybe even indirectly to actual police or gaming companies themselves.

Although some people like Geohot got away in end from their trouble with Sony, most people chasing e-fame and being public about hacks do end up having trouble. Hackers that really contribute to the scene are generally anonymous teams, we are going to following this story as it breaks wide open, posting up more details of court records and search warrants like we have in past when public hackers like SonicISO and SuperDAE got raided over their selling of stolen Xbox One devkits."

I'm not sure how legitimate it is since MeSonySpy is a Staff member on GaryOpERa's dongle-peddling site... but if they release actual evidence (court docs, etc) it'll be more plausible than the Cobra Team just trying to intimidate scene developers while gaining traffic there so OPA and crew can profit off the PS4 scene with less competition.

I notice that Hykem currently has his tweets protected, if anyone has any more info feel free to post it below. :cool:
 
No worries, neither you nor any of the other Staff have to tell me when you nuke posts as long as the person who made them is aware of it... so my inbox doesn't get filled with questions such as "why was my post deleted?" or "where did my post go?" that I don't have answers to. :D

The only reason I even mentioned it was due to the issue we had a few days ago in this thread HERE as I didn't want anyone who posted to wonder where their post went is all. ;)

As for the raids, we'll see if MeSonySpy (which may just be another account that GaryOPA created to save face based on the recent User ID of 633588) produces anything concrete to substantiate the raid claims... until then they can only be considered as a 'rumor' really with nothing to back them up.
 
Status
Not open for further replies.
Back
Top