Category PS4 Jailbreaking       Thread starter PSXHAX       Start date Apr 1, 2016 at 4:47 PM       26,059       44            
Status
Not open for further replies.
Not long ago news of a PS4 Root Privilege Escalation & Prison Break / Sandbox Break PoC was confirmed, and today kr105 dropped word in the Shoutbox that a usable dlclose exploit for PS4 Firmware 1.76 is now available to compile with CTurt's open-source work! :D

Download: PS4-dlclose-master.zip / PS4 Dlclose GIT / GIT / Linux Loader Patch for 1.76 / bzImage / initramfs.cpio.gz by kr105 / PS4 Playground / PS4 Playground GIT / ps4link-master.zip / PS4Link GIT
From the ReadMe Files: PS4-dlclose

PS4_Linux_Patched.jpgFully implemented dlclose exploit for PS4 fw 1.76. Compile it with CTurt's.

This is the bare working exploit, you must add your own payload code to make it do anything useful. Enjoy!

Linux loader
Code:
@@ -28,6 +28,15 @@ If you're on Linux, the easiest way is probably to use `netcat`:

After you have sent the binary, it will be executed automatically.

+### Linux loader
+You need a FAT32 formatted USB drive plugged in on any PS4's USB port with the following files on the root directory:
+
+`bzImage` : Kernel image that will be loaded. Recommended to use [this sources](https://github.com/fail0verflow/ps4-linux/tree/ps4-xhci-wip) to compile it.
+
+`initramfs.cpio.gz` : The initial file system that gets loaded into memory during the Linux startup process. [This one](https://github.com/slashbeast/better-initramfs) is recommended.
+
+The file names must match with the above and you can have more files on the same USB drive. From there you can setup the environment to run from an NFS share or from an external drive via USB (recommended) and boot a complete distro!
+
### Syscalls
`Get PID` - Get process ID
Patches for decrypt_pup_header (1.76):
Code:
*(uint16_t *) 0xFFFFFFFF827C445C = 0x9090;
*(uint16_t *) 0xFFFFFFFF827C446B = 0x9090;
*(uint16_t *) 0xFFFFFFFF827C4470 = 0x9090;
PS4-dlclose.png
 

Comments

Status
Not open for further replies.

Space Monkey

Member
Contributor
Game developers are the only scared ones.

For sony could be just the final impulse to sell the remaining "old version" consoles, that money will help to build the new "4-almost-5" model.
Now that's exactly my thoughts and for some reason I could not put them into words until u did.
jep but if dongles are on the go the most devs will gack the crap out of it and also release for free...devs dont want priracy ok...but they also want no re drm devices :)
And, that's good news for end users like u and me ;)
 

PSXHAX

Staff Member
Moderator
Contributor
Verified
Some DEVs are against backups but not all. Once the dlclose becomes main stream - meaning easy to install and use - loaders are next. Just wait and watch.
Agreed 100% :) Usually the developers who release the first 'legal' exploits aren't the ones who release backup loaders and the like, which is probably a good thing as it's safer (in my opinion) to have the 'grey area' stuff released anonymously to make things more difficult for Sony to track them down.

I'm confident good things WILL be coming, it just takes a little patience is all. ;)

For those following, I added the latest PS4Link from BigBoss to the main article now as well. :cool:


Thanks to @mcmrc1 for the reminder also :tup:
 

Space Monkey

Member
Contributor
Apparently this may work on the latest dash board or v2.57
Some claimed that they have an exploit for the newer FW, but nothing solid was presented, so many assumed the claims were fake.

I found the below information on another reputed ps hax site. The below information might break many hearts :p

http://playstationhax.it/cturt-on-sys_dynlib_prepare_dlclose/

I discovered a PS4 kernel vulnerability in a Sony system call a while ago, which I've recently had time to exploit, with the help of qwertyoruiop. This vulnerability was patched at a similar time to BadIRET, around firmware 2.00, so it won't give access to any later firmwares; but it turned out to be significantly easier to work with than BadIRET, (which I will explain in detail later), so I'd recommend its usage over BadIRET.
 

LaoelLeonharth

Member
Contributor
Apparently this may work on the latest dash board or v2.57
Yeah, recently I saw some people saying that dlclose exploit works until the firmware 2.57 - But telling the truth there is nothing that can confirm that the exploit works until this firmware. I hope that yes, that can work (my ps4 are on 2.57 too), but we don't know yet. We need to wait and see.

But I hope good things until the end of this year ;)
 

azoreseuropa

Senior Member
Contributor
Verified
Yeah, recently I saw some people saying that dlclose exploit works until the firmware 2.57 - But telling the truth there is nothing that can confirm that the exploit works until this firmware. I hope that yes, that can work (my ps4 are on 2.57 too), but we don't know yet. We need to wait and see.

But I hope good things until the end of this year ;)
I have the firmware 2.57 portugal ps4 in america. :)
 
Status
Not open for further replies.
Recent Articles
PS4Modding.net: PS4 Cheats and Modding Platform Trainers with Tools
Since the release of PS4 Reaper (debugger and trainer maker) the goal was to gather modders and gamers around one passion. Today we've come along way: 3 Universal Trainers (PC, Android, iOS)...
Orbis MSX Super Laydock: Mission Striker PS4 Homebrew PKG
Proceeding the MSXORBIS MSX Core from BigBoss and recent Resident Evil CODE: Vita PS4 homebrew game in development by @Markus95, this weekend @oneman123 shared on Twitter a shoot 'em up Orbis MSX...
Golem Gates PS4 Launch Trailer, Hits PlayStation 4 on May 28th
Arriving to PlayStation 4 later this month on May 28th comes Golem Gates, a post-apocalyptic sci-fi blend of action-strategy and card battler pitting conjured armies against otherworldly forces...
Everybody's Golf VR Tees Off in New PlayStation Games Next Week
Fore! Swing for the flag with your PS Move motion controller or DualShock 4 wireless controller in Everybody's Golf VR which tees off as part of the new PlayStation video game releases next week...
Top