Category PS4 Jailbreaking       Thread starter PSXHAX       Start date Apr 1, 2016 at 4:47 PM       30,839       44            
Status
Not open for further replies.
Not long ago news of a PS4 Root Privilege Escalation & Prison Break / Sandbox Break PoC was confirmed, and today kr105 dropped word in the Shoutbox that a usable dlclose exploit for PS4 Firmware 1.76 is now available to compile with CTurt's open-source work! :D

Download: PS4-dlclose-master.zip / PS4 Dlclose GIT / GIT / Linux Loader Patch for 1.76 / bzImage / initramfs.cpio.gz by kr105 / PS4 Playground / PS4 Playground GIT / ps4link-master.zip / PS4Link GIT
From the ReadMe Files: PS4-dlclose

PS4_Linux_Patched.jpgFully implemented dlclose exploit for PS4 fw 1.76. Compile it with CTurt's.

This is the bare working exploit, you must add your own payload code to make it do anything useful. Enjoy!

Linux loader
Code:
@@ -28,6 +28,15 @@ If you're on Linux, the easiest way is probably to use `netcat`:

After you have sent the binary, it will be executed automatically.

+### Linux loader
+You need a FAT32 formatted USB drive plugged in on any PS4's USB port with the following files on the root directory:
+
+`bzImage` : Kernel image that will be loaded. Recommended to use [this sources](https://github.com/fail0verflow/ps4-linux/tree/ps4-xhci-wip) to compile it.
+
+`initramfs.cpio.gz` : The initial file system that gets loaded into memory during the Linux startup process. [This one](https://github.com/slashbeast/better-initramfs) is recommended.
+
+The file names must match with the above and you can have more files on the same USB drive. From there you can setup the environment to run from an NFS share or from an external drive via USB (recommended) and boot a complete distro!
+
### Syscalls
`Get PID` - Get process ID
Patches for decrypt_pup_header (1.76):
Code:
*(uint16_t *) 0xFFFFFFFF827C445C = 0x9090;
*(uint16_t *) 0xFFFFFFFF827C446B = 0x9090;
*(uint16_t *) 0xFFFFFFFF827C4470 = 0x9090;
PS4-dlclose.png
 

Comments

Status
Not open for further replies.

Space Monkey

Member
Contributor
Game developers are the only scared ones.

For sony could be just the final impulse to sell the remaining "old version" consoles, that money will help to build the new "4-almost-5" model.
Now that's exactly my thoughts and for some reason I could not put them into words until u did.
jep but if dongles are on the go the most devs will gack the crap out of it and also release for free...devs dont want priracy ok...but they also want no re drm devices :)
And, that's good news for end users like u and me ;)
 

PSXHAX

Staff Member
Moderator
Contributor
Verified
Some DEVs are against backups but not all. Once the dlclose becomes main stream - meaning easy to install and use - loaders are next. Just wait and watch.
Agreed 100% :) Usually the developers who release the first 'legal' exploits aren't the ones who release backup loaders and the like, which is probably a good thing as it's safer (in my opinion) to have the 'grey area' stuff released anonymously to make things more difficult for Sony to track them down.

I'm confident good things WILL be coming, it just takes a little patience is all. ;)

For those following, I added the latest PS4Link from BigBoss to the main article now as well. :cool:


Thanks to @mcmrc1 for the reminder also :tup:
 

Space Monkey

Member
Contributor
Apparently this may work on the latest dash board or v2.57
Some claimed that they have an exploit for the newer FW, but nothing solid was presented, so many assumed the claims were fake.

I found the below information on another reputed ps hax site. The below information might break many hearts :p

http://playstationhax.it/cturt-on-sys_dynlib_prepare_dlclose/

I discovered a PS4 kernel vulnerability in a Sony system call a while ago, which I've recently had time to exploit, with the help of qwertyoruiop. This vulnerability was patched at a similar time to BadIRET, around firmware 2.00, so it won't give access to any later firmwares; but it turned out to be significantly easier to work with than BadIRET, (which I will explain in detail later), so I'd recommend its usage over BadIRET.
 

LaoelLeonharth

Member
Contributor
Apparently this may work on the latest dash board or v2.57
Yeah, recently I saw some people saying that dlclose exploit works until the firmware 2.57 - But telling the truth there is nothing that can confirm that the exploit works until this firmware. I hope that yes, that can work (my ps4 are on 2.57 too), but we don't know yet. We need to wait and see.

But I hope good things until the end of this year ;)
 

azoreseuropa

Senior Member
Contributor
Verified
Yeah, recently I saw some people saying that dlclose exploit works until the firmware 2.57 - But telling the truth there is nothing that can confirm that the exploit works until this firmware. I hope that yes, that can work (my ps4 are on 2.57 too), but we don't know yet. We need to wait and see.

But I hope good things until the end of this year ;)
I have the firmware 2.57 portugal ps4 in america. :)
 
Status
Not open for further replies.
Recent Articles
PS4 Android Application APK to Mod BO3 1.00 for 5.05 FW by MrNiato
Earlier this month we saw an All Clients Black Ops 3 (BO3) Zombie PS4 RTM Tool by PlayStation 4 homebrew developer @MrNiato, and today he shared on Twitter a PS4 Android Application to Mod BO3...
Pop Music Adventure Sayonara Wild Hearts Joins New PS4 Games Next Week
On September 19th next week included in the new PlayStation 4 video game releases is pop music adventure Sayonara Wild Hearts, which can be described as a dreamy, arcadey game that features...
Simple Wireless Rover for Raspberry Pi Controlled by PS4 DS4 via WiFi
Following the DJI Tello Drone and DeepRacer RC remote control PS4 DualShock 4 mods, recently Veilkrand on Github shared a Simple Wireless Rover for Raspberry Pi Controlled by PS4 DS4 via WiFi for...
Capcom Home Arcade Launches October 25th, Details and Trailer Video
Previously we covered the RetroEngine Sigma and Game Box Hero systems for emulation fans, and recently Capcom announced their Capcom Home Arcade launches this October 25th with pre-orders...
Top