Join Us and become a Member for a Verified Badge to access private areas with the latest PS4 PKGs.
PS4 Jailbreaking       Thread starter mcmrc1       Start date Dec 23, 2015 at 7:50 PM       44      
Not open for further replies.
Hello... it appears a brief presentation from Marcan of Fail0verflow will be shown at this year's Chaos Computer Club (CCC) covering Penguins on Aeolia (Embedded Linux) on the PS4 :)

:arrow: Update: PS4 3.55 Full Browser FileSystem and Gadget List

From Wololo: Zecoxao, who's very close to the PS3/PS4 dev scene, shared a screenshot on Twitter, showing some reverse engineering work on what appears to be PS4 system files:

Finally, GregoryRasputin posted a screenshot of a PS4 Filesystem Root Dump with details below, which has been confirmed by PlayStation 4 developer Lucif3r as follows:

From GregoryRasputin: Christmas is a time for loving and sharing, it is about spending time with the family and enjoying their company, which is why i am happy to let the PlayStationHaX family know that a little Christmas elf popped in to see me today and showed me something wonderful:


Of course with these being confidential Sony files, i cannot and will not link to any files. You can read about work into hacking the PS4, you can check these links:
For those wondering, yes, this was released today. Edited title to clear some things up a bit.

According to zecoxao regarding the PS4 dump: Apparently it's on a pastebin. Cleverly hidden...

:idea: If anyone runs across it, feel free to share it here... this way the entire PS4 scene can benefit from it rather than a limited number of people. ;)

Download: adm.rar / PS4 root dump (0.8.2) + kernel / NPXX51150_TEST_APP_HELLO_WORLD_0.01_[DEBUG].rar (27.9 MB) via

Merry Christmas
Here's all the patches you need for fuse to run on 5.05 retail via
//suser_enabled in priv_check_cred
        //add jail friendly for fuse file system
        p->vfc_flags=0x00400000 | 0x00080000;
        //avoid enforce_dev_perms checks
        //default prison_priv_check to 0

        //skip devkit/testkit/dipsw check in fuse_loader
        kernel_ptr[0x49DDDE] = 0xEB;
        kernel_ptr[0x49DDDF] = 0x1B;

        //skip sceSblACMgrIsSyscoreProcess check in fuse_open_device
        kernel_ptr[0x4A28EE] = 0xEB;
        kernel_ptr[0x4A28EF] = 0x0;

        //skip sceSblACMgrIsDebuggerProcess/sceSblACMgrIsSyscoreProcess check in fuse_close_device
        kernel_ptr[0x4A29E2] = 0xEB;

        //skip sceSblACMgrIsDebuggerProcess/sceSblACMgrIsSyscoreProcess check in fuse_poll_device
        kernel_ptr[0x4A2F34] = 0xEB;

        // skip sceSblACMgrIsSyscoreProcess check in fuse_vfsop_mount
        kernel_ptr[0x4A30F7] = 0xEB;
        kernel_ptr[0x4A30F8] = 0x04;

        // skip sceSblACMgrIsMinisyscore/unknown check in fuse_vfsop_unmount
        kernel_ptr[0x4A384C] = 0xEB;
        kernel_ptr[0x4A384D] = 0x00;

        // skip sceSblACMgrIsSystemUcred check in fuse_vfsop_statfs
        kernel_ptr[0x4A3BED] = 0xEB;
        kernel_ptr[0x4A3BEE] = 0x04;
the fcking eperm was in fuse_device_open xD
M.e.M.e is ps4 filesystem case sensitive ? \ph\source\data\Menu\Movies\ Vs. \ph\source\data0.pak\menu\movies\ :) maybe potentional problem backporting DL2 for 5.05 :)


@B7U3 C50SS The reason why (if I had to guess) is because it was originally posted in the News Submissions section.

Certain sections (that one, Staff forum, VIP area, etc) don't allow promoting directly so posts/threads would need to be moved into one of the public / permanent sections first and then promoted. :cool:

I know it's slightly a pain, but a necessary burden for a few reasons:
  • If the post/thread is in a private section, we wouldn't want to accidentally promote it to the main page.
  • If the post/thread is in the submission area, that isn't a permanent (categorized) section so we would want to move it first where it belongs (PS4, PS3, etc) so then all of the links, tags, etc make sense versus having a 'dump' of multi-topic posts in a generic forum.
BTW Merry Christmas buddy!! I officially celebrate tomorrow, but did some family stuff tonight. :)
Linux on PS4 would be awesome! Wonder how crippled it would be compared to PS3 OOS without RSX or much RAM... Hopefully at least Wireless controller support and Internet would work :cool:
@PSXHAX shod we not keep some of this for private sections only so only mods and Dev's have access to it? Till the time of release or something desurving main page? Just an idea
Not saying it don't deserve main page but if we keep it private draws less attention
FreeBSD Xfast_syscall: 0xFFFFFFFF80B03330

a triple page segmentation fault can leak the processes running of all available pids this happens when you trace over from a location that corrupts the stack,which cannot take its jump, if you can patch the calling routine that sets the protection for the syscntrl flag, you should be able to jump to your desired adress in memory and continue patching
You can also use on the fly patches directly in a runtime if you read the data correctly. The loop points back to a NULL pointer and if you can interpret it you can patch as needed. The routine points back and sets in a redirection n points to the call stack then you have access to the kern

Your going on the data from Linux I'm using my own as it's not written. There is also a memory leak and can obtain the data directly over a network but you have to crash the system and cause a hault which is easy to do. After you halt the memory is leaked and stuck at the point of freeze
@Chaos Kid sure, anything you wish to share privately we can definitely do so in the VIP area (well, as private as that is anyway... obviously it's not like a Dev-only section).

Everything posted here is just what's available publicly, but I'm sure more details will surface when fail0verflow does their demo at CCC ;)
Not open for further replies.