Category PS4 Jailbreaking       Thread starter PSXHAX       Start date Jun 3, 2019 at 8:47 AM       82,680       86            
Status
Not open for further replies.
Awhile back popular PS Vita scene developer TheFloW hinted that he'll be looking at the PS4 kernel in his H-ENcore Write-up, and today he shared on Twitter some details on a PS4 Kernel Bug discovered stating it is fxed somewhere between 5.05 and 6.20 OFW... with the PS4 Kernel Exploit 5.05 / 5.07 being the last public jailbreak currently available. :unsure:


PS4 kernel bug: sys_randomized_path could leak arbitrary amount of kernel stack:
Code:
char k_path[0x100];
int64_t max_len = fuword64(max_len_ptr);
if (path_len <= max_len) {
copyout(k_path, out_path, path_len);
} else {
copyout(k_path, out_path, max_len - 1);
}
Unfortunately fixed somewhere between 5.05 and 6.20.

:arrow: Update: TheFloW said his bug is not exploitable:

Nvm this bug is not exploitable, as copyout will simply abort if it dst+len wraps around or is higher than 0x8000000000000000. However, Sony did actually fix it by adding a max_len > 0 check, so I thought it could be abused.
From Pastebin.com:
Code:
// <6.00 bug (not exploitable) found by TheFloW, JS adaptation by CelesteBlue only useful for when we find an actual vulnerable syscall
    var try_sys_randomized_path_leak = function() {
        var mem = p.malloc(0x1000000); // allocate buffer
        alert(p.hexdump(mem, 0x500)); // display zeroed buffer
       
        var len_pointer = p.malloc(0x08); // allocate length
        p.write8(len_pointer, new int64(0, 2147483648)); // write length: 0x8000000000000000
        alert(p.hexdump(len_pointer, 8)); // display length
       
        alert(p.syscall("sys_randomized_path", 0, mem, len_pointer)); // trigger bug
        alert(p.hexdump(mem, 0x500)); // display buffer, should have been modified if success
    };
PS4 Kernel Bug Details by TheFloW, Fixed Between 5.05-6.20 OFW.jpg
 

Comments

Status
Not open for further replies.

wolfsstolz

Member
Contributor
All people tell me that i dont have to make an update when a new ps4 update will be release but nothing it will be do in the jailbreak scene.

I come from Germany and its not really easy if you cant speak English so good. OK, whats happened now everybody can tell me whats up now with jb? I really dont will have a time machine for looking whats happened in future but there is news?

I can smell the new ps5 now but nothing ps4 jb? I better update now and play new games or better waiting for new jb?

Thanks for help
 
Status
Not open for further replies.
Recent Articles
Sony Rumored to Unveil PS5 at PlayStation Meeting on February 12, 2020
Yesterday we saw the first PS5 DevKit Prototype Images, and although Sony confirmed the PlayStation 5 will launch during the Holiday 2020 season they haven't announced an official PS5 unveiling...
Leaked PS5 Dev Kit Prototype Images Surface from ZONEofTECH
Following the PS5 Development Kit Design Patent and PlayStation 5 Development Kit 3D Renders, this weekend ZONEofTECH shared some leaked Sony PS5 Dev Kit Prototype Images on Twitter with a video...
Sony Confirms PS5 Will Support PlayStation Now, New Controller Patent
In a recent interview with Famitsu Magazine, Sony's Yasuhiro Osaki confirmed that PlayStation 5 will support their digital streaming and downloading video game subscription service PlayStation...
PS4 Patch Builder for Building Modded Update PKGs by MODDED WARFARE
Since his YouTube Issues PlayStation 4 homebrew developer @MODDEDWARFARE returns releasing on Twitter a PS4 Patch Builder application used for building modded Update Packages (PKGs) alongside a...
Top