Join Us and become a Member for a Verified Badge on Discord to access private areas with the latest PS4 FPKGs.
PS4 Jailbreaking       Thread starter PSXHAX       Start date Dec 6, 2015 at 7:18 PM       14,532       38      
Status
Not open for further replies.
Following the initial news and follow-up, today PlayStation 4 developer CTurt confirmed news of a PS4 Kernel Exploit via Twitter! :tup:

While this is fan-freaking-tastic news, keep in mind this does not mean there is a PS4 jailbreak... yet.

Keep an eye on our PS4 JailBreaking forum section though, and when there are further developments we'll be sure to post on them here! :D

CVegL9tWIAAUpXF.jpg
 

Comments

bsg

Member
Contributor
Guys! There is no public jailbreak yet. Maybe developers can do more with kernel exploit and we can use it with lastest fw. That needs time and patience. ;)
 

Chaos Kid

Developer
Senior Member
Contributor
Verified
Finally we start the game :D
The cat and mouse game started some time ago except without the mouse there is nothing that can be done about it. And anything that has bin found I recommend stays that way for awhile if the scene knows what's best. Experience is a teacher on both ends of the spectrum
 

PSXHAX

Staff Member
Moderator
Verified
Indeed... this is from IRC, if I'm following it's an older known exploit just discovered that it works on the PS4:
Code:
[hykem] Yes it's BadIRET. I thought everyone knew that already.
[thexyz] how could everyone know that if it's not posted anywhere
[hykem] Uh: https://twitter.com/hashtag/badiret
[hykem] Check the date
[hykem] Adam 'pi3' Zabrocki ‏@Adam_pi3  Sep 6
[hykem] pi3 was already exploiting that since September
[hykem] He even wrote a blog entry
[CTurt] for Linux, sure
[CTurt] there is no public FreeBSD BadIRET exploit
[hykem] Yes there is
[CTurt] a PoC that crashes kernel
[CTurt] but not an exploit
[CTurt] BadIRET exploit for FreeBSD is easier than Linux though because IDT is rewritable
[hykem] "FreeBSD was fully vulnerable.  See the attachment.  They seem to have
[hykem] fixed it, but I can't find an advisory."
[hykem] http://www.openwall.com/lists/oss-security/2015/07/09/1
[CTurt] yes
[CTurt] a PoC to crash kernel
[CTurt] but not an exploit
[hykem] I'm not trying to diminish your merit in exploiting it, just stating that the exploit was publicly known.
[CTurt] so what?
[CTurt] of course I already knew this
[thexyz] ok so that guy exploited freebsd not ps4
[hykem] PS4 is kernel is based of FreeBSD
[thexyz] that's true
[thexyz] ok so can i have a ps4 kxploit and kdump if it's all public?
[CTurt] no
[hykem] xD
[Al3x_10m] xD lool
[hykem] CTurt: I assume you found the offset then
[xboner] so redbox, if u report a game not working
[xboner] you get a free rental code
[xboner] i've reported every game i rented as not working for a week
[xboner] rofl
[thexyz] gee that's unfortunate
[hykem] People are already throwing hints about SAMU :\
[Al3x_10m] samu?
[hykem] https://twitter.com/Mathieulh/status/674224837783592960
[thexyz] what i get for helping people
[Al3x_10m] wtf is samu?
[Al3x_10m] secure asset management unit?
[hykem] PS4 + AMD APU = Yes
[Al3x_10m] whoah..interesting..
[thexyz] what does it do?
[hykem] Blows up any chance of getting keys
[Al3x_10m] some kind of security validation..
[flatz] heh
[flatz] it happens again lol
[flatz] well, doesn't matter
[flatz] samu is our new spu
[flatz] developed by amd
[SonyUSA] cturt you around?
[CTurt] partially
[SonyUSA] great work to you and everybody :D
[SonyUSA] does the kexploit let you run elfs with full system rights?
[CTurt] well, I analysed the kernel dump and found all the offsets used by the cred structs
[CTurt] and syscall(24) - getuid now returns 0
[CTurt] so now I am "true" root
[CTurt] Sony changed it a bit
[CTurt] there is sceSblACMgrIsSystemUcred for example
 

Endless

PS3MFW Dev ~Team_Zer0~
Developer
Member
Contributor
Indeed... this is from IRC, if I'm following it's an older known exploit just discovered that it works on the PS4:
Code:
[hykem] Yes it's BadIRET. I thought everyone knew that already.
[thexyz] how could everyone know that if it's not posted anywhere
[hykem] Uh: https://twitter.com/hashtag/badiret
[hykem] Check the date
[hykem] Adam 'pi3' Zabrocki ‏@Adam_pi3  Sep 6
[hykem] pi3 was already exploiting that since September
[hykem] He even wrote a blog entry
[CTurt] for Linux, sure
[CTurt] there is no public FreeBSD BadIRET exploit
[hykem] Yes there is
[CTurt] a PoC that crashes kernel
[CTurt] but not an exploit
[CTurt] BadIRET exploit for FreeBSD is easier than Linux though because IDT is rewritable
[hykem] "FreeBSD was fully vulnerable.  See the attachment.  They seem to have
[hykem] fixed it, but I can't find an advisory."
[hykem] http://www.openwall.com/lists/oss-security/2015/07/09/1
[CTurt] yes
[CTurt] a PoC to crash kernel
[CTurt] but not an exploit
[hykem] I'm not trying to diminish your merit in exploiting it, just stating that the exploit was publicly known.
[CTurt] so what?
[CTurt] of course I already knew this
[thexyz] ok so that guy exploited freebsd not ps4
[hykem] PS4 is kernel is based of FreeBSD
[thexyz] that's true
[thexyz] ok so can i have a ps4 kxploit and kdump if it's all public?
[CTurt] no
[hykem] xD
[Al3x_10m] xD lool
[hykem] CTurt: I assume you found the offset then
[xboner] so redbox, if u report a game not working
[xboner] you get a free rental code
[xboner] i've reported every game i rented as not working for a week
[xboner] rofl
[thexyz] gee that's unfortunate
[hykem] People are already throwing hints about SAMU :\
[Al3x_10m] samu?
[hykem] https://twitter.com/Mathieulh/status/674224837783592960
[thexyz] what i get for helping people
[Al3x_10m] wtf is samu?
[Al3x_10m] secure asset management unit?
[hykem] PS4 + AMD APU = Yes
[Al3x_10m] whoah..interesting..
[thexyz] what does it do?
[hykem] Blows up any chance of getting keys
[Al3x_10m] some kind of security validation..
[flatz] heh
[flatz] it happens again lol
[flatz] well, doesn't matter
[flatz] samu is our new spu
[flatz] developed by amd
[SonyUSA] cturt you around?
[CTurt] partially
[SonyUSA] great work to you and everybody :D
[SonyUSA] does the kexploit let you run elfs with full system rights?
[CTurt] well, I analysed the kernel dump and found all the offsets used by the cred structs
[CTurt] and syscall(24) - getuid now returns 0
[CTurt] so now I am "true" root
[CTurt] Sony changed it a bit
[CTurt] there is sceSblACMgrIsSystemUcred for example


That's some fap-tastic news.
Also that Putty connection to ps3 has also been made.
This just keep's on getting better.
 
Status
Not open for further replies.

:fire: Latest Help Topics

Top