Join Us and become a Member for a Verified Badge to access private areas with the latest PS4 PKGs.
PS4 Jailbreaking       Thread starter PSXHAX       Start date Dec 6, 2015 at 7:18 PM       38      
Status
Not open for further replies.
Following the initial news and follow-up, today PlayStation 4 developer CTurt confirmed news of a PS4 Kernel Exploit via Twitter! :tup:

While this is fan-freaking-tastic news, keep in mind this does not mean there is a PS4 jailbreak... yet.

Keep an eye on our PS4 JailBreaking forum section though, and when there are further developments we'll be sure to post on them here! :D

CVegL9tWIAAUpXF.jpg
 

Comments

Guys! There is no public jailbreak yet. Maybe developers can do more with kernel exploit and we can use it with lastest fw. That needs time and patience. ;)
 
Finally we start the game :D
The cat and mouse game started some time ago except without the mouse there is nothing that can be done about it. And anything that has bin found I recommend stays that way for awhile if the scene knows what's best. Experience is a teacher on both ends of the spectrum
 
Indeed... this is from IRC, if I'm following it's an older known exploit just discovered that it works on the PS4:
Code:
[hykem] Yes it's BadIRET. I thought everyone knew that already.
[thexyz] how could everyone know that if it's not posted anywhere
[hykem] Uh: https://twitter.com/hashtag/badiret
[hykem] Check the date
[hykem] Adam 'pi3' Zabrocki ‏@Adam_pi3  Sep 6
[hykem] pi3 was already exploiting that since September
[hykem] He even wrote a blog entry
[CTurt] for Linux, sure
[CTurt] there is no public FreeBSD BadIRET exploit
[hykem] Yes there is
[CTurt] a PoC that crashes kernel
[CTurt] but not an exploit
[CTurt] BadIRET exploit for FreeBSD is easier than Linux though because IDT is rewritable
[hykem] "FreeBSD was fully vulnerable.  See the attachment.  They seem to have
[hykem] fixed it, but I can't find an advisory."
[hykem] http://www.openwall.com/lists/oss-security/2015/07/09/1
[CTurt] yes
[CTurt] a PoC to crash kernel
[CTurt] but not an exploit
[hykem] I'm not trying to diminish your merit in exploiting it, just stating that the exploit was publicly known.
[CTurt] so what?
[CTurt] of course I already knew this
[thexyz] ok so that guy exploited freebsd not ps4
[hykem] PS4 is kernel is based of FreeBSD
[thexyz] that's true
[thexyz] ok so can i have a ps4 kxploit and kdump if it's all public?
[CTurt] no
[hykem] xD
[Al3x_10m] xD lool
[hykem] CTurt: I assume you found the offset then
[xboner] so redbox, if u report a game not working
[xboner] you get a free rental code
[xboner] i've reported every game i rented as not working for a week
[xboner] rofl
[thexyz] gee that's unfortunate
[hykem] People are already throwing hints about SAMU :\
[Al3x_10m] samu?
[hykem] https://twitter.com/Mathieulh/status/674224837783592960
[thexyz] what i get for helping people
[Al3x_10m] wtf is samu?
[Al3x_10m] secure asset management unit?
[hykem] PS4 + AMD APU = Yes
[Al3x_10m] whoah..interesting..
[thexyz] what does it do?
[hykem] Blows up any chance of getting keys
[Al3x_10m] some kind of security validation..
[flatz] heh
[flatz] it happens again lol
[flatz] well, doesn't matter
[flatz] samu is our new spu
[flatz] developed by amd
[SonyUSA] cturt you around?
[CTurt] partially
[SonyUSA] great work to you and everybody :D
[SonyUSA] does the kexploit let you run elfs with full system rights?
[CTurt] well, I analysed the kernel dump and found all the offsets used by the cred structs
[CTurt] and syscall(24) - getuid now returns 0
[CTurt] so now I am "true" root
[CTurt] Sony changed it a bit
[CTurt] there is sceSblACMgrIsSystemUcred for example
 
Indeed... this is from IRC, if I'm following it's an older known exploit just discovered that it works on the PS4:
Code:
[hykem] Yes it's BadIRET. I thought everyone knew that already.
[thexyz] how could everyone know that if it's not posted anywhere
[hykem] Uh: https://twitter.com/hashtag/badiret
[hykem] Check the date
[hykem] Adam 'pi3' Zabrocki ‏@Adam_pi3  Sep 6
[hykem] pi3 was already exploiting that since September
[hykem] He even wrote a blog entry
[CTurt] for Linux, sure
[CTurt] there is no public FreeBSD BadIRET exploit
[hykem] Yes there is
[CTurt] a PoC that crashes kernel
[CTurt] but not an exploit
[CTurt] BadIRET exploit for FreeBSD is easier than Linux though because IDT is rewritable
[hykem] "FreeBSD was fully vulnerable.  See the attachment.  They seem to have
[hykem] fixed it, but I can't find an advisory."
[hykem] http://www.openwall.com/lists/oss-security/2015/07/09/1
[CTurt] yes
[CTurt] a PoC to crash kernel
[CTurt] but not an exploit
[hykem] I'm not trying to diminish your merit in exploiting it, just stating that the exploit was publicly known.
[CTurt] so what?
[CTurt] of course I already knew this
[thexyz] ok so that guy exploited freebsd not ps4
[hykem] PS4 is kernel is based of FreeBSD
[thexyz] that's true
[thexyz] ok so can i have a ps4 kxploit and kdump if it's all public?
[CTurt] no
[hykem] xD
[Al3x_10m] xD lool
[hykem] CTurt: I assume you found the offset then
[xboner] so redbox, if u report a game not working
[xboner] you get a free rental code
[xboner] i've reported every game i rented as not working for a week
[xboner] rofl
[thexyz] gee that's unfortunate
[hykem] People are already throwing hints about SAMU :\
[Al3x_10m] samu?
[hykem] https://twitter.com/Mathieulh/status/674224837783592960
[thexyz] what i get for helping people
[Al3x_10m] wtf is samu?
[Al3x_10m] secure asset management unit?
[hykem] PS4 + AMD APU = Yes
[Al3x_10m] whoah..interesting..
[thexyz] what does it do?
[hykem] Blows up any chance of getting keys
[Al3x_10m] some kind of security validation..
[flatz] heh
[flatz] it happens again lol
[flatz] well, doesn't matter
[flatz] samu is our new spu
[flatz] developed by amd
[SonyUSA] cturt you around?
[CTurt] partially
[SonyUSA] great work to you and everybody :D
[SonyUSA] does the kexploit let you run elfs with full system rights?
[CTurt] well, I analysed the kernel dump and found all the offsets used by the cred structs
[CTurt] and syscall(24) - getuid now returns 0
[CTurt] so now I am "true" root
[CTurt] Sony changed it a bit
[CTurt] there is sceSblACMgrIsSystemUcred for example


That's some fap-tastic news.
Also that Putty connection to ps3 has also been made.
This just keep's on getting better.
 
Status
Not open for further replies.
Back
Top