PS4 Kernel Exploit: Sys_Dynlib_Prepare_Dlclose CTurt Qwertyoruiop

Following the recent PS4 3.11 Out of Bound Read (Freetype 64bit Exploit), fail0verflow's PS4 patches and drivers and his previous PlayStation 4 Kernel Exploitation, today PS4 developers CTurt and Qwertyoruiop revealed news of a PS4 kernel heap overflow exploit alongside an analysis of sys_dynlib_prepare_dlclose for PlayStation 4 developers to examine further.

Below are some recent Tweets on their latest PS4 kernel exploit, as follows:

Finally, from Wololo comes a summary of their findings thus far with it, to quote:

• The exploit has been patched around firmware 2.00, so it will not be useful for people expecting a PS4 hack on the latest firmware 3.15.
• Cturt also announced that he will not release a fully weaponized exploit, and is just sharing the knowledge on how the vulnerability was exploited.
• He’s apparently actively working on the PS4 with other hackers such as Qwertyoruiop (a well know hacker famous for his work on iOS, among other things).
• The exploit itself lies in function sys_dynlib_prepare_dlclose and some of its internal calls such as copyin. Full details can be found in CTurt's article.

 

[Chaos Kid]

Yes it can be used that way but it wodnt matter if your using webkit exploite or not a passthro mode gives you alot more.

 

[GritNGrind]

in the index.html on that Vita exploit put a space between 1 and 000 and it will at least run. (see below)

<html>
<style>
html, a1, a2, a3, a4, a5, a6, a7, a8, a9, a10, a11, a12, a13, a14, a15, a16, a17, a18, a19, em:nth-child(5){
height: 500px
}
</style>
<script>

arrays = Array();
gc = Array();

function load() {
for (var i = 0; i < 0x1000; <--I was able to put a space between the 1 and 000, and got the box to actually come up on the latest firmware and no "Not Enough Memory" error this time.

 

[Chaos Kid]

in the index.html on that Vita exploit put a space between 1 and 000 and it will at least run. (see below)

<html>
<style>
html, a1, a2, a3, a4, a5, a6, a7, a8, a9, a10, a11, a12, a13, a14, a15, a16, a17, a18, a19, em:nth-child(5){
height: 500px
}
</style>
<script>

arrays = Array();
gc = Array();

function load() {
for (var i = 0; i < 0x1000; <--I was able to put a space between the 1 and 000, and got the box to actually come up on the latest firmware and no "Not Enough Memory" error this time.

What makes you think I'm using the psp kernel exploite? Have you considered there is another doorway in to access the kernel? You can change this to make it read like any fw revision but if you havnt noticed some files can't be decrypted for a good reason.
And yes I have a 1k n 2k psp so I have decrypted alot of files and compared data output

 

[Chaos Kid]

Let's take a look back for a moment here what have we all learned from all the big Dev's? GEOHOT Kmeaw zecoxao or any of them? Or we realy gonna use webkit exploite cuz no1 can realy see a exploite.

I watched the scene as it built and good times then thro the rough 3.56 times but this isnt making good use of what others have taught us except to keep falling into this same rutt that will get patched very easily.

Maybe if we all worked together then it cod happen but I don't see that anytime soon with the way this scene has become reliant on profiteers.

Until that day comes I will sit back and watch the scene struggle while I do my own work in private

 

[GritNGrind]

Let's take a look back for a moment here what have we all learned from all the big Dev's? GEOHOT Kmeaw zecoxao or any of them? Or we realy gonna use webkit exploite cuz no1 can realy see a exploite.

I watched the scene as it built and good times then thro the rough 3.56 times but this isnt making good use of what others have taught us except to keep falling into this same rutt that will get patched very easily.

Maybe if we all worked together then it cod happen but I don't see that anytime soon with the way this scene has become reliant on profiteers.

Until that day comes I will sit back and watch the scene struggle while I do my own work in private

I'm sure there are plenty of people out there that would love to be apart of a team to see what we can dig into and each take on smaller tasks, work on them, and then get back together to see what we found out. See what kind of progress we can make, but the problem is no one wants to head something like that up. Also, I guess it's hard to find the right people/resources as well.

 

[Chaos Kid]

I'm sure there are plenty of people out there that would love to be apart of a team to see what we can dig into and each take on smaller tasks, work on them, and then get back together to see what we found out. See what kind of progress we can make, but the problem is no one wants to head something like that up. Also, I guess it's hard to find the right people/resources as well.

Its not the problem with finding ppl with those kinda resources they have always bin infront of us the whole time it's actualy finding the ones who are against backups dongles or odes which is the same if you understand the code.

Did you know that you can run there own software on a cfw unit if you know what your doing?

Did you know you can make a backups dongle run without its own dongle vilerification?

We need actual Dev's who are not in this for profit but cuz they enjoy it. Hacking is easy understanding how it works takes practise and patience that only you can tame but working as teams takes dedication of all individuals and without any of these this scene will come up empty handed.

I figured out 3k ages ago I didn't reveal it cuz profiteers only see dollar signs I on the other hand understand teams working together as a community to make things for ppl who enjoy it.