PS4 Jailbreaking       Thread starter PSXHAX       5609       20
Status
Not open for further replies.

PSXHAX

Staff Member
Moderator
Contributor
Verified
This will be a discussion / non-news thread for the time being from @modz2014 (Twitter) as we've covered the PS4 3.55 Playground, HENkaku Ports and PS4 3.55 File Browser here before with some additional repos from @Bultra for both the PS3 3.55 Playground and PS4 3.55 File Manager.

Links: 3.x Playground GIT / POC Test Page / POC Test Page (Updated Mirror) / Modz2014 GitHub / Modz2014.tk / PS4 Playground 4.00 Fix by Darkslake

To quote from the README.md file: I added and change a few things around for this to work with 3.50 3.15 and 3.55 with filebrowser

PS4 Playground (FW 3.55)

PS4 Playground is a project created around the 3.55 Code Execution Userland exploit created by xyz and ported by Fire30. The name and idea is based off CTurt's original "PS4 Playground" developed for FW 1.76. It currently only features a POC test of the exploit and a system information page. The project is still a WIP.

To see updates on what is being worked on for PS4 Playground, I'm going to start posting updates about it on my twitter SpecterDev.

The Exploit

The exploit was originally ported by Fire30, however I cleaned it up a bit and implemented it so everything is shown in the browser. There is no longer a need to run a Python server / run back and forth between your PS4 and your PC to see the information, it's all right on the browser. The exploit is also slightly more stable, as after my edits it seems to work more consistently in the web implementation and the browser doesn't crash immediately after the exploit is performed successfully.

Usage

You will need fakedns. You also need to edit the dns.conf to point to the ip address of your PC (can be found in cmd/terminal by typing ipconfig/ifconfig), and modify your consoles' DNS settings to point to your PC's address. Then type the following in your terminal;
Code:
python fakedns.py -c dns.conf
You will also need to setup xampp on your computer and run Apache on port 80. For the easiest method, in /htdocs, create the '/document/en/ps4' directory and place the files from this repo in there.

When your fake dns is running and you've setup your localhost server in xampp, you can navigate to PS4 -> Settings -> User Guide. It should then show PS4 Playground.

Notes

The exploit will not run correctly all of the time. Sometimes it will stick at stage 4 or webkit will crash before the script is finished. If it doesn't work at first, keep trying until it does, it shouldn't take long.

Refreshing the page after a successful attempt or going to another page will crash webkit. Just hit OK and it will resume to the next action you wanted to perform.

The project isn't 100% complete, however more things have been added in the 1.3 update. Modules can now be dumped from memory, however currently only modules loaded by WebKit can be dumped.

The sizes of dumps may be small for some modules, but they should include most of everything you would need anyway.

Because of how large the libSceWebKit2.sprx module is, it must be dumped in 17 parts. Once you have all 17 parts (check filesystem on server first), you can click the "Stitch WebKit" button which will merge them all into one dump. I tried to make it dump the module all at once, but it absolutely wrecked my PS4's ram and gave a system error after a 5 minute long freeze.

If you try to stitch WebKit without all 17 parts, the PHP page you are directed to will probably display errors and you may have to close the browser to get out. I plan to fix this in a future commit with proper error handling/

Dumps are named .bin rather than .sprx to distinguish that they are dumped from memory and not by file, however they will still load fine in IDA for example.

If you have a seemingly endless string of crashes, try closing and re-opening the web browser/user guide, seems to help in this regard.

Big thanks to XorLoser, Maxton, and Fire30 for assistance with dumping the modules.

Thanks to Xerpi, we now have stack/memory management and are able to do more cool stuff!

Special Thanks To
  • Fire30 - The porting of the WebKit Exploit to PS4, as well as assistance when I needed it
  • Xerpi - Functions in his POC edit that I ported over (these functions made things way easier and more efficient)
  • XYZ - The original exploit for the PSVita
  • CTurt - JuSt-ROP, the original PS4 Playground, as well as his work with 1.76.
  • XorLoser - File sizes and headers for the module dumps
  • Maxton - Assistance in understanding the exploit better and module dumping
  • Red-EyeX32 - Assistance in development
Github: https://github.com/modz2014/Porting-Kernel-exploit
Download: 315syscalls.js (7.19 KB)

Thanks to @Bultra, @hyndrid and @raedoob for the heads-up in the PSXHAX Shoutbox.
PS4 Playground 3.55 Revisited by Modz2014.jpg
 
Status
Not open for further replies.
Recent Articles
PS4 Android Application APK to Mod BO3 1.00 for 5.05 FW by MrNiato
Earlier this month we saw an All Clients Black Ops 3 (BO3) Zombie PS4 RTM Tool by PlayStation 4 homebrew developer @MrNiato, and today he shared on Twitter a PS4 Android Application to Mod BO3...
Pop Music Adventure Sayonara Wild Hearts Joins New PS4 Games Next Week
On September 19th next week included in the new PlayStation 4 video game releases is pop music adventure Sayonara Wild Hearts, which can be described as a dreamy, arcadey game that features...
Simple Wireless Rover for Raspberry Pi Controlled by PS4 DS4 via WiFi
Following the DJI Tello Drone and DeepRacer RC remote control PS4 DualShock 4 mods, recently Veilkrand on Github shared a Simple Wireless Rover for Raspberry Pi Controlled by PS4 DS4 via WiFi for...
Capcom Home Arcade Launches October 25th, Details and Trailer Video
Previously we covered the RetroEngine Sigma and Game Box Hero systems for emulation fans, and recently Capcom announced their Capcom Home Arcade launches this October 25th with pre-orders...
Top