Join Us and become a Member for a Verified Badge to access private areas with the latest PS4 PKGs.
Status
Not open for further replies.
Proceeding his PS4 6.20 Build Strings, PS4 7.00 Kernel String and Oct0xor's PS4 Blu-ray Drive Vulnerabilities that were patched in 7.02 on this New Year's Eve 2020 scene dev Fire30 (aka Fire30_ on Twitter) released a PS4 Webkit exploit for 6.XX consoles that gains addrof/fakeobj with arbitrary read/write primitives... according to the developer it was fixed in 7.00 leaving a potential window of opportunity between 5.50 and 6.72 OFW to work from. 🍾 🥳

Other PlayStation 4 scene contributions from him include a PS4 Webkit Exploit PoC for Firmware 2.XX, PS4 HENkaku Exploit: 3.55 Code Execution, HENkaku PS4 Exploit Update for 3.15 / 3.50 Firmware and this bad_hoist exploit comes following the previously released PS4 5.50 WebKit (Userland) Exploit Rewrite, PS4 6.XX JSC_ConcatMemcpy WebKit Exploit POC and PS4 6.20 WebKit Code Execution Exploit PoC for those following along. 👯‍♂️🎉👯‍♀️

Download: bad_hoist-master.zip / GIT

:alert: For newbs: This is a 6.XX PS4 WebKit (Userland) exploit and not a Kernel-level exploit, meaning until a fully implemented 6.XX Kernel exploit is publicly available you won't be able to jailbreak these PlayStation 4 consoles so don't update!

:idea: If you can't wait for a Future PlayStation 4 Jailbreak Exploit then Locate a Jailbreakable PS4 5.05 / 5.07 Firmware Console to enjoy playing hundreds of PS4 FPKG games, various emulators and homebrew applications.

It uses an Issue 1665: WebKit: JSC: BytecodeGenerator::hoistSloppyModeFunctionIfNecessary doesn't invalidate the ForInContext object bug from lokihardt of Project Zero, and from the README.md to quote: bad_hoist

Exploit implementation of CVE-2018-4386. Obtains addrof/fakeobj and arbitrary read/write primitives.

Supports PS4 consoles on 6.XX. May also work on older firmware versions, but I am not sure. Bug was fixed in firmware 7.00.

A champagne toast to @DEFAULTDNB for the heads-up of this news on Twitter earlier, and wishing everyone a very safe and Happy New Year's Eve 2020 tonight! 🥂
PS4 Webkit Bad_Hoist Exploit for PlayStation 4 Firmware 6.XX by Fire30.jpg
 

Comments

Doesn't mean anything. User exploits is on every FW from 5.05, but no KEX (lets not assume talkings that smbd. already has it, and don't releasing it). New KEX possible arrives together with PS5. Better be wrong, but..
 
In fact this is again bullcrap and more pro personal news to take seriously but don't rejoice it's all bluff, miss geohot and others, the devs of this generation are all next to sony, miss ps3 hours later having a cfw ferrox.

Today devs use exploits to their own advantage nothing more, just see what is said has already been tested has been released to the public is a lie, devs as in ps3 no longer exist, in ps4 these devs are very weak, talk by mouth, doing good is a lie.
 
I have to agree with @apotem 'no money no exploit' and @BaikalLakiab how can they predict that it will happen at Christmas 2020.

Someone got paid and this Sony's way of making you hang onto PS4 and not switch platform until they release PS5 then people will focus on PS5 and forget about the PS4. My 2 cents.
 
only 1 person exploit it ? There is many hacker can do this. this ps4 system more secure than iphone ios system ?

i know its diffirent things but they both linux. they easy jailbreak new ios versions. there is another hacker can hack too. i dont believe about money thing.
 
Status
Not open for further replies.
Back
Top