Join Us and become a Member for a Verified Badge to access private areas with the latest PS4 PKGs.
Status
Not open for further replies.
Proceeding his PS4 6.20 Build Strings, PS4 7.00 Kernel String and Oct0xor's PS4 Blu-ray Drive Vulnerabilities that were patched in 7.02 on this New Year's Eve 2020 scene dev Fire30 (aka Fire30_ on Twitter) released a PS4 Webkit exploit for 6.XX consoles that gains addrof/fakeobj with arbitrary read/write primitives... according to the developer it was fixed in 7.00 leaving a potential window of opportunity between 5.50 and 6.72 OFW to work from. 🍾 🥳

Other PlayStation 4 scene contributions from him include a PS4 Webkit Exploit PoC for Firmware 2.XX, PS4 HENkaku Exploit: 3.55 Code Execution, HENkaku PS4 Exploit Update for 3.15 / 3.50 Firmware and this bad_hoist exploit comes following the previously released PS4 5.50 WebKit (Userland) Exploit Rewrite, PS4 6.XX JSC_ConcatMemcpy WebKit Exploit POC and PS4 6.20 WebKit Code Execution Exploit PoC for those following along. 👯‍♂️🎉👯‍♀️

Download: bad_hoist-master.zip / GIT

:alert: For newbs: This is a 6.XX PS4 WebKit (Userland) exploit and not a Kernel-level exploit, meaning until a fully implemented 6.XX Kernel exploit is publicly available you won't be able to jailbreak these PlayStation 4 consoles so don't update!

:idea: If you can't wait for a Future PlayStation 4 Jailbreak Exploit then Locate a Jailbreakable PS4 5.05 / 5.07 Firmware Console to enjoy playing hundreds of PS4 FPKG games, various emulators and homebrew applications.

It uses an Issue 1665: WebKit: JSC: BytecodeGenerator::hoistSloppyModeFunctionIfNecessary doesn't invalidate the ForInContext object bug from lokihardt of Project Zero, and from the README.md to quote: bad_hoist

Exploit implementation of CVE-2018-4386. Obtains addrof/fakeobj and arbitrary read/write primitives.

Supports PS4 consoles on 6.XX. May also work on older firmware versions, but I am not sure. Bug was fixed in firmware 7.00.

A champagne toast to @DEFAULTDNB for the heads-up of this news on Twitter earlier, and wishing everyone a very safe and Happy New Year's Eve 2020 tonight! 🥂
PS4 Webkit Bad_Hoist Exploit for PlayStation 4 Firmware 6.XX by Fire30.jpg
 

Comments

I think, exploit/kexploit maybe public released after AAA games, like RE3 Remake, FFVII Remake, Cyberpunk 2077 etc. Or after released PS5. Not earlier.
 
Hello Namste to all, hope all of you doing great in your life. Today when I am surfing internet I found something strange bug which stating a what's app bug which can hack someone's what's app by posting a mp4 video.

I don't no it will help developers or not and by the way I am totally unfamiliar with coding and with forums. Here is a link for the bug.
 
well i don't see anything coming out till the PS5 gets released. It will probably take several month/years into the PS5 until a new jailbreak comes out. When not much people care about the PS4 anymore ;) But hopefully they prove me wrong.
 
So there's nothing that can be done with this WebKit if on 6.72? This is just news that 1 of 2 exploits has been achieved?
 
There some video apps in ps4 that launch a browser directly and loads html, js and css files from a remote host. I know that this webkit versions that launch the application are lower than the 7.02 Firmware version (5.31.3 vs 6.xx), Can be used this to test this vulnerability?
 
Status
Not open for further replies.
Back
Top