Join Us and become a Member for a Verified Badge to access private areas with the latest PS4 PKGs.
Status
Not open for further replies.
Proceeding the This is for the Pwners presentation at Black Hat Europe 2020 and the Talos WebSocket Vulnerability disclosure, PlayStation 4 developer sleirsgoevy shared on Twitter a PS4 WebKit Exploit 7.02 with Arbitrary Read / Write Access that can be used with the previously released PS4 7.02 Kernel Exploit (KEX) at a 10% success rate on 7.02 PS4 OFW prior to his fix for the crash in leakJSC(), alongside 7.02 Mira and Payload Ports via @Al Azif... who reminds everyone NOT to enable IDU Mode (read HERE why) while stating the following on Twitter:

⚠️ "Down time should be minimal but if you are already on an exploitable firmware you should probably hold up a bit to make sure everything is working."

Download: PS4-webkit-exploit-7.02.rar (33.8 KB) / PS4-webkit-exploit-6.XX-master.zip / GIT / PS4-webkit-exploit-7.02-master.zip / GIT (Fork by sleirsgoevy) / Demo / payloads_1.0.5.zip via Scene Collective's PS4 Payload Repo GIT / 702_MACROSS_COLLECTION_FOR_SLEIRSGOEVY.rar / Mira 7.00-7.02 PS4 Ports / GIT / PS4 7.02 Punch Payload Injector / 7.02 PS4 OFW PUP / test-payloads.7z (34.96 KB) / test-payloads-v2.7z (37.92 KB)

:note: For those in the PlayStation 4 Scene who are curious, HERE and HERE are lists of games through 7.02 that are not currently working with the 6.72 PS4 Jailbreak Exploit.

:idea: If you haven't done so yet, be sure to follow the PSXHAX Member Verification & PS4 Fake PKG (FPKG) Sharing Guide to become a Verified Member by getting a Blue Verified Badge (FAQ in the spoiler HERE) through our PSXHAX Floating Discord Channel to access private or restricted areas for the latest FPKG game releases! 🏴‍☠️

Some valid 7.02 addresses:
  • 0x200eb00d8
  • 0x200f300d8
  • 0x200fb00d8
  • 0x2011100d8
The success rate is about 10% for the last one. Unfortunately the exploit then crashes in the critical section in leakJSC. Will now investigate how to fix it.
Code:
Fix for the crash in leakJSC(): after debug_log("[+] Got a relative read"); insert        var tmp_spray = {};        for(var i = 0; i < 100000; i++)                tmp_spray['Z'.repeat(8 * 2 * 8 - 5 - LENGTH_STRINGIMPL) + (''+i).padStart(5, '0')] = 0x1337;

:arrow: Update: It appears the 7.02 WebKit exploit is also working on 7.51 through 7.55, but keep in mind the current Kernel exploit only supports up to 7.02 so those above will have to wait for a newer KEX to be released publicly for a full jailbreak.

PS4 7.51 WEBKIT EXPLOIT CONFIRMED via Quenlood

THIS IS NOT A FULL JAILBREAK AND WEBKIT EXPLOIT NOT STABLE BUT ABSOLUTELY WORKING.

FOR 7.02 I THINK GOING TO JAILBREAK SOON BUT FOR 7.51 WE NEED TO WAIT FOR KERNEL EXPLOIT. :(

THANKS SLEIRSGOEVY

PS4 WebKit Exploit 7.02 with Arbitrary Read Write Access and Payloads!.jpg
 

Comments

@alimazharali
Let's but most games haven't dumped from 6.72. I don't think they are going to dumping all games from 7.02 either. Slow but that's about it just like 6.72 incomplete dumping games.

@turrinha Me too but did you know that some games from 6.72 are not playable at all on 5.05? Yeah.
 
@KuroiTsuki Well dunno why you ask the question if you are so sure then ? the logical thing is to WAIT.. to see what 7.02 is like.. to see if things can be ported back.. and stability again.. the webkit on 7.02 has 10% success rate.. so yes.. new stuff.. wait.. or update.. up to you.

@TopSkillGamer No only 7.02.. there was a mention of one webkit at 8.00 or something but without kernel it can be done slow.
 
Status
Not open for further replies.
Back
Top