Since the PS4 7.02 Kernel Exploit release by theflow0 and his PS4 Webkit Bad_Hoist 6.72 Exploit Port WIP, PlayStation 4 scene developer sleirsgoevy (Twitter) added an experimental a stable PS4JB: PS4 6.72 Jailbreak Exploit implementation to his Github repository today for those seeking to test it out... and it supports offline cache to remove the need for hosting. 
Live PS4 6.72 Jailbreak Demo mirrors will be added above as time permits... also as new 6.72 Fake PKGs (FPKGs) are dumped remember we don't allow them on the public forums so be sure to get a Verified Badge via Discord to access the private areas for such things and rock on with everybody there! 
Some other tips to be aware of with the influx of newcomers due to the 6.72 PS4 Jailbreak news:
From the README.md: PS4JB
This is a full chain exploit for PS4 firmware 6.72. Basically this is TheFlow's POC together with PS4-specific kROP & kernel patches. Mira is used as a HEN payload.
Building from source
To build from source, clone this repository recursively, and run these commands:
You will get a fresh copy of the binary build in src/build/.
Dependencies: python3, gcc, ROPgadget. Note: Mira is not being built from source
Adding your own payloads
miraldr.c loads 65536 bytes at address stored in JS variable mira_blob into RWX memory and jumps to it. At this point only the minimal patches (amd64_syscall, mmap, mprotect, kexec) are applied (i.e. the process is still "sandboxed"). Normally mira_blob contains MiraLoader.
mira_blob_2_len bytes at mira_blob_2 are sent to 127.0.0.1:9021 in a background thread. If mira_blob contains MiraLoader this will be run in the same way but with the full patchset applied & already jailbroken.
Credits
READ THIS CAREFULLY BEFORE PROCEEDING
In case you're dumb: this ONLY works on FW 6.72. If you are on a lower firmware, download a 6.72 retail update file here and update your system. If you are on a higher firmware (e.g. 7.02), your console CAN'T BE HACKED yet.
This exploit consists of two steps: the actual jailbreak (JB) and Mira+HEN (MIRA). To pirate games run homebrew software, you need to activate JB first, and then MIRA. Not just one of them, not the other way round. First JB then MIRA.
1. Click on the link that says JB. In about 20 seconds you'll get an alert saying "You're all set!", followed by "There is not enough free system memory". This means that everything has gone well.
If something went wrong during the process, you may get an alert saying "Jailbreak failed! Reboot your PS4 and try again.". In this case you must reboot your PS4, preferably without closing the dialog box.
Claims that Mira does not have HEN are false, do not believe them!
This exploit does crash and hang. Sometimes you even have to retry 10 times to get the jailbreak.
Sleirsgoevy on porting the toolchain to other PS4 Firmware versions:
Just in case, the checklist to port the toolchain (my implementation of bad_hoist + retargeted shinh/8cc) to another firmware:
Related Tweets:
Unstable...
PS4 Jailbreak 6.72 Stable Release with Payloads Included and Stability Improved
PS1 Emu Test on PS4
Download: Ps1HDemu.rar (3.73 MB) / GIT by Zcor3x / EP0000-SCES02545_00-MEDIEVIL2E000001-A0100-V0100.pkg (596.7 MB by Vitt0x_Lar_YT) via @Vitt0xLar on Twitter / GUI
It's very sad that any new ps2 classic has not been dumped yet, anyway if someone has this games, please dump it so we can get other ps2 emulators. List: Official PS2 Games List to Dump
Full PS4 Jailbreak Tutorial (6.72 or Lower!)
Use the following Ghidra script on a decrypted libkernel_sys.sprx loaded with GhidraOrbis to add mast1c0re support for other firmware versions (Dumps the `***/include/offsets/ps/libkernel/psx/xx.xx.hpp` file)
- Should you update your PS4 Firmware to 6.72? Most sceners don't recommend it yet, but if you can't wait there are plenty of mirrors for it available HERE.
- Should you update your PS4 Firmware to 7.02? No, as there is currently no public Webkit / Userland entry point for the previously released PS4 7.02 Kernel Exploit.
- What if your PS4 is on Firmware above 7.02? All you can do is wait on a Future PS4 Jailbreak Exploit for higher Firmware or Find a Jailbreakable PS4 Console.
Live PS4 6.72 Jailbreak Demo mirrors will be added above as time permits... also as new 6.72 Fake PKGs (FPKGs) are dumped remember we don't allow them on the public forums so be sure to get a Verified Badge via Discord to access the private areas for such things and rock on with everybody there! Some other tips to be aware of with the influx of newcomers due to the 6.72 PS4 Jailbreak news:- Do not post Tweets in the forum, the Staff will add noteworthy ones to the article OP's as time permits.
- Do not post links to PS4 FPKG downloads (get a Verified Badge via Discord to access the private areas for such things).
- Do not post PS4 FW 6.72 Jailbreak videos, search YouTube... we'll add some to relevant articles as time permits.
- Do not post in non-English per the Rules, use Google Translate prior to replying instead.
From the README.md: PS4JB
This is a full chain exploit for PS4 firmware 6.72. Basically this is TheFlow's POC together with PS4-specific kROP & kernel patches. Mira is used as a HEN payload.
Building from source
To build from source, clone this repository recursively, and run these commands:
Code:
cd src
makeDependencies: python3, gcc, ROPgadget. Note: Mira is not being built from source
Adding your own payloads
miraldr.c loads 65536 bytes at address stored in JS variable mira_blob into RWX memory and jumps to it. At this point only the minimal patches (amd64_syscall, mmap, mprotect, kexec) are applied (i.e. the process is still "sandboxed"). Normally mira_blob contains MiraLoader.
mira_blob_2_len bytes at mira_blob_2 are sent to 127.0.0.1:9021 in a background thread. If mira_blob contains MiraLoader this will be run in the same way but with the full patchset applied & already jailbroken.
Credits
- Fire30 for the WebKit exploit
- TheFlow for the kernel exploit
- Rui Ueyama and shinh for the 8cc compiler
READ THIS CAREFULLY BEFORE PROCEEDING
In case you're dumb: this ONLY works on FW 6.72. If you are on a lower firmware, download a 6.72 retail update file here and update your system. If you are on a higher firmware (e.g. 7.02), your console CAN'T BE HACKED yet.
This exploit consists of two steps: the actual jailbreak (JB) and Mira+HEN (MIRA). To pirate games run homebrew software, you need to activate JB first, and then MIRA. Not just one of them, not the other way round. First JB then MIRA.
1. Click on the link that says JB. In about 20 seconds you'll get an alert saying "You're all set!", followed by "There is not enough free system memory". This means that everything has gone well.
If something went wrong during the process, you may get an alert saying "Jailbreak failed! Reboot your PS4 and try again.". In this case you must reboot your PS4, preferably without closing the dialog box.
- If the system hangs for more than a minute (may require more time on slow Internet connections), reboot your PS4 and try again.
- If the system crashes (looks like instant powerdown), press the power button on the PS4 (NOT on the gamepad) until it turns on again, then retry.
Claims that Mira does not have HEN are false, do not believe them!
This exploit does crash and hang. Sometimes you even have to retry 10 times to get the jailbreak.
Sleirsgoevy on porting the toolchain to other PS4 Firmware versions:Just in case, the checklist to port the toolchain (my implementation of bad_hoist + retargeted shinh/8cc) to another firmware:
- If the exploit.js crashes, look at the comments inside it.
- The GOT offset, relative to textarea's leaked virtual method, is hardcoded in bad_hoist/memserver/dump_module.py, bad_hoist/dumpers/dump_got.js, and bad_hoist/rop/rop.js. You'll need to replace them with the correct offset.
- GOT indices corresponding to specific system modules are hardcoded in bad_hoist/memserver/Makefile and bad_hoist/rop/rop.js. You'll need to change them accordingly.
- Offsets to some libc & libkernel functions (relative to the corresponding GOT entries) are hardcoded in bad_hoist/rop/rop.js.
- The "pivot gadget" is expected to be mov rsp, [rdi+0x38] ; pop rdi ; ret. You'll need to rewrite the pivot() code if this gadget doesn't exist.
- The code expects a specific layout of the register save area utilized by loadall/saveall functions. It is documented in ps4-rop-8cc/ps4/saveall.h. The pivot gadget from above is a part of a proper loadall() function.
Related Tweets:
Unstable...
PS4 Jailbreak 6.72 Stable Release with Payloads Included and Stability Improved
PS1 Emu Test on PS4
Download: Ps1HDemu.rar (3.73 MB) / GIT by Zcor3x / EP0000-SCES02545_00-MEDIEVIL2E000001-A0100-V0100.pkg (596.7 MB by Vitt0x_Lar_YT) via @Vitt0xLar on Twitter / GUI
It's very sad that any new ps2 classic has not been dumped yet, anyway if someone has this games, please dump it so we can get other ps2 emulators. List: Official PS2 Games List to Dump
- Jak 2
- Jak 3
- Jak X
- Ace Combat 5
- Red Dead Revolver
- Primal
- The Forbidden Siren
- Art of Fighting Anthology
- Red Faction 2
- Harvest Moon Save the Homeland
- Harvest Moon A Wonderfull Life Special Edition
- ADK DAMASHII
- SAMURAI SHOWDOWN VI
- Ape Escape 2
- Kinetica
- Wild Arms 3
- Okage Shadow of the King
- Rise of the Kasai
- Dark Chronicle
- Star Wars Bounty Hunter
- Star Wars Racer Revenge
- Arc The Twilight of the Spirits
- Dark Cloud
- Dark Cloud 2
- The Mark of Kri
- War of the Monsters
- The King of Fighters’ Collection The Orochi Saga
Full PS4 Jailbreak Tutorial (6.72 or Lower!)
Use the following Ghidra script on a decrypted libkernel_sys.sprx loaded with GhidraOrbis to add mast1c0re support for other firmware versions (Dumps the `***/include/offsets/ps/libkernel/psx/xx.xx.hpp` file)
