Ryan111 PlayStation 4 4.00 WebKit Development Update

All day PS4 dev @ryan111 (PS4Work Blog updates from him HERE and HERE) has been working on a PlayStation 4 4.0 jailbreak, and has come across a "command" in the web browser about: that gives you info about it.

Which reads:

AppVersion 5.0 (Playstation 4 4.00) AppleWebKit/537.78 (KHTML, like Gecko)
UserAgent Mozilla/5.0 (Playstation 4 4.0) AppleWebKit/537.78 (KHTML, like Gecko)
Language en-US
OnLine true

Now i did some research on this and this is what i came up with.

https://user-agents.me/useragent/mozilla50-macintosh-intel-mac-os-x-10_9_4-applewebkit537782-khtml-like-gecko-version706-safari537782

Which is about the WebKit and:

https://www.cvedetails.com/vulnerability-list/vendor_id-452/product_id-3264/version_id-112576/Mozilla-Firefox-5.0.html

Which are vulnerabilities for Mozilla 5.0.

Now im not sure if this has already been found but this is the first of me hearing it. Wanted to post this for people so they could know devs are working on a 4.0 JB and never give up hope.

Finally, below are some related Tweets from PlayStation 4 developer CTurt and the ReadMe file from the work-in-progress PS4 Playground 4.00 GIT via darkslake, to quote:

PS4 4.00 Unsigned Code Execution

This GitHub Repository contains all the necessary tools for getting PoC Unsigned Code Execution on a Sony PS4 System with firmwares 3.15, 3.50, 3.55 and 4.00-exploit-ps4.
This Exploit, is based-off Henkaku's WebKit Vulnerability for the Sony's PSVita. It includes basic ROP and is able to return to normal execution.

Pre-Requisites:

1. A PC
   1. Running Windows, macOS or Linux
   2. A already set up basic server where the PS4 User's Guide launcher will point for loading the payload
   3. Python 2.7.X
      • Python 3.X gives problems, since they included major changes on the syntax and on the libraries in comparison with 2.7
2. A Sony PlayStation 4
   1. Running the following firmwares:
      • 4.00
3. Internet Connection (PS4 and PC directly wired to the Router is the mostly preferred option)

Usage:

There are two different methods to execute the Exploit, but first let's clarify how we will know which one to use. If your PlayStation 4 has got an already set-up PlayStation Network Account on it, you should use method 1.

Else, if your PlayStation 4 -NEVER- had a PlayStation Network Account on it, you should use method 2. Probably you will ask why, it's pretty much easy to explain and understand:

When you buy a PS4, comes unactivated, meaning that nobody has entered SEN Account on it. (Method 2) Once you use a SEN Account on it, the PS4 becomes an activated console. (Method 1) This doesn't affect the actual payload, but you should take in mind which method use.

Method 1:

Run this command on the folder you've downloaded this repo:

python server.py

All the debug options will be outputted during the Exploit process. Navigate to your PS4's Web Browser and simply type on the adress bar, your PC's IP Adress. Wait until the exploit finishes, once it does, PS4 will return to it's normal state. An example of what will look like found HERE.

Method 2:

A dns.conf file which is present on the source, needs to be edited accordingly your local PC's IP Address. PlayStation 4's DNS Settings must be changed in order to point the PC's IP Address where the Exploit is located. Once you've edited the dns.conf file, simply run the next command on the folder where you downloaded this repo:

python fakedns.py -c dns.conf

And then:

python server.py

All the debug options will be outputted during the Exploit process. Once Python part is done, get into your PlayStation 4, navigate to the User's Guide page and wait until exploit finishes out. An example of what will look like found HERE.

Miscellaneous:

If you want to try the socket test, change the IP Address located at the bottom of the ps4sploit.html file with your computer's one and run this command:

netcat -l 0.0.0.0 8989 -v

You should see something like:

Listening on [0.0.0.0] (family 0, port 8989)
Connection from [192.168.1.72] port 8989 [tcp/sunwebadmins] accepted (family 2, sport 59389)
Hello From a PS4!

Notes about this exploit:

• Currently, the exploit does not work 100%, but is around 80% which is fine for our purposes.
• Although it is confirmed to work, sometimes will fail, just wait some seconds and re-run the payload.
• Performing too much memory allocation after sort() is called, can potentially lead to more instability and it may crash more.
• The process will crash after the ROP payload is done executing.
• This is only useful for researchers. There are many many more steps needed before this becomes useful to normal users.

Acknowledgements

xyz - Much of the code is based off of his code used for the Henkaku project
Anonymous contributor - WebKit Vulnerability PoC
CTurt - I basically copied his JuSt-ROP idea
xerpi - Used his idea for the socket code
rck`d - Finding bugs such as not allocating any space for a stack on function calls
Maxton - 3.50 support and various cleanup
Thunder07 - 3.15 support darkslake - 4.00 support and various cleanup

Contributing

The code currently is a bit of a mess, so if you have any improvements feel free to send a pull request or make an issue. Also I am perfectly fine if you want to fork and create your own project.

final-4.00-exploit-ps4

 

[bodeg]

Kek, why is this on front-page? Ryan111 is the biggest fraud ever kek.

 

[djjesus21]

alfinal acefalta update 4.00 or 3.55 mequedo

 

[spyro2670]

PSXHAX honestly mate.. it is really important that we take this info with a grain of salt.. Ryan never got FTP working on ps4... Even Specter could not get that working. Please guys are you encouragin another NGCHEATS scene drama ?

COME ON!

 

[PSXHAX]

Kek, why is this on front-page? Ryan111 is the biggest fraud ever kek.

Did you read my reply answering just that question HERE?

​

alfinal acefalta update 4.00 or 3.55 mequedo

English please?

PSXHAX honestly mate.. it is really important that we take this info with a grain of salt.. Ryan never got FTP working on ps4... Even Specter could not get that working. Please guys are you encouragin another NGCHEATS scene drama ?

COME ON!

As far as I'm aware @ryan111 is still working on this as an ongoing project... I don't hang in Discord much, so if you know more than I do post post post and give us all the juicy (or not so juicy) deets!!!

We'll gladly add ya as an Author here if you feel you can cover what the PS4 devs are working on better than the current Authors (myself included) do.

Oh, and everything should be 'taken with a grain of salt' until a working PS4 jailbreak / hack / iSOLoader / etc is released and we can turn this into a full blown juarez site... instead of a vanilla wannabe HaX0ring forum to waste our days away at

 

[bodeg]

Did you read my reply answering just that question HERE?

​

alfinal acefalta update 4.00 or 3.55 mequedo

English please?

PSXHAX honestly mate.. it is really important that we take this info with a grain of salt.. Ryan never got FTP working on ps4... Even Specter could not get that working. Please guys are you encouragin another NGCHEATS scene drama ?

COME ON!

As far as I'm aware @ryan111 is still working on this as an ongoing project... I don't hang in Discord much, so if you know more than I do post post post and give us all the juicy (or not so juicy) deets!!!

We'll gladly add ya as an Author here if you feel you can cover what the PS4 devs are working on better than the current Authors (myself included) do.

Oh, and everything should be 'taken with a grain of salt' until a working PS4 jailbreak / hack / iSOLoader / etc is released and we can turn this into a full blown juarez site... instead of a vanilla wannabe HaX0ring forum to waste our days away at

Nah, I've been talking with him for a while, as soon as you ask him something technical, he calls you a hater. He also claimed to be working on a update pup to install via recovery mode kek. ;') Don't get your hopes up people. Up until now he hasn't released a tiny thing in his '' huge '' library. Also, He's 16 and on special education. So go figure.

 

[PSXHAX]

Besides the leaked Sony stuff, he released some files on his PS4Work Blog that he said he dumped when asked about it before.. would I rest the fate of the PS4 hacking scene on him or any one person though?

Nope. All we can do is hang in there and keep on keepin on

 

[bodeg]

Besides the leaked Sony stuff, he released some files on his PS4Work Blog that he said he dumped when asked about it before.. would I rest the fate of the PS4 hacking scene on him or any one person though?

Nope. All we can do is hang in there and keep on keepin on

Wasn't that dump just a copy though.
But not anything against you, just so far I've only heard this guy talk about how good he is, yet nothing useful came on the surface, stolen code from the ps4 open *** did though.

 

[PSXHAX]

All I'm going by is what he said in the linked post, that he dumped them from his consoles and his friends... which, mind you... is far more than I've dumped lately

Many people here (like me) could care less about dumping their own stuff, so those who do take the time to actually do something give the rest of us lazy cork-soakers something to pat them on the back for.

You may be right, he may be no good, another NGCheats, yada yada... that's what forums are for though, to all get together and beat it outta (errr discuss it with) one another.

And for the Lulz just remember:

​

 

[B7U3 C50SS]

Here is a brief summary of some things @ryan111 did in recent weeks on his PlayStation 4 v4.00 setup:

• FTP working on PS4 4.00
• Runtime for PS4 4.00
• Javascript code executing
• Linux commands running through browser via HTML and webserver
• Set up PHP webserver to execute the code
• Access to different TMP directories via FileManager
• FTP connected via OpenRoadFTP
• Extracted the kernel from FreeBSD
• Unpacked .KO files from kernel folder
• Access to some browser commands

@PSXHAX He hasn't done anything like that. Only these ones.

• Javascript code executing
  
• Set up PHP webserver to execute the code
  
• Unpacked .KO files from kernel folder (this only requires you to need 7zip, if that's what he did.)

• no.. he hasn't.. Extracted the kernel from FreeBSD (Ohh you mean from the ftp directory online on FreeBSD's FTP DIR??) unless of course.. You guys think @ryan111 actually did find a way of dumping kernel from 4.00 and he never shared it. but has all these other "exploits" that are no good.

• While i'm at it. His "Working FTP" does not pull anything off of the PS4 he only took files from the Linux server he set up without realizing it.

@VultraAID What's your opinion? You too, @PSXHAX

 

[ryan111]

anyways I'm quiting cause people are just starting to piss me off you guys realize the reason people don't release stuff to you is because your first reaction with out proof is saying its fake anyways good luck with the scene and I hope you guys find something