PS4 A New PS4 kernel exploit by qwertyoruiop

Things are starting to get a bit interesting in the PlayStation 4 Hacking Scene, as well known hacker qwertyoruiop a couple of days ago released a webkit exploit for 4.0x firmware (non 4.50), however this exploit needs a kexploit (kernel exploit) on the same level as something like 1.76 firmware and did not work in 4.50. So the hacker has been working on a kernel exploit as well and in 5 days the developer has not only a kernel exploit but one that works for 4.50 but with 4.50 we do not have an entry point to execute the kernel exploit, which is where the webkit exploit comes in. So 4.50 user's appear has some strong hope , .

C8YkhwRWsAANHFy.jpg

Various Tweets and Comments from the hacker

    • Nothing to kernel in 5 days. GG sony
    • 0day, it should work on 4.50 too
    • It was actually simpler than expected. iOS is more challenging from the post exploitation point of view
    • 30 hours of no sleep later i am finally happy about the ps4 exploit
    • So it turns out sony is doing sneaky syscall shit. updated code some further, you'll have to manually call libkernel syscall stubs
    • updated ps4 rce with actually functioning fcall and syscall primitives
    • updated ps4 exploit with rop code exec (for 4.06 specifically).
    • updated the ps4 exploit with some more comments and it no longer alerts a JSValue, but prints a function pointer

 
Last edited:
Click to expand...
barelynotlegal
@bguerville
looked at syscall.js and a few other files and didnt see 4.02
updated to 4.06, worked of course and didnt get the out of memory issue
thank for the advice of ugrading seems all is well .

didnt see the kexp tab but the 2 other work
(like photo in tittle)
 
bguerville
@barelynotlegal
That's correct, in the Cryptogenic release, there is no support for 4.01 & 4.02, maybe because they were not official retail releases (beta fw?).
Also there is no kexp information because as you can guess from its name, it is the kernel exploit part which is not included in this wk-only release.
 
Last edited:
pinky
the exploit now works for firmwares 3.50 to 4.07 excluding 4.05 I believe. I just tested it on 4.07, and it works! webkit and kernel exploitation.
 
pinky
barelynotlegal said:
@pinky
o_O
uz cra.
Click to expand...

check out @SockNastez previous post. u download the required files. drop them into a folder (name can be anything). place them in the htdocs folder of xampp. then, type in the ip address of ur pc/folder that u just named on ur ps4. boom, kernel access. I tested it earlier today. it's basically how u used to host wii u wekit exploit files.
 
Last edited:
bguerville
pinky said:
the exploit now works for firmwares 3.50 to 4.07 excluding 4.05 I believe. I just tested it on 4.07, and it works! webkit and kernel exploitation.
Click to expand...
pinky said:
check out @SockNastez previous post. u download the required files. drop them into a folder (name can be anything). place them in the htdocs folder of xampp. then, type in the ip address of ur pc/folder that u just named on ur ps4. boom, kernel access. I tested it earlier today. it's basically how u used to host wii u wekit exploit files.
Click to expand...
I am not sure what you are talking about TBH but I am sure there is no kernel exploit in Cryptogenic's repo.
[No need to take my word for it actually, Specterdev has released a full writeup...]
Once the wk vulnerability has been exploited, you can call syscalls using a wrapper but you are still in userland & cannot break out of it without qwertyuiop's kexp.

I believe that @barelynotlegal has already tested the multi fw wk exploit repo files successfully anyway(?).
 
Last edited:
barelynotlegal
didnt have much time this morning so going to ask for when i get home,
i went to the link and saved as zip, extracted to xammp/hotdocs/document/ps4 while. then using the manuals way i get to google and type my 192.168.x.xxx/document/ps4. while running apache via xampp. anything else required?
(seems the more reading i do the more lost i get.)
thanX in advance
 
bguerville
Nope. No extra steps are required to test if it works... Of course, you must ensure that communication with Apache will not be hindered by AV or Firewall rules as well as your router setup.
 
pinky
oh, I didn't realize it wasn't a kernel exploit. I saw the kernel options, which weren't available when I tested the original, and naturally assumed I had been given kernel access. my mistake. <hides in corner> the webkit exploit is pretty stable from what I saw.
 
barelynotlegal
bguerville said:
Nope. No extra steps are required to test if it works... Of course, you must ensure that communication with Apache will not be hindered by AV or Firewall rules as well as your router setup.
Click to expand...

so when i get home ill try that, and if successful what should i expect to see on ps4 end? its my first time, lol.
(my goal is to play my steam games)
 
bguerville
barelynotlegal said:
so when i get home ill try that, and if successful what should i expect to see on ps4 end? its my first time, lol.
(my goal is to play my steam games)
Click to expand...
Expect nothing much. Without kexp, no Linux so no steam games.
With only the wk exploit you can run unsigned code in userland. That is it.
At this stage, the Cryptogenic repo is for devs not users anyway.
 
T
so picked up a ps4 pro model number CUH-7016b if anyone is interested. Comes with firmware 4.07. Question is there still away to sign in on lower firmware? I see qwertyoruiop had posted it's ok to go to go to 4.55?
 
bguerville
As far as I know PSProxy stopped working back in November 2016 when S@ny updated PSN & released fw 4.05.

qwertyuiop said it was safe to update to 4.50 because he just jailbroke the ps4 in 4.50 with a double wk+kernel exploit.
It means that all brews that could run on ps4 fw 1.76 as well as Linux can now run on 4.50.
This makes 4.50 the new milestone in ps4 hacking & although anything is possible it's very unlikely that further hacking/homebrew development would take place on a firmware version below.

However, if you are updating to 4.50 to regain psn access, remember that the 4.55 fw update rolled out yesterday so you will still be facing the same issue again anyway...
Note that it's very likely that qwertyuiop's kernel exploit is still unpatched by s@ny in 4.55 so it could be safe to update.
If you are considering such a move though, make sure that qwertyuiop or other trustworthy sources confirm it is ok to do so before going ahead!
 
Last edited:
You must log in or register to reply here.

Similar threads

Featured content

Trending content

Latest posts

Back
Top