PS4 PS4 6.20 kernel Exploit Coming Soon ? TheFlow says " don‘t update past 6.20 if you want a kxploit"

It appears that TheFlow0 a very well know PS Vita developer/hacker who developed exploits like h-encore & Trinity and homebrew applications such as VitaShell for the PS Vita, has now been exploring the PS4.The developer has made a suggestion to the PS4 Community, as the dev advises anyone who is staying on lower ps4 firmware's in hopes for an exploit should not update past 6.20 Firmware, that got some attention as that could be the next fully exploited firmware that arises on the PlayStation 4. We have seen the release of multiple 6.20 WebKit exploits in the public (seen here from Specterdev (patched in 6.50) and then also Fire30 subsequently with another (different webkit entry) seen here (patched in 6.72)) which these two webkit exploits are the first piece, typically servings as a "foot in the door" or "entry point" for additional explorations / execution of potentials like a kernel exploits once (if) discovered.. TheFlow0's recent tweets (as outlined below) suggest he may of found that next piece in the all important kxploit and that means we may be graduating to 6.20 from 5.05 in the near future. However, this is still a bit early as the dev is just now getting his hands on the actual hardware to put his confident theories to the test (it appears, however he had confirmed (?) some discovery or theories with the latest tweet). This developer/hacker is very talented and well known so there is confidence among many of the claims made are positive steps forward. Stay tuned to the story as this develops, the developer is likely to give some additional progress reports in the future on his official twitter linked below, and we will keep you posted about any news that rolls out pertaining to what appears to be an advancement in the PS4 community that has been seeing a rise in development..

​

Tweet Timeline

• 
  
  • Mar 10 - Somebody wanna donate me a 6.20FW PS4?
    • Mar 11 - Alright my man @qwertyoruiopz has me one
  • Mar 11 - Also don't update past FW 6.20 if you want a kxploit
  • Mar 13 - I didn't have any vulnerabilities when I wrote that. Now I have. 3 days later

TheFlow's Official Twitter https://twitter.com/theflow0/
Additional coverage also @ wololo.net​

 

welp, looks like theflow is leaving the scene if his twitter is any indication. he called the people of the ps4 scene as feeling entitled and toxic. I can't say I blame him. great going, guys who called them lazy devs.

I totally understand him, and if he got fed up he can do whatever he wants... I'm not even 1% as pro as he is, and I have felt the same way a few times.

just as a small example, I left the PSX-Place Discord channels because the few times I was there, I was being insulted by random users about "hey I can't get XYZ game working with your fuckin' PKGI app, your tool is shit! I cannot play FREE GAMES!"... and shit like that.

they really felt entitled to piracy, and even more, they wanted to be spoon-fed with free games by homebrew devs.

I decided to stay away from that, I post my work whenever I want here, but without that toxic-kind of community around.

I bet theflow will still do a lot of PS stuff, but he will just keep it private.

 

It is sad how a few idiots can ruin things for the rest of us.

 

well, sony has started an exploit program. you can earn up to $50,000 if you find a big exploit with the ps4. several devs have already cashed in, so it's not looking good about another exploit release. I couldn't care less about piracy. I just want to play digitally. that's why I went all digital with the switch (have 106 games if you include my prepurchase of paper Mario).

 

I bet theflow will still do a lot of PS stuff, but he will just keep it private.

Very possible.
To be frank, I may eventually end up doing exactly that myself..

As to the bounty program, it is surprising (or maybe not lol) that sony took so long to get on the same page as everyone else when it comes to exploit fighting strategies.

 

well, one thing about hackers is that they usually like to show off their skills, so there probably will be an exploit. it just might take longer to be released. it's kinda like the three musketeers in the ps3 scene. marcan of team fail 0verflow said that the ps3 would've been fully hacked within a matter of days from the initial exploit if not for the lawsuits. the three musketeers were a different team that came to the same conclusion that fail 0verflow did some 18 months later.

 

I feeling extremely disappointing, mostly because he is that kind of guy who always releasing what he announce and in user friendly form. User always was warned to not update because of exploit coming, and always soon after Sony releasing new fw he say if still works or not. That's something which I missed in PS4 "scene".

It is hard to doing something while immature peoples around demanding and insulting. Simultaneously I cannot understand how fragile are minds of newer generations and weak for social bad influence... But probably because my emotional intelligence is equal zero and years of been bully makes me hard as titanium iridium alloy.

Anyway, good luck for him. And I hope one day I would be able to copy my trophies and extract any data from HDD and PFS.

 

I feeling extremely disappointing, mostly because he is that kind of guy who always releasing what he announce and in user friendly form. User always was warned to not update because of exploit coming, and always soon after Sony releasing new fw he say if still works or not. That's something which I missed in PS4 "scene".

not only he used to release and document his exploits for the end-user, I've seen some of his tech docs (the Trinity hack is the first that comes to mind) about how he achieved the exploit, and all the low level details, step by step.
The vita trinity hack is the one I remember explaining different hacks working together (one to get out of the PSP emu, then another to hack the vita, etc.)

edit: I had to look for that trinity doc again, it's really entertaining
https://theofficialflow.github.io/2019/06/18/trinity.html

 

I'm kinda thinking about selling my system. it's a limited edition dragon quest metal slime edition. it didn't come with its theme, but kiiwii found it for me. I made an unlock package. the download link was the god link, which I don't have, but I have the theme and unlock package I made:

it was free, so I don't consider it piracy. anyway, I have the final fantasy vii theme and unlock too, and I do own the final fantasy vii game (remastered with trophies) that contained it. here's what the system and the theme look like:

I do have the metal slime attachment. it looks more like a babble to me. anyway, do you think it would be worth anything? it's on 5.05.

 

I'm kinda thinking about selling my system. it's a limited edition dragon quest metal slime edition. it didn't come with its theme, but kiiwii found it for me. I made an unlock package. the download link was the god link, which I don't have, but I have the theme and unlock package I made:

View attachment 26441

it was free, so I don't consider it piracy. anyway, I have the final fantasy vii theme and unlock too, and I do own the final fantasy vii game (remastered with trophies) that contained it. here's what the system and the theme look like:

View attachment 26442

View attachment 26443

I do have the metal slime attachment. it looks more like a babble to me. anyway, do you think it would be worth anything? it's on 5.05.

if it was free from the publisher then i dont consider that piracy either. first thing i always do when i get a new disc is check for updates and see if there any free dlc.

 

it's free for the system. there's a download voucher, but since it was used, I couldn't download it. there's a 25th anniversary dq theme as well that's ugly as hell. that's what I had. the game voucher hadn't been used which I found odd. I lost the day one dlc for star ocean when I installed my backup. it overwrote what was on there including dlc, game, and updates.

 

I backed up the game and dlc as well. I named everything after the content id.