PS4 PS4 Firmware 9.00 Jailbreak Update (Released)

"In this project you will find an implementation that tries to make use of a filesystem bug for the Playstation 4 on firmware 9.00. The bug was found while diffing the 9.00 and 9.03 kernels. It will require a drive with a modified exfat filesystem. Successfully triggering it will allow you to run arbitrary code as kernel, to allow jailbreaking and kernel-level modifications to the system. will launch the usual payload launcher (on port 9020). - via project's official readme"

PS4 Firmware 9.00 Jailbreak Released
(awesome work by chendochap & @Znullptr)
https://twitter.com/i/status/1470225946007556097

ps4.png
9.00 Jailbreak Update
About (Original ReadMe Trusted Video Creators

  • Readme below via (also see link for most upto date):
    https://github.com/ChendoChap/pOOBs4
    .PS4 9.00 Kernel Exploit

    Summary
    • In this project you will find an implementation that tries to make use of a filesystem bug for the Playstation 4 on firmware 9.00. The bug was found while diffing the 9.00 and 9.03 kernels. It will require a drive with a modified exfat filesystem. Successfully triggering it will allow you to run arbitrary code as kernel, to allow jailbreaking and kernel-level modifications to the system. will launch the usual payload launcher (on port 9020).

    Patches Included

    The following patches are applied to the kernel:
    1. Allow RWX (read-write-execute) memory mapping (mmap / mprotect)
    2. Syscall instruction allowed anywhere
    3. Dynamic Resolving (sys_dynlib_dlsym) allowed from any process
    4. Custom system call #11 (kexec()) to execute arbitrary code in kernel mode
    5. Allow unprivileged users to call setuid(0) successfully. Works as a status check, doubles as a privilege escalation.
    6. (sys_dynlib_load_prx) patch
    7. Disable delayed panics from sysVeri

    Short how-to
    • This exploit is unlike previous ones where they were based purely in software. Triggering the vulnerability requires plugging in a specially formatted USB device at just the right time. In the repository you'll find a .img file. You can write this .img to a USB using something like Win32DiskImager.
    Note: This will wipe the USB drive, ensure you select the correct drive and that you're OK with that before doing this



    When running the exploit on the PS4, wait until it reaches an alert with "Insert USB now. do not close the dialog until notification pops, remove usb after closing it.". As the dialog states, insert the USB, and wait until the "disk format not supported" notification appears, then close out of the alert with "OK".

    It may take a minute for the exploit to run, and the spinning animation on the page might freeze - this is fine, let it continue until an error shows or it succeeds and displays "Awaiting payload".

    Notes
    • You need to insert the USB when the alert pops up, then let it sit there for a bit until the ps4 storage notifications shows up.
    • Unplug the USB before a (re)boot cycle or you'll risk corrupting the kernel heap at boot.
    • The browser might tempt you into closing the page prematurely, don't.
    • The loading circle might freeze while the webkit exploit is triggering, this means nothing.
    • This bug works on certain PS5 firmwares, however there's no known strategy for exploiting it at the moment. Using this bug against the PS5 blind wouldn't be advised.

    Contributors

    Special Thanks

  • Tutorial

    About the Jailbreak


Thread edited by Admin (added info)
 
Last edited by a moderator:
Click to expand...
S
Yeah if I get impatient I'll try this out, but I know it'll bug me not being able to just shut the device off. I play very infrequently so I don't like to leave everything in standby forever.

I dunno about waiting forever though... this is the first time we've seen a JB for fairly current FW I think. But I guess we'll see... I'm cautiously optimistic someone's on it. =D
 
CrashV
I didn't understand the "it'll corrupt the kernal heap", so if I left the USB on it'll corrupt the firmware and have to do a reinstall?
 
Rautz
I can finally jailbreak my 4pro!
Thank you to everyone that had a part in making this happen
 
SeanRanklin
I really want to take full advantage of this as I've been waiting for a very long time, however my goal is to turn my base PS4 into an emulation station that can run everything up to PS2 era of gaming.

Is this possible with the current stage of jailbreak available?
 
S
Jailbroken PS4 can run PS1 n PS2 games easily. N retroarch is there for ps4 for other emulators. N u can even play PS3 games through Linux
 
Geese howard
SeanRanklin said:
I really want to take full advantage of this as I've been waiting for a very long time, however my goal is to turn my base PS4 into an emulation station that can run everything up to PS2 era of gaming.

Is this possible with the current stage of jailbreak available?
Click to expand...
Why don't buy a PS2 instead?
 
Checkity_CheckYoSelf
Questions about kernel panics... I put my ps4 into rest mode last night after fooling around with it for a while using Goldhen's payload. I know it was in rest mode too cause my controllers were charging when I went to bed.

Woke up this morning and noticed the orange light was not on, meaning the console was in an "off" state. I don't think it could of been a power surge cause my pc was still running as I had left it.

Are kernel panics something that can happen in rest mode? and if so would this be the likely outcome?
 
atreyu187
Checkity_CheckYoSelf said:
You might want to re-read this thread. This is for the ps4, not ps5.
Click to expand...

Well yes and no. The exploit will work on PS5 but the dev does not have one ATM but has been confirmed that the bug is still present on current firmware. Leaving my PS5 as it is I bought another last night with Walmart's restock.

Checkity_CheckYoSelf said:
Questions about kernel panics... I put my ps4 into rest mode last night after fooling around with it for a while using Goldhen's payload. I know it was in rest mode too cause my controllers were charging when I went to bed.

Yes it can happen the guys will iron out most issues. It happened to me as well. Just ran the exploit again no issues. So far I have 100% launch rate. Really this is an amazing exploit
Click to expand...
 
Checkity_CheckYoSelf
atreyu187 said:
Well yes and no. The exploit will work on PS5 but the dev does not have one ATM but has been confirmed that the bug is still present on current firmware. Leaving my PS5 as it is I bought another last night with Walmart's restock.
Click to expand...
Yea I kept my ps5 non-updated for about the last month, but bit the bullet last week and updated it to play some stuff online. Kinda wish I had held out another week now lol. Might be time for me to shop around for another one if I can get lucky again...
 
ZooNooU
*cries in pain*
updated to 9.03 literally 2 days ago
any chance that 9.03 will join anytime soon?
or I just give up hoping?
 
SeanRanklin
Sam2627 said:
Jailbroken PS4 can run PS1 n PS2 games easily. N retroarch is there for ps4 for other emulators. N u can even play PS3 games through Linux
Click to expand...
I'm going to have to do some research about this. I want all systems including Nintendo to be able to run on my PS4.

Does anyone see any benefit in staying on 8.03 or should I just update to 9.00 for this stuff?
 
RandQalan
atreyu187 said:
This is way more stable then 6.72 & 7.55. Never tried 5.05 but 9.00 has worked every single time I try to enable.
Click to expand...
Yea it surprised me also. I have intentionally put it threw a test. Multiple times turned off and applied JB it has worked 99% of the time. I had 7.55 before this man and I will say 9 is like a golden JB in comparison. :chewie:
 
atreyu187
atreyu187 said:
Well yes and no. The exploit will work on PS5 but the dev does not have one ATM but has been confirmed that the bug is still present on current firmware. Leaving my PS5 as it is I bought another last night with Walmart's restock.
Click to expand...




Woke up this morning and noticed the orange light was not on, meaning the console was in an "off" state. I don't think it could of been a power surge cause my pc was still running as I had left it.

Are kernel panics something that can happen in rest mode? and if so would this be the likely outcome?[/QUOTE]


Yeah no biggie man it happens and will get better as the scene develops. You folks should have been around the 3.41 PS3 dongle days. Keep seeing True Blue jokes but they were very very much later then the initial PSJB team and the $150 you had to pay to play.


RandQalan said:
Yea it surprised me also. I have intentionally put it threw a test. Multiple times turned off and applied JB it has worked 99% of the time. I had 7.55 before this man and I will say 9 is like a golden JB in comparison. :chewie:
Click to expand...


This if you ask me is by far the most stable JB out there so this is really going to open up a huge opportunity to bring new devs on board. I am sure we will not see it cracked right open like the PS3 but who knows. And being 100% honest I am super glad it doesn't work on a PSN connectable firmware.

SeanRanklin said:
I'm going to have to do some research about this. I want all systems including Nintendo to be able to run on my PS4.

Does anyone see any benefit in staying on 8.03 or should I just update to 9.00 for this stuff?
Click to expand...

Huge benefit the exploit works on 9.00 it doesn't on 8.0X and its an "ok" emulation system but my phone does way better then the PS4 if I am being honest. It is a nice novelty and very niche area. There isn't a huge user base like Android or PC so development will come just do not expect miracles. I can tell you the Wii U runs fairly well better then PS2 emulation or using the official methods. Had a hacked system a while now and it is nice to have but the setup and such doesn't seem worth it to me. But I get what you are trying to do and if you have a weaker PC or npot a flagship phone this may be just the platform for you.
 
Last edited:
You must log in or register to reply here.

Similar threads

Featured content

Trending content

Latest posts

Back
Top