PS4 PS4 Firmware 9.00 Jailbreak Update (Released)

"In this project you will find an implementation that tries to make use of a filesystem bug for the Playstation 4 on firmware 9.00. The bug was found while diffing the 9.00 and 9.03 kernels. It will require a drive with a modified exfat filesystem. Successfully triggering it will allow you to run arbitrary code as kernel, to allow jailbreaking and kernel-level modifications to the system. will launch the usual payload launcher (on port 9020). - via project's official readme"

PS4 Firmware 9.00 Jailbreak Released
(awesome work by chendochap & @Znullptr)
https://twitter.com/i/status/1470225946007556097​

​

9.00 Jailbreak Update
​

About (Original ReadMe Trusted Video Creators

• 
  
  Readme below via (also see link for most upto date):
  https://github.com/ChendoChap/pOOBs4​

  ---

  .PS4 9.00 Kernel Exploit
  
  Summary
  
  • In this project you will find an implementation that tries to make use of a filesystem bug for the Playstation 4 on firmware 9.00. The bug was found while diffing the 9.00 and 9.03 kernels. It will require a drive with a modified exfat filesystem. Successfully triggering it will allow you to run arbitrary code as kernel, to allow jailbreaking and kernel-level modifications to the system. will launch the usual payload launcher (on port 9020).
  
  Patches Included
  
  The following patches are applied to the kernel:
  
  1. Allow RWX (read-write-execute) memory mapping (mmap / mprotect)
  2. Syscall instruction allowed anywhere
  3. Dynamic Resolving (sys_dynlib_dlsym) allowed from any process
  4. Custom system call #11 (kexec()) to execute arbitrary code in kernel mode
  5. Allow unprivileged users to call setuid(0) successfully. Works as a status check, doubles as a privilege escalation.
  6. (sys_dynlib_load_prx) patch
  7. Disable delayed panics from sysVeri
  
  Short how-to
  
  • This exploit is unlike previous ones where they were based purely in software. Triggering the vulnerability requires plugging in a specially formatted USB device at just the right time. In the repository you'll find a .img file. You can write this .img to a USB using something like Win32DiskImager.
  Note: This will wipe the USB drive, ensure you select the correct drive and that you're OK with that before doing this
  
  
  
  When running the exploit on the PS4, wait until it reaches an alert with "Insert USB now. do not close the dialog until notification pops, remove usb after closing it.". As the dialog states, insert the USB, and wait until the "disk format not supported" notification appears, then close out of the alert with "OK".
  
  It may take a minute for the exploit to run, and the spinning animation on the page might freeze - this is fine, let it continue until an error shows or it succeeds and displays "Awaiting payload".
  
  Notes
  
  • You need to insert the USB when the alert pops up, then let it sit there for a bit until the ps4 storage notifications shows up.
  • Unplug the USB before a (re)boot cycle or you'll risk corrupting the kernel heap at boot.
  • The browser might tempt you into closing the page prematurely, don't.
  • The loading circle might freeze while the webkit exploit is triggering, this means nothing.
  • This bug works on certain PS5 firmwares, however there's no known strategy for exploiting it at the moment. Using this bug against the PS5 blind wouldn't be advised.
  
  Contributors
  
  • laureeeeeee
  • Specter
  • Znullptr
  
  Special Thanks
  
  • Andy Nguyen
  • sleirsgoevy - 9.00 Webkit exploit
• 
  Tutorial
  
  
  About the Jailbreak
  

Thread edited by Admin (added info)​

 

Yeah no biggie man it happens and will get better as the scene develops. You folks should have been around the 3.41 PS3 dongle days. Keep seeing True Blue jokes but they were very very much later then the initial PSJB team and the $150 you had to pay to play.

I was there man lol. I still own a True Blue dongle. Hanging out in a box somewhere. It all started for me with 3.41 Hermes (believe it was called)... Good times! Soooo much history in that little capsule

 

I was there man lol. I still own a True Blue dongle. Hanging out in a box somewhere. It all started for me with 3.41 Hermes (believe it was called)... Good times! Soooo much history in that little capsule

Hahaha I still have all the True Blue disc they sold as well. I recall the day the PSJB debuted it was a little known Australian modding site. Everyone claimed BS but was true. Luckily Math and a few other key guys were able to reproduce the dongle for free.

 

Hahaha I still have all the True Blue disc they sold as well. I recall the day the PSJB debuted it was a little known Australian modding site. Everyone claimed BS but was true. Luckily Math and a few other key guys were able to reproduce the dongle for free.

The good ole days for sure... This video will take you back too

 

The good ole days for sure... This video will take you back too

Literally showed that to a buddy about two weeks ago. Didn't tell him how long ago it was. He said Sony is gonna eat that kid for dinner.

I then proceeded to tell the tale of Graf & the HV bible. How anon shut down PSN exposing plain text CC info. How they got it back online only to be shit down hours later again. They then dropped charges and backed off.

And then how Geohot hacked the latest Android OS got hired on. And how it is common place for companies work with hackers. Ah the circle of life

 

wow what a news!
It looks like it's easy, stable and straight forward to JB!
I am on 7.02 and though it works within a minute, sometimes it crashes two times in a row and then it takes 5mn to JB.
Once I'll have more user feedbacks on stability etc, I might switch to 9.00

 

1. why doc says 9.03 is working?

2. Does ps4 has to be completly working?
(I mean BD and BT)

3. Does ps4 has to be offline all the time?

 

Anyone else notice menu lag and freezing at times after enabling the JB?
Also is it safe to assume there isn't much in the way of home brew for 9.00 yet? Many of the packages I downloaded are all for up to 7.55

 

1. why doc says 9.03 is working?

It does not,

The bug was found while diffing the 9.00 and 9.03 kernels. I

When comparing 9.03 firmware and 9.00 there was a difference (as something was patched) and that is where they started to look and then discovered something had changed and they found the bug on 9.00 like that.. That statement does not suggest it works on 9.03 as well.

 

When you use the payload to disable updates, does this stop updates from being possible even after powering off and on the PS4 (i.e. no longer jailbroken)

Sorry probably seems like a stupid question but I'm just curious.

 

When you use the payload to disable updates, does this stop updates from being possible even after powering off and on the PS4 (i.e. no longer jailbroken)

Sorry probably seems like a stupid question but I'm just curious.

If you put it in sleep mode yes it remains disabled. And powered off you have no worries either. But it's best to change the settings in the system to not auto update.

 

If you put it in sleep mode yes it remains disabled. And powered off you have no worries either. But it's best to change the settings in the system to not auto update.

So someone on Reddit pointed out to me that apparently in order to keep the console staying in rest mode after you run the JB, you need to make sure the "keep applications suspended" option is turned on for the rest mode settings. I haven't tested it yet but will tonight.

 

So someone on Reddit pointed out to me that apparently in order to keep the console staying in rest mode after you run the JB, you need to make sure the "keep applications suspended" option is turned on for the rest mode settings. I haven't tested it yet but will tonight.

I just enable the JB everytime myself. Good to know for others. I am working on some goodies for Bloodborne modding as we speak. Can't wait!!

 

Maybe I'm in the wrong section for asking... but any "safe" link for old ps4 firmwares EU? Not only 9.00 also the firmware 8.52 - 8.50...
Thanks

 

Firmware for PS4 isn't regionalized. So there is no "EU firmwares", instead "worldwide firmwares". Download fw from any "unsafe place", it doesn't matter, just compare the firmware update packages checksums which will tell You if this fw version You looking for. Look for checksums on PS4 dev wiki.

 

Check here for firmware
http://archive.midnightchannel.net/SonyPS/Firmware/index.php?cat=PS4SYS

 

Solved thank you all very much... i have used md5checker.

 

Ou... I update on 9.03 yesterday, but its ok. I wait on another exploit

 

I know it's probably hard to tell but is there a chance that it'll be possible to enable this Jailbreak without USB drive in the future? I seriously considering Jailbreaking my PS4.

 

The reason why this hack needs USB is bug in exFAT parsing on external mass storage. Future hacks (if ever be any) with high probability will not need any USB (it will need it only if another such bug be found which is very unlikely or we are be able to clone service dongles (if there are any; like for PS3)).

 

This is a ras pi zero W, just waiting on a port from c0d3m4st4. to get my host up and running on it Should be able to just leave this guy plugged into my machine and always be able to run my xploit host from it. It looks like they are trying to get the usb device you need integrated into this as well, could end up being and all in one device for 9.00 hacking. ill do an entire write up about it when mine is complete.