When we seen the PS4 6.72 Jailbreak go live from theflow0 's disclosure of a kernel exploit, we knew from reading his reasearch that his findings could work upto 7.02 OFW, but 6.72 OFW became the candidate because the kxploit needed an entry point as well. Thanks to Fire30's previous webkit exploit release to the public, 6.72 then having the complete puzzle that was the natural progression from the previous 5.05 Jailbreak.
Now we have seen developer sleirsgoevy release the needed webkit exploit for 7.02, so now we have the complete puzzle to begin the porting and jailbreaking of the console. Mira and various other things will need to be ported before this new PlayStation 4 Jailbreak is useful but that is the easy work compared to what has been released and is available to us, with a bit of time and patients from the community it appears that 7.02 OFW is the next PS4 jailbreak. This is not a huge jump from 6.72 but should allow for a few more games to be playable on a jailbroken and give user's a few more options when seeking a console to jailbreak. Hackers and developer's are moving up the ladder, but there is still work to be done on 7.02 before its time to consider an update and leave a more polished jailbreak, then for one that is still a work in progress.
Now the developer is trying to get Mira ported & working on the new jailbreak, there has been some progress.. After the dev discovered an issue he accidentally introduced, he was able to get Mira working on 7.02, but there is more test as getting it to run is only part of the war but that battle has been solved. Now, testing homebrew launching and other elements will be next. So stay tuned at the 7.02 jailbreak evolves!!!
Now we have seen developer sleirsgoevy release the needed webkit exploit for 7.02, so now we have the complete puzzle to begin the porting and jailbreaking of the console. Mira and various other things will need to be ported before this new PlayStation 4 Jailbreak is useful but that is the easy work compared to what has been released and is available to us, with a bit of time and patients from the community it appears that 7.02 OFW is the next PS4 jailbreak. This is not a huge jump from 6.72 but should allow for a few more games to be playable on a jailbroken and give user's a few more options when seeking a console to jailbreak. Hackers and developer's are moving up the ladder, but there is still work to be done on 7.02 before its time to consider an update and leave a more polished jailbreak, then for one that is still a work in progress.
Now the developer is trying to get Mira ported & working on the new jailbreak, there has been some progress.. After the dev discovered an issue he accidentally introduced, he was able to get Mira working on 7.02, but there is more test as getting it to run is only part of the war but that battle has been solved. Now, testing homebrew launching and other elements will be next. So stay tuned at the 7.02 jailbreak evolves!!!
-
via twitter
7.02 Full Stack, let the fun begin
https://github.com/ChendoChap/ps4-ipv6-uaf
Many Thanks to Chendo, @Znullptr @Synacktiv, @kd_tech_@Fire30_ @theflow0, @sleirsgoevy and @SpecterDev Also, the Webkit Entrypoint still needs some love, so please be understanding at the success rate and that there is still work that needs to be done!
PS4 7.00 - 7.02 Kernel Exploit
.
Summary
In this project you will find a full implementation of the "ipv6 uaf" kernel exploit for the PlayStation 4 on 7.00 - 7.02. It will allow you to run arbitrary code as kernel, to allow jailbreaking and kernel-level modifications to the system. will launch the usual payload launcher (on port 9020). This bug was originally discovered by Fire30, and subsequently found by Andy Nguyen
Patches Included
The following patches are applied to the kernel:
- Allow RWX (read-write-execute) memory mapping (mmap / mprotect)
- Syscall instruction allowed anywhere
- Dynamic Resolving (sys_dynlib_dlsym) allowed from any process
- Custom system call #11 (kexec()) to execute arbitrary code in kernel mode
- Allow unprivileged users to call setuid(0) successfully. Works as a status check, doubles as a privilege escalation.
- (sys_dynlib_load_prx) patch
Notes
- The page will crash on successful kernel exploitation, this is normal
- There are a few races involved with this exploit, losing one of them and attempting the exploit again might not immediately crash the system but stability will take a hit.
-
Contributors
- Specter - advice + 5.05 webkit and (6.20) rop execution method
- kiwidog - advice
- Fire30 - bad_hoist
- Andy Nguyen - disclosed exploit code
- SocraticBliss - Shakespeare dev & crash test dummy
- Znullptr - drunk.dev
- synacktiv - webkit exploit
- sleirsgoevy - ^ ported webkit exploit to 7.02 (and add addrof js prim)
Source Code @: github.com/ChendoChap
Twitter: twitter.com/sleirsgoevy / twitter.com/SocraticBliss
PSX-Place.com Discussion: psx-place.com
Updates:Twitter: twitter.com/sleirsgoevy / twitter.com/SocraticBliss
PSX-Place.com Discussion: psx-place.com
- https://twitter.com/Joonie86/status/1340752619224981505
- https://twitter.com/Znullptr/status/1339657209593159680
- PS4 7.02 Jailbreak - Updated Homebrew / Tools / Exploits
Last edited:
