PS4 (Update) A New PS4 Kernel Exploit (7.02) Released by TheFl0w (PS4 6.72 Jailbreak next canidate)

The PlayStation 4 Hacking/Homebrew Scene has been a unique journey in comparison to other PlayStation platforms even those in the firmware era (psp/vita/ps3). The PS4 itself has been a bit unique, while development has always been there it has came at a slower pace and for a limited audience on back dated firmware releases. We have seen several exploited firmware on the PlayStation 4 (PS4) we started the show off with 1.76 and then through a few exploits we eventually climbed the ladder and moved onto 5.05 firmware and currently that has been the latest firmware exploited when the console has aged to 7.5x era . So a new exploit is in the desire list for many.

Recently (back in March) well known developer theflow0 most notably for his work recently in the PS Vita scene. His works included various exploits and also some great homebrew projects like VitaShell. So when the developer decided to turned his attention to the PS4 (see our coverage here) and announced that he had a 6.20 kernel exploit and advised the public not to update your PS4 console's firmware past 6.20, it excited many, At the time many would have updated already (v7.x), its did become a much bigger window then the current 5.05 and upgrades existing exploited console's with a new exploit. So this was eager news for many waiting patiently and sadly also fuel for the twitter trolls out there in social media land.

Then, several weeks ago you may of heard of a new bug bounty program for PlayStation (via https://hackerone.com/playstation). When this program was announced just recently there was alot of opinions shared and various disagreements in ideology arose and that became the focus of arguments it seemed. Following some of those disputes hacker thefl0w went to twitter on June 25 with the following:

"PS4 scene, you're starting such a drama over nothing. I was actually planning to disclose something in a few weeks/months (which I will still do...) and after that, I'd like to announce my retirement, even if I was never part of that toxic and entitled "scene".

Then today thefl0w and hackerone.com (via PlayStation Bug Bounty) announced the ps4/vita hacker has claimed a $10,000 bounty for a kernel exploit on the PS4 for firmware 7.02 (patched in 7.50) (however for 7.02 support there will need to be a webkit exploit found and released to the public, but there is one released in the public that support 6.72.) Here is what theflow0 has to say about the exploit released on July 6:​

via twitter (July 6)

Here you are, https://hackerone.com/reports/826026, PS4 kernel exploit for FW 7.02 and below. Vulnerability discovered on 2019-06-09. This must be chained together with a WebKit exploit, for example https://github.com/Fire30/bad_hoist for FW 6.50.​

July 6

Apologies, the WebKit exploit works upto FW 6.72.​

Future

• 
  
  So, what does this mean?
  We will be moving on from 5.05 in the future as the pieces are put together by the community. with 6.72 more then likely being the focus since we have a public webkit already and the wait will be for a 7.02 webkit exploit to be found and released to the public as that is needed for entry point to use the kernel exploit..
  
  thefl0w entry in the PS4 scene appears to be a brief but explosive one as the developer has also decided to call his short PS4 tenure quits confirming what he said on June 25 as those feelings seemed to stemmed from various disagreements and attitude's he did not like (more details can be found on his twitter)
  
  To summarize, A developer got $10,000 for releasing his Exploit, an exploit that many are going to get to use and upgrades from 5.05 It does look like that bounty program is not the end of the world after all as some were suggesting,
  
  Stay Tuned as this is sure to mature over the next several days/weeks,
  Do not update past 6.72 and if on 5.05 currently stay until been properly prepared for public consumption. ​
  
  

  ---

  .Exploit Disclosure @: hackerone.com​
  
  
  Source: twitter.com/theflow0​

Updates: ​

6.72 (Jailbreak) Progress Development Opinion's on Exploit disclosure Slide 3

• 
  Update (July 17) : Another group released rushed a 6.72 jailbreak and is out in the wild. It's very unstable and prone to errors and looks to be untested. Advised to wait for SpecterDev's work or a better version of the current work currently released
  
  
  Currently @SpecterDev is trying to bring the PoC from TheFlow to a usable jailbreak on 6.72.
  Exploring a new PS4/FreeBSD kernel bug
  
  • Day 1 - https://www.twitch.tv/videos/671973876
  • Day 2 - https://www.twitch.tv/videos/672962246
  • Day 3 - https://www.twitch.tv/videos/673989781
  • Day 4 - https://www.twitch.tv/videos/674953490
  
  Developer @_AlAzif has updated payload for 6.72 (for when its ready)
  

  Majority of old payloads are ported for 6.72 along with Mira already being ported to 6.72 this should cover most use cases besides Linux. So when the exploit is implemented there should be no down time: https://github.com/Scene-Collective/ps4-payload-repo/releases/tag/1.0.2

  
  
  

  6.72 support has been upstreamed: https://github.com/OpenOrbis/mira-project/runs/861230386 Elf and Loader available

• '
  
  PS3 developer @bguerville (of PS3Xploit) on the exploit released by TheFlow (via psx-place)​

  Also afaik the C code provided by theflow is a poc that triggers the kernel UAF, not a kernel payload loader so that's not the end of the story for a ps4 public release.
  
  Once both webkit & kernel exploits are chained & the kernel UAF triggered, you still need to implement some krop to take control of execution & execute a payload & restore system execution.

•  

 

this is what the webkit exploit looks like (did it back on 4.07):

 

We can do something with web app like web video caster? I use it for stream video from my smartphone to ps4 browser...

 

Stay Tuned as this is sure to mature over the next several days/weeks/years

 

I have a PlayStation 4 console with firmware version 6.0.0 I want to hack but I do not know how to do it

 

I have a PlayStation 4 console with firmware version 6.0.0 I want to hack but I do not know how to do it

You can't do anything with it yet stay tuned bookmark this thread and psx-place so you can know when 6.72 is available. Until then be patient.

 

Thanxs to everyone making this possible...
...sorry havent resurched but will there be a offline enable ..
like ps3s hen offline enable..
i mean without a pc connected to ps4

 

Thanxs to everyone making this possible...
...sorry havent resurched but will there be a offline enable ..
like ps3s hen offline enable..
i mean without a pc connected to ps4

yes, there are several ways to do it already. I use the sandisk connect, so I'm offline permanently, and I don't need the computer.

 

btw, @GREEDY PESOS , xproject and ps4phwoar! (frontends with several payloads) have a install to cache function that I think is now done automatically, so you only need to host the exploit once every time there's an update. then, it will open whenever you open the browser.

 

READ THIS CAREFULLY BEFORE PROCEEDING

In case you're dumb: this ONLY works on FW 6.72. If you are on a lower firmware, download a 6.72 retail update file here and update your system. If you are on a higher firmware (e.g. 7.02), your console CAN'T BE HACKED yet.
This exploit consists of two steps: the actual jailbreak (JB) and Mira+HEN (MIRA). To run homebrew software, you need to activate JB first, and then MIRA. Not just one of them, not the other way round. First JB then MIRA.

1. Click on the link that says JB. In about 20 seconds you'll get an alert saying "You're all set!", followed by "There is not enough free system memory". This means that everything has gone well.
   If something went wrong during the process, you may get an alert saying "Jailbreak failed! Reboot your PS4 and try again.". In this case you must reboot your PS4, preferrably without closing the dialog box.
   If the system hangs for more than a minute (may require more time on slow Internet connections), reboot your PS4 and try again.
   If the system crashes (looks like instant powerdown), press the power button on the PS4 (NOT on the gamepad) until it turns on again, then retry.
2. After you click OK on "There is not enough free system memory" and the page reloads, click on the link that says MIRA. This will activate Mira+HEN to unlock the "Debug Settings" menu. In about 20 seconds you'll get an alert saying "You're all set!", followed by "There is not enough free system memory". This means that everything has gone well.
   If the system hangs or crashes, see above.

Claims that Mira does not have HEN are false, do not believe them!
This exploit does crash and hang. Sometimes you even have to retry 10 times to get the jailbreak.

Admin edit:

---

.(Links removed, work is very unstable and prone to many issue's, Not properly tested)

 

I'll wait for some self host files and stability to enhance the user experience.

 

I should be getting my 3 TB external tomorrow, then I'll go ahead and update and give it a shot.

 

it's feasible that new games will be resigned to older firmware. I'm not entirely sure how orbis works. if it negates firmware keys or uses those for 5.05 or what, I don't know. I know it uses a debug license, pretty sure anyway.

 

Yeah maybe I'll wait a while let things get settled before I update too.

 

seems kp is even more common on 6.72 as well.

 

It's way too unstable right now I'm hearing some of your disc games wont work or if you try to install new PKGs it wont work.

 

It's out now

The link is on wololo.net.It takes a few tries.

All my installed games (except persona 5 with the jailbreak on) and discs still work.Homebrew probably needs to be ported over.

 

It's way too unstable right now I'm hearing some of your disc games wont work or if you try to install new PKGs it wont work.

that's why you should never jump over right when something is released. that's how you get locked out of homebrew.

 

Ehat does he mean its out now....
the exlpoit.??

 

Ehat does he mean its out now....
the exlpoit.??

Yes it is,but it's still early and it doesn't always run the first time on the exploit page.

 

Ehat does he mean its out now....
the exlpoit.??

Yes, a complete exploit has been released:
https://github.com/sleirsgoevy/ps4jb


Admin Edit:
Release is very unstable and has not been properly tested..