PS4 (Update) A New PS4 Kernel Exploit (7.02) Released by TheFl0w (PS4 6.72 Jailbreak next canidate)

The PlayStation 4 Hacking/Homebrew Scene has been a unique journey in comparison to other PlayStation platforms even those in the firmware era (psp/vita/ps3). The PS4 itself has been a bit unique, while development has always been there it has came at a slower pace and for a limited audience on back dated firmware releases. We have seen several exploited firmware on the PlayStation 4 (PS4) we started the show off with 1.76 and then through a few exploits we eventually climbed the ladder and moved onto 5.05 firmware and currently that has been the latest firmware exploited when the console has aged to 7.5x era . So a new exploit is in the desire list for many.

Recently (back in March) well known developer theflow0 most notably for his work recently in the PS Vita scene. His works included various exploits and also some great homebrew projects like VitaShell. So when the developer decided to turned his attention to the PS4 (see our coverage here) and announced that he had a 6.20 kernel exploit and advised the public not to update your PS4 console's firmware past 6.20, it excited many, At the time many would have updated already (v7.x), its did become a much bigger window then the current 5.05 and upgrades existing exploited console's with a new exploit. So this was eager news for many waiting patiently and sadly also fuel for the twitter trolls out there in social media land.

Then, several weeks ago you may of heard of a new bug bounty program for PlayStation (via https://hackerone.com/playstation). When this program was announced just recently there was alot of opinions shared and various disagreements in ideology arose and that became the focus of arguments it seemed. Following some of those disputes hacker thefl0w went to twitter on June 25 with the following:

"PS4 scene, you're starting such a drama over nothing. I was actually planning to disclose something in a few weeks/months (which I will still do...) and after that, I'd like to announce my retirement, even if I was never part of that toxic and entitled "scene".

Then today thefl0w and hackerone.com (via PlayStation Bug Bounty) announced the ps4/vita hacker has claimed a $10,000 bounty for a kernel exploit on the PS4 for firmware 7.02 (patched in 7.50) (however for 7.02 support there will need to be a webkit exploit found and released to the public, but there is one released in the public that support 6.72.) Here is what theflow0 has to say about the exploit released on July 6:​

via twitter (July 6)

Here you are, https://hackerone.com/reports/826026, PS4 kernel exploit for FW 7.02 and below. Vulnerability discovered on 2019-06-09. This must be chained together with a WebKit exploit, for example https://github.com/Fire30/bad_hoist for FW 6.50.​

July 6

Apologies, the WebKit exploit works upto FW 6.72.​

Future

• 
  
  So, what does this mean?
  We will be moving on from 5.05 in the future as the pieces are put together by the community. with 6.72 more then likely being the focus since we have a public webkit already and the wait will be for a 7.02 webkit exploit to be found and released to the public as that is needed for entry point to use the kernel exploit..
  
  thefl0w entry in the PS4 scene appears to be a brief but explosive one as the developer has also decided to call his short PS4 tenure quits confirming what he said on June 25 as those feelings seemed to stemmed from various disagreements and attitude's he did not like (more details can be found on his twitter)
  
  To summarize, A developer got $10,000 for releasing his Exploit, an exploit that many are going to get to use and upgrades from 5.05 It does look like that bounty program is not the end of the world after all as some were suggesting,
  
  Stay Tuned as this is sure to mature over the next several days/weeks,
  Do not update past 6.72 and if on 5.05 currently stay until been properly prepared for public consumption. ​
  
  

  ---

  .Exploit Disclosure @: hackerone.com​
  
  
  Source: twitter.com/theflow0​

Updates: ​

6.72 (Jailbreak) Progress Development Opinion's on Exploit disclosure Slide 3

• 
  Update (July 17) : Another group released rushed a 6.72 jailbreak and is out in the wild. It's very unstable and prone to errors and looks to be untested. Advised to wait for SpecterDev's work or a better version of the current work currently released
  
  
  Currently @SpecterDev is trying to bring the PoC from TheFlow to a usable jailbreak on 6.72.
  Exploring a new PS4/FreeBSD kernel bug
  
  • Day 1 - https://www.twitch.tv/videos/671973876
  • Day 2 - https://www.twitch.tv/videos/672962246
  • Day 3 - https://www.twitch.tv/videos/673989781
  • Day 4 - https://www.twitch.tv/videos/674953490
  
  Developer @_AlAzif has updated payload for 6.72 (for when its ready)
  

  Majority of old payloads are ported for 6.72 along with Mira already being ported to 6.72 this should cover most use cases besides Linux. So when the exploit is implemented there should be no down time: https://github.com/Scene-Collective/ps4-payload-repo/releases/tag/1.0.2

  
  
  

  6.72 support has been upstreamed: https://github.com/OpenOrbis/mira-project/runs/861230386 Elf and Loader available

• '
  
  PS3 developer @bguerville (of PS3Xploit) on the exploit released by TheFlow (via psx-place)​

  Also afaik the C code provided by theflow is a poc that triggers the kernel UAF, not a kernel payload loader so that's not the end of the story for a ps4 public release.
  
  Once both webkit & kernel exploits are chained & the kernel UAF triggered, you still need to implement some krop to take control of execution & execute a payload & restore system execution.

•  

 

btw, geohot got a bounty of his own for finding exploits to google's products. that's how he got the job there I believe.

 

That's what I meant. Console hackers are quite successive people outside the scene (or about to be, sometimes they making their name known first by exploiting a widely used hardware / software).

The Playstation bounty would stop collaborative approach to hacking, though. The World will be getting just One Hero ))

 

what's your point? who's going to give up free money just so a bunch of entitled idiots can pirate?

 

remember, that sort of thinking is the reason theflow quit. it's all right here: https://twitter.com/theflow0/status/1280261626680291328

 

My point is that the bounty, while seems high, won't be stopping all hackers from releasing the exploits even for current firmware, though we will see less collaborations, which would potentially slow down the progress.

 

not necessarily. under the bounty's guidelines, hackers can release the exploits as long as a reasonable amount of time has passed for the exploit to be patched. in all likelihood, more exploits are likely to be released, because hackers get the fame and the money. I'm pretty sure that's the reason theflow released the exploit when he did even though it was discovered last year. I think it was found on 6.50, then tested on 6.72. a kernel dump was given to theflow to test on the latest firmware, which at the time was 7.02. it worked on there too.

 

I would think that hackers capable of exploiting new firmwares would have a salary of $10,000 or over per month, so the bounty is not as attractive to them as fame

P.S As many, I don't care about piracy, only about games preservation / homebrew / emulators / extended backwards compatibility.

Salaries of 10k or more a month?
That's not the reality at all.
And many hackers don't give a damn about fame, that's a myth too.
What applies to some individuals does not apply to all..

 

No matter who you are unless you're like Bill Gates if you could get an extra months salary you would do it, even though those numbers are highly exaggerated. It's like people will reach just to take a shot at Fl0w when most would have done the same thing. Even if you make 100k a year 10k is 1/10th of your salary. Anyone would take that for a bonus. So even though you're reaching you're stil wrong.

 

Salaries of 10k or more a month?
That's not the reality at all.
And many hackers don't give a damn about fame, that's a myth too.
What applies to some individuals does not apply to all..

Geohot definitely wanted some fame Some others have not, agreed.

Even if you make 100k a year 10k is 1/10th of your salary.

You have some issues with maths, mate Anyway, it doesn't matter. I think I made my point.

 

That's what I meant. Console hackers are quite successive people outside the scene (or about to be, sometimes they making their name known first by exploiting a widely used hardware / software).

The Playstation bounty would stop collaborative approach to hacking, though. The World will be getting just One Hero ))

I don't see it causing any trust issues. If someone is trustworthy enough to work with you should be able to trust them even if they could make some money from your work. The only ones to worry about are the same ones that would leak the others work and silly things like that.

 

I don't see it causing any trust issues. If someone is trustworthy enough to work with you should be able to trust them even if they could make some money from your work. The only ones to worry about are the same ones that would leak the others work and silly things like that.

Why "Scene Drama" words together sound so familiar? Because it happens fairly often. Mostly because of working in groups. Unfortunately, things will get worse.

Anyhow, let's use this thread for meaningful PS4 progress updates, rather than for speculations about scene future. I am guilty of starting it, so at least I should attempt to end it

 

And what exactly is stopping a team from claiming a bounty as a team?
Like @pink1 just said, it's a matter of trust.
If you don't implicitly trust your team members, you should not work with them in the first place but if you do, I see no problems in fairly sharing the fruit of a common labour.

 

Eh decided it's not worth it, I am in a good mood right now I am remote installing PKGs on my 6.72.

 

actually people got angry because he got the 10K!
but he also gave an exploit for 7.02. so he hit 2 birds. maybe if people did not get him mad and not shot at him , he would continue hitting all the birds till last one of them. we only would sacrifce 0d exploit but its better than waiting for almost 2 years without progress or newe update past 5.05.

also even if there is 0d exploit i can guess not many will do it, even if it comes super easy to do it , because nowadays most player play Online games Like Battle royal (Fortnite , Pubg, Apex ..etc). for example in my case , i wouldn't do it if i have only 1 console my little brother would go on berserk mode because his number one game is Fortnite ( i call it For$hit Lol and he get mad at me)

 

yeah, but it's not as if anyone else wouldn't take the money. that's what kinda pisses me off. I don't know how much you know about the wii u scene, but the main hack is haxchi. you have to buy a seven dollar ds game for it. people complain about spending seven dollars, so obviously money is important to them. I guess you could say it's ironic.

 

yeah, but it's not as if anyone else wouldn't take the money. that's what kinda pisses me off. I don't know how much you know about the wii u scene, but the main hack is haxchi. you have to buy a seven dollar ds game for it. people complain about spending seven dollars, so obviously money is important to them. I guess you could say it's ironic.

Never get between a pirate and his mom's 7 dollars

 

My findings as far as using an external preformatted by the PS4 (not apptousb) on 6.72.

-Your games already on external from 5.05 will not work now.
-You cant install PKG from exfat usb to external

The only thing that does work is using Remote Package installer. I transferred RE2 remake and Dirt Rally 2.0 using irefuses Ps4 remote package installer GUI (You have to use Mira (no HB) for remote package installer to work) tested those games from external and they work ok.

 

My findings as far as using an external preformatted by the PS4 (not apptousb) on 6.72.

-Your games already on external from 5.05 will not work now.
-You cant install PKG from exfat usb to external

The only thing that does work is using Remote Package installer. I transferred RE2 remake and Dirt Rally 2.0 using irefuses Ps4 remote package installer GUI (You have to use Mira (no HB) for remote package installer to work) tested those games from external and they work ok.

sounds like there are too many problems with 6.72 to update. I think you can now back port with a fake update instead of using the entire game, so I'll probably stay on 5.05. it's quite stable. you get memory errors, but hen still works. also kernel panics aren't that common, but they do happen. I was afraid one would happen with the sandisk connect while testing ftp. I had forgotten my password (password encrypted it even though the range is low), so I had to redo everything on my pc, then change the password on the ps4. tested, ftp works with it, so no internet needed with anything. the dns for the exploit on 6.72 should be safe cuz you won't connect to sony. and, if the dns goes offline, you won't be able to connect to the internet, so either way, you won't connect to sony.

 

sounds like there are too many problems with 6.72 to update. I think you can now back port with a fake update instead of using the entire game, so I'll probably stay on 5.05. it's quite stable. you get memory errors, but hen still works. also kernel panics aren't that common, but they do happen. I was afraid one would happen with the sandisk connect while testing ftp. I had forgotten my password (password encrypted it even though the range is low), so I had to redo everything on my pc, then change the password on the ps4. tested, ftp works with it, so no internet needed with anything. the dns for the exploit on 6.72 should be safe cuz you won't connect to sony. and, if the dns goes offline, you won't be able to connect to the internet, so either way, you won't connect to sony.

I think its fine if people want to stay on 5.05 especially with backporting. I just remote installed Red Dead 2 to my PS4 external with ethernet in 32 minutes so it's going alright for me and i was installing remote PKGs all last night and left my PS4 on all night and it never crashed. I have no regrets updating and I think they'll be a stable version eventually anyway.

 

I think its fine if people want to stay on 5.05 especially with backporting. I just remote installed Red Dead 2 to my PS4 external with ethernet in 32 minutes so it's going alright for me and i was installing remote PKGs all last night and left my PS4 on all night and it never crashed. I have no regrets updating and I think they'll be a stable version eventually anyway.

well, it's getting better. there's a new update. stability now at 30-40%.