PlayStation 4 Kernel Exploit Could Lead To Jailbreak And Homebrew Soon

PlayStation 4 Kernel Exploit

For those who love the freedom to customize their phones and PCs as they see fit, but are frustrated in the inability to do so on the PS4 – a group of individuals might have the answer you’re looking for. A PlayStation 4 Kernel Exploit has been identified in the latest 4.05 firmware code, allowing for an open door to players who are looking to jailbreak their system.

Players can locate the download through GitHub, though Sony fans should keep in mind that this only opens the door on the PlayStation 4 Kernel Exploit.  Check out all the notes from the developing team on their project:

PlayStation 4 Kernel Exploit

Summary

In this project you will find a full implementation of the “namedobj” kernel exploit for the PlayStation 4 on 4.05. It will allow you to run arbitrary code as kernel, to allow jailbreaking and kernel-level modifications to the system. This release however, does not contain any code related to defeating anti-piracy mechanisms or running homebrew. This exploit does include a loader that listens for payloads on port 9020 and will execute them upon receival.

You can find fail0verflow’s original write-up on the bug here, you can find my technical write-up which dives more into implementation specifics here.

Patches Included

The following patches are made by default in the kernel ROP chain:

  1. Disable kernel write protection
  2. Allow RWX (read-write-execute) memory mapping
  3. Dynamic Resolving (sys_dynlib_dlsym) allowed from any process
  4. Custom system call #11 (kexec()) to execute arbitrary code in kernel mode
  5. Allow unprivileged users to call setuid(0) successfully. Works as a status check, doubles as a privilege escalation.

Notes

  • This exploit is actually incredibly stable at around 95% in my tests. WebKit very rarely crashes and the same is true with kernel.
  • I’ve built in a patch so the kernel exploit will only run once on the system. You can still make additional patches via payloads.
  • A custom syscall is added (#11) to execute any RWX memory in kernel mode, this can be used to execute payloads that want to do fun things like jailbreaking and patching the kernel.
  • An SDK is not provided in this release, however a barebones one to get started with may be released at a later date.
  • I’ve released a sample payload here that will make the necessary patches to access the debug menu of the system via settings, jailbreaks, and escapes the sandbox.

What are your thoughts on this PlayStation 4 Kernel Exploit? What possibilities do you think this will unlock for the system? Sound off with your thoughts in the comment section below, and don’t forget to check out DFTG on Twitter for gaming and entertainment news live 24/7!

If you enjoyed this article, be sure to check out more from Don’t Feed the Gamers:

Matt Ruppert715 Posts

Navy Veteran with a penchant for the FPS genre, Chewy has all aspects of the gaming community covered. Don't expect to see him on a console any time soon, however - though he has experience in all platforms, the PC Master Race has a firm hold on him.

0 Comments

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Login

Welcome! Login in to your account

Remember me Lost your password?

Lost Password