A few days ago, hacker qwertyoruiop released a Webkit exploit for the PS4, compatible up to firmware 4.07 included. He has since then improved the exploit to include a ROP Chain and basic syscalls, but providing only compatibility for 4.06, the firmware on which he is personally working.
SpecterDev, self described as a programmer interested in exploitation and infosec, and who in the past has provided accurate analysis of other PS4 hacks, has released a writeup of qwertyoruiop’s exploit, and released his own version of the exploit, with added compatibility for multiple firmwares.
SpecterDev’s Proof of concept builds on top of the initial exploit and adds Rop/gadget support for firmwares 3.50, 3.55, 3.70, 4.00, and 4.07 (in addition to 4.06 which was already supported in the initial PoC). Visibly no support for firmware 4.05, but a quick glance at the source tells me it shouldn’t be too difficult to add for people who feel like it.
Additionally, the developer released a writeup about qwertyoruiop,s exploit, and it’s a great read. What’s particularly interesting here is that SpecterDev, as he states himself, is still fairly new to exploits in general and webkit in particular. As a result, the write up is reasonably easy to read because the author makes no unrealistic assumptions on the technical level of the reader. I’d say it’s a great introduction to understanding how the exploit works, if you have basic coding/system knowledge.
You can read SpecterDev’s writeup here.
You can download the source for the exploit on SpecterDev’s github here. Keep in mind that this is a rewrite of qwertyoruiop’s original exploit which will probably remain the source of truth and of major updates for now.
- Qwertyoruiop claims PS4 is pwned on f... — Qwertyoruiop is in the news again now claiming to have cracked the PS4 on firmware 4.50 – 4.55 4.50, should work on 4.55 too pic.twitter.com/zWvshihocp — qwertyoruiop (@qwertyoruiopz) April 19, 2017 This comes days after qwertyoruiop publicly released a webkit exploit for firmwares below 4.07 . qwertyoruiop has confirmed that the both the webkit and 4.50 [...]
- Hackers make progress on cracking the... — Since the webkit vulnerability and Pegaswitch were released on the Nintendo Switch a few day after the console’s launch, several hackers have been digging into the internals of the console to learn about its system. Hacker Plutoo of 3DS/Wii U Fame confirmed yesterday that he has been able to grab what appears to be data/API [...]
- Xbox One hack: Xbox One Exploit Proof... — Developer unknownv2 has released a proof of concept exploit for the Xbox One. The exploit leverages a series of known vulnerabilities in the Microsoft Edge Browser (CVE-2016-7200 and CVE-2016-7241). This is an exploit of the ridiculously rebranded Interenet explorer browser dubbed Microsoft Edge. In November last year, several critical vulnerabilities were found in the Edge [...]
- PSvita Adrenaline-2 and Easy installe... — Adrenaline version 2 is finally out after being promised by TheFlow in February. Of course, that doesn’t mean that TheFlow wasn’t busy with the Vita as he added USB mass storage device support for easy file transfer and the ability to use a pen drive or external S/HDD via VitaShell. Changelog Allowing you to [...]
- PS4 Jailbreak: qwertyoruiop states he... — A lot seems to be happening on the PS4 homebrew scene since Qwertyoruiop released a webkit exploit for the PS4 on firmwares below 4.07 Quertyoruiop has been busy updated the exploit to provide a few basic system calls so other devs can start to peek and poke at the system. More importantly Quertyoruiop has stated [...]