A few days ago, hacker qwertyoruiop released a Webkit exploit for the PS4, compatible up to firmware 4.07 included. He has since then improved the exploit to include a ROP Chain and basic syscalls, but providing only compatibility for 4.06, the firmware on which he is personally working.
SpecterDev, self described as a programmer interested in exploitation and infosec, and who in the past has provided accurate analysis of other PS4 hacks, has released a writeup of qwertyoruiop’s exploit, and released his own version of the exploit, with added compatibility for multiple firmwares.
SpecterDev’s Proof of concept builds on top of the initial exploit and adds Rop/gadget support for firmwares 3.50, 3.55, 3.70, 4.00, and 4.07 (in addition to 4.06 which was already supported in the initial PoC). Visibly no support for firmware 4.05, but a quick glance at the source tells me it shouldn’t be too difficult to add for people who feel like it.
Additionally, the developer released a writeup about qwertyoruiop,s exploit, and it’s a great read. What’s particularly interesting here is that SpecterDev, as he states himself, is still fairly new to exploits in general and webkit in particular. As a result, the write up is reasonably easy to read because the author makes no unrealistic assumptions on the technical level of the reader. I’d say it’s a great introduction to understanding how the exploit works, if you have basic coding/system knowledge.
You can read SpecterDev’s writeup here.
You can download the source for the exploit on SpecterDev’s github here. Keep in mind that this is a rewrite of qwertyoruiop’s original exploit which will probably remain the source of truth and of major updates for now.
- PS4: How to get your hands on a PS4 w... — A PS4 4.55 Jailbreak was released in February 2018 [...]
- Atmosphere – Nintendo Switch Cu... — The long awaited Custom Firmware for Nintendo Switch is here [...]
- Release: Syscon Firmware decrypter fo... — Developer Zecoxao has released the source code for Siscon, a [...]
- PS Vita: TheFlow confirms exploit rea... — Hacker TheFlow, who was behind the h-encore Exploit for PS V [...]
- NES and Master System emulators relea... — “Someone” has posted NES and Sega Master System emulator [...]