1. Hello Guest! Welcome to the Official ConsoleCrunch website. To help support our site, please disable Adblock and purchase a Premium Upgrade HERE! to get exclusive access to our hidden content.

    We hope that you enjoy your time with us! Thank you.

  2. Please DO NOT repost Console ID's, check if they are posted first!
    Dismiss Notice
  3. Want to Advertise Here? Contact @Younis
  4. Visit our dev section, where you can get help with your code, view examples, and ask for help from those with experience. We are currently after more developers, so now's your time to shine!
    Dismiss Notice
  5. Read Rules Before Posting Post Virus Scans with every program.
    Dismiss Notice

PS4 v9.00 Jailbreak Released

Discussion in 'PlayStation 4 News' started by Younis, Dec 26, 2021.

  1. Younis

    Younis Administrator Staff Member Administrator Local Celebrity Community Elite Community Veteran Determined Poster Active Member

    Joined:
    Sep 27, 2013
    Messages:
    2,054
    Likes Received:
    2,604
    Trophy Points:
    743
    maxresdefault.jpg

    On December 13, 2021, a trio of console hackers released the latest, ready-to-run kernel hack for the PlayStation 4 and PlayStation 4 Pro that works on firmware version 9.00 and earlier, and this will go down in history as the day the PlayStation 4 is finally busted wide open.

    Now a large number of PS4 owners have the option to run homemade software and play unlicensed versions of games.

    The "pOOBs4" jailbreak is hailed to PlayStation scene hackers/developers SpecterDev, ChendoChap, and Znullptr, with thanks to Sleirsgoevy for his WebKit browser breach and TheFloW for finding the real filesystem bug that allows this exploit to operate. A USB key with a specific file and network access is required for the jailbreak. The console is now free to accept a payload from a PC, such as the Mira Project custom firmware or the GoldHEN homebrew enabler, when it has finished running.
    The first hint that something big was coming came last evening, when SpecterDev, a well-known PlayStation scene hacker/developer, posted a video of modified firmware running on a PlayStation 4 with firmware version 9.00.

    It's a breakthrough, but there's a bummer: according to one of the guys involved in the jailbreak, SpecterDev, the jailbreak only works on PS4 firmware 9.00 or below, which isn't the most recent PS4 software available. The jailbreak does not appear to work if you've just updated to the recent firmware, 9.03.

    Jailbreaking the PlayStation 4 is nothing fresh, but two aspects make this one unique.

    It operates on firmware 9.00, which was released only last September. There has only been one major update since then (9.03), which was released on December 1. Most PS4 jailbreaks require the use of much lower firmware versions.

    Second, the kernel hack seems to be compatible with the PlayStation 5. The attack sprang from a file system glitch that the flow used last month to pwn all of the PS5's root keys. They have not made a PS5 version yet.

    If you want to play whatever you want on your PS4, go visit ChendoChap's GitHub page for details on how to do it. Please be aware that this will allow the PS4 to run illegal pirated software, so proceed with caution.


    This project has an implementation for the PlayStation 4 running firmware 9.00 that uses to exploit a filesystem problem. While diffing the 9.00 and 9.03 kernels, the problem was detected. This will require a driver with an exFAT filesystem that has been patched. If you successfully trigger it, you'll be able to run arbitrary code as the kernel, permitting you to jailbreak and modify at the kernel level will start the standard payload launcher (on port 9020).

    Patches Included
    The following patches are applied to the kernel: Allow RWX (read-write-execute) memory mapping (map / protect) Syscall instruction allowed anywhere Dynamic Resolving (sys_dynlib_dlsym) allowed from any process Custom system call #11 (kexec()) to execute arbitrary code in kernel mode Allow unprivileged users to call setuid(0) successfully. Works as a status check doubles as a privilege escalation. (sys_dynlib_load_prx) patch Disable delayed panics from sysVeri

    How to do that?
    This exploit is unlike previous ones where they were based purely on software. Triggering the vulnerability requires plugging in a specially formatted USB device at just the right time. In the repository, you'll find a .img file. You can write this .img to a USB using something like Win32DiskImager.

    Screenshot_20211226_154016.jpg

    When running the exploit on the PS4, wait until it reaches an alert with "Insert USB now. do not close the dialog until a notification pops, remove USB after closing it.". As the dialog states, insert the USB, and wait until the "disk format not supported" notification appears, then close out of the alert with "OK". It may take a minute for the exploit to run, and the spinning animation on the page might freeze - this is fine, let it continue until an error shows or it succeeds and displays "Awaiting payload".

    Notes
    You need to insert the USB when the alert pops up, then let it sit there for a bit until the ps4 storage notifications show up. Unplug the USB before a (re)boot cycle or you'll risk corrupting the kernel heap at boot. The browser might tempt you into closing the page prematurely, don't. The loading circle might freeze while the WebKit exploit is triggering, this means nothing. This bug works on certain PS5 firmware, however, there's no known strategy for exploiting it at the moment. Using this bug against the PS5 blind wouldn't be advised.

    Source: Please Login or register to view links or Console ID's
     
  2. KryptictheGoat

    KryptictheGoat Community Veteran Community Veteran Determined Poster Active Member Console ID Poster

    Joined:
    Jun 13, 2020
    Messages:
    271
    Likes Received:
    1,288
    Trophy Points:
    303
    Thanks for the help apricate it
     
    Douglas Oliveira and QM|T_JinX like this.
  3. QM|T_JinX

    QM|T_JinX Local Celebrity Retired Staff Local Celebrity Community Elite Community Veteran Determined Poster Active Member Console ID Poster

    Joined:
    Oct 10, 2016
    Messages:
    2,407
    Likes Received:
    4,202
    Trophy Points:
    743
    another xploit haha they coming close tho
     
  4. Douglas Oliveira

    Douglas Oliveira Public Legend Staff Member Chat Moderator Local Legend Local Hero Local Celebrity Community Elite Community Veteran Determined Poster Active Member Console ID Poster

    Top Poster Of Month

    Joined:
    Jun 5, 2015
    Messages:
    3,461
    Likes Received:
    6,585
    Trophy Points:
    1,268
    Great post and good help for boss members,thanks for post
     
    KryptictheGoat and QM|T_JinX like this.
Loading...

Share This Page

Top