Renowned for his work in the PSVita scene, TheFlow has extended his contribution into the PS4 scene. Last night, he announced a new kernel exploit he found on the PS4 firmware 7.02. He further mentions that this vulnerability can be combined with a Webkit exploit for firmwares up to 6.72; hinting at the potential Jailbreak.

Here you are, https://t.co/cdVyvdqGZ6, PS4 kernel exploit for FW 7.02 and below. Vulnerability discovered on 2019-06-09.

This must be chained together with a WebKit exploit, for example https://t.co/1BYe1aFGCe for FW 6.50.

— Andy Nguyen (@theflow0) July 6, 2020

​

This exploit has, however, been patched in the PS4's 7.50 FW since TheFlow himself worked with Sony's HackerOne bounty program to expose this issue. For those looking for more technical details around the exploit, head to the HackerOne page right here to learn more.

SOURCE

 

[Urbanshadow]

Yes, one of the developer posted that it is "Probably vulnerable, but it’s Userland with some more auth. And you need to deal with ASLR and It’s not easy." @TheoryWrong

Just probability but with Kernel Exploit on hands things might take a turn... Only DEV's has the answer.. We can only assume...

ASLR can be defeated with a kernel exploit. If it´s exploitable (which I actually doubt it) it could be really nice since you won't need to find a webkit exploit for a HEN to work. In this specific point it time could be a valuable entrypoint for 7.02 as it's kernel is vulnerable but lacks a userland entrypoint.

 

[weatMod]

First of all, thanks to Andy Nguyen aka theflow0 for releasing kernel exploit.

I am really new in PS4 scene, and i want to ask a little thing. If kernel exploit is released, how long it takes to a release jailbreak utility?

you thank him for collecting a 10k bounty and prematurely burning an exploit instead of holding on to it longer and releasing it for a currently exploitable FW ?
this was not good for the scene at all he reported it and $ony patched it he could have at least held it longer at least till PS5 release

 

[Jayinem81]

you thank him for collecting a 10k bounty and prematurely burning an exploit instead of holding on to it longer and releasing it for a currently exploitable FW ?
this was not good for the scene at all he reported it and $ony patched it he could have at least held it longer at least till PS5 release

The guy created something that gave us a new exploit that we haven't had in two years. Why can't it just be that. Instead you want to focus on the negative. Some of you are ridiculous. Paypal me 10k if it's nothing to you that's a lot of money to 99% of everybody. Some people act like he should have contributed to the community and not himself but a community does things for each other, not a bunch of leechers complaining that they want more more more. Some of you need to look at yourself hard in the mirror.

 

[pauliebb]

you thank him for collecting a 10k bounty and prematurely burning an exploit instead of holding on to it longer and releasing it for a currently exploitable FW ?
this was not good for the scene at all he reported it and $ony patched it he could have at least held it longer at least till PS5 release

Holding onto exploits is why ps4 has been stale for 2 years, other exploits exist... theyre just being held in private like always.

People should stop being self important and realise flow gave something good and benefited himself with the skills he's got, everyone would do the same if they could.

 

[eriol33]

I don't regret updating my ps4 to OFW for playing KH3, spider-man and FFVII remake though.

 

[weatMod]

The guy created something that gave us a new exploit that we haven't had in two years. Why can't it just be that. Instead you want to focus on the negative. Some of you are ridiculous. Paypal me 10k if it's nothing to you that's a lot of money to 99% of everybody. Some people act like he should have contributed to the community and not himself but a community does things for each other, not a bunch of leechers complaining that they want more more more. Some of you need to look at yourself hard in the mirror.

it was irresponsible , he could have held it a few more months he already held it for 2 years so what is a few more months and he still would have got paid
nobody else found it or reported it in 2 years so i don't think there was any risk of him losing out on the bounty
could gave at least waited till after TLOU 2 release even though i heard the story sucks

--------------------- MERGED ---------------------------

Holding onto exploits is why ps4 has been stale for 2 years, other exploits exist... theyre just being held in private like always.

People should stop being self important and realise flow gave something good and benefited himself with the skills he's got, everyone would do the same if they could.

i know it's bene stale but there are tradeoffs, i think i would rather him have waited and gave us a bigger library of games then release it now

 

[Jayinem81]

Irresponsible lmao. Yes he has a responsiblity to leechers that talk shit about him. I am 100% on his side I would have done the same thing a hundreds time over and flipped off anyone who didn't like it.

You can't win with most leechers even if he did wait and got a PS5 exploit (which isn't based on reality what so ever btw) it would be something like "he should have waited until more good games came out for the PS5" I would never spend a second trying to please some of you he did the right thing congrats to him.

You should be thanking him otherwise go buy games past 5.05 for $59.99 at Best Buy your choice.

You cannot predict the future yes Sony changed some things because he gave him the info but they might have changed it anyway. And who the hell can guarantee any of this would work on PS5 it's not even out yet I doubt it would work on PS5. This is pretty good people should have to buy new games that come out and not pirate them first day. A year is a good amount of time because they're usually cheap in stores by then. The PS4 is it it's last year there's not that many great games that have come out since this exploit. Last of Us 2, Final Fantasy VIII a few more. You're not missing out on that much but if you want the games bad enough you can buy them. The PS5 talk is just delusional non-sense.

Some of you are cheap and want to not only pirate games you don't want someone else who is providing you with free games to benefit. Pretty selfish if you ask me.

 

[Jonna]

it was irresponsible , he could have held it a few more months he already held it for 2 years so what is a few more months and he still would have got paid
nobody else found it or reported it in 2 years so i don't think there was any risk of him losing out on the bounty
could gave at least waited till after TLOU 2 release even though i heard the story sucks

--------------------- MERGED ---------------------------


i know it's bene stale but there are tradeoffs, i think i would rather him have waited and gave us a bigger library of games then release it now

Aaaaaand this is why people leave modding scenes, because people become entitled to how things should work.

Release it now - "Now he screwed up the opportunity to have future firmwares work!"

Release it months down the road - "Oh, so he's joining the ranks of the other modders and keeping it to himself with the excuse of 'to save for future firmwares,' of course he would!"

You can't win, apparently. Damned if you do, damned if you don't. I respect the decision to go with the money. If you're in a position where you have entitled brats and thankless effort from many of the community, you might as well get paid rather than nothing.

 

[Jayinem81]

I think some younger gamers don't understand what it was like before the internet. There was NES, Super NES, Genesis N64 etc....... You wanted a new game you think you can just download it for free? Hell no, you have to beg your parents if you can rent one. Then you go to the store and you basically only have the cover of the game to decide if it's good and you can only rent 1 game. Once you get home with that game that is all you have for the entire weekend if it sucks too bad. Maybe for Christmas and your birthday you get to buy 1 new game to own. Hopefully your friend has some good games you can borrow, that's about it. There was no entitled scene bitching that they can't play the newest game for free.

That's not to say there aren't some younger gamers who aren't entitled, I see a lot of people being very thankful for this exploit. But there's a percentage that is poison to the scene.

 

[subcon959]

To be fair, it's been normal practice to wait for a vuln to be patched before releasing it. It's just that times have changed and you can actually earn money for finding these flaws now so why hold onto them anymore? Altruism? Obviously someone in the "scene" is not gonna see it this way but TheFlow has said he doesn't consider himself part of the scene.

Btw, the proper way to deal with gaming in the early years was to get to know your local version of "Fat Tony" who had a connection in the scene and always had the latest cracked menu disks. My favourites were Pompey Pirates.

 

[Owenge]

I need to boot my ps4 up and see the FW version, may be in luck

 

[Jayinem81]

To be fair, it's been normal practice to wait for a vuln to be patched before releasing it. It's just that times have changed and you can actually earn money for finding these flaws now so why hold onto them anymore? Altruism? Obviously someone in the "scene" is not gonna see it this way but TheFlow has said he doesn't consider himself part of the scene.

Btw, the proper way to deal with gaming in the early years was to get to know your local version of "Fat Tony" who had a connection in the scene and always had the latest cracked menu disks. My favourites were Pompey Pirates.

When I was a kid there weren't even discs. They were cartridges pretty much unhackable.

Once PS1 came out I got a modchip but didn't even have a computer. So I had to buy PS1 burned discs off some guy off the internet for $5 a disc lol.

 

[peteruk]

My favourites were Pompey Pirates.

I used to have phone conversations with the Alien, was gutted for him that his sight was bad and he couldn't join the RAF.

 

[subcon959]

I used to have phone conversations with the Alien, was gutted for him that his sight was bad and he couldn't join the RAF.

Haven't heard that name in a while.. along with Juggler, YumYum, Sledgehammer, Genie etc

 

[peteruk]

Haven't heard that name in a while.. along with Juggler, YumYum, Sledgehammer, Genie etc

Yep, I used to speak with Sparky and Lulu in the USA too (thanks to MCI and AT&T), used to mail trade with Lawz too

 

[KiiWii]

The best thing is: there are other vulns that work up to latest... in private.

It’s always a matter of “wen”.

 

[weatMod]

Aaaaaand this is why people leave modding scenes, because people become entitled to how things should work.

Release it now - "Now he screwed up the opportunity to have future firmwares work!"

Release it months down the road - "Oh, so he's joining the ranks of the other modders and keeping it to himself with the excuse of 'to save for future firmwares,' of course he would!"

You can't win, apparently. Damned if you do, damned if you don't. I respect the decision to go with the money. If you're in a position where you have entitled brats and thankless effort from many of the community, you might as well get paid rather than nothing.

"Aaaaaand this is why people leave modding scenes"
actually no it is mostly the opposite ,it's the people constantly hounding devs to release prematurely
this situation is quite unique ,most devs prefer to do the prudent thing and not burn exploits

and as i said he could have still collected the bounty even if he waited
and no me having an opinion is not why people leave scenes, i am not contacting him or tweeting i am just saying if it was me i would have done the prudent thing and waited it out a little bit longer
i;m sure the flow is not reading this and worrying about my opinion on the matter

 

[godreborn]

I honestly can't believe some of you. have you even read the disclosure agreement? more exploits are likely to be released, because you're allowed to while also taking the money. you only need to leave a reasonable timeframe window for it to be patched. who's to say a kernel exploit isn't available for 7.51, and it's going through the process as we speak? further, who's going to turn down ten grand? seriously. a lot of you can't even be bothered to spend seven bucks on a haxchi game, so it makes me wonder if you were given seven dollars insead, how many wouldn't feel compelled to get the game?

 

[RichardTheKing]

...Personally, I don't really need it; the PS4 already allows for copying saves to USB (unlike the Switch and 3DS), which can then be edited with the Save Wizard. I guess being able to edit ROMs would be nice, though.

 

[leonmagnus99]

I don't regret updating my ps4 to OFW for playing KH3, spider-man and FFVII remake though.

if it was not for overwatch i would have kept cfw