Saw this posted on Wololo and even thought it seems it might be fake ... there was someone confirming he was able to boot ubuntu. Wol's forums suck so I wanted to start a thread here.
Seems fake but this may be lead somewhere as we have been wrong in the past.
http://wololo.net/2016/05/30/rumor-ps4-bd-live-vulnerability-allows-execution-arbitrary-code/
Seems fake but this may be lead somewhere as we have been wrong in the past.
http://wololo.net/2016/05/30/rumor-ps4-bd-live-vulnerability-allows-execution-arbitrary-code/
Rumors originated on German scene site psxtools.de that some functionality of Blu Ray movies (BD Live) allows for execution of unencrypted code, and potentially even load Linux directly from the PS4.
Add a little bit of google translate in the mix, and the scene is going crazy thinking we have a new exploit up and running on 3.50, that just needs a bit of testing before it’s available publicly. So, err, let’s step back and breathe a little bit here.
I won’t pretend I can speak German better than you here, so I have to relate on Google translate on the original claims as well, here’s what I gather. The following is a personal translation of the original post on psxtools.de, helped by google translate.
This is a great vulnerability, it is unencrypted and the code is freely available. And it’s available on firmware 3.50. Therefore one can save anything on the PS4 and also run it!
So you can even boot Linux.
What you need
With Charles proxy
- Windows or Linux system
- charles web debugging proxy or burpsuite
- A film with BDLive (in my test it was by Universal Pictures) others will surely work. You can test yourself.
- Better to connect the PS4 with Lan.
Insert and start the movies, wait a bit and after about 1 minute the Charles interface should show a Universal Pictures bootloader file.
It looks like this:
XML source
Copy it or save as a text file
- <? Xml version = “1.0” encoding = “utf-8”?>
- <Update version = “3” target title = “89”>
- <Status code>
- <Status code id = “100” type = “information”> Successful </ status code>
- </ Status codes>
- <Resources>
- < resourceFile uri=“http://cdn.www.universalhidefclub.c...xx/Package/xxxx-xxxx-xxxx-xxxx-xxxx/boot.bin” fileSizeInBytes= “1234” localStorage= “common/boot.bin” >
- </ Resource file>
- < resourceFile uri=“http://cdn.www.universalhidefclub.c...xx/Package/xxxx-xxxx-xxxx-xxxx-xxxx/boot.xml” fileSizeInBytes= “1234” localStorage= “common/boot.xml” >
- </ Resource file>
- < resourceFile uri=“http://cdn.www.universalhidefclub.c...xxxx/Package/xxxx-xxxx-xxxx-xxxx-xxxx/v3.zip” fileSizeInBytes= “1234” localStorage= “v3.zip” >
- </ Resource file>
- </ Resources>
- <Bumf>
- < bumfFile uri=“http://cdn.www.universalhidefclub.c...xx/Package/xxxx-xxxx-xxxx-xxxx-xxxx/bumf.BMF” fileSizeInBytes= “1234” localStorage= “bumf.BMF” >
- </ BumfFile>
- </ Bumf>
- <BUSF>
- < busfFile uri= “http://cdn.www.universalhidefclub.c...xx/Package/xxxx-xxxx-xxxx-xxxx-xxxx/bumf.bsf” fileSizeInBytes= “1234” localStorage= “bumf.bsf” >
- </ BusfFile>
- </ BUSF>
- </ Update>
Change the first line <resourcefile uri=”http://cdn.www.universalhidefclub.c...xx/Package/xxxx-xxxx-xxxx-xxxx-xxxx/boot.bin” fileSizeInBytes = “1234” localStorage = “common / boot.bin”>
with for example <resourcefile uri = ” releases.ubuntu.com/14.04/ubuntu-14.04.4-desktop-amd64.iso ” fileSizeInBytes = “1234” localStorage = “common / boot.bin”>
with map local … Change the txt file
Now wait until the download is completed. You have to add a little code in the next line so that the boots or executes before that. As a result, almost everything will run on the PS4, because it is stored internally. One has the storage path.
I guess the next PS4 firmware update will remove BD Live support
Enjoy testing!
