CTurt Manages Kernel Exploit on PS4

cturt.png

Remember CTurt? The dev who managed to run unsigned code via the 1.76 Webkit exploit on PS4 a few months ago? Remember his cool Pong port to the Webkit exploit? And the Cinoop port?


Well, @CTurt has done it again, and has managed to get his PS4 Kernel exploit working! Using the 1.76 webkit exploit, he's managed to dump the PS4's kernel, and plans on looking for more vulnerabilities that'll work with the latest firmware!

This is excellent news, and definitely a big first step when it comes to current gen hacking! Congratz to CTurt!

:arrow:Source

EDIT 12/18: CTurt has announced he'll be stopping PS4 development, however he has posted a detailed explanation of how to get the kernel exploit working on 1.76 on his github

http://cturt.github.io/ps4-3.html

It's safe to say this isn't the last we'll see of this exploit, and now that he's published some details on how to get it working, I imagine we'll see something neat here soon.
 

BORTZ

DO NOT SCREENSHOT
Supervisor
Joined
Dec 2, 2007
Messages
13,242
Trophies
3
Age
34
Location
Pittsburgh
XP
15,961
Country
United States
I would just love to see older emulators ported or written for the PS4. That would be great. But I am not going out of my way to get a low FW PS4.
 

Believ3r

Well-Known Member
Newcomer
Joined
Dec 30, 2014
Messages
73
Trophies
0
Age
39
XP
247
Country
The following Bundles have 1.76 or lower!



  • Killzone Shadow Fall Launch Bundle (EAN: 0711719260783) – on Amazon
  • Battlefield 4 Launch Bundle – on Amazon
  • Knack launch Bundle – on Amazon
  • “InFamous Second Son + Killzone Shadow Fall + Knack” Bundle – on Amazon
  • NBA 2K14 Bundle
  • FIFA 2K14 Bundle
  • Dynasty Warriors 7 bundle
  • Dynasty Warriors 8 bundle
  • Assassin’s Creed IV: Black Flag Bundle
  • Infamous: Second Son launch bundle
  • Watch_Dogs bundle
  • Destiny Bundle (black)
  • DriveClub Bundle (Black)
  • DriveClub Bundle (Glacier white)
  • Call of Duty: Ghost Bundle
(courtesy of wololo.net)

Legend, I was looking for a list like this
 
D

Deleted-355425

Guest
wow the killzone bundle has jumped up to £409 on Amazon and sold 8 in the last 2 days :blink: glad i got mine the other month now when it was half that price :P
 
D

Deleted-355425

Guest
did he release enough for someone to carry on with this? i noticed his twitter account is locked too?
 

Tom Bombadildo

Dick, With Balls
OP
Member
Joined
Jul 11, 2009
Messages
14,572
Trophies
2
Age
29
Location
I forgot
Website
POCKET.LIKEITS
XP
19,170
Country
United States
did he release enough for someone to carry on with this? i noticed his twitter account is locked too?
Multiple devs were aware of the kernel exploit he used, it's entirely possible he's shared info on his RAM dump technique.

Judging by how his Twitter got locked down, I imagine he might've gotten a C&D on his work. :unsure:


EDIT: CTurt has announced he'll be stopping PS4 development, however he has posted a detailed explanation of how to get the kernel exploit working on 1.76 on his github

http://cturt.github.io/ps4-3.html

It's safe to say this isn't the last we'll see of this exploit, and now that he's published some details on how to get it working, I imagine we'll see something neat here soon.
 

CTurt

Well-Known Member
Member
Joined
May 3, 2015
Messages
73
Trophies
0
XP
317
Country
he did steal other people's work and claim it as his own
If you actually read my posts, you'd see that I never claimed to have done it alone.

I've always been thankful for the help I've received, from my initial announcement:

https://twitter.com/CTurtE/status/673581693207502849 said:
PS4 kernel exploit finally working! Thanks to everyone involved!

Continuing through to my write-up:

http://cturt.github.io/ps4-3.html said:
The following people have helped me extensively along the way: explaining fundamental concepts to me, sharing ideas of new things to try, fixing problems with my code, and much more. So once again, "thanks to everyone involved", I couldn't have done it without your help!

I never "stole" anyone else's work. It is true since this was my first experience with any kind of kernel exploitation that I relied on multiple "hints" from others, but I also used a lot of my own ideas, and spent a huge amount of time debugging the exploit on FreeBSD, and porting to PS4.

For example, first of all, it is compiled using my SDK (which resolves the necessary userland functions like sysctl), and the exploit is triggered using my "PS4-playground" ROP framework (to setup memory). All PS4 specific addresses and offsets were discovered/calculated directly by myself: the Xpage address, sys_sendto address, and the td_critnest offset (over several hours of tedious brute forcing).

This is the opinion shared by all developers who were involved:

http://wololo.net/2015/12/20/did-cturt-steal-some-of-his-ps4-work-from-other-scene-hackers/comment-page-1/#comment-3198223 said:
Most of the other things were public or done with help of others. However, synthesizing all that information from different sources was also a feat and he wrote a lot of the code from that information. It would not be fair to say he “stole” it.

http://wololo.net/2015/12/20/did-cturt-steal-some-of-his-ps4-work-from-other-scene-hackers#comment-3198272 said:
2. It is not true when someone say Cturt work is based on stolen work. It is based by hints (including parts of code), yes, but the final code is his work and he spent some time on it.

And finally, I never "leaked" anything. The only thing I have published (and ever plan on releasing) is the "kernel exploitation" article written by myself, which was published with the prior approval of everyone who was involved.

The only thing I regret doing is announcing that I had the kernel exploit working, without first asking for flatz consent, even though we had the kernel exploit working on FreeBSD before flatz had any involvement with us. This is the reason that flatz was angry with me for a short period of time, in a private chat, which should never have been leaked.

Please don't spread untrue rumours about me.
 
Last edited by CTurt,

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
  • No one is chatting at the moment.
    Sicklyboy @ Sicklyboy: *teleports behind you* "Nothing personnel, kiddo" +1