PS4 5.xx Rest mode Kernel exploit revealed

Discussion in 'PS4 - Hacking & Homebrew' started by crossholo, Feb 6, 2018.

?
  1. yes, as my fw is 4.06+ as an exploit still hasn't been made public

    6.9%
  2. no, fw 4.06+

    7.2%
  3. no, fw 4.05 or less and happy with what i have

    5.4%
  4. yes, fw 4.05

    4.3%
  5. i don't have a ps4 lolz

    13.7%
  6. I am already on fw 5.xx

    54.9%
  7. I am staying on the lowest fw possible until something bigger is released (CFW, Backup loading etc.)

    7.6%
  1. crossholo
    OP

    crossholo Member

    Newcomer
    1
    GBAtemp Patron
    crossholo is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    May 26, 2017
    Italy
    Exploit revealed by @vpikhur

    He made a presentation at the Recon Brussels hacking conference showing the exploit and a demo video.
    Apparently his exploit uses a vulnerability on sys_kldload.
    He also relased the presentation slides later in the day here.

    Quoted by wololo.net

    According to the developer:
    The custom Southbridge silicon, responsive for background downloads while main SoC is off, didn’t help to secure Playstation 4. We explain how a chain of exploits combined with hardware attacks will allow code to run in the context of the secure bootloader, extract private keys, and sign a custom kernel.

    According to the hacker, the sys_kldload exploit still exists in firmware 5.00, potentially more recent firmwares as well.
    The important point of the video above is that the hack persists after boot, demonstrating what is probably the very first custom firmware on the PS4
    Sony changed their keys in 5.05, but apparently not the signing process.
    The kernel bootloader contains the keys for Rest Mode kernel, which is why it was interesting to get access to it.
    How the exploit works is shown in this video.



    WHEN ETA??!?!?")=£)/

    EDIT 1: Webkit Exploit released! here. It works up to 5.50 beta 3. (tried up to 5.05 myself)

    Instructions with localhost
    1. Download install Node.js (LTS version): https://nodejs.org/en/

    2. In your start menu there should be a new program called "Node.js command prompt". Open that.

    3. The default directory will open to c:\Users\"YOUR_USER_NAME"\

    4. Download the zip from git hub and place it in your user directory mentioned in 3.

    5. Rename the folder something easy like "ps4" then run the command "cd ps4" without quotes

    6. Now run command "npm install" without quotes

    7. run command (without quotes): "npm start"

    8. Configure your ps4 DNS to point to the IP address of your computer

    9. Run a connection test to trigger a captive portal (I.E. like a screen you get when first logging into a coffee shop wifi or airport wifi. Basically any public wifi)

    10. FUCKIN PROFIT (I think)
    If you do not want to bother doing all this, go to this page on your ps4 browser. Also try multiple times until it says Success.
     
    Last edited by crossholo, Feb 27, 2018
  2. ManuelKoegler

    ManuelKoegler GBAtemp Fan

    Member
    3
    Nov 5, 2015
    Netherlands
    Now this is getting interesting
    [​IMG]


    Sent from my iPhone using Tapatalk
     
  3. Urbanshadow

    Urbanshadow GBAtemp Maniac

    Member
    5
    Oct 16, 2015
    This is very nice. Let's hope for a public release when it is ready.
     
  4. j0hnnyj0hns

    j0hnnyj0hns GBAtemp Regular

    Member
    1
    Jun 3, 2016
    United States
    Hopefully it will work with 5.01 as well :)
     
    wakabayashy likes this.
  5. wakabayashy

    wakabayashy GBAtemp Fan

    Member
    2
    Dec 25, 2014
    France
    France
    hyped ! my ps4 pro is in 5.01
     
  6. Ominous66521

    Ominous66521 GBAtemp Advanced Maniac

    Member
    4
    Feb 7, 2016
    United States
    It probably won't be on the latest firmware still but more exclusives will be open for piracy since we don't have a spoofer yet.
     
  7. DinohScene

    DinohScene Feed Dino to the Sharks

    Member
    20
    GBAtemp Patron
    DinohScene is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    Oct 11, 2011
    Antarctica
    В небо
    More and more exploits! yay!
     
    AL_16 and wakabayashy like this.
  8. TheGreek Boy

    TheGreek Boy GBAtemp Maniac

    Member
    4
    Jan 9, 2016
    Greece
    Behind you.
    hopefully it will work with 5.05:)
     
  9. TR_mahmutpek

    TR_mahmutpek GBAtemp Advanced Fan

    Member
    3
    Jul 28, 2015
    İts good for 5.x users but pls

    FIND THE MASTER KEY :(
     
  10. mech

    mech ♥️♥️♥️♥️♥️♥️♥️♥️

    Member
    13
    Oct 26, 2014
    Antarctica
    This has been known for 2 years so who knows if it will ever get a release.
     
    peteruk likes this.
  11. crossholo
    OP

    crossholo Member

    Newcomer
    1
    GBAtemp Patron
    crossholo is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    May 26, 2017
    Italy
    quoted by wololo:
    it appears the hacker is leveraging (and revealing) a not publicly known kernel exploit on the PS4, leveraging a vulnerability in sys_kldload. There is probably enough in the presentation for people to take this information some step further.
     
  12. Axido

    Axido GBAtemp Advanced Fan

    Member
    6
    Feb 12, 2014
    Germany
    I guess it's time to hunt down a cheap used Pro (and activate it for Remote Play later on) before 5.50 comes out.
     
    Last edited by Axido, Feb 6, 2018
  13. replicashooter

    replicashooter GBAtemp Advanced Fan

    Member
    5
    Jun 16, 2006
    As I said a while back, once ps5 is announced you'll hear of a hack on the latest firmware for ps4 too.

    It actually makes a lot of sense on a lot of levels to do it this way as the game has changed so much since I last played it.
     
  14. placebooooo

    placebooooo GBAtemp Advanced Fan

    Member
    2
    Aug 9, 2013
    United States
    Philadelphia
    This is interesting!
    By 5.xx, does this include 5.05 as well (which is what I am currently on?)
     
  15. Gabe1987

    Gabe1987 Member

    Newcomer
    2
    Oct 1, 2010
    Hungary
    My PS4 pro is 4.70 waiting kexploit above.
     
  16. depaul

    depaul GBAtemp Fan

    Member
    3
    May 21, 2014
    France
    So do you think this exploit requieres some hardware 'soldering'? Or only through web access like what we have now.
     
  17. askara

    askara GBAtemp Regular

    Member
    2
    Feb 12, 2013
    noob question. what does it take for PS4 hacking to be like PS3 or something where once you jailbreaked your PS4, you can just wait a little while for the jailbreak on the latest update? are we close to that? or will it always be like Vita, where the jailbreak on new firmware may never come or long long wait?
     
  18. thekarter104

    thekarter104 GBAtemp Maniac

    Member
    5
    Mar 28, 2013
    United States
    Yes, this is nice. I think mine is on 5.03.

    How to disable updates for PS4? I'd like to know right now because ofcourse the PS4 will connect to the internet as soon as it's turned on.
     
  19. azoreseuropa

    azoreseuropa GBAtemp Guru

    Member
    8
    Nov 6, 2002
    Portugal
    Proud to be Portuguese but I am in USA.
    I am on 2.57 ^_^.
     
  20. TheGreek Boy

    TheGreek Boy GBAtemp Maniac

    Member
    4
    Jan 9, 2016
    Greece
    Behind you.
    and why you don't update to 4.05 to enjoy games?
     
    crossholo and ManuelKoegler like this.
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice