Renowned for his work in the PSVita scene, TheFlow has extended his contribution into the PS4 scene. Last night, he announced a new kernel exploit he found on the PS4 firmware 7.02. He further mentions that this vulnerability can be combined with a Webkit exploit for firmwares up to 6.72; hinting at the potential Jailbreak.

Here you are, https://t.co/cdVyvdqGZ6, PS4 kernel exploit for FW 7.02 and below. Vulnerability discovered on 2019-06-09.

This must be chained together with a WebKit exploit, for example https://t.co/1BYe1aFGCe for FW 6.50.

— Andy Nguyen (@theflow0) July 6, 2020

​

This exploit has, however, been patched in the PS4's 7.50 FW since TheFlow himself worked with Sony's HackerOne bounty program to expose this issue. For those looking for more technical details around the exploit, head to the HackerOne page right here to learn more.

SOURCE

 

[leon315]

Finally some people could play kingdom hearts 3, and Spider-Man

yep, enjoy ur 30fps

 

[btaggs]

god, im lucky im on 7.02

Did you mean "unlucky"? The full chain exploit is only available up to 6.72 so unless a webkit exploit for 7.02 is released, you are out of luck on 7.02.

 

[hippy dave]

Exciting
Is there a list anywhere of known firmware requirements for games?

 

[Deleted member 42501]

The internet was a better place when there were less people on it.

 

[64bitmodels]

The internet was a better place when there were less people on it.

you mean when there were less corporations on it?
I could happily deal with idiots, 9yo fortnite kids, and trolls all day if it meant i could get away from all the rampant advertising and corporate takeover

 

[Xen0]

Smart move to first snatch the bounty and afterwards release an exploit xD
Would feel kind of scamed in Sonys place.

 

[hippy dave]

Exciting
Is there a list anywhere of known firmware requirements for games?

Crossposting a partial answer to myself:
From what I can see, 7.0 released October 8 2019, don't know exactly when released games would have started requiring it, but it's something to go on. Currently this link gets you to around that point in game releases listed by date.

 

[D34DL1N3R]

Ahhh yeah, just checked into that, it is which means ghost of tsushima will be the same as well. Either way with those being the last 2 exclusives left on the console that still opens up a massive library that us swashbucklers can take advantage of

There are over 30 exclusives still coming to the PS4.

 

[weatMod]

I've lost interest in the exploit after waiting all these years.
Besides, most of my time I spend it on Dreams so I can't just stop updating.

you got a link to a tutorial on how to download and install dreams projects on exploited ps4 while offline ?

 

[Tom Bombadildo]

Neat. Shame I already updated from 5.05 months ago so I'll miss out once again, but eh at this point I'm not too bothered by that TBH. Don't care for PS2 emulation or retroarch, and most PS4 exclusives I've already played and the ones I haven't yet I can just snag for cheapo at this point.

 

[godreborn]

Smart move to first snatch the bounty and afterwards release an exploit xD
Would feel kind of scamed in Sonys place.

you're allowed to do that as per the agreement with the bounty system. you have to give sony reasonable time to make a fix, then you can release all you want.

 

[tommasi]

Nice way to clear the shelves from all the PS4s, to release the new system. Don’t bought the scene long time ago. 5.05 Exploit helped clearing all the old models off the stores. Buy the system to play games and enjoy your time. If you can’t afford buying a 1 year old game for $19.99, don’t buy a $399 system.

 

[Robika]

Who will port Catherine Full Body english patch for the vita?¿????¿?¿?¿?¿

 

[Goku1992A]

lol damn the PS4 scene is really dead now. The flow found 5.05 and basically was bought out by Sony I do want to say he sold him self short 10K isn't enough he should have gotten 100K. He helped Sony patch the errors so hence the PS4 is officially dead. Lets just say there is a 7.02 jailbreak since someone can figure out how to use the kernal and the webkit but all you are going to get are games ending from December 2019. All 2020 games and beyond you won't be able to play so you are back to square one. Most PS4's area already above 7.02 so this is going to only benefit very few people.

I'll try to educate some of you guys most of these devs work for free lance so they are kinda non profit. 20K people download thier stuff but maybe (100) being generous donate lets jut say they donate $5 so basically that is $500. That is no money to be breaking your back for this stuff if they sell thier soul to the big guys they can be bought out for maybe $100,000 - $250,000. It is easier for Sony/Nintendo/Microsoft to pay the dev $250,000 than to lose revenue. 250K is a drop in the bucket. We have to blame ourselves for why we cant get cool emulators and future exploits because the end user is just a leech and some devs are being tired or slaving hours and hours just to have leaches talk shit. I'm happy for him I just hate that he sold himself short but it's nice to see Sony recognize the hackers and compensating them for it. This is why most of the times free stuff get shut down either the Devs explain how the hack was done and the big companies patch the exploit or they simply walk away from the complaints. When it is a paid scene the devs are $$$ driven so they want to keep the cash flow going.

Cant be mad a devs trying to make $$$ if I was a dev and was talented like that I would try to make $$$ too. Fortune 500 companies dont work for free and grocery stores doesnt give away free food so why would hacking and exploits be any different. Very few work for free but nowadays most want to get paid and I don't blame them.

 

[nitrostemp]

Did you mean "unlucky"? The full chain exploit is only available up to 6.72 so unless a webkit exploit for 7.02 is released, you are out of luck on 7.02.

from my understanding the exploit was patched in 7.50 so i dont know what you are getting so bitchy about.

 

[JustMeDaFaq]

from my understanding the exploit was patched in 7.50 so i dont know what you are getting so bitchy about.

The kernel one, yeah. The kernel still needs an entrypoint tho, which only works up to 6.72, no entrypoint for 7.02 exist.

 

[leon315]

sorry for ignorance:

what can this exploit do for an ordinary user like us?

 

[JustMeDaFaq]

sorry for ignorance:

what can this exploit do for an ordinary user like us?

Combined with an proper entry point, everything. Piracy for example Just like with 5.05 but on 6.72 (currently since for 7.02 there isnt any entry point yet)

 

[chrisrlink]

just remember we had someone worse than theflow at least theflow had his hand in reporting the vuln he technicly earned it the other guy just stole exploits and sold em to hackerone (mainly nintendo)

 

[leon315]

Combined with an proper entry point, everything. Piracy for example Just like with 5.05 but on 6.72 (currently since for 7.02 there isnt any entry point yet)

IS THAT MEANS someone has to develop/code write it 1st in order to make everything possible?