The PlayStation 4 (PS4) firmware of choice for the hacking community has been firmware v1.76, as developer's have taken advantage of that webkit exploit in the firmware and have been able to achieve various things, most notable being able to install Linux on your PS4 with the ability to run apps like the Steam App with graphic acceleration for example However things could change for the PS4 as the recent HENkaku exploit for the PS Vita / PSTV has been ported to the PS4 's 3.55 Firmware by developer Fire30.
So this means a new webkit exploit is now in the wild for the PS4 and provides us code execution in 3.55, The webkit exploit for 3.55 would still need some additional work and exploitation before things would shake out like it is in the current 1.76 firmware on the PS4 with regards to things like Linux Support. However, this HENkaku exploit could bring some intriguing things to 3.55 firmware and being a current firmware will sure be avaiable to much more people then the advancements we seen in v1.76. So, stay tuned to your leader in PlayStation Hacking Coverage the one and only PSX-Place, as this story will is sure to develop and evolve over the next several days / weeks / months..
PS4 3.55 Code Execution
This repo contains a PoC for getting code execution on ps4's with firmware version 3.55 It uses the same webkit vulnerability as the henkaku project. So far there is basic ROP working and returning to normal execution is included. Next steps will be to map a jit page sucessfully and getting actual shellcode executed.
UsageYou need to edit the dns.conf to point to the ip address of your machine, and modify your consoles dns settings to point to it as well.
- python fakedns.py -c dns.conf
Debug output will come from this process.
- python server.py
Navigate to the User's Guide page on the PS4 and information about the exploit and all loaded modules should be printed out. This is an example of what running it will look like: https://gist.github.com/Fire30/2e0ea2d73d3a1f6f95d80aea77b75df8
There are a few notes:
- The exploit is not 100% reliable currently. It is more like 80% which is good enough for our purposes. So if it does not work on first try, try a few more times. Also doing to much allocating after the sort() is called can make it more unstable.
- The process will crash after the rop is done executing.
- xyz - Much of the code is based off of his code used for the henkaku project
- Anonymous contributor - WebKit vulnerability PoC
- CTurt - I basically copied his JuSt-ROP idea
PS4 HENkaku Ported to PlayStation 4 (PS4) - 3.55 Firmware Code Execution POC by Fire30
By STLcardsWS on Aug 6, 2016 at 6:34 PM
qwertyoruiop now shows [unreleased] kernel exploit for 5.00 PS4 FWPS4 hacker qwertyoruiop has been making light work of the PS4 on firmware 5.00, first he showed a webkit exploit running when he tweeted the screenshot via his twitter feed over the weekend, at the time the hacker was also suggesting he had found several bugs to gain a kernel exploit. Yesterday a simple tweet was made by Qwertyoruiop "ps4 kernel code exec on 5.00 achieved at last!" followed by the screenshot posted today as seen below of the kernel exploit being loaded in the PS4 web-browser. Now this is good news, but i must give a warning about getting too excited as the dev has not released previous exploits. Its remains a mystery to when a PS4 exploit may be released to the public, but we do know there is alot of development going on with the PS4 by some talented guys and at some point will be very beneficial to many. A current exploit is so close but also so far away but nonetheless this progress is exciting to see.Continue reading
SwitchView UI [by VitaHEX Games) - Switch inspired interface (app) for launching HomebrewAs mentioned a few days ago in PSX-Place's The FEED, VitaHEX Games has a new homebrew for exploited PSTV / VITA that is influenced by the popular Nintendo Switch. SwitchView UI is a homebrew app that allows you to launch HOMEBREW from a Switch like interface as seen in the provided screenshots. This app (powered by Lua Player Plus (lpp)) will only show homebrew (games/apps) stored in "ux0". Perhaps the LiveArea is not your favorite area to launch homebrew then here an option for you, check it out and give the developer some feedback or even idea's on future projectsContinue reading
MicroCHIP (CHIP-8/SCHIP-8 emulator) by RinnegatamanteFamed Vita developer Rinnegatamante has released yet project for your PS Vita (& PSTV) that will inject some classic emulation into your HENkaku exploited devices. MicroCHIP is an emulator for the classic CHIP-8 / SUPERCHIP -8. This emulator is powered by Lua Plus Player (Vita) and provides various features for your Retro ExperienceContinue reading
Share This Page
- 4.81 cfw
- henkaku homebrew
- homebrew game
- playstation 2
- playstation 2 emulator
- playstation 2 resources
- playstation portable
- playstation portable cfw
- playstation portable emulator
- playstation portable resources
- playstation tv
- ps tv
- ps vita
- ps2 emulator
- ps2 resources
- ps3 cfw
- ps3 homebrew
- psp cfw
- psp emulator
- psp resources
- pstv homebrew
- vita homebrew
- vita tv
- webman mod
- xmb mod
- User Record:
- Latest Member:
- adfand hihi