PS4 4.01 Linux Installation / Ksploit Demo at GeekPwn 2016

Discussion in 'General PS4 Discussion.' started by atreyu187, Oct 24, 2016.

By atreyu187 on Oct 24, 2016 at 1:43 PM
  1. 3,949
    1,488
    123
    atreyu187

    atreyu187 PSTV Fanboy Extraordinaire Moderator Developer

    Joined:
    Sep 29, 2014
    Messages:
    3,949
    Likes Received:
    1,488
    Trophy Points:
    123
    Gender:
    Male
    Occupation:
    Lead Veterinary Tech
    Location:
    East Coast USA
    Well I don't know how true this is but even @Joonie from the Rebug Team Tweeted seems to think this is legit. The "hackers" Chaitin Tech seem to be funded commercially. The event is legit and has been known to showcase hacks before. So this holds some water as even infamous PS3 hacker geohot (not affiliated with the group) who we all recall helped bringing Linux back to the PS3 was at the event on stage while the team demonstrated the hack!! (See included pic). They haven't stated when or if they will release anything at this point but we will have to wait and see I guess.




    • GeekPwn 2016 Carnival Shanghai Station
      Pavilion Security Research Laboratory Presents:


      PlayStation®4 / 4.01 KSploit - Successfully running Linux
      **NOTE**
      To those of you who want to see PS4 KSploit in action right away skip to 2:00

    • The Team with geohot at the event!!
      ps4geohot.png ps41.png ps42.png

      Note: Geohot from reports was attending the same event for unrelated business and is not affiliated with this team , simply crossing paths attending the same event, ,



     
    Last edited by a moderator: Oct 24, 2016
    T.A.U, smikk, STLcardsWS and 2 others like this.

Comments

Discussion in 'General PS4 Discussion.' started by atreyu187, Oct 24, 2016.

    1. STLcardsWS
      STLcardsWS
      Commercially funded. Imo has different goals and intentions then most hobbies devs. So that throws a bit of a curveball imo at least (to my theory in the other thread)
      Last edited: Oct 24, 2016
      bitsbubba likes this.
    2. bitsbubba
      bitsbubba
      Commercially funded tells me that either DRM device is on the way or possibly a pay site for a webkit exploit?
      Last edited: Oct 24, 2016
      STLcardsWS likes this.
    3. STLcardsWS
      STLcardsWS
      Could be, but could be just for exposure and marketing purposes as well to promote a company. If capable of course, could be an cheap effective advertising thing for some tech companies. You see some of the hackers over the years that land some jobs due to scene related things, a company doing it to get attention is not an out of the box thought.. So you can't rule out marketing purposes. but you could be right as well. but all in all its just theory at the moment if its commercially backed and if this legit. We knew who fail0verflow was ..

      @atreyu187 also Sony can't patch what has not been released, because these guys show a video (which i still have not watched yet (data on mobile)) does not mean it can be patched. So even if was real and new hardware came. Then released then Sony would not be able to re-act until after. So not even a release (which my article states ;) ) .. Demonstration and Release are very different things, but hey at least we have a chance for some REAL ps4 news :) . While i have not been impressed with Linux yet, bringing it upto date would appeal to more developer's as the userbase would no doubt grow.
      Last edited: Oct 24, 2016
    4. bguerville
      bguerville
      Am not that worried about CTurt working for FreeBSD who already employed decent staff before him!

      Honestly when I see the CVE list & the number of identified exploits available both on webkit & BSD kernel, I think there are so many vulnerabilities including more yet unknown ones that patching them all & making the type of hack obsolete seems unlikely for a long time & recreating a now well documented henkaku type hack for PS4 should not take years.

      As to Linux on PS4, it would make a huge difference if it ran with as decent a performance as the system is capable of.
    5. atreyu187
      atreyu187
      Failoverflow did say that the system is ridden with potential exploits the video what makes me question everything right now is the kernel exploit we have for 1.76 requires external dongles I did not see any in this PlayStation 4 at all but to see George hotz on stage with these guys during the demonstration made me think differently about the whole situation but it could all be for marketing and promotion. I know he personally still cannot touch a Sony device due to the deal that was struck to drop the lawsuit. I doubt they will Implement DRM but then again people that have have gotten a script as well
    6. STLcardsWS
      STLcardsWS
      Moved the post from the other thread here @atreyu187 and also formatted it a bit and added to front page. Nice work and thanks
      atreyu187 likes this.
    7. DeViL303
      DeViL303
      Sounds good, and only announced after the PSVR release too, Nice! hopefully they release "something" after the PS4 pro release.

      To be honest if some devs have got together and put in a load of time and found an exploit that allows unsigned code, and made something of it then it is up to them what they do with it IMO, it would be nice if they released it for free of course like henkaku, but if they want to keep it private for themselves thats ok with me, or they want to use it to promote themselves to look for a job then I think that's ok too, or even if they want to find a way to get a reward out of it then fair play (or maybe it was just a job and they got paid to create it in the first place). I for one, would pay for a method to run unsigned code on my up to date PS4. Plus (if it is real) it will most likely get explained, reverse engineered or the code leaked at some stage, so if you don't want to pay you can just wait, exploiting 4.01 can only be good for the PS4 scene in the long run, whatever the motivations short term?
      atreyu187 likes this.
    8. DeViL303
      DeViL303
      I wonder are Sony already on this? PS4 FW 4.05 just released = "improves the quality of the system performance".

      Probably not as this hack hasn't been released but maybe Sony know something we don't..I wouldn't be surprised if they remove the browser altogether the way all these web exploits keep popping up.
    9. Berion
      Berion
      Good. I download 4.01 right after see presentation. Exactly on such case and intuition not failed me again. ;D

      Code:
      CRC32: 55FD5D0C
      MD5: 8B4EF90DC5994BA89028558030E31180
      SHA-1: 143B00EF2BCBDA767A4203A2E17AD0E37C94B03E
      SHA3-512: 2FE734DA79721D40BE486A6F7DFF6A46475595FDAAB1D5A707B932246EDDF47EC5E9ACAB5F4F7F9ADC393C384E56F8D7C6C218CF614855636A67B91DEA347B1B
      
      pinky and atreyu187 like this.
    10. Joonie
      Joonie
      I think they reported the bug before the presentation unless Sony was so desperate which I have no doubt about.

      According to the rule of the event, they were supposed to report the bug they used to Sony

      https://twitter.com/chaitintech/status/790949072429428737

      At this point, I wish they release what they used at least for an educational purpose.


      Sent from my iPhone using Tapatalk
    11. DeViL303
      DeViL303
      what gives me a little hope is that they said "will be reported to @Sony" , and that is October 25th they said that, and the update 4.05 also came out on October 25th,

      So that leaves a few options (maybe there are more?):

      - Either this patch is not related and its a coincidence.
      - They had already told Sony about it before they demonstrated it.
      - Sony was very very quick to patch/test/deploy a fix, surely they would require a day or 2 of testing of a new FW update?
    12. DeViL303
      DeViL303
      Its possible this is not patched in 4.05. This article on wololo links to This FreeBSD bug (Submitted by: Kun Yang <kun.yang chaitin.com>)
      that was written at 10.18 AM on the 25th October, (not sure of timezone), Im not sure if that is long enough for them to have patched it, unless they had prior notice, but if they did then why not release the fix before the geekpwn event?

      Or maybe the way they are set up now they can patch and release a new pup in hours..
      Last edited: Oct 25, 2016
    13. pinky
      pinky
      I did as well. I'm on 3.55 atm.

      @atreyu187 told me that sony has blocked the exploit with 4.05 since the hackers had to tell sony how the exploit worked prior to entering the hacking contest. I would've thought he would've made a post about that, but maybe he's too busy?
      Berion likes this.
    14. DeViL303
      DeViL303
      Ive read their tweets about that, see above.
      pinky likes this.
    15. pinky
      pinky
      oh, my bad. I just read that one comment.
    16. STLcardsWS
      STLcardsWS
      Kind of had a feeling it would turn out something like this, Geohot knowing they reporting it may feel a bit more at ease to pose for some pics, then a geohot that thinks its a scene release. Per his settlement agreements..

      Good marketing and it may of been a stunt to have geohot there. Anyone know exactly why he was there?
    17. pinky
      pinky
      he was there to promote his driverless car company. I read that somewhere.
      STLcardsWS likes this.
    18. STLcardsWS
      STLcardsWS
      I
      was close with my assessment @bitsbubba

      This feat will get them a little business out of it. Best advertisement investment that company will make.
    19. pinky

Share This Page