PS4 PlayStation 4 (PS4) Jailbreak? Cturt confirms possibility

[New Update below] - Dec 13: In the PlayStation 4 hacking scene there has been some developments over the past weeks. Recently cturt announced a Kernel Exploit in the PS4 firmware, this kernel exploit is actually patched in latest firmwares and will only run up to Ps4 firmware v1.76. However this kernel exploit, while patched in later firmware's is still a huge discovery and will prove to be very useful for the PS4 community. As developers will now have a closer look at the security and workings on the firmware with an angle they previously never had access to. Which has already produced some progress on a rumored PS4 Jailbreak [break]ss[/break] from valid sources in PS4 hacker Cturt & Others ( but beware there are many FAKE ps4 jailbreaks out there connected to alot of scams to land a quick buck or to infect your system with malware and viruses.).

​

Then today Cturt makes the groundbreaking announcement as the developer states "Just broke WebKit process out of a FreeBSD jail (cred->cr_prison = &prison0). Guess you could say the PS4 is now officially "jailbroken" :P" in a recent tweet, followed by another tweet that reads " Can successfully dump RAM from other processes (like SceShellUI) using ptrace! Next step: patching RAM...". While this "jailbreak" is only working upto v1.76 firmware at the moment it does not do many user's much good, but it does give hackers and developer more access to the system that is starting to show its holes in security. One can only hope developers and hackers can produce a jailbreak for later firmwares. These things happen in steps and these steps take some time, but it seems that the PS4 may not be as secure as one may imagine. Does this mean CFW and Homebrew on the PlayStation 4 (PS4)? Time will only tell and hopefully we see some more exciting news on the PS4 front in the coming weeks/months. Best advice for a PS4 owner awaiting, is to exercise patients as this will take some time if it even happens on later firmwares, but that possiablity is stronger today that it was several days ago. So there is progress and that is exciting to see in the PlayStation 4 Community.

---

Recent Tweets from Cturt
​

---

---

UPDATE

---

(Dec 14) Developer Cturt shows off some additional details as he shows the file system (root) and proceeses running that the hacker was able to capture the processes running in RAM. I

  [+] Entered shellcode
  [+] UID: 0, GID: 0
[DIR]: .
[DIR]: ..
[DIR]: adm
[DIR]: app_tmp
[DIR]: data
[DIR]: dev
[DIR]: eap_user
[DIR]: eap_vsh
[DIR]: hdd
[DIR]: host
[DIR]: hostapp
[FILE]: mini-syscore.elf
[DIR]: mnt
[DIR]: preinst
[DIR]: preinst2
[FILE]: safemode.elf
[FILE]: SceBootSplash.elf
[FILE]: SceSysAvControl.elf
[DIR]: system
[DIR]: system_data
[DIR]: system_ex
[DIR]: system_tmp
[DIR]: update
[DIR]: usb
[DIR]: user
  [+] PID 0, name: kernel, thread: mca taskq
  [+] PID 1, name: mini-syscore.elf, thread: SceRegSyncer
  [+] PID 2, name: SceHidAuth, thread: SceHidAuth
  [+] PID 3, name: hidMain, thread: hidMain
  [+] PID 4, name: SceCameraDriverMain, thread: SceCameraDriverM
  [+] PID 5, name: SceCameraSdma, thread: SceCameraSdma
  [+] PID 6, name: hdmiEvent, thread: hdmiEvent
  [+] PID 8, name: xpt_thrd, thread: xpt_thrd
  [+] PID 9, name: iccnvs, thread: iccnvs
  [+] PID 10, name: audit, thread: audit
  [+] PID 11, name: idle, thread: idle: cpu0
  [+] PID 12, name: intr, thread: irq273: xhci2
  [+] PID 13, name: geom, thread: g_notification
  [+] PID 14, name: yarrow, thread: yarrow
  [+] PID 15, name: usb, thread: usbus2
  [+] PID 16, name: md0, thread: md0
  [+] PID 17, name: icc_thermal, thread: icc_thermal
  [+] PID 18, name: sflash, thread: sflash
  [+] PID 19, name: sbram, thread: sbram
  [+] PID 20, name: trsw intr, thread: trsw intr
  [+] PID 21, name: trsw ctrl, thread: trsw ctrl
  [+] PID 22, name: SceBtDriver, thread: SceBtDriver
  [+] PID 23, name: pagedaemon0, thread: pagedaemon0
  [+] PID 24, name: pagedaemon1, thread: pagedaemon1
  [+] PID 25, name: vmdaemon, thread: vmdaemon
  [+] PID 26, name: bufdaemon, thread: bufdaemon
  [+] PID 27, name: syncer, thread: syncer
  [+] PID 28, name: vnlru, thread: vnlru
  [+] PID 29, name: softdepflush, thread: softdepflush
  [+] PID 31, name: SceSysAvControl.elf, thread: SceAvSettingPoll
  [+] PID 33, name: SceSysCore.elf, thread: SysCoreAppmgrWat
  [+] PID 34, name: orbis_audiod.elf, thread: AoutMonitorPid40
  [+] PID 35, name: GnmCompositor.elf, thread: CameraThread
  [+] PID 36, name: SceShellCore, thread: SceMsgMwSendMana
  [+] PID 38, name: SceShellUI, thread: SceWebReceiveQue
  [+] PID 39, name: MonoCompiler.elf, thread: MonoCompiler.elf
  [+] PID 40, name: SceAvCapture, thread: SceAvCaptureIpc
  [+] PID 41, name: SceGameLiveStreamin, thread: SceGlsStrmJobQue
  [+] PID 42, name: ScePartyDaemon, thread: SceMbusEventPoll
  [+] PID 43, name: SceVideoCoreServer, thread: SceVideoCoreServ
  [+] PID 44, name: SceRemotePlay, thread: SceRp-Httpd
  [+] PID 45, name: SceCloudClientDaemo, thread: SceCloudClientDa
  [+] PID 46, name: SceVdecProxy.elf, thread: proxy_ipmi_serve
  [+] PID 47, name: SceVencProxy.elf, thread: SceVencProxyIpmi
  [+] PID 48, name: fs_cleaner.elf, thread: fs_cleaner.elf
  [+] PID 49, name: SceSpkService, thread: SceSpkService
  [+] PID 50, name: WebProcess.self, thread: selectThread
  [+] PID 51, name: orbis-jsc-compiler., thread: SceFastMalloc
  [+] Triggering second kernel payload
  [+] Entered main payload

Stay tuned for all the latest developments regarding this breakthrough on the PS4.
​

---

Source(s): Cturt Twitter / github.com/CTurt / wololo.net
​

 

Nice

10000000000000000char

 

This is awesome! Does anyone know if theres a list of what FW shipped on which models? I checked the PS4 dev wiki but it doesn't have the FW versions listed.

 

This is awesome! Does anyone know if theres a list of what FW shipped on which models? I checked the PS4 dev wiki but it doesn't have the FW versions listed.

The rumor is that the Last of us bundles are shipped with a lower firmware, but i do not know if that information is fact myself.

 

The rumor is that the Last of us bundles are shipped with a lower firmware, but i do not know if that information is fact myself.

That's what I'm trying to figure out, I have an sealed/unopened Arkham Knight bundle from the original run (not sure if the latest are a second run or not) but don't want open it just to check the FW. I'm sure this info will come out eventually.

 

The rumor is that the Last of us bundles are shipped with a lower firmware, but i do not know if that information is fact myself.

I can CONFIRM was of 20min ago that The Last of Us bundle is on 1.76 as I just bought one with my Xmas bonus. Got three more at my local Walmart. Bought it to see and was gonna return if it didn't but this one for sure is. Might buy the rest of them today but I would feel bad profiting from the community. Guess we will see how this goes. From what I understand from a "guy" I know is its patched as the WebKit was patched on 2.00 but there is another WebKit for 2.00 but it isn't nearly as mature and a new vulnerability will need to be found for it to work but 1.76 can break put of the FreeBSD "jail" sandbox.

 

not sure what my slime dq bundle came with, but I bought it used, and I do know it had like 3.00 or a little lower firmware. I still haven't unboxed my battlefront bundle, but that's gotta be above 1.76 since that firmware was eons ago. it's not unlike the wii-u exploit that requires firmware from over a year ago. think it's ios 5.2.

 

Holey shit, they are out of the browser 'sandbox'

 

Yeah and that access can give many many more. All depend on this how many FreeBSD9 is still there. I'm sure there are some unrreaveled 0days exploits that can partially affect also PS4. Just more time is needed.

 

Any body know what firmware the bo3 bundle is on lol?

 

The rumor is that the Last of us bundles are shipped with a lower firmware, but i do not know if that information is fact myself.

TLOU bundle has two types

one with 1115A, and another with 1215A,

Make sure to check the voucher's expiration date and its model number on the box.

I can CONFIRM was of 20min ago that The Last of Us bundle is on 1.76 as I just bought one with my Xmas bonus. Got three more at my local Walmart. Bought it to see and was gonna return if it didn't but this one for sure is. Might buy the rest of them today but I would feel bad profiting from the community. Guess we will see how this goes. From what I understand from a "guy" I know is its patched as the WebKit was patched on 2.00 but there is another WebKit for 2.00 but it isn't nearly as mature and a new vulnerability will need to be found for it to work but 1.76 can break put of the FreeBSD "jail" sandbox.

I assume yours was 1115A and its vourcher's exp date probably early 2017 ?

 

not sure if I'll hack a ps4, because what tends to happen is I become obsessed with the hacks and never game on the machine(s). that's what happened with the ps2, 360, ps3, psp, vita, ds, wii, and the 3ds. I mostly game on the wii-u atm perhaps because there's not a lot to hack atm aside from the virtual wii which I've already done.

 

Yes it's the CUH-1115 model and have not looked at the date on the voucher. Just know they have been sitting there forever. No one buys systems at Walmart here. I get looked at like I am crazy when I buy from there since lamestop is across the street but Walmart always has good Day One extras for the same price if not lower.

 

Any body know what firmware the bo3 bundle is on lol?

I guarantee that's on 2.5+

12xx models are out of luck so far.

Even some 11xx models shipped with 2.04 too it depends on the region though.

Korean TLOU bundle was repacked 1005a with the game disc instead of the voucher. So it was shipped with 1.50-1.6x.


Sent from my iPhone using Tapatalk

 

I guarantee that's on 2.5+

12xx models are out of luck so far.

Even some 11xx models shipped with 2.04 too it depends on the region though.

Korean TLOU bundle was repacked 1005a with the game disc instead of the voucher. So it was shipped with 1.50-1.6x.


Sent from my iPhone using Tapatalk

Well my first one that broke was a TLOU bundle from the same store. Never seen those systems move since then as the bundle is slightly higher then bare bones systems. We still have an amazing PS3 and Vita section as no o one buys from there. But you do have to dig through the stacks of games, about two piles but have good ones if you look.

 

CUH-1100A - PS4 Developer wiki
CUH-1100A - PS4 Developer wiki

Everything that is released before 24 october 2014 should be on 1.76 or lower, but keep in mind is not a rule. 2.00 was released on 24 october which don't mean that Sony are not flashed this fw earlier into stock PS4's (or later, we can check if we get info on which firmware 20 aniversary model was).

2.000.000 - PS4 Developer wiki

 

Will downgrading with a flasher be possible eventually? Or did Sony kill that after the ps3?

 

Will downgrading with a flasher be possible eventually? Or did Sony kill that after the ps3?

Actually downgrading is already killed (well to be fair it wasn't possible from the beginning, it wasn't killed) on PS3, we can do it only becase we are using an exploit. (Actually we aren't using an exploit, just keys obtained trough an exploit)

 

CUH-1100A - PS4 Developer wiki
CUH-1100A - PS4 Developer wiki

Everything that is released before 24 october 2014 should be on 1.76 or lower, but keep in mind is not a rule. 2.00 was released on 24 october which don't mean that Sony are not flashed this fw earlier into stock PS4's (or later, we can check if we get info on which firmware 20 aniversary model was).

2.000.000 - PS4 Developer wiki

In case any of you wondered the difference of TLOU bundle packs

1115A [US release] Released in 2014

and its voucher date for TLOU digital version is Jan/2018
*I've seen most of them were 2017, I'm not quite sure if this one would have 1.76

1215A [US release] Released in 2015

and its voucher date for TLOU digital version is Mar/2018

As you can see, the box got smaller for 1215A.

 

Another helpful link, thx to [MENTION=947]darekspy[/MENTION] for remind me that.

Datecode - PS4 Developer wiki