PS4 PS4 Firmware 9.00 Jailbreak Update (Released)

"In this project you will find an implementation that tries to make use of a filesystem bug for the Playstation 4 on firmware 9.00. The bug was found while diffing the 9.00 and 9.03 kernels. It will require a drive with a modified exfat filesystem. Successfully triggering it will allow you to run arbitrary code as kernel, to allow jailbreaking and kernel-level modifications to the system. will launch the usual payload launcher (on port 9020). - via project's official readme"

PS4 Firmware 9.00 Jailbreak Released
(awesome work by chendochap & @Znullptr)
https://twitter.com/i/status/1470225946007556097​

​

9.00 Jailbreak Update
​

About (Original ReadMe Trusted Video Creators

• 
  
  Readme below via (also see link for most upto date):
  https://github.com/ChendoChap/pOOBs4​

  ---

  .PS4 9.00 Kernel Exploit
  
  Summary
  
  • In this project you will find an implementation that tries to make use of a filesystem bug for the Playstation 4 on firmware 9.00. The bug was found while diffing the 9.00 and 9.03 kernels. It will require a drive with a modified exfat filesystem. Successfully triggering it will allow you to run arbitrary code as kernel, to allow jailbreaking and kernel-level modifications to the system. will launch the usual payload launcher (on port 9020).
  
  Patches Included
  
  The following patches are applied to the kernel:
  
  1. Allow RWX (read-write-execute) memory mapping (mmap / mprotect)
  2. Syscall instruction allowed anywhere
  3. Dynamic Resolving (sys_dynlib_dlsym) allowed from any process
  4. Custom system call #11 (kexec()) to execute arbitrary code in kernel mode
  5. Allow unprivileged users to call setuid(0) successfully. Works as a status check, doubles as a privilege escalation.
  6. (sys_dynlib_load_prx) patch
  7. Disable delayed panics from sysVeri
  
  Short how-to
  
  • This exploit is unlike previous ones where they were based purely in software. Triggering the vulnerability requires plugging in a specially formatted USB device at just the right time. In the repository you'll find a .img file. You can write this .img to a USB using something like Win32DiskImager.
  Note: This will wipe the USB drive, ensure you select the correct drive and that you're OK with that before doing this
  
  
  
  When running the exploit on the PS4, wait until it reaches an alert with "Insert USB now. do not close the dialog until notification pops, remove usb after closing it.". As the dialog states, insert the USB, and wait until the "disk format not supported" notification appears, then close out of the alert with "OK".
  
  It may take a minute for the exploit to run, and the spinning animation on the page might freeze - this is fine, let it continue until an error shows or it succeeds and displays "Awaiting payload".
  
  Notes
  
  • You need to insert the USB when the alert pops up, then let it sit there for a bit until the ps4 storage notifications shows up.
  • Unplug the USB before a (re)boot cycle or you'll risk corrupting the kernel heap at boot.
  • The browser might tempt you into closing the page prematurely, don't.
  • The loading circle might freeze while the webkit exploit is triggering, this means nothing.
  • This bug works on certain PS5 firmwares, however there's no known strategy for exploiting it at the moment. Using this bug against the PS5 blind wouldn't be advised.
  
  Contributors
  
  • laureeeeeee
  • Specter
  • Znullptr
  
  Special Thanks
  
  • Andy Nguyen
  • sleirsgoevy - 9.00 Webkit exploit
• 
  Tutorial
  
  
  About the Jailbreak
  

Thread edited by Admin (added info)​

 

Wow, impressive. Do we have a timeframe on it? And where does it leave those still on 8.03 or lower?

 

Wow, impressive. Do we have a timeframe on it? And where does it leave those still on 8.03 or lower?

From what im reading people are implementing this exploit into there hosts right now And anyone on a lower firmware i would assume the vulnerability is present or you may need to update, i dont know yet.

 

it also looks like a usb is involved, https://github.com/ChendoChap/pOOBs4

 

Oh damn, and I'm stuck on 8.03 (ODD's fuse blow). I hope backport is possible.
Anyway. Awesome news!

 

Once this is run - is there a MultiMan type of application we can use?

 

AFAIK no. You must build fake packages from decrypted digital/disc packages and install them. It is so painful that it is total waste of time.

There is official loader called OMSK for KIOSK editions, but it is not hacked yet. Or at least I never read anywhere how to recreate their database.

 

@Death_Dealer thanks for posting!

 

Saaaweeettt! Got my ole trusty ps4 sitting collecting dust on 8.52 at home right now. Gonna try this out tonight

 

It's working but u need to be careful enough. Never leave the USB attached while rebooting. This can corrupt ur ps4 kernel.

 

People on 8.03-9.00 can confirm if it is working for them also. I mean 8.0x-8.52

 

Yes this method does work

 

People on 8.03-9.00 can confirm if it is working for them also. I mean 8.0x-8.52

I would think that since its listed as a 9.00 jb, that is the firmware you will need to be on. i updated from 8.03 to 9.00 to do this myself. And to whoever edited the post, great job thats not my thing

 

With all the videos dropping today covering the 9.00 JB, I'm really surprised there's next to no mention of it around here. What's the story with it? Is there some problem/question about it that maybe means it shouldn't be talked about too much just yet? I'm quite eager to JB my PS4 but not until I've seen more about it than random YT videos. Has anyone tried it yet? What can/can't it do?

 

With all the videos dropping today covering the 9.00 JB, I'm really surprised there's next to no mention of it around here. What's the story with it? Is there some problem/question about it that maybe means it shouldn't be talked about too much just yet? I'm quite eager to JB my PS4 but not until I've seen more about it than random YT videos. Has anyone tried it yet? What can/can't it do?

It's working quite solid for me so far. I was always on a higher fw on mine so I was unable to use the older exploits, but this has gone thru without a hitch, minus my main desktop being an asshole when I was trying to setup the USB. I did it on my laptop though without a hitch. Exploit worked on the first try, it just had to re-load the page one time then I was presented with the insert USB message. Games seem to boot fine so far (i've only tried one). Stoked!

 

Also this site is updated with the payload so no need use the PC for that portion.

Link: http://leeful.42web.io/9v1

 

Nice! I still think I'm going to give it a few days at least to kinda "settle" and see what else comes on the heels of this to maybe make it even simpler to exploit. Fortunately I haven't updated my PS4 for several months and had decided not to again until a JB came... didn't expect it quite so soon! I'm lucky enough also to have scored a PS5 when Sony offered them direct to customers, and I haven't updated it at all since I got it. Wow can you imagine if we get BOTH a PS4 AND PS5 JB on relatively recent FWs within a few months of each other, or less even?? Seriously crazy to think.

So, I've never done Hen before, I have some JBd PS3s but they're all on CFW. I don't know anything about Hen, what it can do, can't do, etc. I guess I've got some surfing & reading to do...

 

Nice! I still think I'm going to give it a few days at least to kinda "settle" and see what else comes on the heels of this to maybe make it even simpler to exploit. Fortunately I haven't updated my PS4 for several months and had decided not to again until a JB came... didn't expect it quite so soon! I'm lucky enough also to have scored a PS5 when Sony offered them direct to customers, and I haven't updated it at all since I got it. Wow can you imagine if we get BOTH a PS4 AND PS5 JB on relatively recent FWs within a few months of each other, or less even?? Seriously crazy to think.

So, I've never done Hen before, I have some JBd PS3s but they're all on CFW. I don't know anything about Hen, what it can do, can't do, etc. I guess I've got some surfing & reading to do...

Think of it like a temporary CFW, that needs to be re-exploited if you restart the system or completely power it off, and you have to use the USB everytime apparently (at least so far, also make sure to unplug it once it's exploited like mentioned above), you can't load iso's but you can install pkg's. I'm still settling into this as well. I've been using CFW for many years on different ps3's but this hen stuff is pretty new to me, even though i've been aware of it.

 

Oh! Wow it's not persistent... oh man that'll drive me nuts. I'm going to just hold off for a proper CFW then. I'm in no hurry... will be watching this with great interest!

 

Oh! Wow it's not persistent... oh man that'll drive me nuts. I'm going to just hold off for a proper CFW then. I'm in no hurry... will be watching this with great interest!

You may be waiting forever my friend. If we're this far in the lifecycle of the ps4 and still haven't seen one cfw for it, this is probably as close as you're going to get... Hope i'm wrong, but i'm pretty sure we would of seen it by now if the ps4 was that hackable. Also from my understanding, you don't have to re-run the exploit if you keep it in rest mode. It's only when the ps4 does a full on/off power cycle.