PS4 (Update) A New PS4 Kernel Exploit (7.02) Released by TheFl0w (PS4 6.72 Jailbreak next canidate)

The PlayStation 4 Hacking/Homebrew Scene has been a unique journey in comparison to other PlayStation platforms even those in the firmware era (psp/vita/ps3). The PS4 itself has been a bit unique, while development has always been there it has came at a slower pace and for a limited audience on back dated firmware releases. We have seen several exploited firmware on the PlayStation 4 (PS4) we started the show off with 1.76 and then through a few exploits we eventually climbed the ladder and moved onto 5.05 firmware and currently that has been the latest firmware exploited when the console has aged to 7.5x era . So a new exploit is in the desire list for many.

Recently (back in March) well known developer theflow0 most notably for his work recently in the PS Vita scene. His works included various exploits and also some great homebrew projects like VitaShell. So when the developer decided to turned his attention to the PS4 (see our coverage here) and announced that he had a 6.20 kernel exploit and advised the public not to update your PS4 console's firmware past 6.20, it excited many, At the time many would have updated already (v7.x), its did become a much bigger window then the current 5.05 and upgrades existing exploited console's with a new exploit. So this was eager news for many waiting patiently and sadly also fuel for the twitter trolls out there in social media land.

Then, several weeks ago you may of heard of a new bug bounty program for PlayStation (via https://hackerone.com/playstation). When this program was announced just recently there was alot of opinions shared and various disagreements in ideology arose and that became the focus of arguments it seemed. Following some of those disputes hacker thefl0w went to twitter on June 25 with the following:

"PS4 scene, you're starting such a drama over nothing. I was actually planning to disclose something in a few weeks/months (which I will still do...) and after that, I'd like to announce my retirement, even if I was never part of that toxic and entitled "scene".

Then today thefl0w and hackerone.com (via PlayStation Bug Bounty) announced the ps4/vita hacker has claimed a $10,000 bounty for a kernel exploit on the PS4 for firmware 7.02 (patched in 7.50) (however for 7.02 support there will need to be a webkit exploit found and released to the public, but there is one released in the public that support 6.72.) Here is what theflow0 has to say about the exploit released on July 6:​

via twitter (July 6)

Here you are, https://hackerone.com/reports/826026, PS4 kernel exploit for FW 7.02 and below. Vulnerability discovered on 2019-06-09. This must be chained together with a WebKit exploit, for example https://github.com/Fire30/bad_hoist for FW 6.50.​

July 6

Apologies, the WebKit exploit works upto FW 6.72.​

Future

• 
  
  So, what does this mean?
  We will be moving on from 5.05 in the future as the pieces are put together by the community. with 6.72 more then likely being the focus since we have a public webkit already and the wait will be for a 7.02 webkit exploit to be found and released to the public as that is needed for entry point to use the kernel exploit..
  
  thefl0w entry in the PS4 scene appears to be a brief but explosive one as the developer has also decided to call his short PS4 tenure quits confirming what he said on June 25 as those feelings seemed to stemmed from various disagreements and attitude's he did not like (more details can be found on his twitter)
  
  To summarize, A developer got $10,000 for releasing his Exploit, an exploit that many are going to get to use and upgrades from 5.05 It does look like that bounty program is not the end of the world after all as some were suggesting,
  
  Stay Tuned as this is sure to mature over the next several days/weeks,
  Do not update past 6.72 and if on 5.05 currently stay until been properly prepared for public consumption. ​
  
  

  ---

  .Exploit Disclosure @: hackerone.com​
  
  
  Source: twitter.com/theflow0​

Updates: ​

6.72 (Jailbreak) Progress Development Opinion's on Exploit disclosure Slide 3

• 
  Update (July 17) : Another group released rushed a 6.72 jailbreak and is out in the wild. It's very unstable and prone to errors and looks to be untested. Advised to wait for SpecterDev's work or a better version of the current work currently released
  
  
  Currently @SpecterDev is trying to bring the PoC from TheFlow to a usable jailbreak on 6.72.
  Exploring a new PS4/FreeBSD kernel bug
  
  • Day 1 - https://www.twitch.tv/videos/671973876
  • Day 2 - https://www.twitch.tv/videos/672962246
  • Day 3 - https://www.twitch.tv/videos/673989781
  • Day 4 - https://www.twitch.tv/videos/674953490
  
  Developer @_AlAzif has updated payload for 6.72 (for when its ready)
  

  Majority of old payloads are ported for 6.72 along with Mira already being ported to 6.72 this should cover most use cases besides Linux. So when the exploit is implemented there should be no down time: https://github.com/Scene-Collective/ps4-payload-repo/releases/tag/1.0.2

  
  
  

  6.72 support has been upstreamed: https://github.com/OpenOrbis/mira-project/runs/861230386 Elf and Loader available

• '
  
  PS3 developer @bguerville (of PS3Xploit) on the exploit released by TheFlow (via psx-place)​

  Also afaik the C code provided by theflow is a poc that triggers the kernel UAF, not a kernel payload loader so that's not the end of the story for a ps4 public release.
  
  Once both webkit & kernel exploits are chained & the kernel UAF triggered, you still need to implement some krop to take control of execution & execute a payload & restore system execution.

•  

 

Merged Threads..

 

I think the employee thing is the reason there's virtually no bannings on the vita. the thing was such a flop that paying people to monitor those on cfw would be too costly and not worth it. considering how unplayable the system is in its normal state, I'd imagine more people have hacked the vita than most other systems (percentage wise).

 

Yeah I'm pretty much a console hoarder I usually only get rid of one if I can play every game I want on it on the next console that's backwards compatible. But Vita, I sold it in it's prime and never wanted another one. It had great graphics but the games were disappointing. Sony half assed it, 3rd party support sucked it was just pathetic. Only failure Sony's ever had IMO.

 

I remember @atreyu187 telling me that sony forced devs to pay a separate licensing fee for the pstv, which is the reason for the whitelist. most wouldn't due to how poorly the vita was selling (at one point 10 to 1 in Japan compared with the 3ds). the pstv was discontinued after only one year. they're worth a lot now that you can hack the hell out of it. I bought mine for around $20 I think, and now they go for around $150.

 

Thank you theflow0, i have been waiting for a long time, for this..

 

i am looking for downgrade lol

TheFlow0 is great Dev at the end of the day, i personally think that he wanted to make profits of his efforts and at the same time he wants to help other people and the commnity or ps4 scene..

Sony managed to make a civil war at ps4 scene and promoting its Bounty system through TheFlow0 to stir up Devs relationships and use thier greed or need for money. and who refuse the money?lol unless a Dev that not bond to money and only fame that he desire it will be hard to controll him using money or bounties ( sony made the system with medals considering that Devs like to be famed but its really cheap No audiance are there or people to cheer him up for his achievments lol) if i was him i will hit 2 bird with a stone, if possible to report and leak it as if other Dev found it lmao or sell an exploit and save the other for the scene.

 

actually, oct0 made forty grand with a ps4 exploit as well (even bigger than this one).

 

btw, the most you can make is fifty grand. I learned about the oct0 think from kiiwii.

 

havent touched my PS4 and unfortunately its on 7.02. I guess ill stick on that firmware for a while.

 

havent touched my PS4 and unfortunately its on 7.02. I guess ill stick on that firmware for a while.

I was thinking about making a tutorial on getting saves to work for newcomers, but it would be a mirror image (just about) of kiiwii's guide, which is how I got mine to work. a full tutorial probably isn't needed, since it's like three steps when you're building the pkg. it might work with a pkg building tutorial. I have that memorized since I've done it so many times.

 

I knew I had heard of that from somewhere but couldn't remember where.

What's funny is you know Nintendo's going to be paying that bounty, all of their systems get hacked lol.

They can't make the money too much I guess, some employee could leak the info to a friend and take the cash ha.

afaik, the switch has very good security according to hackers, but nvidia f'd up allowing exploits to work, so it wasn't nintendo's fault, at least not directly. with that being said, this exploit was found so long ago that you have to ask yourself, is sony's security really better than nintendo's or are devs in those scenes just more inclined to sit on their work?

 

Time to dust off my ps4 I'm still on 6.02.

 

I have a PlayStation 4 Pro with 6.0.0 firmware. I can hack this PlayStation 4

 

I thank all the developers

 

does anyone know what firmware final fantasy vii remake requires? I was going to get it, but not if it's like 7.50. the latest update may be. I couldn't find it on orbis modding or the other pkg finder site. it's unlisted. it will tell you if it requires over 5.05, but the game itself is not present (possibly due to not being exploitable at present).

 

btw, @staff , orbis modding only contains actual patches (no base games) and they're not fake signed, so they won't work without a license in case anyone is wondering. it's a good place to know what the latest update is and which firmware it works with.

 

https://www.psx-place.com/threads/pinkys-ps4-tutorials.11148/

 

does anyone know what firmware final fantasy vii remake requires? I was going to get it, but not if it's like 7.50

confirmed 7.02, I owned it and finished playing it 100% plat.

afaik, just a days after the ff7r was published, 7.50 firmware suddenly became available for download.

 

Anything released before early October 2019 should work on 6.72 (which we have webkit for). Anything released before mid April 2020 should work on 7.02 (if we ever get webkit).

 

TheFl0w is a truly Legend

btw i hope i can get a PS4 Pro with 6.72 or lower frimware in markets