Be glad, PlayStation 4 owners; a new jailbreak is on the way. Developer @theflow0 has now announced the existence of a kernel exploit on PS4 running firmware 7.02 or older. The kernel exploit currently has to be chained with a firmware 6.72 WebKit exploit.
The PlayStation 4 homebrew scene may finally have cause for joy again. Over the past few months, it’s been a series of developments and disappointments over the prospects of the console getting a new, updated jailbreak, but it would appear one is finally back on the cards.
Hours ago, popular developer @theflow0 announced on Twitter the existence of a kernel exploit for the PlayStation 4. He also discovered a vulnerability for firmware version 6.02 a few months ago, but this new one looks to be far more concrete and exists on systems running firmware 7.02 or older. According to @theflow0, the kernel exploit works in tandem with a WebKit exploit, which exists on firmware 6.72 or older.
As it stands, those who are interested in a jailbreak release will have to ensure their systems aren’t on software newer than version 6.72—at least until a newer WebKit exploit is uncovered.
The jailbreak has been reported to work, although we haven’t tested ourselves yet. Early reports say the Jailbreak works as expected, but that you might have to try up to a dozen times for it to start properly.
The Jailbreak ships with Mira, which embeds a homebrew enabler. This release should basically let you do everything you expect from a Jailbroken PS4, from homebrew to, yes, piracy.
This release is exclusively for firmware 6.72. For people who are on 5.05 or lower, for now it is advised to stay on the 5.05 exploit, which is, as of now, more stable.
For people who are on a firmware above 5.0x, but below 6.72, whether you update or not is up to you. In order to launch this exploit you need to be on 6.72, so to do that you’d need to update, but it might be worth waiting a few days until the dust settles. In any case, if you want to update, Zecoxao has shared a link to the 6.72 update here.
This is still a work in progress, and as a reminder SpecterDev is still working on his own implementation of the 6.72 PS4 exploit. Whether he’ll have something more stable, or people will attempt to improve stability of Sleirsgoevy’s version, we’ll have to wait and see.
— Andy Nguyen (@theflow0) July 6, 2020
Due to missing locks in option IPV6_2292PKTOPTIONS of setsockopt , it is possible to race and free the struct ip6_pktopts buffer, while it is being handled by ip6_setpktopt. This structure contains pointers (ip6po_pktinfo) that can be hijacked to obtain arbitrary kernel R/W primitives.
As a consequence, it is easy to have kernel code execution. This vulnerability is reachable from WebKit sandbox and is available in the latest FW, that is 7.02.
Attached is a Proof-Of-Concept that achieves a Local Privilege Escalation on FreeBSD 9 and FreeBSD 12.
- In conjunction with a WebKit exploit, a fully chained remote attack can be achieved.
- It is possible to steal/manipulate user data.
- Dump and run backup games.
- Should you update your PS4 Firmware to 6.72? Most sceners don’t recommend it yet, but if you can’t wait there are plenty of mirrors for it available HERE.
- Should you update your PS4 Firmware to 7.02? No, as there is currently no public Webkit / Userland entry point for the previously released PS4 7.02 Kernel Exploit.
- What if your PS4 is on Firmware above 7.02? All you can do is wait on a Future PS4 Jailbreak Exploit for higher Firmware or Find a Jailbreakable PS4 Console.
Download and use PS4 6.72 jailbreak
You need to be on firmware 6.72 for the exploit to run. If you want to host the PS4 Jailbreak yourself, you can get it from the developer’s gihtub at https://github.com/sleirsgoevy/ps4jb. You will need to host it on a local server, and access the index.html page from your PS4 browser. If you have no idea what I’m talking about, you might be better off pointing your PS4 browser to one of the many hosted versions of the exploit, for example:
Here you are, https://t.co/cdVyvdqGZ6, PS4 kernel exploit for FW 7.02 and below. Vulnerability discovered on 2019-06-09.
This must be chained together with a WebKit exploit, for example https://t.co/1BYe1aFGCe for FW 6.50.
READ THIS CAREFULLY BEFORE PROCEEDING with PS4 Jailbreak
In case you’re dumb: this ONLY works on FW 6.72. If you are on a lower firmware, download a 6.72 retail update file here and update your system. If you are on a higher firmware (e.g. 7.02), your console CAN’T BE HACKED yet.
This exploit consists of two steps: the actual jailbreak (JB) and Mira+HEN (MIRA). To
pirate games run homebrew software, you need to activate JB first, and then MIRA. Not just one of them, not the other way round. First JB then MIRA.
- Click on the link that says JB. In about 20 seconds you’ll get an alert saying “You’re all set!”, followed by “There is not enough free system memory”. This means that everything has gone well.
If something went wrong during the process, you may get an alert saying “Jailbreak failed! Reboot your PS4 and try again.”. In this case you must reboot your PS4, preferrably without closing the dialog box.
If the system hangs for more than a minute (may require more time on slow Internet connections), reboot your PS4 and try again.
If the system crashes (looks like instant powerdown), press the power button on the PS4 (NOT on the gamepad) until it turns on again, then retry.
- After you click OK on “There is not enough free system memory” and the page reloads, click on the link that says MIRA. This will activate Mira+HEN to unlock the “Debug Settings” menu. In about 20 seconds you’ll get an alert saying “You’re all set!”, followed by “There is not enough free system memory”. This means that everything has gone well.
If the system hangs or crashes, see above.
- For advanced users: To load your own payloads using NetCat, run first JB then NETCAT and send the payload to TCP port 9020.
Claims that Mira does not have HEN are false, do not believe them!
This exploit does crash and hang. Sometimes you even have to retry 10 times to get the jailbreak.