1
0
mirror of https://github.com/ChendoChap/pOOBs4 synced 2024-12-21 21:48:48 -05:00
Go to file
2021-12-13 03:47:24 +01:00
exfathax.img 9.00 Kernel Exploit 2021-12-13 03:47:24 +01:00
index.html 9.00 Kernel Exploit 2021-12-13 03:47:24 +01:00
int64.js 9.00 Kernel Exploit 2021-12-13 03:47:24 +01:00
kexploit.js 9.00 Kernel Exploit 2021-12-13 03:47:24 +01:00
README.md 9.00 Kernel Exploit 2021-12-13 03:47:24 +01:00
rop.js 9.00 Kernel Exploit 2021-12-13 03:47:24 +01:00
webkit.js 9.00 Kernel Exploit 2021-12-13 03:47:24 +01:00

PS4 9.00 Kernel Exploit


Summary

In this project you will find an implementation that tries to make use of a filesystem bug for the Playstation 4 on firmware 9.00. The bug was found while diffing the 9.00 and 9.03 kernels. It will require a drive with a modified exfat filesystem. Successfully triggering it will allow you to run arbitrary code as kernel, to allow jailbreaking and kernel-level modifications to the system. will launch the usual payload launcher (on port 9020).

Patches Included

The following patches are applied to the kernel:

  1. Allow RWX (read-write-execute) memory mapping (mmap / mprotect)
  2. Syscall instruction allowed anywhere
  3. Dynamic Resolving (sys_dynlib_dlsym) allowed from any process
  4. Custom system call #11 (kexec()) to execute arbitrary code in kernel mode
  5. Allow unprivileged users to call setuid(0) successfully. Works as a status check, doubles as a privilege escalation.
  6. (sys_dynlib_load_prx) patch
  7. Disable delayed panics from sysVeri

Notes

  • You need to insert the USB when the alert pops up, then let it sit there for a bit until the ps4 storage notifications shows up.
  • Unplug the USB before a (re)boot cycle or you'll risk corrupting the kernel heap at boot.
  • The browser might tempt you into closing the page prematurely, don't.
  • The loading circle might freeze while the webkit exploit is triggering, this means nothing.

Contributors

Special Thanks