mirror of
https://github.com/ChendoChap/pOOBs4
synced 2024-12-21 21:48:48 -05:00
exfathax.img | ||
index.html | ||
int64.js | ||
kexploit.js | ||
README.md | ||
rop.js | ||
webkit.js |
PS4 9.00 Kernel Exploit
Summary
In this project you will find an implementation that tries to make use of a filesystem bug for the Playstation 4 on firmware 9.00. The bug was found while diffing the 9.00 and 9.03 kernels. It will require a drive with a modified exfat filesystem. Successfully triggering it will allow you to run arbitrary code as kernel, to allow jailbreaking and kernel-level modifications to the system. will launch the usual payload launcher (on port 9020).
Patches Included
The following patches are applied to the kernel:
- Allow RWX (read-write-execute) memory mapping (mmap / mprotect)
- Syscall instruction allowed anywhere
- Dynamic Resolving (
sys_dynlib_dlsym
) allowed from any process - Custom system call #11 (
kexec()
) to execute arbitrary code in kernel mode - Allow unprivileged users to call
setuid(0)
successfully. Works as a status check, doubles as a privilege escalation. - (
sys_dynlib_load_prx
) patch - Disable delayed panics from sysVeri
Notes
- You need to insert the USB when the alert pops up, then let it sit there for a bit until the ps4 storage notifications shows up.
- Unplug the USB before a (re)boot cycle or you'll risk corrupting the kernel heap at boot.
- The browser might tempt you into closing the page prematurely, don't.
- The loading circle might freeze while the webkit exploit is triggering, this means nothing.