Jump to content
GregoryRasputin

Cturt Confirms An Already Patched PS4 Exploit

Recommended Posts

7 minutes ago, lezek20 said:

you can use the webkit exploit without psn access just redirect the online user manual in the settings to your own server.

do you have the files to run on the server?

Share this post


Link to post
Share on other sites

im running cturt's playground, its available on his github

Share this post


Link to post
Share on other sites
6 hours ago, zapptheman said:

 

 

i still have one with day 1 OFW under my table... never opened it either. from what i read i can't do the webkit exploit tho since it never had psn access right? i would like to give a hand to you guys even if it's for testing but i don't know what i can do right now. 

you can. and i'll say nothing else

Share this post


Link to post
Share on other sites
7 minutes ago, zecoxao said:

you can. and i'll say nothing else

 

so you mean there is a way to activate a ps4 with lower fw than 3.11 ?

Share this post


Link to post
Share on other sites
Just now, zecoxao said:

you can. and i'll say nothing else

 

Just now, eXtreme said:

 

so you mean there is a way to activate a ps4 with lower fw than 3.11 ?

Great. How? My PS4 also never connected to online....

Share this post


Link to post
Share on other sites

Be patient, when the info is ready it will be posted

Share this post


Link to post
Share on other sites

I'm sure sony has activated something that the browser only open with a psn synchronisation because I had another ps4 with 1.76 and never connected it to psn and the browser opened on the console.

 

so we need a way to open the browser because without the webkit entry we can't use that kernel exploit or CTurt will release a new method to use it. I don't know if it's possible on any higher fw atm.

Edited by eXtreme

Share this post


Link to post
Share on other sites

Well, I'm not surprised that it's has been patched. Have we not learned anything from the PS3Scene? Why give out too much information and details publicly? Sony or their employees always keeping an eye on these stuff. Keep it quiet and come out of left field and surprise them when things get done.

 

On 12/7/2015 at 0:15 AM, eXtreme said:

the best you can do is to buy a second ps4 with low fw to use for a possible jb. I have one with the newest fw for online playing and one offline ps4 with fw 1.76

 

but I don't think a final release will be only for that fw because the most people have updated, so only a few people would profit of it.

 

@CTurt great work !

 

Very rare. Before Sony released the new PS4 models there were a lot of older ones and TLOU Bundle. Now that bundle seems to have been replaced and comes with new PS4 models which I don't like due to higher heat.

Edited by 2P Press START!

Share this post


Link to post
Share on other sites

Why do you always assume sony only patches whatever the scene is talking about...? They're not stupid you know, they dont really need the scene to point out the bugs and exploits for them. I bet they have patched a fuckload more exploits than the scene have ever been aware of.

Share this post


Link to post
Share on other sites
3 minutes ago, Lucif3r said:

Why do you always assume sony only patches whatever the scene is talking about...? They're not stupid you know, they dont really need the scene to point out the bugs and exploits for them. I bet they have patched a fuckload more exploits than the scene have ever been aware of.

 

I don't "always" assume that Sony has pas patched or patches whatever the scene is talking about, but in this case it makes sense that they did or know where it might end up/happening if it didn't get patched. They probably not stupid or need the scene to know the bugs, but it is a plus/bonus for them.

Share this post


Link to post
Share on other sites

There is a official Vulner Database dude ^^
Public to use for everyone.

 

https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures


Like sayed if Ronald Mc. Donald User's can tip some letter's into their search engine then why thoes companys like sony should not be able to do this ?

Edited by cfwprophet

Share this post


Link to post
Share on other sites
Quote

[hykem] Yes it's BadIRET. I thought everyone knew that already.
[thexyz] how could everyone know that if it's not posted anywhere
[hykem] Uh: https://twitter.com/hashtag/badiret
[hykem] Check the date
[hykem] Adam 'pi3' Zabrocki ‏@Adam_pi3  Sep 6
[hykem] pi3 was already exploiting that since September
[hykem] He even wrote a blog entry
[CTurt] for Linux, sure
[CTurt] there is no public FreeBSD BadIRET exploit
[hykem] Yes there is
[CTurt] a PoC that crashes kernel
[CTurt] but not an exploit
[CTurt] BadIRET exploit for FreeBSD is easier than Linux though because IDT is rewritable
[hykem] "FreeBSD was fully vulnerable.  See the attachment.  They seem to have
[hykem] fixed it, but I can't find an advisory."
[hykem] http://www.openwall.com/lists/oss-security/2015/07/09/1
[CTurt] yes
[CTurt] a PoC to crash kernel
[CTurt] but not an exploit
[hykem] I'm not trying to diminish your merit in exploiting it, just stating that the exploit was publicly known.
[CTurt] so what?
[CTurt] of course I already knew this
[thexyz] ok so that guy exploited freebsd not ps4
[hykem] PS4 is kernel is based of FreeBSD
[thexyz] that's true
[thexyz] ok so can i have a ps4 kxploit and kdump if it's all public?
[CTurt] no
[hykem] xD
[Al3x_10m] xD lool
[hykem] CTurt: I assume you found the offset then
[xboner] so redbox, if u report a game not working
[xboner] you get a free rental code
[xboner] i've reported every game i rented as not working for a week
[xboner] rofl
[thexyz] gee that's unfortunate
[hykem] People are already throwing hints about SAMU :\
[Al3x_10m] samu?
[hykem] https://twitter.com/Mathieulh/status/674224837783592960
[thexyz] what i get for helping people
[Al3x_10m] wtf is samu?
[Al3x_10m] secure asset management unit?
[hykem] PS4 + AMD APU = Yes
[Al3x_10m] whoah..interesting..
[thexyz] what does it do?
[hykem] Blows up any chance of getting keys
[Al3x_10m] some kind of security validation..
[flatz] heh
[flatz] it happens again lol
[flatz] well, doesn't matter
[flatz] samu is our new spu
[flatz] developed by amd
[SonyUSA] cturt you around?
[CTurt] partially
[SonyUSA] great work to you and everybody :D
[SonyUSA] does the kexploit let you run elfs with full system rights?
[CTurt] well, I analysed the kernel dump and found all the offsets used by the cred structs
[CTurt] and syscall(24) - getuid now returns 0
[CTurt] so now I am "true" root
[CTurt] Sony changed it a bit
[CTurt] there is sceSblACMgrIsSystemUcred for example

Check this out those who didn't see it! 

EDIT: I accidently made it look like a quote sorry for any misunderstandings that may cause.

Edited by B7U3C50SS
i just wanted to let you know about the QUOTE

Share this post


Link to post
Share on other sites
On 8.12.2015 at 0:54 PM, lezek20 said:

im running cturt's playground, its available on his github

I'm too now but the filebrowser is empty, same on yours ?

Share this post


Link to post
Share on other sites
2 hours ago, eXtreme said:

I'm too now but the filebrowser is empty, same on yours ?

try refreshing the page that usually fixes it for me

Share this post


Link to post
Share on other sites

did you have compiled any binarys of the playground with open sdk ? or what exactly can yo do with the playground, can you dump files ?

Share this post


Link to post
Share on other sites

Dumping of some modules should work but that is all. For the other stuff like PS4-FTP and such you need to set up the SDK and compile it. Then compile the binarys for the PS4 CPU to make use of them over the WK.

Share this post


Link to post
Share on other sites

the only useful part really is dumping the modules for reversing, all the code code execution stuff is missing unfortunately. Also the file browser does not allow you to dump the files but Cturt explained how to do it in his write up about the PS4 on his github io page.

Share this post


Link to post
Share on other sites

Well guys bring up the Low Level PS4's, work it out, throw something into my face, and i might have a Tool for it then i will release. So gogogogogogo :)

Share this post


Link to post
Share on other sites
1 minute ago, cfwprophet said:

Well guys bring up the Low Level PS4's, work it out, throw something into my face, and i might have a Tool for it then i will release. So gogogogogogo :)

need exploit for 2.57 ofw :s

Share this post


Link to post
Share on other sites

^^ that was not what i meaned :D

Share this post


Link to post
Share on other sites
1 minute ago, cfwprophet said:

^^ that was not what i meaned :D

yep, i know. after bricking my first con with 1.72 fw, i sell it and buy new one, and now have only 2.57 fw so i can't help :bash_head:

Share this post


Link to post
Share on other sites
40 minutes ago, cfwprophet said:

Well guys bring up the Low Level PS4's, work it out, throw something into my face, and i might have a Tool for it then i will release. So gogogogogogo :)

 

Nice :)

Share this post


Link to post
Share on other sites

dumping modules doesn't work on my console. I have redirect dump.php and ps4_dump.html, only the html show me the poc screen with the start button and next, but no files dumping on my server.

Share this post


Link to post
Share on other sites

^^ you may should read a bit ^^
question: How you want to dump a module if you didn't call one into RAM and especially in the array of playground / WebKit so you could dump it ?
:P

There is a list on devwiki about dumpable modules:
http://www.ps3devwiki.com/ps4/Libraries#Libraries_on_firmware_1.76

Share this post


Link to post
Share on other sites

the sad part about this is, the more the info gets leaked, the more this turns into a "ps3 scene" to devs. i wouldn't be surprised if they start leaving if this keeps going.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×