Jump to content
eXtreme

Hack The PS4 - Status for End Users

Recommended Posts

kex.jpg

 

There are not many people in the scene which have a PS4 with firmware 1.76 or below but we end users are closer to hack the system now.

 

We have:

 

- console with fw 1.76

- server and method for webkit exploitation

- compiled (incomplete) badiret kernel exploit

- compiled (complete) dlclose kernel exploit and patched for linux

- compiled PS4 linux

 

IMAG2624.jpg

 

Alternative Method to use the 1.76 WebKit Exploit

Poll - Do you own a PS4 With Firmware 1.76 Or Below ?

PS4 BADIRET Kernel Exploit Leaked

 

 

What do you think, could we have a hacked PS4 soon ? And what can we do with a hacked PS4 ? Is this the real deal for end users ?

Edited by eXtreme

Share this post


Link to post
Share on other sites

I have no idea when the PS4 will be hacked but I have one question.

 

what does "- server and method for webkit exploitation" mean? The server part, I am confused by. Does that mean like the html files or whatever that are necessary for the exploit? That you can run locally on your network? Or is there a server somewhere that everyone needs to use for it?

Share this post


Link to post
Share on other sites
4 minutes ago, thezander said:

what does "- server and method for webkit exploitation" mean? The server part, I am confused by. Does that mean like the html files or whatever that are necessary for the exploit? That you can run locally on your network? Or is there a server somewhere that everyone needs to use for it?

 

I don't know the steps but you need webkit exploitation to use a kernel exploit, also don't know if all this will be possible with CTurt's Playground but if yes the webkit exploit files must be on any web server (not a special for everyone).

Share this post


Link to post
Share on other sites

GitHub - fail0verflow/ps4-linux: Linux kernel fork with PS4 support (work in progress)
https://github.com/fail0verflow/ps4-linux

 

AND 

 

GitHub - fail0verflow/ps4-kexec: Implementation of the kexec system call for PS4
https://github.com/fail0verflow/ps4-kexec

 

PS4 kexec implementation

This repo implements a kexec()-style system call for the PS4 Orbis kernel (FreeBSD derivative). This is designed to boot a Linux kernel directly from FreeBSD.

This is not an exploit. It is useless without some mechanism of injecting code into the PS4 OS kernel.

 

And that's the kernel of 1.76 down below for user reference.

 

http://server4.dosya.co/cgi-bin/dl.cgi/uy25btx4xcmqyzvsbkzrsxbsnghzk3eqvu5s5lt6ti/kernel-1.76.elf

 

I would also like to point out fail0verfl0w found out that ACTUALLY could use the USB!! but they only could because of the mere fact that they must have fixed it for themselves. 

Share this post


Link to post
Share on other sites

if the ps 4 completely hacked , can we install the hack on latest firmware or just 1.76 ? 

Share this post


Link to post
Share on other sites
1 hour ago, Cr0w said:

if the ps 4 completely hacked , can we install the hack on latest firmware or just 1.76 ? 

that's kind of a weird question. as in if the ps4 was completely hacked whatever that implies surely the fw version shouldn't matter. however you meant all this recently leaked and released stuff were completed then i suppose it would only work on 176

Share this post


Link to post
Share on other sites

the ps4 is already hacked but it's not possible yet for end users and there is no entry point above 1.76

Share this post


Link to post
Share on other sites

Incomplete? What a suprise hehe ;)

Share this post


Link to post
Share on other sites

Linux have absolutely NOTHING to do with hacking the PS4 but what ever...i told you guys now the X-Time....

Share this post


Link to post
Share on other sites
50 minutes ago, cfwprophet said:

Linux have absolutely NOTHING to do with hacking the PS4 but what ever...i told you guys now the X-Time....

don't say that :(( 

i-think-ill-shoot-myself-with-a-gun-rath


 

Quote

 

released stuff were completed then i suppose it would only work on 176

 

 

 

sure those things released for developers ? right !

Quote

if the ps4 was completely hacked whatever that implies surely the fw version shouldn't matter

well i'm don't wanna to research on my ps 4 because my little brother will kill me by The PS 4 Controller  , then i just need to sit on my as*s and wait for something good and usable 

Edited by Cr0w

Share this post


Link to post
Share on other sites

Dude....the exploit leaked is a exploit for the PS4 Kernel it self.

 

If you load that PS4 Linux, you even swap the kernel to the Linux one. (Your not into the PS4 brain any more)

 

Additional is that linux not meaned to run on the PS4 like that was for the PS3 so that Linux is also not embeded into the System.

 

So what da fuck you think that you can do with that linux that we couldn't do allready with the PS4 kernel exploit ?

 

This PS4 linux is a neard gimmig but it won't let you Magically go arround AMD's SAMU only by saying the Words "Abrakadabra" and spitting out FW keys.


FORGET THAT !

Share this post


Link to post
Share on other sites
18 minutes ago, cfwprophet said:

Dude....the exploit leaked is a exploit for the PS4 Kernel it self.

 

If you load that PS4 Linux, you even swap the kernel to the Linux one. (Your not into the PS4 brain any more)

 

Additional is that linux not meaned to run on the PS4 like that was for the PS3 so that Linux is also not embeded into the System.

 

So what da fuck you think that you can do with that linux that we couldn't do allready with the PS4 kernel exploit ?

 

This PS4 linux is a neard gimmig but it won't let you Magically go arround AMD's SAMU only by saying the Words "Abrakadabra" and spitting out FW keys.


FORGET THAT !

Duuuuuuuuude . its not windows - its based on linux Of course we never can have access to the core .  

mine question is just pointing to running pirated games :D nothing else is this shit happening  ? i don't need to hack the Linux .

Edited by Cr0w

Share this post


Link to post
Share on other sites
9 minutes ago, Cr0w said:

Duuuuuuuuude . its not windows - its based on linux Of course we never can have access to the core .  

it's  NOT

it's based on Unix not Linux

9 minutes ago, Cr0w said:

mine question is just pointing to running pirated games :D nothing else is this shit happening  ? i don't need to hack the Linux .

How you wan't to run a Game that is signed with 3.0 Keys on the 1.76 if we CAN NOT HACK HIGHER FW's NOR THAT WE CAN HACK AMD's SAMU ?

 

NO PIRATING GAMES WITH THIS LEAK !!!
EAT IT !!!
SAY THX TO STUART AKA AK47 !!!

Edited by cfwprophet

Share this post


Link to post
Share on other sites
1 minute ago, cfwprophet said:

it's  NOT

it's based on Unix not Linux

How you wan't to run a Game that is signed with 3.0 Keys on the 1.76 if we CAN NOT HACK HIGHER FW's NOR THAT WE CAN HACK AMD's SAMU ?

so i thing i really get fuck*ed huh ? 

there is't any way to run on 3.0 keys ? ( maybe later ) 

Share this post


Link to post
Share on other sites
48 minutes ago, Cr0w said:

there is't any way to run on 3.0 keys ? ( maybe later ) 

 

Hahaha-No-Meme-01.jpg

-----> NO. <-----

edit: actually, need bigger font for that....

-> NO. <-

Share this post


Link to post
Share on other sites

1406667103787.jpg

Share this post


Link to post
Share on other sites

you are right linux has nothing to do with the hack but it's a result of it. and I don't know any other stuff we can use. so what should we do with a hacked ps4 ? NOTHING ???

Share this post


Link to post
Share on other sites

we just can put the ps 4 in our ass , for make a shit skin for it :D please don't tell any one its secret :))

my heart going to stop the working , ? why because i think i never can run game backups . 

Share this post


Link to post
Share on other sites

I think we have to send the bin file over tcp via the playground or I'm wrong ?

Edited by eXtreme

Share this post


Link to post
Share on other sites
15 hours ago, Cr0w said:

we just can put the ps 4 in our ass , for make a shit skin for it :D please don't tell any one its secret :))

my heart going to stop the working , ? why because i think i never can run game backups . 

 

If you only want to hack your ps4 to run backups then you have no imagination.... not only does that mean that developers get less money from their efforts but it also means that it would discourage them to make new games since their work is being stolen. sure if the system was hacked to run backups, there would be heaps of sales for $ony regarding the system. but then they will loose partners as they will get shitty that their work is being stolen too.

 

There is so much more that can come from an end user exploit. think of all the customization you could do to the system, think of the emulators for the people who have underpowered computers. think of the homebrews and the mods that change the way games work and give a totally different experience. not the mods that make you better than others but the ones that change the game and still keep it fun. 

 

The more you harras dev's for an exploit that will allow you to play backups, the more it turns them off and encourages them to either stop trying to complete one, or decide to keep it for themselves.

 

Just chill out man :) enjoy your ps4 as it is, it's a great gaming system and eventually someone will have an exploit for everyone. patience is the key.

 

If you need a hobby, try picking up coding, @cfwprophet has some good tutorials on his thread and i'm sure they will keep you occupied for a while.

Share this post


Link to post
Share on other sites

I have tried it with netcat over cmd and with a tcp transfer tool but no success. with the console's ip it don't cancel the file transfer but nothing happen. with the ip of the playground server and the one CTurt mentioned in a readme it cancel.

 

btw redirect to a site with the wk exploit files work (have tried to redirect direct to the html files bevore).

here is a file for a proxy server to redirect https://www.dropbox.com/s/jzqnrbrh9el6iyl/PS4%20WebKit%20Exploit%20Links.httprls?dl=0

Edited by eXtreme

Share this post


Link to post
Share on other sites

Seeing as I haven’t seen anywhere else where other 1.76 owners are talking about getting this working, ill post this here. I’ve been trying this several different ways but due to lack of knowledge in C and program compiling I haven’t been able to work out exactly how the exploit is supposed to be interacted with. So far I’ve used both Cturt’s Playground, and the elfldr from hitodama. I have tried out both by mapping manual.playstation.net/ to their location via Charles proxy running on Ubuntu. However Playground loads up on my PS4, push okay for payload, I Socat/netcat the released pre-compiled badiret.bin to ps4 IP, PS4 says Executing, i start TCPDUMP on Ubuntu on Playground server IP? No confirmation it’s loaded via TCPDUMP with that IP. So I changed my Ubuntu IP to the one in the badiret source code, still no sign of “loaded to core” that the binary is supposed to send over. So I try elfldr. From the git hub; I point PS4 to local directory, loads up elfldr, reaches stage 5. On Ubuntu, load sever.js with node, Socat PS4 IP to start debug port like it shows in the example, then once connection accepted I Socat over badiret.bin via the 5053 port like it says on GITHUB. All the while TCPDUMP is running in background, the dump shows no confirmation it’s executed, just that its been sent. The PS4 shows it receives the file but returns out of memory/ Socat debug connection closes with no information on what happened.

 

What I think could be the potential problem:

·         Playground doesn’t work with the debug connection method shown on elfldr that is needed, and im lacking an alternate method of interacting with the kernel like elfldr

·         Elfldr github says to run make in /ps4. So i do but can’t build due to multiple errors no matter which way I try it, even with libps4 built/setenv from the same git. Also all necessary prerequisites installed.

·         Leaked badiret source code like most are saying is incomplete, but the missing parts make it completely unusable, not just missing IDT restoring etc. Yet if the kernel state restoration isn’t coded into source then that’s why I’m getting out of memory?.. Maybe.

·         Possibly the public compiled Badiret.bin has been altered from the source code released, but I can’t check since I can’t build it either without several errors even with properly building PS4SDK and setting it as environmental variable.

 I have a feeling either I’m doing this completely wrong or the exploit is so unfinished its completely unusable lol or both.

Share this post


Link to post
Share on other sites

I hope you are on the right way :) quote from CTurt: Unless you add your own payloads and compile it yourself it isn't going to be useful at all.

Share this post


Link to post
Share on other sites
2 hours ago, wildcard said:

I Socat/netcat the released pre-compiled badiret.bin to ps4 IP, PS4 says Executing...

 

I'm not on linux, could you please help me to transfer the bin file with windows ? is there any tool which work ?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×