By Death_Dealer on Dec 12, 2021 at 11:45 PM
- PlayStation 4 (PS4)
- 253
- 294
- 122
Death_DealerReverse EngineerDeveloper
- Joined:
- Nov 2, 2014
- Messages:
- 253
- Likes Received:
- 294
- Trophy Points:
- 122
- Gender:
- Male
- Location:
- Limbo
"In this project you will find an implementation that tries to make use of a filesystem bug for the Playstation 4 on firmware 9.00. The bug was found while diffing the 9.00 and 9.03 kernels. It will require a drive with a modified exfat filesystem. Successfully triggering it will allow you to run arbitrary code as kernel, to allow jailbreaking and kernel-level modifications to the system. will launch the usual payload launcher (on port 9020). - via project's official readme"
PS4 Firmware 9.00 Jailbreak Released
(awesome work by chendochap & @Znullptr)
https://twitter.com/i/status/1470225946007556097
9.00 Jailbreak Update
- About (Original ReadMe
- Trusted Video Creators
Readme below via (also see link for most upto date):
https://github.com/ChendoChap/pOOBs4
PS4 9.00 Kernel ExploitSummary
- In this project you will find an implementation that tries to make use of a filesystem bug for the Playstation 4 on firmware 9.00. The bug was found while diffing the 9.00 and 9.03 kernels. It will require a drive with a modified exfat filesystem. Successfully triggering it will allow you to run arbitrary code as kernel, to allow jailbreaking and kernel-level modifications to the system. will launch the usual payload launcher (on port 9020).
Patches IncludedThe following patches are applied to the kernel:
- Allow RWX (read-write-execute) memory mapping (mmap / mprotect)
- Syscall instruction allowed anywhere
- Dynamic Resolving (sys_dynlib_dlsym) allowed from any process
- Custom system call #11 (kexec()) to execute arbitrary code in kernel mode
- Allow unprivileged users to call setuid(0) successfully. Works as a status check, doubles as a privilege escalation.
- (sys_dynlib_load_prx) patch
- Disable delayed panics from sysVeri
Short how-to- This exploit is unlike previous ones where they were based purely in software. Triggering the vulnerability requires plugging in a specially formatted USB device at just the right time. In the repository you'll find a .img file. You can write this .img to a USB using something like Win32DiskImager.
When running the exploit on the PS4, wait until it reaches an alert with "Insert USB now. do not close the dialog until notification pops, remove usb after closing it.". As the dialog states, insert the USB, and wait until the "disk format not supported" notification appears, then close out of the alert with "OK".
It may take a minute for the exploit to run, and the spinning animation on the page might freeze - this is fine, let it continue until an error shows or it succeeds and displays "Awaiting payload".
Notes
- You need to insert the USB when the alert pops up, then let it sit there for a bit until the ps4 storage notifications shows up.
- Unplug the USB before a (re)boot cycle or you'll risk corrupting the kernel heap at boot.
- The browser might tempt you into closing the page prematurely, don't.
- The loading circle might freeze while the webkit exploit is triggering, this means nothing.
- This bug works on certain PS5 firmwares, however there's no known strategy for exploiting it at the moment. Using this bug against the PS5 blind wouldn't be advised.
Contributors
Special Thanks
Tutorial
About the Jailbreak
Thread edited by Admin (added info)
Last edited by a moderator: Jan 3, 2022
Death_Dealer,Dec 12, 2021
#1
Louis Garry, Yugonibblit, T.A.U and 9 others like this.
- Update 4.91.3 > > > [PS3 CFW] Evilnat's 4.91.2 Custom Firmware's Collection ReleasedContinue reading
UPDATE January 2025: CFW Evilnat 4.91.3 [BETA 1] released >> Click Here <<
December '24:Merry Christmas and Happy Holiday's to everyone, PS3 Custom firmware developer @Evilnat has dropped by the psx-place forum's on this Christmas day to present the final build (4.91.2) of the developer's ps3 Custom Firmware suite, after a series of Open Beta releases, v4.91.2 now officially drops the "BETA" tag and in its final form for 4.91.2. For discussion and full details about this PS3 firmware release and the various cfw types offered in this suite of releases, checkout the developer's release thread here in the forum's detailing all the various features and functions in Evilnat's latest releases notes and details for 4.91 Evilnat's CFW (w/ Cobra v8.5).
- New PS1/PS2 Emulation Features for PS3 CFW user's + Evilnat's 4.91.2-BETA 12Continue reading
UPDATE: January 2025: ps2gxemu (for CECH-C/E ps3 models) has been updated by @kozarovv + netemu to gxemu config conversion tool by @Zar has been released, see details at bottom
Nov. 2024: Recently we have had some great news with developments surrounding PS1 & PS2 Emulation on the PS3 for Custom Firmware user's as the emulator's that reside in the PlayStation 3 Firmware have received some modded tweaks thanks to @kozarovv & @mrjaredbeta, The files can be added manually to many firmware's or you can update to the latest release of Evilnat's 4.91.2 CFW (BETA 12) that have these newly modded emulator's already installed and ready to go thanks to @Evilnat.
The changes and feature's depend on the PS2/PS1 emulator being used and also on which model of the PS3 (with PS2). Below you will find a brief explanation of the emulator, mixed in with the readme details and some added screenshot. Some of the feature's need more testing to see how affective they may be such as the partial antiblur and EE Overclocking/Underclocking patches. View all the details and related links found below.
- CFW Flash Writer - Unofficial 4.91 update
Developer @aldostools has released an unofficial update for the CFW Flash Writer to support HFW 4.91 on the PS3. This can be a secondary candidate for allowing Custom Firmware installations when bguerville's PS3Toolset (https://www.ps3toolset.com/bgtoolset/) isn't accessible or a self hosting offline option. However, The Ps3toolset is still the preferred and safest method when available for hacking your capable ps3 model so its ready for PS3 Custom Firmware installations.
Continue reading
Discussion in 'PS4 Jailbreak' started by Death_Dealer, Dec 12, 2021.
- Local Comments
- Disqus Comments
- Facebook Comments
Page 1 of 6
Page 1 of 6
