If you’ve been following the PS4 scene lately you’ll notice that there’s been some new development that’s been shared. Like developer ‘flat z’ showing us the Debug Settings menu on firmware 4.55. Next developer qwertyoruiopz shows that he has a new kernel exploit for FW5.0 and with his skills and knowledge, there’s no doubt he has what he has for the PS4.
Then failoverflow releases their exploit information about FW 4.06 exploits. so maybe Christmas is coming a little early for people that have stayed on Lower Firmware. Here’s a quick quote from fail0verflow PS4 Kernel Exploit: Adieu.
Plenty of time has passed since we first demonstrated Linux running on the PS4.
Now we will step back a bit and explain how we managed to jump from the browser process into the kernel such that ps4-kexec et al. are usable.
Over time, ps4 firmware revisions have progressively added many mitigations and in general tried to lock down the system. This post will mainly touch on vulnerabilities and issues which are not present on the latest releases, but should still be useful for people wanting to investigate ps4 security.
The namedobj exploit was present and exploitable (albeit using a slightly different method than described here) until it was fixed in firmware version 4.06. This vulnerability was also found and exploited by (at least) Chaitin Tech, so props to them! Taking a quick look at the 4.07 kernel, we can see a straightforward fix (4.06 is assumed to be identical – only had 4.07 on hand while writing this post):
You can find the rest of it on their homepage here.