Hackinformer Your device needs to transform, we are here to inform
Developer Specterdev has finally released the PS4 FW 5.05 kernel exploit that so many of you have been patiently waiting for. If you’re still looking for a PS4 on lower FW I recommend checking out this post here.
Summary
In this project, you will find a full implementation of the second “bpf” kernel exploit for the PlayStation 4 on 5.05. It will allow you to run arbitrary code as the kernel, to allow jailbreaking and kernel-level modifications to the system. This exploit also contains auto-launching code for Mira and Vortex’s HEN payload. Subsequent loads will launch the usual payload launcher.
This bug was discovered by qwertyoruiopz, and can be found hosted on his website here.
Patches Included
The following patches are made by default in the kernel ROP chain:
- Disable kernel write protection
- Allow RWX (read-write-execute) memory mapping
- Syscall instruction allowed anywhere
- Dynamic Resolving sys_dynlib_dlsym allowed from any process
- Custom system call #11 kexec to execute arbitrary code in kernel mode
- Allow unprivileged users to call setuid(0) successfully. Works as a status check doubles as a privilege escalation.
Payloads included
- Vortex’s HEN (Homebrew Enabler)
- Mira
Download: PS4-5.05-Kernel-Exploit files
Like with all new releases some homebrew & payloads like GTA cheats might need to be updated to reflect the changes made for FW5.05. If you are on FW4.05 or 4.55 I would wait a little bit before upgrading, especially if you have a lot of backups that play on USB drives. All of these things will probably get updated for FW5.05 in do time, since it will be the new golden FW to be on but other than that it’s ready to enjoy. 🙂
To run the exploit on your PS4 visit… http://crack.bargains/505k/ or check out the post below on how to run it on your PC.
Update:
Almost forgot to include js_shellcode.py – my Python script to convert payloads to shellcode – you'll need to use this if you want to update Mira/HEN (and reintegrate) or add a custom payload to auto launch.
Usage: python js_shellcode.py [.bin] code_addrhttps://t.co/96r0knrWgi
— Specter (@SpecterDev) May 27, 2018
This kernel release will also work on FW 5.07 too.
If your console is 5.07, new kex will work too pic.twitter.com/HuWJHGfvBG
— DarkElement (@zordon605) May 27, 2018
