EurAsiayour console hacking resource
Select topic
  Create an account Home  ·  Your Account  ·  Online Shop  ·  Forums  ·  Downloads new  ·  Wiki  
Main Menu
· Home
· About Us
· Downloads
· FAQ
· Forums
· Info Pages
· Members List
· Online Shop
· PDA - AvantGo
· Private Messages
· Search Stories
· Statistics
· Stories Archive
· Submit Story
· Top 10
· Topics
· Upload
· WAP
· Web Links
· Wiki
· Your Account

Online Shop
Credit Card

Bitcoin

EurAsia Online Shop
enter

new products
· R4i Gold 3DS RTS
· Mars Pro GM-816HD
· EurAsia File Collection 2017
· Matrix Infinity 2.0
· Sky3DS Plus
· Modbo 5.0
· Screwdriver GC/SNES
· X360ACE V3
· E3 NOR Flasher
· TX J-R Programmer v2
· Corona Postfix Adapter V2
· SuperCIC SNES kit
· SuperCIC cart key
· Gateway 3DS
· X360ACE V1
· Wasp Fusion
· 3k3y 3KR (SATA)
· Mtx Glitcher v1
· Xk3y Reloaded (XKR)
· 3k3y Ripper v2

complete price list

Tor Hidden Service
Tor Project
EurAsia Onion URL: wrqgfbrcgttkp6pi.onion

Who's Online
There are currently 289 guest(s) and 6 member(s) online.

arkus - daywalka - gavinfza - gross7 - mattyv - xboxfree

Welcome honored guest. You can register for free by clicking here.

Site Protection
INFOSEC
BM

Hot Wikis
Switch Key List
PS4 firmware updates
3k3y nokeys ISO tutorial
3DS game fw updates
3k3y microSD recovery
PS3 SKU Models
PS3 Metldrpwn
Xk3y microSD recovery
Xbox360 motherboards
Xbox360 Reset Glitch Hack
PS3 Blu-ray Drive
Homemade Sputnik360
PS3 BD drive swap
PSP Crypto Keys
PS3_Crypto_Keys
PS3 Hypervisor RE
PS3 Dongle User Guide
PSGroove tutorial
Xecuter LT Fakir
PS3 YLOD Fix
NSMB Modchip Tutorial
PS3 Glitch Hack
Xbox360NoDvdRom
Ps3FactoryRestore
Free60JtagHack
Ps3HddDecrypt
WiiKey2EjectFix
SaveMiiFree
WiiHwDiagram
Ps3OsRels
PandoraNoHomebrewPsp
GcOsMultiGameWiiHowTo
Xbox360LinuxBurn
Xbox360EraserFix
Xbox360Kernel
Xbox360DisasmXtreme
Ps2HdlPatchTutorial
Ps2VersionTable
XboxErrorCodes
XboxVersionTable
GameCubeLaserTweak
ModchipSolderingGuide
PspUmdIsoHaxorLinux

RSS Feed
News & Downloads & Wiki

IRC
#eur
EFnet

Hosted By

Ad

Respected Sites
Home of the Hitmen
radare
gc-forever
pouet.net
English Amiga Board
GXArena OFW Repo
WiiBrew
WiiUBrew
3DBrew
SwitchBrew
Games and Consoles
Maxconsole.com
Console Wizard
GameCube Linux
Xbox Linux
Xbox-Scene.com
XboxHacker.Net
xbins.org
Doom9.net
bunnie's blog
debugmo.de
GX-Mod.com
ElOtroLado.net
uCON64
GBADEV.ORG
GBAtemp.net
PocketHeaven.com
PDRoms
GameSX.com
ASSEMbler
phrack.org
Woz.org

Support...

Bitcoin

Namecoin

radare

OpenCores
Electronic Frontier Foundation
Amnesty International

Nectarine Radio

Demovibes Radio

GNU
Linux
Mozilla

Total Page Views
We received
151324064
page views since June 2002


Moderated by: Robert

EurAsia : Index PS4 PS4-4.05-Kernel-Exploit
New Topic   Post Reply
Author PS4-4.05-Kernel-Exploit
wtfnoway



private

Registered: 2016-11-16
Messages: 7
Status: Offline
 _#35797 posted 2017-12-27 @ 09:52 GMT   
# PS4 4.05 Kernel Exploit
---
## Summary
In this project you will find a full implementation of the "namedobj" kernel exploit for the PlayStation 4 on 4.05. It will allow you to run arbitrary code as kernel, to allow jailbreaking and kernel-level modifications to the system. This release however, *does not* contain any code related to defeating anti-piracy mechanisms or running homebrew. This exploit does include a loader that listens for payloads on port `9020` and will execute them upon receival.

You can find fail0verflow's original write-up on the bug [here](https://fail0verflow.com/blog/2017/ps4-namedobj-exploit/), you can find my technical write-up which dives more into implementation specifics ~~here~~ (this is still in progress and will be published within the next few days).

## Patches Included
The following patches are made by default in the kernel ROP chain:
1) Disable kernel write protection
2) Allow RWX (read-write-execute) memory mapping
3) Dynamic Resolving (`sys_dynlib_dlsym`) allowed from any process
4) Custom system call #11 (`kexec()`) to execute arbitrary code in kernel mode
5) Allow unprivileged users to call `setuid(0)` successfully. Works as a status check, doubles as a privilege escalation.

## Notes
- This exploit is actually incredibly stable at around 95% in my tests. WebKit very rarely crashes and the same is true with kernel.
- I've built in a patch so the kernel exploit will only run once on the system. You can still make additional patches via payloads.
- A custom syscall is added (#11) to execute any RWX memory in kernel mode, this can be used to execute payloads that want to do fun things like jailbreaking and patching the kernel.
- An SDK is not provided in this release, however a barebones one to get started with may be released at a later date.
- I've released a sample payload [here](http://www.mediafire.com/file/n4boybw0e06h892/debug_settings.bin) that will make the necessary patches to access the debug menu of the system via settings, jailbreaks, and escapes the sandbox.

## Contributors
I was not alone in this exploit's development, and would like to thank those who helped me along the way below.

- [qwertyoruiopz](https://twitter.com/qwertyoruiopz)
- [Flatz](https://twitter.com/flat_z)
- [CTurt](https://twitter.com/CTurtE)
- Anonymous

https://github.com/Cryptogenic/PS4-4.05-Kernel-Exploit

 Profile  pm    Quote
ramarc



private

Registered: 2005-02-04
Messages: 3
Status: Offline
 _#35798 posted 2017-12-28 @ 18:36 GMT   
Do you think this will be made avilable for 4.0x as fail0verflow states the namedobj exploit has been slightly changed to work on firmwares upto 4.07 but was blocked after 4.50

 Profile  pm    Quote
wtfnoway



private

Registered: 2016-11-16
Messages: 7
Status: Offline
 _#35799 posted 2017-12-29 @ 14:30 GMT   
this is available for 4.05

 Profile  pm    Quote
modrobert



donor

Registered: 2003-10-17
From: Bangkok
Messages: 6337
Status: Offline
 _#35803 posted 2018-01-01 @ 05:45 GMT   
PS4 Linux on 4.05
https://www.youtube.com/watch?v=K2a0iyQiLXA

[ This message was edited by modrobert on 2018-01-01 @ 05:47 GMT ]
  _____________________________ ____________     __________________ /\________
  \    __________________      \      _____/____/     _    \       /_        /
 /     /       |       l/     _/    ____)     _/      _     \     \/  cREAM /
/______________l_______/       \______________\_______|      \_   /________/
 -+--Mo!-------------- \________/ ------------------- l_______/_____\ -----+-

 Profile  pm  www    Quote
ramarc



private

Registered: 2005-02-04
Messages: 3
Status: Offline
 _#35806 posted 2018-01-01 @ 21:32 GMT   
Never mind, I see the web exploit will work upto 4.50 but there is no kernel exploit except for 4.05! Hope this changes soon

 Profile  pm    Quote
_
New Topic   Post Reply
Jump To
 

All trademarks and copyrights on this page are owned by their respective owners.
Comments and forum messages are owned by the Poster.