It appears there is a "new release" but yet so "old release" coming to the PS4, A couple months ago we seen Team FailOverflow released basically the breadcrumbs to exploit v4.05 firmware Since that time developer SpecterDev has been on a mission to put the pieces together for a workable jailbreak on the PS4 (4.05 firmware)., So far the developer has made great work and confirmed just minutes ago on his twitter that the Exploit Works, WebKit is Stable & Games are Launching. Several days ago it was rumored a release would be upcoming very soon in the coming days and that appears to be the case here at any moment. However I am not very excited about this release and i think it has a bit to much hype considering it does not fix many issues that v1.76 presented. This exploit was released WAY TO LATE to be an effective exploit for the PS4. I am not suggesting this exploit is useless or not of any value or the work around it,The fact is, this is very useful but more towards the development side of the community and not very useful to most end-user's as 4.05 firmware is a blast from the past. They came way to late with the exploit's release and i think the fact that Team Fail0verflow released the breadcrumbs in the first place shows this is an exploit that won't be very well supported like an exploit that occurs on a firmware of that time (like PS3Xploit on the PS3). As Team Failoverflow will never release anything that goes widespread (i.e. in current firmwares) from their past dealing and threats from Sony on the PS3 (otherwise they would have released details when this exploit was the current PS4 firmware, rather then suggesting they want no part of Sony). If you have a console on 4.05 or plan on buying a new PS4 that has v4.05 or lower then good for you,, but 90% or more people see this as an unobtainable firmware with no solutions (other then buying a new PS4), and you can't expect to have a vibrant community when 90% or more of user's see have no way of accessing this firmware. . Not only are you missing many user's but also many developer's . Bigger the platform of user's the more developer's that are attracted to the platform. This exploit fails to deliver that important aspect.
PS4 4.05 Kernel Exploit
Summary
In this project you will find a full implementation of the "namedobj" kernel exploit for the PlayStation 4 on 4.05. It will allow you to run arbitrary code as kernel, to allow jailbreaking and kernel-level modifications to the system. . This exploit does include a loader that listens for payloads on port 9020 and will execute them upon receival.
You can find fail0verflow's original write-up on the bug here, you can find my technical write-up which dives more into implementation specifics here (this is still in progress and will be published within the next few days).
Patches Included
The following patches are made by default in the kernel ROP chain:
Disable kernel write protection
Allow RWX (read-write-execute) memory mapping
Dynamic Resolving (sys_dynlib_dlsym) allowed from any process
Custom system call #11 (kexec()) to execute arbitrary code in kernel mode
Allow unprivileged users to call setuid(0) successfully. Works as a status check, doubles as a privilege escalation.
Notes
This exploit is actually incredibly stable at around 95% in my tests. WebKit very rarely crashes and the same is true with kernel.
I've built in a patch so the kernel exploit will only run once on the system. You can still make additional patches via payloads.
A custom syscall is added (#11) to execute any RWX memory in kernel mode, this can be used to execute payloads that want to do fun things like jailbreaking and patching the kernel.
An SDK is not provided in this release, however a barebones one to get started with may be released at a later date.
I've released a sample payload here that will make the necessary patches to access the debug menu of the system via settings, jailbreaks, and escapes the sandbox.
Contributors
I was not alone in this exploit's development, and would like to thank those who helped me along the way below.
ConversionConversion EmoticonEmoticon