Post: CTurt has allegedly jailbroken on the Playstation 4
Options
12-12-2015, 08:46 PM
#1
Specter
Pro Memer
Please refer to You must login or register to view this content. for more on this subject
------------------------------------------------------------------------------------------------------------------
In advance, thanks to Red-EyeX32 for pointing this out in a Skype conversation. I'd also like to clarify that since PS4 was built off FreeBSD, the sandboxes are called "jails", so jailbreaking is the correct term.
At about 9:28AM EST, CTurt has claimed that he has managed to break the webkit process out of a FreeBSD "jail" (or sandbox). For those who don't know, jailbreaking was coined as you were "breaking out of a jail" or sandbox that an application is in, as if an application is sandboxed and you gain remote code execution, the damage is contained within that jail (very similar to sandboxie which is used here to check programs for Remote Access Trojans).
Now this hasn't been confirmed however CTurt is a known, trusted source of information and has already released some tools such as the PS4 Playground Tools and his open source PS4 SDK. He's also stated within the last hour or so that he has managed to dump RAM from process such as "SceShellUI". This is a huge step forward towards the possibility of custom firmware for the Playstation 4. Below are snapshots of the tweets of his announcement of the You must login or register to view this content. as well as the You must login or register to view this content..
You must login or register to view this content. You must login or register to view this content.
Now there's still much to be done, including lots of reversing and other exploring to do, however as I've said it's a big step. This only works on firmwares 1.76 or lower, but that doesn't mean indefinitely that there won't be more exploits in the coming future for higher firmwares.
Last edited by
Frosty ; 02-16-2016 at 09:31 PM.
The following 56 users say thank you to Specter for this useful post:
Jiggy, /SneakerStreet/, 1291-_-MoDz, 2much4u, AlexNGU, amjed, Andyiglesias1, Basic_Code, Red-EyeX32, Chop, chuck54321, Dan Dactyl, DawidB, dawoodk786, Devious, DexTeamFTW, DMAAR-7777, DPO23, EncepT, Frosty, Grezinn, H-A-X-O, Tears, Helping-Hand, InfinityPlanets, Jimmy, Johan0131, Kam, kareltjie, Kryptus, LaughTracks, LostSoulSiskel, Meega HD, Monster-Energy, NickBeHaxing, Not Rage, 
Darth Saul, .EXE, Adrian, RF0oDxM0Dz, Kronos, Jon Snow, TEXAS24_ReStEr, upgradetoday, vicious_results, Vondy Supreme, wajdi9, xDebugKiller, XM7MD_VX, Xx-GIPPI-xX, XxBlud23xX, xXx-.-Moder, zAutoAiiM_
Darth Saul, .EXE, Adrian, RF0oDxM0Dz, Kronos, Jon Snow, TEXAS24_ReStEr, upgradetoday, vicious_results, Vondy Supreme, wajdi9, xDebugKiller, XM7MD_VX, Xx-GIPPI-xX, XxBlud23xX, xXx-.-Moder, zAutoAiiM_
12-14-2015, 07:28 PM
#38
vicious_results
< ^ > < ^ >
12-14-2015, 09:16 PM
#39
Xavier Hidden
Are you high?
12-15-2015, 12:43 AM
#42
Andyiglesias1
Grunt
He posted a sneakpeak on his twitter.
You must login or register to view this content.
You must login or register to view this content.
Originally posted by another user
[+] Entered shellcode
[+] UI
0, GI 0
[DIR]: .
[DIR]: ..
[DIR]: adm
[DIR]: app_tmp
[DIR]: data
[DIR]: dev
[DIR]: eap_user
[DIR]: eap_vsh
[DIR]: hdd
[DIR]: host
[DIR]: hostapp
[FILE]: mini-syscore.elf
[DIR]: mnt
[DIR]: preinst
[DIR]: preinst2
[FILE]: safemode.elf
[FILE]: SceBootSplash.elf
[FILE]: SceSysAvControl.elf
[DIR]: system
[DIR]: system_data
[DIR]: system_ex
[DIR]: system_tmp
[DIR]: update
[DIR]: usb
[DIR]: user
[+] PID 0, name: kernel, thread: mca taskq
[+] PID 1, name: mini-syscore.elf, thread: SceRegSyncer
[+] PID 2, name: SceHidAuth, thread: SceHidAuth
[+] PID 3, name: hidMain, thread: hidMain
[+] PID 4, name: SceCameraDriverMain, thread: SceCameraDriverM
[+] PID 5, name: SceCameraSdma, thread: SceCameraSdma
[+] PID 6, name: hdmiEvent, thread: hdmiEvent
[+] PID 8, name: xpt_thrd, thread: xpt_thrd
[+] PID 9, name: iccnvs, thread: iccnvs
[+] PID 10, name: audit, thread: audit
[+] PID 11, name: idle, thread: idle: cpu0
[+] PID 12, name: intr, thread: irq273: xhci2
[+] PID 13, name: geom, thread: g_notification
[+] PID 14, name: yarrow, thread: yarrow
[+] PID 15, name: usb, thread: usbus2
[+] PID 16, name: md0, thread: md0
[+] PID 17, name: icc_thermal, thread: icc_thermal
[+] PID 18, name: sflash, thread: sflash
[+] PID 19, name: sbram, thread: sbram
[+] PID 20, name: trsw intr, thread: trsw intr
[+] PID 21, name: trsw ctrl, thread: trsw ctrl
[+] PID 22, name: SceBtDriver, thread: SceBtDriver
[+] PID 23, name: pagedaemon0, thread: pagedaemon0
[+] PID 24, name: pagedaemon1, thread: pagedaemon1
[+] PID 25, name: vmdaemon, thread: vmdaemon
[+] PID 26, name: bufdaemon, thread: bufdaemon
[+] PID 27, name: syncer, thread: syncer
[+] PID 28, name: vnlru, thread: vnlru
[+] PID 29, name: softdepflush, thread: softdepflush
[+] PID 31, name: SceSysAvControl.elf, thread: SceAvSettingPoll
[+] PID 33, name: SceSysCore.elf, thread: SysCoreAppmgrWat
[+] PID 34, name: orbis_audiod.elf, thread: AoutMonitorPid40
[+] PID 35, name: GnmCompositor.elf, thread: CameraThread
[+] PID 36, name: SceShellCore, thread: SceMsgMwSendMana
[+] PID 38, name: SceShellUI, thread: SceWebReceiveQue
[+] PID 39, name: MonoCompiler.elf, thread: MonoCompiler.elf
[+] PID 40, name: SceAvCapture, thread: SceAvCaptureIpc
[+] PID 41, name: SceGameLiveStreamin, thread: SceGlsStrmJobQue
[+] PID 42, name: ScePartyDaemon, thread: SceMbusEventPoll
[+] PID 43, name: SceVideoCoreServer, thread: SceVideoCoreServ
[+] PID 44, name: SceRemotePlay, thread: SceRp-Httpd
[+] PID 45, name: SceCloudClientDaemo, thread: SceCloudClientDa
[+] PID 46, name: SceVdecProxy.elf, thread: proxy_ipmi_serve
[+] PID 47, name: SceVencProxy.elf, thread: SceVencProxyIpmi
[+] PID 48, name: fs_cleaner.elf, thread: fs_cleaner.elf
[+] PID 49, name: SceSpkService, thread: SceSpkService
[+] PID 50, name: WebProcess.self, thread: selectThread
[+] PID 51, name: orbis-jsc-compiler., thread: SceFastMalloc
[+] Triggering second kernel payload
[+] Entered main payload
Sign up for free
[+] UI
0, GI 0[DIR]: .
[DIR]: ..
[DIR]: adm
[DIR]: app_tmp
[DIR]: data
[DIR]: dev
[DIR]: eap_user
[DIR]: eap_vsh
[DIR]: hdd
[DIR]: host
[DIR]: hostapp
[FILE]: mini-syscore.elf
[DIR]: mnt
[DIR]: preinst
[DIR]: preinst2
[FILE]: safemode.elf
[FILE]: SceBootSplash.elf
[FILE]: SceSysAvControl.elf
[DIR]: system
[DIR]: system_data
[DIR]: system_ex
[DIR]: system_tmp
[DIR]: update
[DIR]: usb
[DIR]: user
[+] PID 0, name: kernel, thread: mca taskq
[+] PID 1, name: mini-syscore.elf, thread: SceRegSyncer
[+] PID 2, name: SceHidAuth, thread: SceHidAuth
[+] PID 3, name: hidMain, thread: hidMain
[+] PID 4, name: SceCameraDriverMain, thread: SceCameraDriverM
[+] PID 5, name: SceCameraSdma, thread: SceCameraSdma
[+] PID 6, name: hdmiEvent, thread: hdmiEvent
[+] PID 8, name: xpt_thrd, thread: xpt_thrd
[+] PID 9, name: iccnvs, thread: iccnvs
[+] PID 10, name: audit, thread: audit
[+] PID 11, name: idle, thread: idle: cpu0
[+] PID 12, name: intr, thread: irq273: xhci2
[+] PID 13, name: geom, thread: g_notification
[+] PID 14, name: yarrow, thread: yarrow
[+] PID 15, name: usb, thread: usbus2
[+] PID 16, name: md0, thread: md0
[+] PID 17, name: icc_thermal, thread: icc_thermal
[+] PID 18, name: sflash, thread: sflash
[+] PID 19, name: sbram, thread: sbram
[+] PID 20, name: trsw intr, thread: trsw intr
[+] PID 21, name: trsw ctrl, thread: trsw ctrl
[+] PID 22, name: SceBtDriver, thread: SceBtDriver
[+] PID 23, name: pagedaemon0, thread: pagedaemon0
[+] PID 24, name: pagedaemon1, thread: pagedaemon1
[+] PID 25, name: vmdaemon, thread: vmdaemon
[+] PID 26, name: bufdaemon, thread: bufdaemon
[+] PID 27, name: syncer, thread: syncer
[+] PID 28, name: vnlru, thread: vnlru
[+] PID 29, name: softdepflush, thread: softdepflush
[+] PID 31, name: SceSysAvControl.elf, thread: SceAvSettingPoll
[+] PID 33, name: SceSysCore.elf, thread: SysCoreAppmgrWat
[+] PID 34, name: orbis_audiod.elf, thread: AoutMonitorPid40
[+] PID 35, name: GnmCompositor.elf, thread: CameraThread
[+] PID 36, name: SceShellCore, thread: SceMsgMwSendMana
[+] PID 38, name: SceShellUI, thread: SceWebReceiveQue
[+] PID 39, name: MonoCompiler.elf, thread: MonoCompiler.elf
[+] PID 40, name: SceAvCapture, thread: SceAvCaptureIpc
[+] PID 41, name: SceGameLiveStreamin, thread: SceGlsStrmJobQue
[+] PID 42, name: ScePartyDaemon, thread: SceMbusEventPoll
[+] PID 43, name: SceVideoCoreServer, thread: SceVideoCoreServ
[+] PID 44, name: SceRemotePlay, thread: SceRp-Httpd
[+] PID 45, name: SceCloudClientDaemo, thread: SceCloudClientDa
[+] PID 46, name: SceVdecProxy.elf, thread: proxy_ipmi_serve
[+] PID 47, name: SceVencProxy.elf, thread: SceVencProxyIpmi
[+] PID 48, name: fs_cleaner.elf, thread: fs_cleaner.elf
[+] PID 49, name: SceSpkService, thread: SceSpkService
[+] PID 50, name: WebProcess.self, thread: selectThread
[+] PID 51, name: orbis-jsc-compiler., thread: SceFastMalloc
[+] Triggering second kernel payload
[+] Entered main payload
Sign up for free
12-17-2015, 12:30 AM
#45
BiG_GHOST_GaMeR
NextGenUpdate Elite
The following user thanked BiG_GHOST_GaMeR for this useful post:
12-17-2015, 04:57 AM
#46
Red-EyeX32
AstroCFG
Originally posted by GaMeR
A PS4 jailbreak would provide a huge boom for the site and a potential huge business opportunity for people making mod menus for it :p
Yea Real Time Modding (RTM) won't happen any time soon on Playstation 4. So it would be all file modding which 99% people here don't know how to do.
Copyright © 2024, NextGenUpdate.
All Rights Reserved.
