Cryptogenic/PS4-5.05-Kernel-Exploit

Stars
625
Rank 71,862 (Top 2 %)
Language
JavaScript
Created over 6 years ago
Updated over 5 years ago

Cryptogenic/PS4-5.05-Kernel-Exploit

Cryptogenic

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

A fully implemented kernel exploit for the PS4 on 5.05FW

PS4 5.05 Kernel Exploit

Summary

In this project you will find a full implementation of the second "bpf" kernel exploit for the PlayStation 4 on 5.05. It will allow you to run arbitrary code as kernel, to allow jailbreaking and kernel-level modifications to the system. This exploit also contains autolaunching code for Mira and Vortex's HEN payload. Subsequent loads will launch the usual payload launcher.

This bug was discovered by qwertyoruiopz, and can be found hosted on his website here. The GitHub Pages site automatically generated from this repository should also work.

Patches Included

The following patches are made by default in the kernel ROP chain:

Disable kernel write protection
Allow RWX (read-write-execute) memory mapping
Syscall instruction allowed anywhere
Dynamic Resolving (sys_dynlib_dlsym) allowed from any process
Custom system call #11 (kexec()) to execute arbitrary code in kernel mode
Allow unprivileged users to call setuid(0) successfully. Works as a status check, doubles as a privilege escalation.

Payloads included

Vortex's HEN (Homebrew Enabler)
Mira

Notes

The page will crash on successful kernel exploitation, this is normal

Contributors

Massive credits to the following:

Additional Thanks

Niema Moshiri

PS5-IPV6-Kernel-Exploit

An experimental webkit-based kernel exploit (Arb. R/W) for the PS5 on <= 4.51FW

Exploit-Writeups

A collection where my current and future writeups for exploits/CTF will go

PS4-4.05-Kernel-Exploit

A fully implemented kernel exploit for the PS4 on 4.05FW

PS4-4.55-Kernel-Exploit

A fully implemented kernel exploit for the PS4 on 4.55FW

PS4-6.20-WebKit-Code-Execution-Exploit

A WebKit exploit using CVE-2018-4441 to obtain RCE on PS4 6.20.

REBot

A discord bot for reverse engineers and exploit developers.

PS4-4.0x-Code-Execution-PoC

My edit of qwertyoruiopz 4.0x exploit PoC from http://rce.party/ps4

PS4-KHook

PS4 kernel hooking library / payload.

PS4-Playground-3.55

A 3.55 implementation of PS4 Playground (based on CTurt's 1.76 original)

idc_importer

A Binary Ninja plugin for importing IDC database dumps from IDA.

PS5-SELF-Decrypter

A portable payload to decrypt PS5 SELF files from the filesystem to USB drive

PS4Console

A successor to PS4Playground, emulates a shell-like environment to interact with the PlayStation 4.

MD5-Magic-File-Generator

A project in Golang that will create prefix-based magic MD5 hashes for type juggling.

JinxOS

JinxOS is a minimalist operating system written in C and ARM. The focus is to quickly and easily interface with connected hardware for education and testing purposes.

CPP-Easy-Socket

An easy to use, higher abstraction socket class for usage in C++.

PS4-Package-Assessor-Java

Evaluates PS3/PS4 .PKG files and displays information about them in a clean manner.

Space-Invaders-C-

Space Invaders C++ is a project to help learn some of the basics of C++ like classes, MVC, pointers, loops, and libraries.

IDA-ASP-Loader

Simple loader plugin for IDA to load AMD-SP or PSP firmware binaries.

Battleship-Arduino

A battleship game coded with Arduino/C++ using an Arduino UNO and a 32x16 LED RGB Matrix

FalconFramework

A free, simple PHP framework created by myself for web development projects

goflexpool

Unofficial golang binding for flexpool API.

PS3-Update-List-Parser

A parser written in Java to parse ps3-updatelist.txt from playstation.net

PHPBot-Xat

A semi-company ready light-weight, clean xat bot script coded in PHP.

BO3-Round-Modifiers

Source code for Round Modifiers BO3 zombies mod.

GSS-Interpreter

The General Server Script interpreter