Sony Playstation 4 (PS4) 4.55 bpf Kernel Loader

2018.02.28
Credit: Specter
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

# PS4 4.55 Kernel Exploit --- ## Summary In this project you will find a full implementation of the "bpf" kernel exploit for the PlayStation 4 on 4.55. It will allow you to run arbitrary code as kernel, to allow jailbreaking and kernel-level modifications to the system. This release however, *does not* contain any code related to defeating anti-piracy mechanisms or running homebrew. This exploit does include a loader that listens for payloads on port `9020` and will execute them upon receival. This bug was discovered by qwertyoruiopz, and can be found hosted on his website [here](http://crack.bargains/455/). ## Patches Included The following patches are made by default in the kernel ROP chain: 1) Disable kernel write protection 2) Allow RWX (read-write-execute) memory mapping 3) Syscall instruction allowed anywhere 4) Custom system call #11 (`kexec()`) to execute arbitrary code in kernel mode 5) Allow unprivileged users to call `setuid(0)` successfully. Works as a status check, doubles as a privilege escalation. ## Notes - Early stages, so no payloads yet, I may provide a debug menu payload later on in the day. ## Contributors Massive credits to the following: - [qwertyoruiopz](https://twitter.com/qwertyoruiopz) - [Flatz](https://twitter.com/flat_z) - Anonymous

References:

http://cxsecurity.com/issue/WLB-2018020295
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/44196.zip


See this note in RAW Version
Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top