• Hey, guest user. Hope you're enjoying NeoGAF! Have you considered registering for an account? Come join us and add your take to the daily discourse.

So apparently PS4 is jailbroken

c0de

Member
But does it mean that they can easily access and manipulate/write data everywhere? Can they run every process and then simply dump the ram and get the unencrypted data? I know that more work needs to be done, but is this basically game over as far as security goes for the PS4 (at least up to firmware 1.76)?

This is not an easy answer. If you are root, you can do anything or let's better say, you have the rights to do anything. That doesn't mean you can access everything because certain things might be encrypted and are not viewable decrypted in RAM but by now we don't know what's possible. We have to wait until hackers did more fiddling with the system. But they have all the "rights" to do what they want.
 

Syntsui

Member
In the age of broken games without patch, this always offline reality is really not inviting. I doubt it would impact Sony or the publishers like in the past.
 

kitch9

Banned
This is not an easy answer. If you are root, you can do anything or let's better say, you have the rights to do anything. That doesn't mean you can access everything because certain things might be encrypted and are not viewable decrypted in RAM but by now we don't know what's possible. We have to wait until hackers did more fiddling with the system. But they have all the "rights" to do what they want.

No they don't or they would have dumped the unencrypted firmware and got the keys, which may or may not be there and only applicable to a firmware that rolled with the dinosaurs.

What they do have is a reproducible system crash which leaves the ram exposed which will always have unencrypted data in it and is the absolute end of the security chain.

It's annoying me how this guy claims Jailbreak and he's not even got one of potentially dozens of keys.

This is no iPhone jailbreak where they couldn't resecure the phone it's effectively nothing.
 

kittoo

Cretinously credulous
Since someone was asking, below is the list of PS4s which shipped with firmware 1.76


PS4 Glacier white with Destiny Bundle
Killzone Shadow Fall Launch Bundle (EAN: 0711719260783)
Battlefield 4 Launch Bundle
Knack launch Bundle
“InFamous Second Son + Killzone Shadow Fall + Knack” Bundle
NBA 2K14 Bundle
FIFA 2K14 Bundle
Dynasty Warriors 7 bundle
Dynasty Warriors 8 bundle
Assassin’s Creed IV: Black Flag Bundle
Infamous: Second Son launch bundle
Watch_Dogs bundle
Destiny Bundle (black)
DriveClub Bundle (Black)
DriveClub Bundle (Glacier white)
Call of Duty: Ghost Bundle

And all those who shipped at below 1.76-

http://www.ps3devwiki.com/ps4/CUH-10xxA_series

taken from psxhax
 

luca_29_bg

Member
No they don't or they would have dumped the unencrypted firmware and got the keys, which may or may not be there and only applicable to a firmware that rolled with the dinosaurs.

What they do have is a reproducible system crash which leaves the ram exposed which will always have unencrypted data in it and is the absolute end of the security chain.

It's annoying me how this guy claims Jailbreak and he's not even got one of potentially dozens of keys.

This is no iPhone jailbreak where they couldn't resecure the phone it's effectively nothing.

He's not the only guy that talks about this in this terms using "jailbreak"word, every other site about hacking and cracking and hackers/coders on twitter are talking about this and are agree with him. It's a enormous thing right now, even pc crack sites that don't talk about console ever, have now an article about this! And all this for you it's nothing ? Ahahahaha wonderful ^^
 

luca_29_bg

Member
Since someone was asking, below is the list of PS4s which shipped with firmware 1.76


PS4 Glacier white with Destiny Bundle
Killzone Shadow Fall Launch Bundle (EAN: 0711719260783)
Battlefield 4 Launch Bundle
Knack launch Bundle
“InFamous Second Son + Killzone Shadow Fall + Knack” Bundle
NBA 2K14 Bundle
FIFA 2K14 Bundle
Dynasty Warriors 7 bundle
Dynasty Warriors 8 bundle
Assassin’s Creed IV: Black Flag Bundle
Infamous: Second Son launch bundle
Watch_Dogs bundle
Destiny Bundle (black)
DriveClub Bundle (Black)
DriveClub Bundle (Glacier white)
Call of Duty: Ghost Bundle

And all those who shipped at below 1.76-

http://www.ps3devwiki.com/ps4/CUH-10xxA_series

taken from psxhax

it's started an hunt on the net and around the world to get 1.76 firmware console. :D
 

c0de

Member
No they don't or they would have dumped the unencrypted firmware and got the keys, which may or may not be there and only applicable to a firmware that rolled with the dinosaurs.

Huh? Finding a needle in a haystack takes time and especially, you have to look for it and hope it's there and not obfuscated. Right now it seems cturt is trying to reverse engineer the console, finding how the system itself works. Keys are only a part of it.

What they do have is a reproducible system crash which leaves the ram exposed which will always have unencrypted data in it and is the absolute end of the security chain.

Sorry, but that is bullshit and not true anymore nowadays.

It's annoying me how this guy claims Jailbreak and he's not even got one of potentially dozens of keys.

Again, did he say he was looking for them? Like at all?

This is no iPhone jailbreak where they couldn't resecure the phone it's effectively nothing.

Hacking and reverse engineering takes time. It is a jailbreak when his hack puts him into kernel space.
 

Boomshaw

Banned
So, like, does this mean I can play burned copies of games, and get my PS4 "Chipped" and when the laser gets damaged, flip my ps4 upside down so the laser is closer to the discs in order to read them?
 

c0de

Member
So, like, does this mean I can play burned copies of games, and get my PS4 "Chipped" and when the laser gets damaged, flip my ps4 upside down so the laser is closer to the discs in order to read them?

Yes. Go buy a bluray burner now. It will only be a few days until a general bluray burner firmware update will be released according to a secret source and you will be able to play the games for free.
 

kittoo

Cretinously credulous
So, like, does this mean I can play burned copies of games, and get my PS4 "Chipped" and when the laser gets damaged, flip my ps4 upside down so the laser is closer to the discs in order to read them?

Umm.....What?
 

chekhonte

Member
http://cturt.github.io/ps4-3.html

More info. Anyway the guy has said on twitter that he has decided to stop any further research, on twitter many suppose for people begging for piracy or Sony fault. Of course he's not the only person involved in this. Let's see what will happen!

Probably wasn't the smartest idea to put this information out there since the last person that successfully reverse engineer a sony console was sued by sony though they did settle out of court.
 

luca_29_bg

Member
"On the PS4, our process is also in a FreeBSD jail, so we'll also need to perform a jailbreak:

cred->cr_prison = &prison0;
This causes the jailed check to return 0.

We'll also need to break out of the sandbox to gain full access to the filesystem:

void *td_fdp = *(void **)(((char *)td_proc) + 72);
uint64_t *td_fdp_fd_rdir = (uint64_t*)(((char *)td_fdp) + 24);
uint64_t *td_fdp_fd_jdir = (uint64_t*)(((char *)td_fdp) + 32);
uint64_t *rootvnode = (uint64_t *)0xFFFFFFFF832EF920;
*td_fdp_fd_rdir = *rootvnode;
*td_fdp_fd_jdir = *rootvnode;
There are also a few other checks which should be bypassed on the PS4. Once you've dumped the kernel, these checks are trivial to bypass, just search for sceSblACMgr."

Sure PS4 is not jailbroken sure… sure 😝😝😝
 

luca_29_bg

Member
vHvgDTL.png


Ahahah i can't believed! 😂😂😂😂
 

test_account

XP-39C²
This is not an easy answer. If you are root, you can do anything or let's better say, you have the rights to do anything. That doesn't mean you can access everything because certain things might be encrypted and are not viewable decrypted in RAM but by now we don't know what's possible. We have to wait until hackers did more fiddling with the system. But they have all the "rights" to do what they want.
I just read the latest article that he posted on the PS4 hack, and i get the impression that all memory can be read/sniffed unencrypted. There might be some limitations still though, but it looks pretty open, from what my impression is.


Going forward, the questions seems to be if anyone will pick up the torch further on. The article seems relatively detailed (i guess there are more to it than whats written), so i guess that people with enough skills can reproduce it without any big problems. It also depends if someone will find other exploits for newer firmware versions. This exploits uses something called JIT, and according to the article, very few apps have access to that on PS4. The IRET-vulnerability is also fixed in newer firmware. Doesnt seem like there will be any breakthrough anytime soon.

Hopefully for Sony's sake, that is the case. Purely functionality, hacking consoles doesnt seem thave much "wow"-factor anymore in terms of usage. There are so many other, easier and cheaper alternatives for homebrew. The only advantage i can see is if you prefer PS4 gaming and want "all" in one box instead of usings two (PS4 + PC for homebrew). But if this is limited to an old firmware version, you might not be able to player newer games.


Umm.....What?
The flipped-upside-down part is probably a joke related to the PS1, where flipping it upside down apparently should make it read some games easier if they have trouble being read in the first place :) I have no idea if its true or not.
 
The proliferation of cheap, small, and powerful computers like the Raspbery Pi means that console cracking is purely in the realm of entertainment for people who could make large amounts of money elsewhere.
 

NolbertoS

Member
So the guy who hacked the PS4, doesn't want to CFW?? Rigggghhhhttttt. He opened the door anf know countless others will apply CFW settings. I just wanna see what working PS2 emulator they get so I can play my PS2 and maybe 3 backlog on 1 console. The potential is limitless.
 

LordOfChaos

Member

Wow crazy. I hadn't heard anything about him in ages.



“Frankly, I think you should just work at Tesla,” Musk wrote to Hotz in an e-mail. “I’m happy to work out a multimillion-dollar bonus with a longer time horizon that pays out as soon as we discontinue Mobileye.”

“I appreciate the offer,” Hotz replied, “but like I’ve said, I’m not looking for a job. I’ll ping you when I crush Mobileye.”

He'll need that autonomous car to drive around that big old pair of balls he has. Saying no to a multimillion dollar signing bonus offer from Musk.

I wonder how much he's worth, to say no to that much.
 
Top Bottom