PlayStation 4 Jailbreak Based On 4.05 Kernel Exploit Could Arrive Soon

PlayStation 4 fans looking to set their console free from the clutches of Sony will soon have a new jailbreak to try out. The PS4 4.05 Kernel Exploit from Developer Specter has been published on GitHub for download. The jailbreak devs are specific in noting that the exploit doesn't contain any code that will defeat anti-piracy measures or allow the users to run homebrew apps.

PlayStation 4 Pro

The exploit summary reads in part, "In this project you will find a full implementation of the 'namedobj' kernel exploit for the PlayStation 4 on 4.05. It will allow you to run arbitrary code as kernel, to allow jailbreaking and kernel-level modifications to the system. This release however, does not contain any code related to defeating anti-piracy mechanisms or running homebrew. This exploit does include a loader that listens for payloads on port 9020 and will execute them upon receival."

What the exploit does contain is a layer that listens for payloads on a designated port 9020 and executes that code. Obviously, this jailbreak is for those that are technically minded and as of now, the technical write-up that goes into implementation specifics isn’t finished, but should be soon.

The kernel exploit has the following patches made by default in the kernel ROP chain:

  1. Disable kernel write protection
  2. Allow RWX (read-write-execute) memory mapping
  3. Dynamic Resolving (sys_dynlib_dlsym) allowed from any process
  4. Custom system call #11 (kexec()) to execute arbitrary code in kernel mode
  5. Allow unprivileged users to call setuid(0) successfully. Works as a status check, doubles as a privilege escalation.

There are several other notes added in with the developers stating that it has been about 95% stable in tests. There is no SDK in this release, but the devs do say that a barebones SDK might be offered later. A payload that will "make the necessary patches to access the debug menu of the system via settings, jailbreaks, and escapes the sandbox" is available here.