PlayStation 4 fans looking to set their console free from the clutches of Sony will soon have a new jailbreak to try out. The PS4 4.05 Kernel Exploit from Developer Specter has been published on GitHub for download. The jailbreak devs are specific in noting that the exploit doesn't contain any code that will defeat anti-piracy measures or allow the users to run homebrew apps.
The exploit summary reads in part, "In this
What the exploit does contain is a layer that listens for payloads on a designated port 9020 and executes that code. Obviously, this jailbreak is for those that are technically minded and as of now, the technical write-up that goes into implementation specifics isn’t finished, but should be soon.
The kernel exploit has the following patches made by default in the kernel ROP chain:
- Disable kernel write protection
- Allow RWX (read-write-execute) memory mapping
- Dynamic Resolving (sys_dynlib_dlsym) allowed from any process
- Custom system call #11 (
kexec()) to execute arbitrary code in kernel mode
- Allow unprivileged users to call
setuid(0) successfully. Works as a status check,doubles as a privilege escalation.
There are several other notes added in with the developers stating that it has been about 95% stable in tests. There is no SDK in this release, but the devs do say that a barebones SDK might be offered later. A payload that will "make the necessary patches to access the debug menu of the system via settings, jailbreaks, and escapes the sandbox" is available here.