4.55 Kernel Exploit / Playground

4.55 Kernel Exploit / Playground 2018-02-27

No permission to download
PS4 4.55 Kernel Exploit

In this project you will find a full implementation of the "bpf" kernel exploit for the PlayStation 4 on 4.55. It will allow you to run arbitrary code as kernel, to allow jailbreaking and kernel-level modifications to the system. This release however, does not contain any code related to defeating anti-piracy mechanisms or running homebrew. This exploit does include a loader that listens for payloads on port 9020 and will execute them upon receival.

This bug was discovered by qwertyoruiopz, and can be found hosted on his website here.

Patches Included
The following patches are made by default in the kernel ROP chain:
  • Disable kernel write protection
  • Allow RWX (read-write-execute) memory mapping
  • Syscall instruction allowed anywhere
  • Custom system call #11 (kexec()) to execute arbitrary code in kernel mode
  • Allow unprivileged users to call setuid(0) successfully. Works as a status check, doubles as a privilege escalation.

Early stages, so no payloads yet, I may provide a debug menu payload later on in the day.

Massive credits to the following:
  • qwertyoruiopz
  • Flatz
  • Anonymous
Likes: xADDZx
First release
Last update
0.00 star(s) 0 ratings

More resources from Senaxx