PS4 officially Jail Broken!

DSoup said:
Yeah, I've seen the video but something is a bit fishy and I'm not convinced they are doing much more than running linux within the space of the webkit thread. As a demonstration why only run a program with a tiny footprint? Why no complete boot logs?
Click to expand...

cturt wrote pretty good explanation on the kernel exploit and how it was achieved: http://cturt.github.io/ps4-3.html

Basically he ran x86 version of freebsd in vm. He used the vm environment to create the exploit. Then he executed the exploit on ps4 via the webkit jit hole. Ofcourse he was able to match the freebsd version to what ps4 is using and scan the known issues list for potential security issues.

Ofcourse this doesn't mean ps4 is fully hacked but hackers do have good access to ps4 kernel and executing arbitrary code.
 
Clukos said:
Huh, that's Interesting™.
Click to expand...

Yes, but the consoles strength has always been closer to the metal. How close is SteamOS vs a console setup today? If the abstraction layers are more "bloated" then it will just be a weak pc, right?
 
JPT said:
Yes, but the consoles strength has always been closer to the metal. How close is SteamOS vs a console setup today? If the abstraction layers are more "bloated" then it will just be a weak pc, right?
Click to expand...

Probably, but it doesn't matter as long as it's possible to at least run some games using SteamOS. How worse can it be than a $300-$349 PC running linux? And that's not even the point of the system.
 
Shifty Geezer said:
What's the state of the old firmware issue? Is this working on the latest FW?
Click to expand...

According to f0
Although the exploits used in our demo were our own work (we in fact had Linux booting, albeit in a very broken state, well before any PS4 exploits were publicly announced - porting Linux takes time), the fact that other teams have also been able to get kernel code execution proves the point that you really don’t need to depend on us for that aspect. We also have no doubt that vulnerabilities in the latest firmware can be found without too much trouble. Incidentally, everything is pure software. Hardware stuff was only used for research. There is not much reason to resort to hardware-based exploits on an architecture like the PS4, with a very wide attack surface and mediocre isolation.
Click to expand...

Hypothetical, but positive i guess.
 
It'll be very interesting if the security is such a backwards step from PS3. One wonders how that could be possible!
 
Another interesting point in the comments (comparing Ps4 and PC)
Basically, it's a legacy-free x86 system, so it is missing many things (like interrupt controllers or timers) that are assumed to exist on a PC. On top of that, the southbridge does a lot of things in nonstandard ways and the way it is organized makes no sense. We'll probably have a talk in the future that goes into all the gory details of the porting process.
Click to expand...
 
Shifty Geezer said:
It'll be very interesting if the security is such a backwards step from PS3. One wonders how that could be possible!
Click to expand...

I'm not so sure the security is any worse on ps4 than on ps3. Sony just happens to use more open source components. It's fairly trivial to go through said components and their versions and see what known security issues exists. Unfortunately this applies also to freebsd which is used as the kernel for ps4.

Using same components on pc/vm environment creates very nice to use environment for developing exploits.

I suppose ps3 in this sense was more just about security via obscurity.
 
And that's what they're basically saying in their blog post. They wrote off Ps4 initially because they thought it was too similar to PC to be a challenge but it turns out it isn't exactly a PC so they thought it's fun to try and hack it.
 
If the vulnerabilities were patched, and countermeasures must have been implemented in more recent firmwares, how can they be sure the vunerabilities can still be exploited in recent firmwares?
 
MrFox said:
If the vulnerabilities were patched, and countermeasures must have been implemented in more recent firmwares, how can they be sure the vunerabilities can still be exploited in recent firmwares?
Click to expand...

webkit and other software is potentially so complicated that it's not unreasonable to assume there is or will be similar bugs in future.

One thing sony could do to mitigate webkit is to disable JIT and also double check there is no other ways to run unsigned native code. Also all code pages should be read only so potential buffer overflows and whatnots cannot create new code to be executed.
 
The big deal is the kernel vulnerability on such a minimal build. These are rare.

Webkit is expected to be full of holes, just like every other browser, but it's useless without breaking the kernel. Otherwise the exploits would simply page fault?
 
Which ones are applicable?

The big ones that can compromise root memory space are rare, and it's pointless to list all the server package which the PS4 isn't running, because the PS4 isn't listening to these services ports. They need local root escalation, or kernel memory space compromise. Buffer overflows need to allow an input into these buffers.
 
MrFox said:
Which ones are applicable?

The big ones that can compromise root memory space are rare, and it's pointless to list all the server package which the PS4 isn't running, because the PS4 isn't listening to these services ports. They need local root escalation, or kernel memory space compromise. Buffer overflows need to allow an input into these buffers.
Click to expand...

Did you read cturts description how he exploited ps4 kernel? It doesn't take very big hole for someone who is determined to crack the nut. My point was just that there is many holes and more are found as we speak. And possibly some holes are known but not reported as to make it less likely for them to be fixed.
 
And I'm saying holes which can compromise kernel memory space are rare. The list you linked to doesn't show them to be frequent at all, nor applicable to PS4.

Not saying there won't be others, certainly not that there are none, but the exploit requires more that a webkit jit alloc bug.
 
MrFox said:
And I'm saying holes which can compromise kernel memory space are rare. The list you linked to doesn't show them to be frequent at all, nor applicable to PS4.
Click to expand...

I think this is the trick. Brower exploits (and webkit in particular) aren't uncommon but they tend to get patched fast and hoping for more exploits that dovetail with a crack in the kernal is optimistic - at least if Sony are serious about security.

Looking at this from Sony's perspective, I would imagine that unless installing an exploit is ultra simple and has no drawbacks (like not being able to update the firmware freely) then Sony wouldn't expect most PS4 users would bother. Particularly if the benefits of installing something like linux or another flavour or BSD aren't compelling.

I too an dubious about the perofrmance of PS4 as a hacked Steam machine. I bet most software is performance optimised for split memory pools and having such an architecture sprung on unsuspecting and unaware (and therefore unoptimised) software is going to have all sorts of unexpected performance penalties.
 
You must log in or register to reply here.

Similar threads

J
Network technologies for gaming - Wifi versus Ethernet *spawn
2 3
Replies
42
Views
2K
Deleted member 11852
D
P
Steam
7 8 9
Replies
170
Views
9K
GhostofWar
G
Cyan
Raytraced Voxels? Voxlands.
Replies
11
Views
1K
Davros
D
orangpelupa
Why Nintendo Switch is the only console that officially supports Bluetooth audio?
Replies
18
Views
2K
Kise Ryota
K
L
Xbox 360 and PS3 top graphics
3 4 5
Replies
99
Views
9K
Liandry
L
Back
Top