PS4_PS5 Jailbreak News_ 13.02 _ 12.02 security patches, Investigating YouTube app exploits _ More!

jalal khan

ots of developments evolving on the PS4 & PS5 with new vulnerabilities being investigated. -------------------------------------------------------------------------------------------------------- Links:  PS4 13.02: https://www.playstation.com/en-gb/sup...  PS5 12.02: https://www.playstation.com/en-gb/sup...  Kernel bug: https://x.com/notnotzecoxao/status/19...  HackerOne Bounty: https://hackerone.com/playstation/hac...  YouTube app userland investigation: https://x.com/gezine_dev/status/19731...  OSM RetailKit write up: https://x.com/LegendaryOSM/status/197...  GTA Online private server: https://lossantosonline.com/  GoldHEN FPS overlay: https://x.com/Kameleonre_/status/1972...  etaHEN FPS overlay: https://x.com/LightningMods_/status/1...  -------------------------------------------------------------------------------------------------------- Timestamps: 0:00 - Intro 0:11 - PS4/PS5 Security Updates 1:06 - 10K HackerOne Report 2:17 - New kernel vulnerability on PS4? 3:30 - Gezine investigates userland vulnerabilities 6:28 - OSM RetailKit Write up 8:17 - Free to play GTA Online private server 9:44 - Sleirsgoevy working on PS5 fpkgs 10:39 - PS5 Linux update 12:02 - GoldHEN PS5 FPS counter 12:32 - etaHEN FPS counter -------------------------------------------------------------------------------------------------------- Music Outro: Paul Flint - Sock It To Them -    • Paul Flint - Sock It To Them [NCS Release]   -------------------------------------------------------------------------------------------------------- Find my content on these other platforms: Odysee: https://odysee.com/@MODDEDWARFARE LBRY: https://lbry.tv/@MODDEDWARFARE BitChute: https://www.bitchute.com/channel/cZkN...

Transcript

00:00Hey what is going on guys, welcome back to another PS4 and PS5 jailbreak news update.

00:03There's been a lot of things happening in the PS4 and PS5 scene, I've got lots of topics to dive into here in this video

00:09so let's not waste any time here and get straight into it.

00:11So starting with the new system software releases from PlayStation, we've got 13.02 released on the PS4

00:18specifically saying that they've made some security fixes to the system software

00:22and also we have version 12.02 on the PS5 also saying the same thing.

00:28So these appear to be strictly security patches that were released

00:32which is interesting how it wasn't very long since we just got 12.00 on the PS5 and 13.0 on the PS4

00:39and yet we already have another update beyond that with specific security fixes applied

00:44when the previous versions, especially 13.00 on the PS4, already had a bunch of security fixes that were discovered in that version.

00:53So whatever this is, it seems that PlayStation has rushed out a fix

00:56so it must be something pretty serious for them to have rushed this update out

01:00so quickly after the previous ones with it just being for security fixes added.

01:05Now there was a HackerOne bug bounty report from five days ago that resulted in a $10,000 bounty

01:11which is often kernel vulnerabilities that tend to get bounties of $10,000 or more

01:16although sometimes it can be lesser exploits

01:19but most of the time it tends to be a kernel exploit

01:21although it's not reported from the flow so I don't really expect it to get disclosed.

01:26If it does, that'll be great but I wouldn't, you know, get my hopes up on it getting disclosed

01:30if it's not been reported by the flow

01:32but this was five days ago so it's probably not related to the 13.02 or 12.02 update.

01:38This report was likely patched back in 13.00 in the PS4 or 12.00 if it pertains to PS5

01:45because generally the update is released before the report is resolved

01:49the report is only resolved once the update is out

01:52and it has been confirmed to patch the vulnerability that was reported

01:55so this report likely pertains to something patched in the previous updates

01:59and not 13.02 or 12.02

02:01but if we do see a new HackerOne report appear here in the next week or so

02:06that is $10,000 or more

02:08then that will likely pertain to this new patch that was released for the PS4 and PS5

02:13but we'll have to wait and see if we do actually end up seeing another report appear here.

02:18Now Zekko also put out a post saying that there's a patch in kernel in PFS read directory

02:23a buffer overflow patch

02:25so you can see there's no proper length checking on the original version

02:28and then the updated version has proper bounds checking added

02:32it says here the exploit directory entry claims a file name is 500 bytes

02:36but the buffer only has 255 bytes

02:39so if you write more than 255 bytes it's going to overflow

02:43and you can see there it says it causes a kernel stack slash heap corruption

02:47so what Zekko says about this is that it's a kernel bug

02:50that leads to a kernel exploit patched in 13.00

02:53but it exists in 12.52 and below

02:56and at least 7.61 kernel that I can see

02:59so the idea is that if this vulnerability can be triggered on the PS4 up to 12.52

03:06and if it can be turned into a working kernel exploit

03:09then it could be used to jailbreak the PS4 up to firmware 12.52

03:13although there's not really any information on this yet

03:16so obviously take things with a grain of salt for now

03:18because this is all the information we really have on this at the moment

03:22and we don't really know how viable this is to actually get this running on the PS4 yet

03:27or if it has any viability for PS5

03:29now beyond that in terms of user land exploits

03:32we've seen something new happening here

03:34from Geji Ne the developer of the Blu-ray and Lua exploits

03:37so it looks like Geji Ne is trying to find a new user land exploit

03:40that can be triggered without requiring a disk drive

03:44for digital edition consoles or PS5s

03:46that do not have their disk drive paired

03:48so the initial post here says

03:50yeah there's something funny happening at YouTube app

03:53on 6.02 non-activated PS5 retail YouTube package

03:57apparently it should work on every firmware

03:59as loading arbitrary HTML is exploiting the engine itself

04:03and loads from local

04:05the only problem is HTML is loaded only for two seconds

04:08so need to get a user land control in two seconds

04:10so in the video we can see the YouTube app being loaded

04:13and then it shows a hello world message

04:15before the PlayStation sign-in screen

04:17so the idea is to use these media applications

04:20which have their own browsers built in

04:22that are custom and are not related to the web kit

04:25that is used on the PS4 and PS5 primarily

04:29for the normal built-in web browser

04:31so these have their own custom browsers

04:33that are likely more vulnerable to different exploits

04:36so if we could trigger an exploit in one of these browsers

04:40then we could potentially use that

04:42to trigger a kernel exploit and jailbreak the console

04:44without needing you know a Blu-ray or a save file

04:47so that digital edition consoles would also be able to use this

04:51to jailbreak their consoles

04:52that is the general idea

04:53now the problem as outlined here

04:56is that the HTML that's loaded here

04:58is only loaded for two seconds before the sign-in screen appears

05:01so you need to initialize the exploit completely

05:03before the sign-in screen appears

05:05within that two seconds

05:07which would be pretty tricky

05:08now the PlayStation sign-in is not actually important

05:11you don't have to bypass the sign-in

05:12actually accessing the YouTube app

05:14is not part of this vulnerability

05:16it's what happens when the application

05:19is actually being loaded before the sign-in screen appears

05:21that's where the exploitation would happen

05:23if the Gejinet was able to trigger a userland exploit

05:26within that limited short period of time

05:29but then there's also other media apps

05:31that could also be investigated

05:32that might allow for more time here

05:34but certainly keep your fingers crossed

05:36especially if you're somebody who has a digital edition console

05:39or a console without a paired disk drive

05:41it looks like Gejinet is trying to find a userland exploit

05:45that you guys will be able to take advantage of

05:47to be able to use to jailbreak your PS5

05:49not really seeing anything here for PS4

05:51it's kind of unclear if this could also translate over to the PS4 as well

05:55the idea is that you would restore a backup file

05:58that has the exploit already set up

06:00and the YouTube application installed

06:02so you would restore that backup and then launch it

06:04and you would have the userland exploit all ready to go

06:07so there isn't really any point in trying to load

06:10the YouTube application onto your PS5 at the moment

06:12until we actually have some kind of exploit

06:15that is packaged into a backup file

06:17that we can restore onto the console

06:18because you would have to restore the backup

06:20wiping what's on your console already

06:22so pre-loading any of these media apps onto your console right now

06:26isn't really going to make much difference

06:27we also got the release of part 3 to OSM's retail kit series

06:32so this is the process that OSM has been documenting

06:36of trying to convert a retail console into more of a dev kit

06:40or unlock specific dev kit features

06:43that lie dormant on retails but can be reactivated

06:46and that is what has been documented here

06:49so part 3 covers the DECI daemon

06:52which is described by OSM as the bridge

06:55between the PS4 and Sony's debugging tools

06:57which handles all communication with the host machine

07:00over a network connection

07:02though also possible through a USB device

07:04and powers tools like Neighborhood and Sony's own debugger

07:08so allowing you to essentially remotely connect

07:11Sony's own debugging tools for test kits and dev kits

07:14to a retail console

07:16and that is what has been documented here in this write-up

07:19I'll leave a link to it down in the video description

07:21the end result as shared here by OSM

07:24showing that DECI does work on retail environments

07:28up to firmware 12.02

07:29but likely up to the current firmwares on the PS4 as well

07:33you can see a screenshot shared

07:34where he's been able to successfully connect the PS4 neighborhood software

07:39to his retail console

07:41and it appears as though it is a development kit or test kit console

07:45it does allow him to connect and access the neighborhood features

07:48kind of similar to the idea on PS3 of going from a KEX to a DEX

07:53or on an Xbox 360 where you could take like a JTAG or RGH

07:56and flash like a dev kit NAND like RGLoader onto it

08:00it's kind of that similar idea of unlocking these dev kit features on retail consoles

08:05so it's unclear if there's going to be more added to this write-up

08:08and maybe once it's complete

08:10we might see some kind of release that we can apply to our own retail consoles

08:14to unlock some of this development kit features

08:16also for the PS4 and PS5

08:18we're seeing that the Los Santos Online private server

08:21for allowing you to play GTA 5 online on a jailbroken PS4 or PS5

08:26is becoming free to play

08:28so the developer Jarby posted on the official Discord

08:31saying that it's been a year and things are finally becoming feature complete

08:35in about 3 hours I will enter into a maintenance

08:38to upgrade the servers to a brand new version of the backend

08:41with that will come many new features

08:43after the migration I will start to enable the new features one by one

08:46for you guys to try out

08:48oh and LSO is becoming free

08:50donations only forever

08:51thanks for all the support over the past year

08:54and it'll only be getting better

08:56I did a video showing the installation of this

08:58and getting the private server running on a jailbroken PS4 and PS5

09:02it's mainly just designed for PS4s

09:04but it does work on the PS5

09:06if you run the PS4 version of the game

09:08on your jailbroken PS5 it will work

09:10so I'll leave a link to that video down in the description

09:13but the big complaint I saw from comments on that video

09:16was the fact that they had to pay

09:18you know $35 for lifetime

09:19or the monthly payment

09:21and the player base was limited

09:22due to having to pay for access

09:25whereas if it becomes free to play

09:27that should bring in a lot more players

09:29and it will be more like the official GTA Online type experience

09:32that you would get

09:33with more players in your games

09:35so it's good to finally see this become free to play

09:38it also supports the Xbox 360

09:40and apparently it's coming to PC and Xbox One as well

09:44so now let's move on to some PlayStation 5 developments

09:46so the big thing that has been plastered all over Twitter and X

09:49over the past few days

09:51is this from Slayer's Go V

09:52saying that they may look into the PlayStation 5 fake packages

09:56which would be great to have another highly accomplished developer

09:59actually looking into this

10:01obviously Slayer's Go V is behind K-Stuff

10:03the inception of K-Stuff that we're using

10:05to actually do pretty much anything on our PS5 with the jailbreak

10:09we are using K-Stuff which Slayer's Go V initially developed

10:13also porting a lot of the PS4 kernel exploits

10:16that the Flow discovered on HackerOne

10:17and turning those into usable exploits for our retail consoles

10:22so having an accomplished developer like this

10:24looking into PS5 fake packages

10:26could certainly accelerate things

10:28so perhaps we might actually start to get somewhere

10:31now that Slayer's Go V is also going to look into it

10:33but there's actually some other things

10:35that Slayer's Go V talked about regarding PS5 Linux

10:38that I thought were pretty interesting

10:39because of course Slayer's Go V has been the one

10:41trying to port Linux onto the PS5 for the past several months

10:45so somebody asks I want to know how PS5 Linux is progressing

10:49and also if the current method the devs are working on

10:52works on 6.02

10:53and the response is that USB ports work

10:56and that is all

10:57so no built-in hardware works at the moment

11:00just the USB ports when booting into Linux

11:02and what about booting into a BZ image?

11:05apparently yes it is possible to boot into a BZ image

11:08so Slayer's has managed to actually get the PS5

11:10to boot into a Linux kernel into a BZ image

11:13and get the USB ports functioning

11:15but no other hardware is currently supported

11:18also saying that Slayer's Go V is on 4.03 firmware

11:21and it works with minor workarounds

11:24and should be unpatched up to and including 6.xx

11:27so I guess if you are waiting for Linux

11:30you probably don't want to update past 6.xx firmware

11:34so stay below 7.00 if you want access to Linux in the future

11:38now it may end up being able to get ported to higher firmwares eventually

11:42but you know obviously the lower the firmware the better

11:45just make sure you're below 7.00

11:47because it seems that whatever Slayer's Go V is using to be able to load Linux

11:51it should be unpatched up to and including 6.xx firmwares

11:55so anyway I just thought that was something worth mentioning

11:58for anybody who is interested in Linux developments on the PS5

12:02now there's been a few teasers that have been put out as well

12:05firstly from Chameleon saying a little bit of gaming on the PS5

12:09hashtag Gold Hen

12:10showing Demon Souls running with the classic Gold Hen FPS overlay

12:14showing in the bottom left hand corner

12:16which obviously indicates a version of Gold Hen running on the PS5

12:21just like with the FPS counter that you see on the PS4 version of Gold Hen

12:25showing that they've got that far at least on a Gold Hen port for the PS5

12:30but not to be outdone of course

12:32it looks like Lightning Mods has somewhat responded to this

12:35by showcasing the new FPS counter coming to the next version of ETA Hen

12:40presumably the next official release 2.4b most likely

12:44so he says here's a video of the ETA Hen FPS counter in action

12:48I used a 2.0 USB cable

12:51so you can see the stutters reflected in the FPS number

12:54this may or may not be the final design I'm going with

12:57I just want to share it with my followers who have been asking for it

13:00so you can see the FPS counter showing there down in the bottom left hand corner

13:05now the reason for the stutters is not because the game typically runs bad

13:09this is done deliberately by Lightning Mods by using an older USB 2 cable

13:14to create these low read and write speeds

13:17so that when the game is streaming in assets

13:19it is hitching and struggling to stream in those assets

13:22creating these stutters that are reflected in the FPS numbers

13:26so that you can see the FPS is accurate

13:27so it's not just displaying a static FPS value

13:30so that is pretty cool there

13:32and it'll be nice to see

13:33I'm presuming that he will add the ability to move it

13:36to like the top right, the top left, the bottom right

13:40probably within the settings menu

13:42you'll have an option for the FPS or overlays

13:44where you'll be able to move it to different parts of the screen

13:47maybe even make it larger or smaller

13:49so we get to see both FPS implementations

13:52one from Lightning Mods

13:54and then also the one from Sistro for Gold Hen for PS5

13:58which of course is still in private at the moment and not released yet

14:02but obviously this version of ETA Hen is also still to be released

14:05because the current version does not yet include this FPS counter

14:09but anyway that's going to do it for this one

14:11so hope you guys enjoyed this video or found the information useful

14:13if you did please leave a like and subscribe

14:15and once again as always

14:16I'll hopefully see you guys in the next one

14:18I'll see you guys in the next one

Category

Transcript

Be the first to comment

Recommended