PS4 IPv6 UAF 6.70-6.72 the new exploit 6.72 from ChendoChap
ChendoChap has uploaded a new implementation of the combined exploits of TheFlow (kernel exploit) and Fire30 (webkit exploit) which they named "PS4 6.70 - 6.72 Kernel Exploit".
Under this name hides the complete implementation of the operation of the kernel "ipv6 uaf" for the PlayStation 4 on firmware 6.70 to 6.72. It will allow you to run unsigned code in the kernel in order to allow jailbreaking and modifications to the system kernel level, but also to launch a classic loader on port 9020.
ps4-ipv6-uaf seems according to Specter to be more stable than the current proposals because its ROP has been written entirely "by hand" from scratch.
Under this name hides the complete implementation of the operation of the kernel "ipv6 uaf" for the PlayStation 4 on firmware 6.70 to 6.72. It will allow you to run unsigned code in the kernel in order to allow jailbreaking and modifications to the system kernel level, but also to launch a classic loader on port 9020.
ps4-ipv6-uaf seems according to Specter to be more stable than the current proposals because its ROP has been written entirely "by hand" from scratch.
Patches included:
The following fixes are applied to the kernel:
- Allow RWX memory mapping (read-write-execute) (mmap / mprotect)
- Syscall instructions allowed everywhere
- Dynamic resolution (sys_dynlib_dlsym) allowed from any process
- Custom syscall # 11 (kexec ()) to execute arbitrary code in the kernel
- Allow unprivileged users to call setuid (0) successfully. Works as a status check, and as a privilege escalation.
Notes:
- The page will crash if the kernel exploit is successful, this is normal
- There are a few optimizations involved in this exploit, losing one of them and attempting the exploit again might not crash the system immediately, but the stability will be compromised.
Some tips...
1) When you browse the site, you get a message "There is not enough free system memory" or "There is not enough free system memory." if successful, any other message means you need to restart your PS4.
2) Once you see this message, DO NOT PRESS OK! Press the PS button
3) Reopening of the site -> Waiting for the payload to load.
Download: ps4-ipv6-uaf / master.zip
The following fixes are applied to the kernel:
- Allow RWX memory mapping (read-write-execute) (mmap / mprotect)
- Syscall instructions allowed everywhere
- Dynamic resolution (sys_dynlib_dlsym) allowed from any process
- Custom syscall # 11 (kexec ()) to execute arbitrary code in the kernel
- Allow unprivileged users to call setuid (0) successfully. Works as a status check, and as a privilege escalation.
Notes:
- The page will crash if the kernel exploit is successful, this is normal
- There are a few optimizations involved in this exploit, losing one of them and attempting the exploit again might not crash the system immediately, but the stability will be compromised.
Some tips...
1) When you browse the site, you get a message "There is not enough free system memory" or "There is not enough free system memory." if successful, any other message means you need to restart your PS4.
2) Once you see this message, DO NOT PRESS OK! Press the PS button
3) Reopening of the site -> Waiting for the payload to load.
Download: ps4-ipv6-uaf / master.zip
0 Comments