PlayStation 4 / PS4 Vulnerability Detected By SKFU, Exploit Found?
Following up on the recent PS4 Factory Service Mode and PS4 Jailbreak rumors, today German PlayStation 4 hacker SKFU Tweeted that an alleged PS4 vulnerability has been detected with hopes that an exploit has been found.
While there currently isn't much more than a single Tweet by SKFU on this rumored PS4 vulnerability, according to him testing is indeed underway. We will update this article if/when new information surfaces, and below is the actual Tweet for those interested:
PS4 vulnerability detected... executing test protocol...
Finally, below are some PS4 Bugs & Vulnerabilities (via psdevwiki.com/ps4/Bugs_&_Vulnerabilities), as follows:
Vidnow (TCP Buffer Overflow)
When you launch Vidnow for the first time it gets http://sceecatalogs.vidzone.tv/386/v...86_US.db.psarc. This file is 5mb. This file loads into a 60k tcp buffer. No checks are done at all on the files size/hash/contents.
Therefore, it is possible to redirect Vidnow to load a substitute file. When vidnow is redirected to load a large enough file the TCP Window buffer is overrun, somewhere between byte 34,125,000 and 35,000,000 of the substitute file.
Despite the buffer overflow and crash, the substitute data is still transmitted and the application only throws the exception when another tcp packet is sent. As a result, the application crashes and the console locks up for a minute.
Directly before the console resumes normal operations after the crash, an unusually large number of tcp (RST) packets are sent. While no exploit that makes use of this crash is currently available, a carefully crafted file may be able to exploit this or similar issues to gain code execution, among other things.
17:17:40 (System locks up) Crash
17:17:50.356427000 (System no longer locked up) Console Regains Control (74 byte packet sent)
17:17:50.357555000 Contacts Crashlog Server/System Operation Resumes
Running your own code in sandbox requires 4 things:
1. Disabling SHA-1 Checksums ✔
2. Generate a valid signature/disable or bypass signature authentication ✖
3. Repacking Containers ✔
4. Crafting proper binary ✔
Assuming you can get code running disabling sandboxing is trivial.
More PlayStation 4 News...
Sweet hooe this is true and leads to the good stuff!
at least this is some good news. hope we dont have to try to get an earlier model ps4 or a day 1 release by the time its cracked. good work
12-07-2013 #4Banned User
- Join Date
- Sep 2010
i buy it with very big hope ...hope they will cracked it and we can enjoy ....for a long time... with many future for now or till middle next year or end there are no good games ...most big blockbuster game delay etc... right now i feel the same like when i buy psvita ...
dont worry i have 2 ps4s still sealed in a box for just that occasion, prices will be high though if it gets cracked/jailbroken/whatever
Comon SKFU ... we're literally rooting for you sorry NIX humor
I dont want to wait possibly 7 years for a jig to get lost.
let's wait and see if asomething comes out. really a good news!
I hope he doesn't release it. Right now there aren't many PS4s out there and Sony will patch the exploit within weeks; even if the exploit is believed to be un-patchable like the PS3's was.
SKFU is the real deal. If he says he's on top of it... he is. He is a legit dev.
Ps4 is designed for online gameplay, so, if it were cracked sony just will retire the physic format out from the market and the choise is clear: cracked and banned or legit and slave.