Welcome to PS4Hax, your official PS4 hacks, PS4 Homebrew, and PS4 Downloads scene. Check back daily to keep up with the latest PS4 Hacks and drop by our forums for more PS4 Hacks discussions.
  • Posted by Kingsman , on 07/06/2016, @ 01:18am


    Did PS4 Hacker CTurt just drop a big hint to the scene?
    Source: Wololo
    CTurt is the hacker behind the badIRET and dlclose exploits, the only two publicly known kernel exploits on the PS4 so far. These exploits, in particular dlclose, are currently being used by owners of 1.76 PS4 consoles to run Linux and other cool stuff. CTurt has been a bit distant from PS4 exploitation after releasing these vulnerabilities, but he’s been actively working on finding bugs in FreeBSD, the Operating system running on the PS4. Although he’s not directly talking about the PS4 anymore on his blog, one can’t help but be intrigued whenever he mentions his work on FreeBSD.
    Yesterday, the famous hacker blogged about new vulnerabilities he’s found in the FreeBSD compatibility layers. These are stack disclosure vulnerabilities, namely they let an attacker access potentially sensitive information from the RAM. Although these do not represent an exploit in themselves, they can be used in a sequence of vulnerabilities to grant further access for an attacker. Those interested in the whole technical explanation can read CTurt’s article on his blog.

    Specifically, CTurt mentions that these can be used to leak information from the stack guard, potentially allowing to bypass it. Those of you who’ve been following the scene closely will probably remember a libxml2 vulnerabilityrevealed recently, that was deemed useless because of stack protection. Specifically, we wrote:FreeBSD has had Stack Protector baked in since FreeBSD 8.0, meaning that this vulnerability (if confirmed on PS4) would be useless on its own (Unless some other exploit could help bypass stack protection?).

    Doesn’t this look like an interesting coincidence to you? Or is it likely that CTurt is sending a red blinking signal to the PS4 scene?There’s of course a long shot between a security article on FreeBSD and claiming victory for a hack on the PS4 3.50. Hackers would need to confirm that the FreeBSD implementation on the PS4 actually uses the compatibility layers, then port CTurt’s proof of concept to the PS4, and then couple that with an actual stack overflow… Easy as pie?
    Update from Wololo: unfortunately CTurt has confirmed on Twitter that Compatibility layers are *not* available on the PS4's FreeBSD implementation:


    Discuss in Forums (3)


    1. Abdullah Jr
      12:16 AM

      so what does this mean ??
      the scene is dead or something like that?

    2. RCFProd
      12:12 PM

      Abdullah Jr wrote:
      so what does this mean ??
      the scene is dead or something like that?

      No, this was just a theory with potential IF the compability layers were enabled. They are not, so this theory is debunked. Hackers are now trying to find a different way. A scene won't die.

    3. paranoicb
      01:22 PM

      when something locks it can also unlock thats my theory. Just give them 2 more years of development and something will come up to the surface