(adsbygoogle = window.adsbygoogle || []).push({}); Was Just Looking On gbatemp And Found This topic going on about ps4 5.xx rest mode kernel exploit

Could This Be A Good Start For A Kernel Custom FW


Copy And Paste From The Topic
Exploit revealed by @vpikhur

He made a presentation at the Recon Brussels hacking conference showing the exploit and a demo video.
Apparently his exploit uses a vulnerability on sys_kldload.
He also relased the presentation slides later in the day here.

Quoted by wololo.net

According to the developer:
The custom Southbridge silicon, responsive for background downloads while main SoC is off, didn’t help to secure Playstation 4. We explain how a chain of exploits combined with hardware attacks will allow code to run in the context of the secure bootloader, extract private keys, and sign a custom kernel.

According to the hacker, the sys_kldload exploit still exists in firmware 5.00, potentially more recent firmwares as well.
The important point of the video above is that the hack persists after boot, demonstrating what is probably the very first custom firmware on the PS4
Sony changed their keys in 5.05, but apparently not the signing process.
The kernel bootloader contains the keys for Rest Mode kernel, which is why it was interesting to get access to it.

How the exploit works is shown in this video.

Not Sure If Am Aloud To Post Links To The gbatemp Site So Will Not Post It






​