CTurt, kR105, flatz, SKFU, droogie, Xerpi, Hunger, Takezo, nas, Proxima, Fx0day, Hitodama

A collection of PS4 tools and experiments using the WebKit exploit. This is for firmware 1.76 only at the moment.


Code Execution



Click "Start", and wait for the text "Stage: Waiting for payload..."
to appear. You can use netcat: nc -w 3 192.168.xxx.xxx 9023 < *.bin

Stage: [Not started]


Linux Kernel Loader



Make sure to have files initramfs.cpio.gz and bzImage on a FAT32
formatted USB drive connected to the PS4 before loading this


FTP Server + Debug Settings



Once enabled you will be able to connect on your PS4 using Port 1337
(User/Password are not checked) and this will unlock Debug Settings


ELF Loader



You need to netcat if on Windows to listen for PS4 feedback on port 5052.
Use SOCAT or WIFI-Loader to send elf file to PS4 ip on port 5053

Modules



Once you have loaded a module, refresh the page,
and you will be able to dump it


Loaded Module ID:

Loaded Module Index:

Module ID (check this list):

Module name (check this list):

Raw Data

- Dump raw data of System Modules

- Dump raw data of System Modules


Syscalls/Filesystem/Memory



- Get process ID

- Get login name and leak a kernel pointer



- File Browser

- Read your PSN username from account.dat

- Get the name of the current sandbox directory

- Get stack base, size, and protection

- Get stack base, size, and name

- Get vsh prefetch list

Sockets



Send a TCP message to the specified IP and port

Message:


Server



IP:

Port:

Misc




Version



Custom Version 2.00.02

Base Version by CTurt
Modified by Fx0day, Wildcard
Edit by eXtreme

Tutorials



Tutorials for end users

- Install a Linux-Distribution on USB

- How to use a Proxy Server on the PS4

Stuff



Tools and File Collection for your PlayStation 4

- Downloads for the Scene
After executing a test, you should either refresh the page, or close and reopen the browser entirely; running multiple experiments sequentially is not reliable. If you are using a web browser view in an app which isn't the Internet Browser, you can use the Refresh button under Misc to refresh the page.
File and memory dumps will be sent over TCP to the IP and port you specified. You can use a simple tool like TCP-Dump to write the data to a file.