This post is by a banned member (HideakiAtsuyo) - Unhide
OP 04 October, 2022 - 02:53 AM
Reply
PS5 4.03 Kernel Exploit
What is it ?
Show ContentSpoiler:
Hidden Content
You must register or login to view this content.
Download:
Show ContentSpoiler:
Hidden Content
You must register or login to view this content.
Included: - Obtains arbitrary read/write and can run a basic RPC server for reads/writes (or a dump server for large reads) (must edit your own address/port into the exploit file on lines 673-677)
- Enables debug settings menu (note: you will have to fully exit settings and go back in to see it).
- Gets root privileges
Limitations: - This exploit achieves read/write, but not code execution. This is because we cannot currently dump kernel code for gadgets, as kernel .text pages are marked as eXecute Only Memory (XOM). Attempting to read kernel .text pointers will panic!
- As per the above + the hypervisor (HV) enforcing kernel write protection, this exploit also cannot install any patches or hooks into kernel space, which means no homebrew-related code for the time being.
- Clang-based fine-grained Control Flow Integrity (CFI) is present and enforced.
- Supervisor Mode Access Prevention/Execution (SMAP/SMEP) cannot be disabled, due to the HV.
- The write primitive is somewhat constrained, as bytes 0x10-0x14 must be zero (or a valid network interface).
- The exploit's stability is currently poor. More on this below.
- On successful run, exit the browser with circle button, PS button panics for a currently unknown reason.
This post is by a banned member (COLTONM01) - Unhide
04 October, 2022 - 03:33 AM
Reply
(04 October, 2022 - 02:53 AM)HideakiAtsuyo Wrote: Show MorePS5 4.03 Kernel Exploit
What is it ?
Included: - Obtains arbitrary read/write and can run a basic RPC server for reads/writes (or a dump server for large reads) (must edit your own address/port into the exploit file on lines 673-677)
- Enables debug settings menu (note: you will have to fully exit settings and go back in to see it).
- Gets root privileges
Limitations: - This exploit achieves read/write, but not code execution. This is because we cannot currently dump kernel code for gadgets, as kernel .text pages are marked as eXecute Only Memory (XOM). Attempting to read kernel .text pointers will panic!
- As per the above + the hypervisor (HV) enforcing kernel write protection, this exploit also cannot install any patches or hooks into kernel space, which means no homebrew-related code for the time being.
- Clang-based fine-grained Control Flow Integrity (CFI) is present and enforced.
- Supervisor Mode Access Prevention/Execution (SMAP/SMEP) cannot be disabled, due to the HV.
- The write primitive is somewhat constrained, as bytes 0x10-0x14 must be zero (or a valid network interface).
- The exploit's stability is currently poor. More on this below.
- On successful run, exit the browser with circle button, PS button panics for a currently unknown reason.
This post is by a banned member (Lolly77) - Unhide
05 October, 2022 - 12:50 AM
Reply
This post is by a banned member (Yuroo) - Unhide
10 October, 2022 - 09:42 AM
Reply
(04 October, 2022 - 02:53 AM)HideakiAtsuyo Wrote: Show MorePS5 4.03 Kernel Exploit
What is it ?
Included: - Obtains arbitrary read/write and can run a basic RPC server for reads/writes (or a dump server for large reads) (must edit your own address/port into the exploit file on lines 673-677)
- Enables debug settings menu (note: you will have to fully exit settings and go back in to see it).
- Gets root privileges
Limitations: - This exploit achieves read/write, but not code execution. This is because we cannot currently dump kernel code for gadgets, as kernel .text pages are marked as eXecute Only Memory (XOM). Attempting to read kernel .text pointers will panic!
- As per the above + the hypervisor (HV) enforcing kernel write protection, this exploit also cannot install any patches or hooks into kernel space, which means no homebrew-related code for the time being.
- Clang-based fine-grained Control Flow Integrity (CFI) is present and enforced.
- Supervisor Mode Access Prevention/Execution (SMAP/SMEP) cannot be disabled, due to the HV.
- The write primitive is somewhat constrained, as bytes 0x10-0x14 must be zero (or a valid network interface).
- The exploit's stability is currently poor. More on this below.
- On successful run, exit the browser with circle button, PS button panics for a currently unknown reason.
Thanks! <3 
|
