ps4jb

This is a full chain exploit for PS4 firmware 6.72. Basically this is TheFlow's POC together with PS4-specific kROP & kernel patches. Mira is used as a HEN payload.

Building from source

To build from source, clone this repository recursively, and run these commands:

cd src
make

You will get a fresh copy of the binary build in src/build/.

Dependencies: python3, gcc, ROPgadget. Note: Mira is not being built from source

Adding your own payloads

miraldr.c loads 65536 bytes at address stored in JS variable mira_blob into RWX memory and jumps to it. At this point only the minimal patches (amd64_syscall, mmap, mprotect, kexec) are applied (i.e. the process is still "sandboxed"). Normally mira_blob contains MiraLoader.

mira_blob_2_len bytes at mira_blob_2 are sent to 127.0.0.1:9021 in a background thread. If mira_blob contains MiraLoader this will be run in the same way but with the full patchset applied & already jailbroken.

Credits

Fire30 for the WebKit exploit
TheFlow for the kernel exploit
Rui Ueyama and shinh for the 8cc compiler

Name	Name	Last commit message	Last commit date
Latest commit sleirsgoevy Fix Linux payloads Apr 29, 2021 25f07f9 · Apr 29, 2021 History 119 Commits
common	common	vtable fixes	Apr 13, 2021
jb	jb	misc	Oct 9, 2020
jb702	jb702	7.02: fix kexec syscall	Dec 16, 2020
mira	mira	Fix heisenpanic during late shutdown	Oct 7, 2020
mira702	mira702	Add Mira 7.02 payload	Dec 20, 2020
oldjb	oldjb	Upgrade Mira	Aug 31, 2020
src	src	Linux loader: raise upper limit to 5GB	Apr 27, 2021
webkit-7.02 @ 9942d0e	webkit-7.02 @ 9942d0e	Bumb webkit-7.02	Dec 18, 2020
.gitmodules	.gitmodules	Extract payloads to separate repository	Mar 22, 2021
702.js	702.js	vtable fixes	Apr 13, 2021
Cache.manifest	Cache.manifest	Fix Linux payloads	Apr 29, 2021
README.md	README.md	Add credits	Jul 17, 2020
fakeusb.html	fakeusb.html	Add FTP and FAKEUSB payloads	Jul 27, 2020
fakeusb.js	fakeusb.js	Compile payloads with -Wl,-gc-sections	Aug 5, 2020
favicon.ico	favicon.ico	feat: add new changeLanguage Function (less lines), add favicon, add …	Jul 30, 2020
ftp.html	ftp.html	Add FTP and FAKEUSB payloads	Jul 27, 2020
ftp.js	ftp.js	Fix FTP crash	Aug 9, 2020
index.html	index.html	Fix Linux payloads	Apr 29, 2021
index702.html	index702.html	Fix spanish in index702.html	Mar 3, 2021
jb.html	jb.html	Stable jailbreak	Jul 23, 2020
linux-3gb.html	linux-3gb.html	Linux loader: raise upper limit to 5GB	Apr 27, 2021
linux-3gb.js	linux-3gb.js	Fix Linux payloads	Apr 29, 2021
linux.html	linux.html	Linux loader	Aug 2, 2020
linux.js	linux.js	Fix Linux payloads	Apr 29, 2021
linux702-3gb.js	linux702-3gb.js	Fix Linux payloads	Apr 29, 2021
linux702.js	linux702.js	Fix Linux payloads	Apr 29, 2021
mira.html	mira.html	Stable jailbreak	Jul 23, 2020
netcat.html	netcat.html	Add Mira-NoHB.	Jul 24, 2020
netcat702-mira.html	netcat702-mira.html	7.02: netcat via mira loader as on 6.72	Dec 19, 2020
netcat702.html	netcat702.html	7.02 lending page	Dec 18, 2020
payload702.html	payload702.html	linux loader: split 1gb/3gb payloads	Dec 25, 2020
ps4-hen-vtx-702.js	ps4-hen-vtx-702.js	HEN 7.02 by ChendoChap	Dec 18, 2020
ps4-hen-vtx.html	ps4-hen-vtx.html	Adding ps4-vtx-hen (#49 )	Aug 11, 2020
ps4-hen-vtx.js	ps4-hen-vtx.js	Adding ps4-vtx-hen (#49 )	Aug 11, 2020
spoofer.html	spoofer.html	Add FWSPOOF	Aug 9, 2020
spoofer.js	spoofer.js	FWSPOOF: spoof 9.99 instead of 7.51	Oct 14, 2020
todex.bin	todex.bin	Todex Payload addition (#43 )	Aug 5, 2020
todex.html	todex.html	Todex Payload addition (#43 )	Aug 5, 2020
todex.js	todex.js	Fix AppCache	Aug 5, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

ps4jb

Building from source

Adding your own payloads

Credits

About

Releases

Packages

Contributors 9

Languages

sleirsgoevy/ps4jb

Folders and files

Latest commit

History

Repository files navigation

ps4jb

Building from source

Adding your own payloads

Credits

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Contributors 9

Languages

Packages