zo0/PSFree-Enhanced-Dockerized
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
3e47ad92a0e4e30144da8f51998ab23cf68ebda8
PSFree-Enhanced-Dockerized/README.md
Al Azif 3e47ad92a0 Prep for multi-fw and publishing on GitHub 
### Added

- `.gitignore` for kpatch output
- Auto detect console type and firmware in `config.mjs`
  - Used elsewhere to determine which offsets/patches/ROP chain are used
- WIP: Add 8.50-9.60 support
  - All offsets found
  - Running into some issue here. Wiped out my JOP chains to redo them...

### Fixed

- Call `lapse.mjs` rather than `code.mjs`
- Makefile for kpatch builds all currently available

### Changed

- Use relative locations rather than absolute
- Changed kpatch binaries to just be shellcode vs full ELFs
  - 5,216 bytes to 257 bytes.
- Build kpatch binaries with `-Os` rather than `-O`
  - 257 bytes to 233 bytes.
- Renamed/Formatted `CHANGELOG.md`, `README.md`, and `LICENSE`
2025-05-12 14:42:31 -07:00

2.1 KiB
Raw Blame History

PSFree version 1.5.1

PSFree is a collection of exploits for the PS4 console. The main focus of the repo is for the PS4, but we try to make things portable to PS5.

Features

  • Auto-detection: Automatically detects console type and firmware version (via src/config.mjs).
  • WebKit Exploit (PSFree): Entry point via the console's web browser.
  • Kernel Exploit (Lapse): Escalates privileges to kernel level.
  • Payload Loader: After successful kernel exploitation listens for a payload on port 9020. WIP

Vulnerability Scope

PSFree Lapse
PlayStation 4 6.00-9.60 1.01-12.02
PlayStation 5 1.00-5.50 1.00-10.01

Supported by this Repository

This table indicates firmware versions for which the current version of this repository provides a functional and tested exploit chain.

PSFree Lapse
PlayStation 4 8.00-8.03 8.00-8.03
PlayStation 5 N/A N/A

Note: Support for other firmwares listed in the "Vulnerability Scope" table may, or may not, be actively being worked on or may have been supported in previous versions of this repository. Please check CHANGELOG.md for historical support.

TODO List

  • Integrate payload loader (Test on 8.00-8.03)
  • Rewrite JOP chains in rop/ps4/850.mjs, rop/ps4/900.mjs, and rop/ps4/950.mjs
    • I scrapped the ones I had...
  • lapse.mjs: Just set the bits for JIT privs
  • view.mjs: Assumes PS4, support PS5 as well
  • Add PS5 support

Copyright and Authors:

AGPL-3.0-or-later (see LICENSE). This repo belongs to the group anonymous. We refer to anonymous contributors as "anonymous" as well.

Credits:

  • anonymous for PS4 firmware kernel dumps
  • Check the appropriate files for any extra contributors. Unless otherwise stated, everything here can also be credited to us.

Donations

(Monero/XMR): 86Fk3X9AE94EGKidzRbvyiVgGNYD3qZnuKNq1ZbsomFWXHYm6TtAgz9GNGitPWadkS3Wr9uXoT29U1SfdMtJ7QNKQpW1CVS

Reference in New Issue View Git Blame Copy Permalink