[PS4] Root + Shell Invokation on PS4 4.0? Not so fast

There's been some information posted about having a shell + rooting the PS4 on FW 4.0,but do these claims have a base? No, unfortunately not.

As some of you who read my blog frequently may have noticed, I was attempting for a little while to get a shell going on the PS4 on firmware 3.55 via the execve - all to find out that /bin/sh was not even existent on the PS4, in-fact the /bin directory doesn't exist at all! As I was never involved in any work with 1.76 I didn't realize this at first, but if you have a PS4 on 1.76 you can actually test this out, there is no /bin directory. I stated after that that I wanted to take a break from PS4 related exploitation, and focus on building my knowledge more in the area, however I still like to look around and see what's happening in regards to the PS4, and I noticed a few threads from someone by the name of "NGCheats".



Now as I pointed out in my previous article, "/bin/sh" IS a string that is included in libkernel, but maxton and I speculated that it was just left over from FreeBSD and Sony didn't remove it. There is no way to invoke /bin/sh or /bin/bash, because they do not exist.

Now the threads I speak of contain claims of the PS4 being rooted and having shell access, however the threads created do not seem to have any validity to them. This is not to say anything about the websites or those who run them, as these are just threads that could really be written by anyone, but it's very doubtful and should be taken with a very large grain of salt (aka. do not update your PS4's from a lower FW to 4.0 just based on this claim).

Firstly, I'll point out the obvious and state how no entry point has been discovered (at least publicly) that works on 4.0, as the bug exploited in < 3.55 has been patched. The image that is making some people buzz is the following;

Now it may be a little difficult to see due to the image quality, but if you take a look in the URL, it links to http://bellard.org/jslinux/. You can visit this website yourself and see this very same thing, all it is, is a terminal emulator that was written in JavaScript. It has nothing to do at all with the PS4. Using "whoami" in the emulator will give you "root", leading some to believe this person has root access to the PS4, meanwhile it's just an emulated system in JavaScript.

Considering the amount of time PS4 4.0 FW has been out, the likelihood of finding a potential security bug in WebKit or anything similar, writing an exploit for it, then also finding and writing an exploit to break out of the jail / escalate to root privileges in a matter of weeks is pretty much impossible. The screenshots are also completely unrelated to the PS4 itself. It's very likely NGCheats is either trying to get some attention from scene followers, or he doesn't really know what's going on and is somehow posting invalid information.

He also in his posts seemingly used http://bellard.org/jslinux/ and used inspect element to put his name in the footer to legitimize the post, not cool my friend.

He's made a few other kind of wild claims as well, such as the PS4 runs on PPC assembly. This is not correct, the PS3 ran on PPC as it used the CELL processor, however we know that the PS4 runs on Intel x86_64 assembly, you can see this when you dump modules from memory and look at them in IDA, as the instruction sizes are not even fixed (in PPC, instructions are all fixed to four bytes (so a NOP would be 0x60000000), where in Intel x86/x86_64 is variable instruction sizes (a NOP would be 0x90)).

Claims like this, especially to this degree, should be taken with a grain of salt if no tangible code is provided to give reproducible results, especially from someone that doesn't have much credibility in the scene. So those who are on 3.55 firmwares or lower, no, do not update until reproducible results are produced from an actual testable release.