Developer CelesteBlue has announced PsFree, a new Webkit exploit for PS4 6.00 to 9.60. A release (or pre-release) of this exploit is already available. This exploit should also work on his PS5 1.00-5.50.
This Webkit exploit is based on CVE-2022-22620 by security researchers Sergei Glazunov and Maddie Stone. The PS4/PS5 implementation was originally done by scene member ‘abc’ on the PlayStation Devwiki Discord forum, with further improvements and implementation added by CelesteBlue.
Additionally, Celesteblue announced QuickHEN PS4 (screenshot above), an upcoming all-in-one toolkit with all the necessary Webkit exploits for PS4 3.15 to 9.60 (also includes kernel exploits for supported firmware ).
Disclaimer: At the time of publication, the PsFree release is very recent and is still being tested by the hacking community. Results are not guaranteed. If you can’t stand uncertainty, wait until the problem is resolved. I believe bug fixes will be made soon. Testers are reporting errors and issues with currently distributed releases.
What is PS4/PS5 version PsFree?
PsFree is an (in-progress) Webkit exploit for PS4 firmware 6.00 to 9.60 and PS5 firmware 1.00 to 5.50. This is based on his CVE-2022-22620 by security researchers Sergei Glazunov and Maddie Stone. The PS4/PS5 version was implemented by abc and CelesteBlue.
In the context of PS4/PS5 hacking, the Webkit exploit is a user-mode exploit. This allows limited access to run unsigned code on the console. Although in theory they can be used to run homebrew games, in practice such exploits are typically used as entry points or attack vectors for privilege escalation (kernel exploits). In other words, such user-mode exploits are typically not very useful to end users on their own, but when combined with kernel exploits, they can lead to a console jailbreak.
As of this writing, kernel exploits have been published for PS4 (up to firmware 9.00) and PS5 (up to firmware 4.51). While these kernel exploits are already used in conjunction with other user-mode entry points, the benefits of this Webkit exploit are:
- Firmware with a combination of existing entry points and kernel exploits can be used to replace existing exploits and potentially provide a more stable implementation (see below).
- Firmware that does not yet have a kernel exploit may use it as an entry point if such a kernel exploit is found in the future. For security researchers, it also provides a ready-to-use entry point to further investigate the machine.
CelesteBlue states that this exploit is very fast and stable. Specifically on PS4, it could potentially replace the p00Bs4 exploit, which currently requires a specific format of USB key. A reliable Webkit exploit will be more useful to many people. The developer has published a video demonstrating the speed of the exploit.
Finally, we have a fast and stable WebKit exploit for PS4 system software versions 6.00 to 9.60.with Sergei Glazunov @maddiestone Anonymous for finding vulnerabilities, anonymous for creating PsFree exploits, and myself for testing, porting, and improvements. PS4 9.00 Showcase: pic.twitter.com/5JgdomWr5P
— Celeste Blue (@CelesteBlue123) December 3, 2023
Current status of PsFree
Although CelesteBlue has not yet provided an “official” download link, PsFree can be found on the associated Discord server and is already circulating on Twitter. However, this may not be an “official” release yet, and issues have been reported with what I personally consider to be a beta version at this time. Please feel free to use it. However, don’t expect great results just yet.
PS5 tested on 8.20 pic.twitter.com/yRPI8AgfDp
— Master (@master_s9) December 3, 2023
Download and test PsFree
Please note the disclaimer above. This is a very recent release and results may vary at this time.
The easiest way to test the PSFree Webkit exploit is to point your PS4 or PS5 web browser to Zecoxao’s public host. https://zecoxao.github.io/psfree/
To redirect to such a host using a PS4/PS5 browser, you typically need to use redirecting DNS. playstation.net to the host. Master_s9 has other ways to use the browser on PS5, including:
How to open PS5 web browser 8.20 pic.twitter.com/7nbrAa5qC7
— Master (@master_s9) December 3, 2023
Alternatively, if you want to host the exploit yourself, you can download it here. We recommend setting up your own host locally.
sauce: celeste blue