Ryu
02-08-2018, 01:07 PM
"The exploit was shown off by a hacker by the name of Volodymyr Pikhur who apparently has known about it for two years. He has chosen to share it now because Sony does not offer any kind of bug bounty, meaning he cannot be paid for sharing it. Of course, he could have just told Sony about the exploit for free, but instead he chose to share it with the world, including video of the exploit in action and slides detailing its execution.
According to the hacker, the sys_kldload exploit still exists in firmware 5.00, potentially more recent firmwares as well. The important point of the video above is that the hack persists after boot, demonstrating what is probably the very first custom firmware on the PS4. Sony changed their keys in 5.05, but apparently not the signing process.The kernel bootloader contains the keys for Rest Mode kernel, which is why it was interesting to get access to it."
According to the hacker, the sys_kldload exploit still exists in firmware 5.00, potentially more recent firmwares as well. The important point of the video above is that the hack persists after boot, demonstrating what is probably the very first custom firmware on the PS4. Sony changed their keys in 5.05, but apparently not the signing process.The kernel bootloader contains the keys for Rest Mode kernel, which is why it was interesting to get access to it."