The PlayStation 4 was released three years ago, selling over 40 million units. As time goes on, vulnerabilities in its software begin to appear. Hackers have managed to find their way into the heart of its code, paving the way to a brand-new PS4 jailbreak.
The PlayStation 4 is a PC.
Something most Playstation owners don’t know when they compare the console to a PC is that it quite literally is one, inside and out. The PlayStation 4 runs on a version of Linux known as FreeBSD, known for its high efficiency and security. Not only that, but its use of 64-bit hardware components are no different than the ones you would find in any mid-tier computer running Windows. What I’m trying to get at is that these “next-gen” consoles are, simply put, proprietary desktop computers.
Now you might ask, why does this all matter? When computer software gets older, people find flaws in its code that reveal potential vulnerabilities. What this means to a hacker is that they can access parts of a system which were never meant to be accessible, such as its kernel. Once this can be accessed it means you are able to add whatever software you would like, without Sony’s approval first (yay!). Since the PS4 uses the three-year old FreeBSD 9, many such vulnerabilities have since been discovered.
How do you create a jailbreak on the PS4?
Accessing locked elements of a computer’s operating system is no easy feat. It involves the reverse-engineering of machine-level code using sophisticated techniques. Two notable techniques used are ROP, and something known as ‘cold booting’. ROP stands for ‘return-oriented programming’, which is the use of already existing computer code to create new computer code.
Let’s assume the software had a variable called “splinter”. Now you take the characters ‘int’ from ‘splinter’, and assign it the number ‘5’ which was called elsewhere. Without physically writing any new code, the hacker has managed to create a new variable! With the cold booting technique, the goal is to interrupt a targeted computer function. The PlayStation 3 was actually hacked using this method. GeoHot, known for being the first to hack the iPhone, used a small jolt of electricity to interrupt a function’s write to the system’s memory which holds all running code. The result allowed him to read and write to the systems kernel, and run unsigned code.
So, where’s the Jailbreak?
A few months back, a Linux researcher by the name CTurt has managed to gain full access to a PlayStation 4 on system version 1.76. Although this has been managed, he has publicly stated he will not be continuing development of a PS4 jailbreak, instead asking the community to finish what he started. More recently at a hacking conference named GeekPwn, Chinese hackers have showed off a new browser exploit that runs an NES emulator on the system. While the vulnerabilities used most likely do not allow a user to access the core file system necessary to modify its firmware, this is a huge step forward for the development of a system-wide jailbreak.
A kernel level jailbreak is extremely important, and once achieved, will allow us to not only install unsigned code, but also extract the PlayStation 4’s kernel and re-compile. What this means is the ability to play PlayStation 4 games on your home computer not by emulation, but through the more efficient virtualization. As I’d mentioned before, the PS4 is literally a PC running a modified version of Linux. Since computers already have the ability to virtualize other operating systems like Windows and Linux, it may not take to long to develop a modified FreeBSD operating system that can launch PS4 games natively. This will consist of installing Linux-based Nvidia and AMD video card drivers to the OS, as well as ensuring that both Intel and AMD desktop processors will work properly when running the PS4 software. Since certain elements of PlayStation’s custom orbisOS are also likely coded to specific hardware, there is lots of patching that needs to be done for certain elements of the OS to work.
Where are we now?
Honestly, I’m not quite sure. The current PS4 scene is rather secretive when it comes to releasing new information to the public. Although, this is likely more beneficial to us than anything. If Sony were to catch on, they would undoubtedly shut it down as quickly as possible. Of course there are the glimpses of exploits popping up here and there, most of it is blind to our eyes. If you keep your eye out on /r/ps4homebrew, such exploits can give you an idea of how close we are in the future. Given the secret nature of the current community and whispers of new breakthroughs, it seems a jailbreak is truly coming, nearing the beginning of a functional PS4 homebrew scene.