/PSFree

PSFree WebKit Exploit for PS4 6.xx to 9.60 and PS5 1.xx to 5.xx

Primary LanguageJavaScriptGNU Affero General Public License v3.0AGPL-3.0

PSFree version 1.4.0

PSFree is a WebKit exploit using CVE-2022-22620 to gain arbitrary read/write.

vulnerable:

  • PS4 6.xx-9.xx (tested 6.00-9.60)
  • PS5 1.xx-5.xx (tested 1.00-5.50)

CREDITS:

  • anonymous for PS4 firmware kernel dumps

  • janisslsm from ps4-dev on discord.com

    • contributed ROP chain managers for 8.5x and 9.0x
    • contributer of the ROP chain manager for 9.5x
    • Helped in figuring out the size of JSC::ArrayBufferContents and its needed offsets on different firmwares.
  • barooney from ps4-dev on discord.com

    • contributer of the ROP chain manager for 9.5x
  • CelesteBlue from ps4-dev on discord.com

    • Helped in figuring out the size of WebCore::SerializedScriptValue and its needed offsets on different firmwares.
    • figured out the range of vulnerable firmwares
  • Kameleon_ from ps4-dev discord

    • Asked people to test 1.3.0 (beta) on other firmwares and reported if the peformance boost worked (reports from 6.72-9.60).
  • Quentin Meffre (@0xdagger) and Mehdi Talbi (@abu_y0ussef) for the 6.xx buildBubbleTree() UaF exploit that served as the framework for the exploit.

  • Maddie Stone for the CVE writeup