SpecterDev released the PS4 4.05 Kernel Exploit a couple of days ago, and everyone’s been busy providing scripts, payloads, and tools to run the exploit and do a few interesting things with it. It’s hard to keep up, but we’re all starting with the basics.
Yesterday, we covered how to update your PS4 to firmware 4.05, a necessary step if you haven’t done it yet. As a reminder, you cannot downgrade a PS4. If you are on a firmware higher than 4.05, you will first need to find a PS4 with a lower firmware.
Today, I’ll show you how to load the exploit and feed it a payload (the unsigned code that we want the PS4 to run). For now we’ll use the sample payload “Debug settings”, which enables the debug settings on your PS4. Hopefully more payloads will come, and ultimately we’ll be able to cover how to make your own, etc…
Exploiting the Kernel of your PS4 4.05 opens your console to fun stuff, but also to potential harm. It is important that you download payloads, exploits, etc… from trusted sources, and that, as much as possible, you confirm (e.g. with MD5 checksum) that they have not been altered. There’s real risk that you could brick your console, or worse (either by mistake or if you download a malicious file). Proceed at your own risk!
Why I’m recommending Easy PS4 Exploit HostingTool
To run unsigned code on a 4.05 PS4, there are two steps: 1) load the exploit through a web page and 2) send the payload to the exploited PS4.
There are many ways to handle these two steps, but I’m going to show what I consider to be the most elegant way to do it for now: using Al-Azif’s Easy PS4 Exploit Hosting tool. There are multiple benefits to the tool, which is why I’ve chosen it: This tool is compatible with windows, linux, and macOS, but also handles multiple aspects of the exploit: it hosts the exploit on an http server, is able to send the payload semi-automatically, and also serves as a proxy for the PS4, blocking unwanted Sony connections. In other words, it’s the swiss army knife of the PS4 4.05 exploit: all-in-one support of everything you need to hack the console, while being multi platform. It’s also open source and written in Python, meaning you can 1) confirm it doesn’t do anything bad and 2) update/modify it if you need to.
Note: speaking of modifications, there is an advanced section below for those of you interested in running the exploit in a “closed” LAN, with absolutely no internet connection. I feel this is important to be paranoid here, so I’ve added that section.
- Python 3 (the latest version of the tool is not compatible with Python 2 anymore)
- Al-Azif’s Easy PS4 Exploit Hosting Tool (latest version as of 2017/12/31 is 0.3.6.1)
- SpecterDev’s Debug Settings Payload (MD5: 8c2eba868ba48a4f868e8eb57ed1e6a7)
- Install Python 3. For Windows users, ensure in the installation process that you check “add python to path” in the options)
- Extract the Easy PS4 Exploit Hosting tool to a folder of your choice
- In the “payloads” subfolder of PS4 Exploit hosting tool, copy the debug_settings.binpayload
- double click the start.py file of the tool. If everything goes well, it should open a command window that asks you to choose which exploit to run. At the time of writing, two options are available: Specter or IDC. IDC has the most recent updates as of 12/31/217 and is therefore recommended, but this evolves quicky, and you can host your own exploit.
- Once running, the tool should tell you something along the lines of: >> Your DNS IP is 192.168.1.1
- In your PS4’s internet settings, (Settings –> Network –> Setup Network), select “Manual” for DNS Settings. Set the IP Address mentioned in the step above as the Primary DNS and the Secondary DNS (note: Al-Azif mentions to set the Secondary DNS to 0.0.0.0 but in my case the PS4 refused to do that).
- This goes without saying, but at this point your PS4 needs to be connected to your local network, the same that your computer’s running on.
- You should test your network connection on the PS4. You should be able to get an IP address and connect to the Internet, which means your PS4 found the proxy running on your PC. Everything else failing is potentially normal, depending on your setup. In particular, you don’t want the “Playstation Network sign in” to succeed.
Running the Exploit and sending the payload
Now that your PS4 is properly configured to access “online” through your computer running the Easy PS4 Exploit tool, do the following:
- Go to Settings –> User’s Guide. This should open a browser and instantly load the exploit page. On your computer, the python script will most likely display “sending exploit” to confirm this.
- The payload will then be sent automatically if you only have one payload in your payloads folder. Otherwise, the script will ask you to choose. (Note: I strongly recommend having multiple payloads in your “payloads” folder of the Easy Hosting tool. simply because this gives you full control of what your computer will send to the console. To test, I just created a copy of the Debug Settings payload, just so that I had two files in there.)
- Done. You should be able to verify that your settings page now has an extra “debug settings” option.
Troubleshooting and FAQ
Q: PS4 says “internet connection failed” in the Test connection screen, and I can’t access the user’s guide
A: Somehow your PS4 is not finding the Easy PS4 Exploit hosting tool proxy. Make sure you followed the steps above correctly, make sure the IP addresses you noted down are correctly entered
Q: All this python thing is too complex for me, isn’t there a simpler tool out there?
A: User FigaroCool has released a similar tool with a GUI for windows users. you might want to give it a try. I am not using that tool in my tutorial because it is not cross platform, and not open source, so I feel it is less flexible than the Python script, and only helps if you are having trouble with python.
Advanced: running the tool in pure local network with no internet connection
Al-Azif’s tool requires your computer to be connected to the Internet. Now, in a typical network settings, as your PS4 must be on the same local network as your computer, it means they are probably connected through the same router, and, unless you’re very careful, it means there’s a chance your PS4 could end up connecting to the internet, and, at some point, to Sony’s services, which is bad for multiple reasons (it could trigger an unwanted download and installation of a more recent firmware, it could send information to Sony’s services that indicate your PS4 is hacked, who knows).
Al-Azif’s tool does its best to shield you from any problem, by blocking all connections to the typical Sony systems. But it is easy to mess up, and I could perfectly imagine a scenario where my PS4 would start connecting through my router directly, which would be bad news.
You can do all of the above in a local network with no internet connection. Basically, you only need to connect your computer to your PS4. To do that, you either A) connect them directly to each other with a crossover LAN cable (I have not tried that), or B) connect them both to a hub, or C) connect them both to your router and ensure the router is not plugged to the internet.
I’ll focus on B) which is what I did. A and C are probably not that different, except that by using a router you might get IPs automatically assigned via DHCP. With a Hub or crossover cable you’ll have to manually set the IPs. On the PC, I went into my network settings, and updated the IPV4 properties of my LAN connection. I chose tp manually set the IP to 192.168.1.1, and the Subnet mask to 255.255.255.0. On the PS4’s Internet settings, I manually set the IP to 192.168.1.2, and also set the mask to 255.255.255.0.
When disconnecting from the net though, Easy PS4 Exploit Hosting will refuse to run. This is because in order to determine your computer’s IP, it tries to connect to a random IP (10.255.255.255) and fails. So I slightly edited the script (function getlan in start.py) as so:
Note how I just return ‘192.168.1.1’ in there, which is the IP I manually assigned to my computer in my connection settings. By doing that, the script accepted to run, and that’s all that was needed. This is a quick and dirty hack, I’m not familiar enough with Python to know if there is a better (cross platform) way to get the LAN’s IP address without trying to do an external connection.
I now have my PS4 and My PC connected together in a closed LAN, with no Internet interference. Ultimately, a tool such as PS4 Easy exploit hosting is the best approach as it will let you use the internet on the PS4 while only blocking the “dangerous” connection attempts, but I still like the extra security here as long as I don’t need to use the internet on my PS4.
Updates to this article:
- On 2017/12/31, updated the article to match the requirements and operation of version 0.3.6.1 of ps4-exploit-host