
Hacking the PS4, part 3: Kernel exploitation - Aissen
http://cturt.github.io/ps4-3.html
======
breakingcups
I'm not at all familiar with the PS4, but I love reading these articles!

A thought occured that with this access, it is possible to encrypt corrupted
save files which might lead to further exploitation.

~~~
yifanlu
It is possible to create save files. However they will be tied to a specific
console/account. And creating them requires a kernel exploit while a
vulnerable game only gives you a userland exploit. It won't be the most
practical even if you find a vulnerable game.

~~~
spike021
I seem to remember the PSP making use of kernel exploits from vulnerable
games, unless I'm thinking of save file exploits. I'm guessing there aren't
any similar vulnerabilities with the PS4?

~~~
yifanlu
First, there is no "kernel exploits from vulnerable games" as games are
applications that run in the OS (FreeBSD based). What happened with the PSP is
that game exploits can be used to run code that trigger kernel exploits (which
have to be found separately and are a lot harder to find). In terms of game
exploits on the PS4; there is no doubt that such vulnerabilities exist, but
you're limited to ROP (no JIT in games) in userland.

