Needs Testing

[Al-Azif]

The script needs testing on various platforms to check for incompatibility issues. I'll do my best to make it work on as wide a range of current platforms possible.

Please include:

• OS
• Version (7/8/10, Kernel, etc)
• Python Version
• Application Version (Release v0.X.X, git clone master, git clone next-get, etc)
• Running with Admin/Root rights?
• Method of running (Command Line, Double Click, etc)
• Program Output

or anything else you can think of

[DayVeeBoi]

• OS: Raspbian (Debian)

• Kernel: 4.9.59-v7+

• Python: 2.7.13

• command line via ssh

I can't seem to get this script to work. The services are running as I can access the webpage through a browser on my LAN if I input the path manually (http://192.168.0.77/index.html).

I removed my network switch in between the host and client and the script works fine.

I start it with the command sudo python start.py (the ports need elevated privs)

Output:

>> Your DNS IP is 192.168.0.77

>> Starting HTTP Server...

>> Parsed 1 rules from /home/pi/ps4-exploit-host/dns.conf

dns.conf arguments are A manuals.playstation.net 192.168.0.77

I am getting DNS error on the ps4 (couldn't resolve hostname). From my understanding, the local path should be something like http://[hostname]/document/xx/ps4/index.html I don't fully understand how dns works, but from the looks of things the path that the "ps4 guides" app is looking for isn't there. I am going to
see if I can serve the exploit page without your script, just starting FakeDNS and SimpleHTTP manually (I haven't bothered trying that yet).

[Al-Azif]

@DayVeeBoi

From my understanding, the local path should be something like http://[hostname]/document/xx/ps4/index.html

Yes this is correct. the handler should accept all requests and point them to the exploit directory. Meaning any "index.html" request, no matter what subdirectory, will return the index.html from the exploit directory. Try http://192.168.0.77/thisis/not/afolder/index.html for example.

I don't fully understand how dns works

Super basic explanation is it the client asks the DNS server what the IP for a URL is.

the path that the "ps4 guides" app is looking for isn't there.

The error is that the PS4 is not connecting to the DNS server correctly. You would most likely be seeing 404 errors from the HTTP server if it was pointed at it and try to access the wrong files.

When you change the DNS on your PS4 to your IP and test the connection (Settings > Network > Test Internet Connection) does the script give you any output like unmatched request community.playstation.net?

[seanp2500]

Can this be used without working web browser? I'd like to test to see if this will fix my idu loop issue. Question once I load the exploit would I still use netcat to inject my payload bin? Thanks for any help. My problem is after turning on IDU (stupid move ugh) now I can get into staff mode and load exploit but payload seems to fail no error on pc but it seems to hang when I issue the command. Then when I check settings no debug so i'm kinda stuck hoping this will help free up some memory...

Just carefully read your instructions and I am very thankful you set this up to work with the user guide!

[Al-Azif]

@seanp2500 If you can look at the Settings > User's Manual page on your PS4 it should work.

[seanp2500]

Yes just just read that I am hopeful thanks so much! I will post my findings on win 10 with linux subsystem later tonight

[seanp2500]

THANKS THANKS A MILLION THANKS! THAT WORKED WOO HOO! oh yeah I forgot.

OS Windows 10

Python Version 2.7
Running with Admin/Root rights? Yes
Method of running (Command Line, Double Click, etc) Double click
Program Output

Your DNS IP is 192.168.0.6
Starting HTTP server...
Parsed 14 rules from C:\Users\Sean\Desktop\PS4-4.05-Kernel-Exploit-master\ps4-exploit-host\dns.conf
Sending exploit...
Connected to PS4
Payload Sent!
Unmatched Request ena.net.playstation.net.

[DayVeeBoi]

Hey @Al-Azif thanks for getting back to me so quickly. I don't know why I didn't see it in my GitHub notifications since I check them every few days at least. I apologize for not responding. I sorted out my issues, was nothing wrong with your script, I just have a fairly complicated network setup with several switches and WAP's as I provide network access for a small apartment. I just needed to work the bugs out, but I am good now. I just popped in to see if there was any updates and noticed your reply. Thanks again for the software, and the fast reply.

[uNbAs]

Tested on Ubuntu 16:04 works fine. But I kill dnsmasq and edit /etc/NetworkManager/NetworkManager.conf and comment #dnsmasq line, before restart network-manager daemon and launch start.py

[Trixarn]

• OS : Windows 10 x64
• Python : 3.6.4 32-bit
• Version (Release v0.X.X, git clone master, git clone next-get, etc) : v0.3.4
  Running with Admin/Root rights? Yes
  Method of running (Command Line, Double Click, etc) : Both
  Program Output :
  ---- Exploits ----------------------------------------------

1. idc
2. specter

---

Choose an exploit to host: 2

Your DNS IP is 192.168.1.65
Starting DNS server thread...
�[1A�[2K>> DNS server thread is running...
Starting HTTP server thread...
�[1A�[2K>> HTTP server thread is running...

Then I'm not able to open the website.. Same with idc exploit. The version for Python2 works.

[Al-Azif]

@Trixarn
Try the new release (0.3.5), I removed the LAN blocking as it seems to be an issue for some network setups. This used a homebrew method in 2.X but used the ipaddress module in 3.X.

[Trixarn]

@Al-Azif
Still same, trying to open the site from localhost but not works..

[Al-Azif]

@Trixarn
Is it a blank page? Try http://127.0.0.1/update/ps4/html/us/us/ps4-updatefeature.html

[Trixarn]

@Al-Azif
That works! But not http://127.0.0.1/

[Al-Azif]

@Trixarn
That's because that address isn't set to resolve to anything, it's actually returning a 404. If you look at the do_GET() method you can see what paths will resolve. I'll probably add the root as people may want to launch through something other than the User's Manual.

EDIT: v0.3.6 reflects this change
EDIT2: Nevermind that broke stuff haha, will try again later

[seanp2500]

is this program auto updating now?

[DayVeeBoi]

OS: MacOS
Version: (10.12.6 Sierra)
Python: 2.7.10
Application Version: 0.3.6.1 (I think?)
Permissions: sudo
Method of running: Command Line
Program Output: Successful Messages

[Al-Azif]

@seanp2500 No it is not, although I should probably look into it as an option

EDIT: I made updatescript.py when run it pulls the most recent start.py and FakeDns/main.py from GitHub. I'll work on a way to integrate it with the main script later. Download it from the master branch if you want to use it now.

[seanp2500]

well reason I questioned is I loaded it up and i seemed to have so many more options than launch exploit and I was kinda like wow. I must have not noticed I guess. Thanks so much for all your work!

[ccfman2004]

When I try to run the linux executable I get the error "cannot run executable" from Terminal.

macOS 10.13.2 High Sierra
Python 3
v0.3.12
sudo
Command Line
cannot run executable

[Al-Azif]

@ccfman2004 The Linux executable will only run on Linux. I currently cannot cross compile for OSX, I'm working on it. OSX users have to use the Python version for now.

[DayVeeBoi]

@ccfman2004 I have compiled a standalone MacOS from the most recent build (as of Jan. 19th 12:15am). Unzip and follow the same directions provided here (on @Al-Azif GitHub) for Linux. https://www.dropbox.com/s/5s0xa0k2op47okb/start?dl=0 Let me know if you have any issues, it works for me fine though.

(Updated Build on 14.2.2018)

[bonovox400]

Win 8.1
Python 3.6.4
0.3.19 file

Payload always fails to send and gives timeout error. Running fat PS4 on lan cable connected to router by a powerline adapter. (2.4ghz signal not strong enough to connect through two floors so this is the best I can do)
Exploit creates dns address and going to Users Guide lets me pick an exploit. Doesn't matter which one I pick. After getting the white screen with "exploit ready" and other text, the Al azif exploit prompts for and I select the debug payload.
After about 10 seconds, I get this error:
https://i.imgur.com/n0rAGkt_d.jpg?maxwidth=640&shape=thumb&fidelity=medium

Any advice on how to complete the payroll sending? Thanks!

[Al-Azif]

@bonovox400 If you use any exploit besides Specter or IDC the exploit does not support sending a payload. The payload is built in.

[bonovox400]

Thanks for the response! So with the xvortex-hen exploit, there's no need to try and bring over the webbrowser patch payload, and by default after selecting xvortex-hen, the debugger tool icon should show up in the ps4 dashboard list?

[Al-Azif]

If you need to unlock your browser use specter and send a payload. If you just want HEN + Debug use xvortex-hen and you're done.

[DayVeeBoi]

Here's another standalone build for MacOS Date-14.2.2018, follow the instructions provided for the Linux binary.

[JohanPy]

OS : Debian 9 kernel 4.9.0-5-amd64
Python Version 3 
Application Version : git clone master Latest commit 12883ed + exploits from the release v0.3.20
Running with Admin/Root rights? Yes. It ask for it : "ERROR: This must be run by root as it requires port 53 & 80"
Method of running : sudo python3 start.py
Program Output : 

##########################################################
#  PS4 Exploit Host                           by Al Azif #
##########################################################
>> DNS server thread is running...
>> HTTP server thread is running...
##########################################################
#                  Servers are running                   #
#             Your DNS IP is 192.168.1.28                #
##########################################################
>> PS4UPDATE_SYSTEM.PUP checksum matches   
>> PS4UPDATE_SYSTEM.PUP checksum matches   
>> PS4UPDATE_SYSTEM.PUP checksum matches   
>> Exploit sent
>> Exploit does not support payload, skipping payload menu

Thanks for your great job !
I would have appreciated more console feedback especially to make sure myself before the update.

[Akirainblack]

OS
Synology DSM
Version (7/8/10, Kernel, etc)
DSM 6.1.4-15217 Update 5
Python Version
3.5.1-0105
Application Version (Release v0.X.X, git clone master, git clone next-get, etc)
0.41
Running with Admin/Root rights?
Yes, sudo python3 start.py
Method of running (Command Line, Double Click, etc)
SSH onto box, then CLI
Program Output:
sudo python3 start.py --dns_only
##########################################################

Exploit Host by Al Azif

##########################################################
WARNING: "Interface" in settings is not a valid IP, using default

DNS server thread is running...
ERROR: Could not start server, is another program on tcp:80?

Having done some work on the box to change the default port usage for it's web interface from port 80 I happily now get:
sudo python3 start.py
##########################################################

Exploit Host by Al Azif

##########################################################
WARNING: "Interface" in settings is not a valid IP, using default

DNS server thread is running...
HTTP server thread is running...
##########################################################

Servers are running

Your DNS IP is 192.168.0.150

##########################################################

Unsupported PS4 attempted to access exploits

However as this is also a web server is there any way to use a different port or is there a reason DNS only didn't work?

[Al-Azif]

The reason the DNS only arg didn't work as it's specified in the settings.json file now.

[Akirainblack]

Ah, excellent, thank you. I wonder if I can use the web server I already have to host the website whilst still using the DNS redirect.

[Al-Azif]

Yeah you should be able to.

[Akirainblack]

I'm guessing that it would have to be the primary website on the host or is that configurable? The device obviously has a static IP, just wondering if there was a way to configure the manuals.playstation.net redirect via the settings.json or something? (the current web host would be http:///PS4-Exploit_host/index.html) This truly is brilliant work, thank you. :) It's awesome that my NAS can run this as it's always on and means I don't need another machine powered up to host this.

[bluntschli1821]

I want to know how to put payloads