ps4 poc with libps4/ps4link/ps4sh dlclose root Privilege escalation achieved

output.txt

debug.sh
[PS4][INFO]: ready to have a lot of fun...
[PS4][DEBUG]: [PS4LINK] Server payload thread UID: 0x80659740
[PS4][DEBUG]: [PS4LINK] Server request thread UID: 0x80607500
[PS4][DEBUG]: [PS4LINK] Server command thread UID: 0x806549E0
[PS4][DEBUG]: executing kernel_exec
[PS4][DEBUG]: [PS4LINK] Created ps4link_requests_sock: 160
[PS4][DEBUG]: [PS4LINK] bind to ps4link_requests_sock done
[PS4][DEBUG]: [PS4LINK] Ready for connection 1
[PS4][DEBUG]: [PS4LINK] Waiting for connection
[PS4][DEBUG]: [PS4LINK] Command Thread Started.
[PS4][DEBUG]: [PS4LINK] Created ps4link_commands_sock: 205
[PS4][DEBUG]: [PS4LINK] Command listener waiting for commands...
[PS4][DEBUG]: socket opened is now equeals fd 3840
[PS4][DEBUG]: Created event queue 0x0000000000000F01
[PS4][DEBUG]: Created event queue 0x0000000000000F02
[PS4][DEBUG]: Created event queue 0x0000000000000F03
[PS4][DEBUG]: Created event queue 0x0000000000000F04
[PS4][DEBUG]: Created event queue 0x0000000000000F05
[PS4][DEBUG]: Created event queue 0x0000000000000F06
[PS4][DEBUG]: Created event queue 0x0000000000000F07
[PS4][DEBUG]: Created event queue 0x0000000000000F08
[PS4][DEBUG]: Created event queue 0x0000000000000F09
[PS4][DEBUG]: Created event queue 0x0000000000000F0A
[PS4][DEBUG]: Created event queue 0x0000000000000F0B
[PS4][DEBUG]: Created event queue 0x0000000000000F0C
[PS4][DEBUG]: Created event queue 0x0000000000000F0D
[PS4][DEBUG]: Created event queue 0x0000000000000F0E
[PS4][DEBUG]: Created event queue 0x0000000000000F0F
[PS4][DEBUG]: Created event queue 0x0000000000000F10
[PS4][DEBUG]: Created event queue 0x0000000000000F11
[PS4][DEBUG]: Created event queue 0x0000000000000F12
[PS4][DEBUG]: Created event queue 0x0000000000000F13
[PS4][DEBUG]: Created event queue 0x0000000000000F14
[PS4][DEBUG]: Created event queue 0x0000000000000F15
[PS4][DEBUG]: Created event queue 0x0000000000000F16
[PS4][DEBUG]: Created event queue 0x0000000000000F17
[PS4][DEBUG]: Created event queue 0x0000000000000F18
[PS4][DEBUG]: Created event queue 0x0000000000000F19
[PS4][DEBUG]: Created event queue 0x0000000000000F1A
[PS4][DEBUG]: Created event queue 0x0000000000000F1B
[PS4][DEBUG]: Created event queue 0x0000000000000F1C
[PS4][DEBUG]: Created event queue 0x0000000000000F1D
[PS4][DEBUG]: Created event queue 0x0000000000000F1E
[PS4][DEBUG]: Created event queue 0x0000000000000F1F
[PS4][DEBUG]: Created event queue 0x0000000000000F20
[PS4][DEBUG]: Created event queue 0x0000000000000F21
[PS4][DEBUG]: Created event queue 0x0000000000000F22
[PS4][DEBUG]: Created event queue 0x0000000000000F23
[PS4][DEBUG]: Created event queue 0x0000000000000F24
[PS4][DEBUG]: Created event queue 0x0000000000000F25
[PS4][DEBUG]: Created event queue 0x0000000000000F26
[PS4][DEBUG]: Created event queue 0x0000000000000F27
[PS4][DEBUG]: Created event queue 0x0000000000000F28
[PS4][DEBUG]: Created event queue 0x0000000000000F29
[PS4][DEBUG]: Created event queue 0x0000000000000F2A
[PS4][DEBUG]: Created event queue 0x0000000000000F2B
[PS4][DEBUG]: Created event queue 0x0000000000000F2C
[PS4][DEBUG]: Created event queue 0x0000000000000F2D
[PS4][DEBUG]: Created event queue 0x0000000000000F2E
[PS4][DEBUG]: Created event queue 0x0000000000000F2F
[PS4][DEBUG]: Created event queue 0x0000000000000F30
[PS4][DEBUG]: Created event queue 0x0000000000000F31
[PS4][DEBUG]: Created event queue 0x0000000000000F32
[PS4][DEBUG]: Created event queue 0x0000000000000F33
[PS4][DEBUG]: Created event queue 0x0000000000000F34
[PS4][DEBUG]: Created event queue 0x0000000000000F35
[PS4][DEBUG]: Created event queue 0x0000000000000F36
[PS4][DEBUG]: Created event queue 0x0000000000000F37
[PS4][DEBUG]: Created event queue 0x0000000000000F38
[PS4][DEBUG]: Created event queue 0x0000000000000F39
[PS4][DEBUG]: Created event queue 0x0000000000000F3A
[PS4][DEBUG]: Created event queue 0x0000000000000F3B
[PS4][DEBUG]: Created event queue 0x0000000000000F3C
[PS4][DEBUG]: Created event queue 0x0000000000000F3D
[PS4][DEBUG]: Created event queue 0x0000000000000F3E
[PS4][DEBUG]: Created event queue 0x0000000000000F3F
[PS4][DEBUG]: Created event queue 0x0000000000000F40
[PS4][DEBUG]: Created event queue 0x0000000000000F41
[PS4][DEBUG]: Created event queue 0x0000000000000F42
[PS4][DEBUG]: Created event queue 0x0000000000000F43
[PS4][DEBUG]: Created event queue 0x0000000000000F44
[PS4][DEBUG]: Created event queue 0x0000000000000F45
[PS4][DEBUG]: Created event queue 0x0000000000000F46
[PS4][DEBUG]: Created event queue 0x0000000000000F47
[PS4][DEBUG]: Created event queue 0x0000000000000F48
[PS4][DEBUG]: Created event queue 0x0000000000000F49
[PS4][DEBUG]: Created event queue 0x0000000000000F4A
[PS4][DEBUG]: Created event queue 0x0000000000000F4B
[PS4][DEBUG]: Created event queue 0x0000000000000F4C
[PS4][DEBUG]: Created event queue 0x0000000000000F4D
[PS4][DEBUG]: Created event queue 0x0000000000000F4E
[PS4][DEBUG]: Created event queue 0x0000000000000F4F
[PS4][DEBUG]: Created event queue 0x0000000000000F50
[PS4][DEBUG]: Created event queue 0x0000000000000F51
[PS4][DEBUG]: Created event queue 0x0000000000000F52
[PS4][DEBUG]: Created event queue 0x0000000000000F53
[PS4][DEBUG]: Created event queue 0x0000000000000F54
[PS4][DEBUG]: Created event queue 0x0000000000000F55
[PS4][DEBUG]: Created event queue 0x0000000000000F56
[PS4][DEBUG]: Created event queue 0x0000000000000F57
[PS4][DEBUG]: Created event queue 0x0000000000000F58
[PS4][DEBUG]: Created event queue 0x0000000000000F59
[PS4][DEBUG]: Created event queue 0x0000000000000F5A
[PS4][DEBUG]: Created event queue 0x0000000000000F5B
[PS4][DEBUG]: Created event queue 0x0000000000000F5C
[PS4][DEBUG]: Created event queue 0x0000000000000F5D
[PS4][DEBUG]: Created event queue 0x0000000000000F5E
[PS4][DEBUG]: Created event queue 0x0000000000000F5F
[PS4][DEBUG]: Created event queue 0x0000000000000F60
[PS4][DEBUG]: Created event queue 0x0000000000000F61
[PS4][DEBUG]: Created event queue 0x0000000000000F62
[PS4][DEBUG]: Created event queue 0x0000000000000F63
[PS4][DEBUG]: Created event queue 0x0000000000000F64
[PS4][DEBUG]: Created event queue 0x0000000000000F65
[PS4][DEBUG]: m event queue created  0x00000F65
[PS4][DEBUG]: Created event queue 0x0000000000000F66
[PS4][DEBUG]: m2 event queue created  0x00000F66
[PS4][DEBUG]: sceKernelDeleteEqueue return: 0x00000000
[PS4][DEBUG]: mapping pointer 200a04000
[PS4][DEBUG]: [+] UID: 1, GID: 1
[PS4][DEBUG]: before SYS_dynlib_prepare_dlclose
[PS4][DEBUG]: SYS_dynlib_prepare_dlclose: -1
[PS4][DEBUG]: before sceKernelDeleteEqueue
  [+] Entered critical payload
  [+] cred
  [+] cred->cr_uid  cred->cr_ruid  cred->cr_rgid set to 0
  [+] set group0 to 0
  [+] output critical payload

now payload executed and ps4link running on ps4

./ps4sh
ps4sh version 1.0
/Users/bigboss/.ps4shrc: No such file or directory
Connecting to fio ps4link ip 192.168.1.17
log: [HOST][INFO]: [PS4SH] Ready
log: [PS4][DEBUG]: [PS4LINK] Client connected from 192.168.1.3 port: 7638

log: [PS4][DEBUG]: [PS4LINK] sock ps4link_fileio set 200 connected 1
log: [PS4][DEBUG]: [PS4LINK] Waiting for connection
log: [PS4][DEBUG]: [PS4LINK] Initialized and connected from pc/mac ready to receive commands
ps4sh> execsprx
log: [HOST][DEBUG]: [PS4SH] [PS4SH] argc=0 argv=���������
log: [PS4][DEBUG]: [PS4LINK] commands listener received packet size (266)
log: [PS4][DEBUG]: [PS4LINK] Received command whoami argc=0 argv=
log: [PS4][DEBUG]: [+] UID: 0, GID: 0
log: [PS4][DEBUG]: [PS4LINK] commands listener waiting for next command
ps4sh>ps4sh> status
log: [HOST][INFO]: [PS4SH]  TCP srv fd = 3
log: [HOST][INFO]: [PS4SH]  UDP log fd = 5
log: [HOST][INFO]: [PS4SH]  PS4SH cmd fd = 6
log: [HOST][INFO]: [PS4SH]  Logging to stdout
log: [HOST][INFO]: [PS4SH]  Verbose mode is off
log: [HOST][INFO]: [PS4SH]  Debug is on
ps4sh> exitps4
log: [HOST][DEBUG]: [PS4SH] argc=0 argv=
ps4sh>

Next will be Jailbreak and sandbox :)