Join Us and become a Member for a Verified Badge to access private areas with the latest PS4 PKGs.
PS3 Jailbreaking       Thread starter PSXHAX       Start date Aug 7, 2017 at 2:49 AM       532      
Status
Not open for further replies.
Following his PS3 OFW PSID Dump Tool Tutorial and recent d0 / d1 pdb file findings PlayStation 3 developer @esc0rtd3w (Twitter) set up some new work-in-progress Github forks for a PS3 WebKitSploit and PS3 Playground port. :ninja:

Download: ps3-webkitsploit-master.zip / PS3 WebKitSploit GIT / ps3-playground-master.zip / PS3 Playground GIT / Websploit.org / PS3 Playground Test Page / PS3 Webkit POC / PlayStation 3 Browser Investigation

The PS3 WebKitSploit is based on original PS4 code from Cryptogenic and qwertyoruiopz focusing on PS3 3.xx / 4.xx code execution, while the PS3 Playground WebKit exploit port is based on CTurt and Cryptogenics PS4 code. :ninja:

From the README.md file, to quote: PS3 Playground

A collection of PS3 tools and experiments using the WebKit, Flash, and other options.
We are only testing on firmware 4.81 only at the moment.

THIS REPO IS FOR THE PUBLIC PS3 COMMUNITY TO EXPLORE AND TEST ON THEIR OWN

OUR TEAM IS CURRENTLY WORKING ON THIS PROJECT PRIVATELY AND WILL UPDATE WHEN FINISHED!

FOR A LIVE DEMO WITH PUBLIC TESTS TO TRY OUT, PLEASE VISIT: http://www.websploit.org/ps3/ps3-playground/test/

There are a lot of files here for reference and exploration.

Once more testing has been done, these will be cleaned up over time.

CREDITS:

Inspired by original work from CTurt (https://github.com/CTurt/PS4-playground/) and Cryptogenic (https://github.com/Cryptogenic/PS4-Playground-3.55)

Spoiler: Original (Outdated) Information
If anyone can lend him a hand on Github that would be much appreciated, and cheers to @B7U3 C50SS, @Bultra and @spyro2670 for the heads-up in the PSXHAX Shoutbox earlier today! :beer:
PS3 WebKitSploit and PS3 Playground WIP Github Forks by Esc0rtd3w.jpg
 

Comments

Mmmph. 2011 Webkit. Please wait while i'm searching for userland, and then maybe for kernel.
Found this, not sure how useful it would be to anyone but I'll just leave it here: http://www.edepot.com/ps3_linux.html
PS3 = UNIX-coded, with an outdated Chromium and 2011 AppleWebkit. To achieve something, we need a Webkit exploit that goes through the kernel (UNIX-based) and then exploit it to make a probable "something-something" we already have LV1:LV2 access thanks to RSXploit by zecoxao. We can adapt the code to launch the Webkit accompanied with RSXploit + code for a probable and maybe good kernel access (BUT NO R/W only READ ONLY).

For example, this can be used : http://www.cvedetails.com/cve/CVE-2016-4584/
And this to attack directly the old Chromium : https://www.cvedetails.com/cve/CVE-2011-1797/
 
i heard you guys already achieved kernel access on ofw ? Is that true ? Can we have a poc soon :D
this is true :p

additional details cannot be revealed at this time.....yet.

more testing and work is still needed before any type of PoC or release to the public.

once things are finalized, the plan is to put all code onto GitHub from the team :coffee:
 
this is true :p

additional details cannot be revealed at this time.....yet.

more testing and work is still needed before any type of PoC or release to the public.

once things are finalized, the plan is to put all code onto GitHub from the team :coffee:

Awesome ! Make S0ny suffer :p

And thanks @PSXHAX for linking the RSXploit article.
If I helped with the linked CVE's, this will make my day XD
 
this is true :p

additional details cannot be revealed at this time.....yet.

more testing and work is still needed before any type of PoC or release to the public.

once things are finalized, the plan is to put all code onto GitHub from the team :coffee:

Also one more question, does this permit R/W access to the firmware, and probably a JB or code injection ?
 
Wow, I actually did some digging and I found this post from 8 years ago.

I guess people were doing this before most others knew it was a feasible way to attack the PS3

Also this.
 
Status
Not open for further replies.
Back
Top