Join Us and become a Member for a Verified Badge to access private areas with the latest PS4 PKGs.

PS3 WebKitSploit and PS3 Playground WIP Github Forks by Esc0rtd3w

PS3 Jailbreaking       Thread starter PSXHAX       Start date Aug 7, 2017 at 2:49 AM       532      
Status
Not open for further replies.
Following his PS3 OFW PSID Dump Tool Tutorial and recent d0 / d1 pdb file findings PlayStation 3 developer @esc0rtd3w (Twitter) set up some new work-in-progress Github forks for a PS3 WebKitSploit and PS3 Playground port. :ninja:

Download: ps3-webkitsploit-master.zip / PS3 WebKitSploit GIT / ps3-playground-master.zip / PS3 Playground GIT / Websploit.org / PS3 Playground Test Page / PS3 Webkit POC / PlayStation 3 Browser Investigation

The PS3 WebKitSploit is based on original PS4 code from Cryptogenic and qwertyoruiopz focusing on PS3 3.xx / 4.xx code execution, while the PS3 Playground WebKit exploit port is based on CTurt and Cryptogenics PS4 code. :ninja:

From the README.md file, to quote: PS3 Playground

A collection of PS3 tools and experiments using the WebKit, Flash, and other options.
We are only testing on firmware 4.81 only at the moment.

THIS REPO IS FOR THE PUBLIC PS3 COMMUNITY TO EXPLORE AND TEST ON THEIR OWN

OUR TEAM IS CURRENTLY WORKING ON THIS PROJECT PRIVATELY AND WILL UPDATE WHEN FINISHED!

FOR A LIVE DEMO WITH PUBLIC TESTS TO TRY OUT, PLEASE VISIT: http://www.websploit.org/ps3/ps3-playground/test/

There are a lot of files here for reference and exploration.

Once more testing has been done, these will be cleaned up over time.

CREDITS:

Inspired by original work from CTurt (https://github.com/CTurt/PS4-playground/) and Cryptogenic (https://github.com/Cryptogenic/PS4-Playground-3.55)

Spoiler: Original (Outdated) Information
If anyone can lend him a hand on Github that would be much appreciated, and cheers to @B7U3 C50SS, @Bultra and @spyro2670 for the heads-up in the PSXHAX Shoutbox earlier today! :beer:
PS3 WebKitSploit and PS3 Playground WIP Github Forks by Esc0rtd3w.jpg
 
Click to expand...
PSXHAX
PSXHAX
Live in Your World, HAX in Ours!
Hello World! I've been reporting on Sony PlayStation hacking news since 2000 and started PSXHAX in 2014 to cover PlayStation (PSX), PlayStation 2 (PS2), PlayStation 3 (PS3), PlayStation 4 (PS4), PlayStation Portable (PSP), PlayStation Vita (PS Vita), PlayStation TV (PS TV) and next-gen PlayStation 5 (PS5) platforms along with anything else of interest.

Click on my UserName author link above and you'll be able to view a curated list of all the articles I've contributed thus far to PSXHAX.COM.

If you enjoy gaming and would like to write (unpaid) for this site, Contact Us and we'll be happy to have ya join our Authors! :)

Comments

roflrofl0056 said:
......
why is porting the exploit to older firmwares necessary? Can't people on older firmware just get an USB stick put 4.81 on it and update their consoles?

Hehe, thanks!

#MPS3GA ! :p
Click to expand...

not needed, and yes 4.81 is the recommended firmware to be on, but if anyone wants older FW support, there will need to be correct addresses for at least the functions we have to use for each version, to start the chain from WebKit, which we are still currently testing.
 
Hi esc0rtd3w i apologize for the the last reply. So is there any new progress i mean what can this webkit do for now im not asking to publish anything i just want to know what can be done so that people stay updated.
 
@spyro2670 :ninja: names will come with release...maybe....idk how others feel about it and will let them decide. I just don't want to announce people if they do not want it at this time, and have not asked them yet. I am just trying to keep the community updated as much as i can for now.

@k9mo we can jump into any area of the VSH and execute code as of now, along with a few other tricks. Still in heavy testing. There is no ETA available, but be assured that we are working very hard to get a release in the future :geek:
 
in case people needed a *nudge* in the right direction that are interested in doing some experimenting, maybe you can try some of these things

Gadget Dump Collection On PS3 Playground <-- These have been added to help our team and anyone else interested to find useful bytes and functions for testing.

ROPgadget-PS3 <-- Forked from JonathanSalwan's original. Just added PS3 support. (y)

PS3 Library Functions <-- Current collection of function addresses for use with ROP chaining. You can add to these (neatly and following the same format) or add support for missing functions or memory maps, or add support for older firmware versions.

LV2 Syscalls on PSDevWiki <-- The PS3 basically makes a system call like this, for example, to beep the console using sys_sm_ring_buzzer would be something like this

li r11, 0x188
sc

and its hex is this 39 60 01 88 44 00 00 02

A DEX setup and a debugger are required to actually take advantage of any of these :geek:

and a lot of reading if not familiar, like myself :whistle:
 
I was wondering if the debug settings could be acctivated on ps3 using webkit exploit just like the ps4 since you guys are porting it from ps4 to ps3
 
esc0rtd3w said:
in case people needed a *nudge* in the right direction that are interested in doing some experimenting, maybe you can try some of these things

Gadget Dump Collection On PS3 Playground <-- These have been added to help our team and anyone else interested to find useful bytes and functions for testing.

ROPgadget-PS3 <-- Forked from JonathanSalwan's original. Just added PS3 support. (y)

PS3 Library Functions <-- Current collection of function addresses for use with ROP chaining. You can add to these (neatly and following the same format) or add support for missing functions or memory maps, or add support for older firmware versions.

LV2 Syscalls on PSDevWiki <-- The PS3 basically makes a system call like this, for example, to beep the console using sys_sm_ring_buzzer would be something like this

li r11, 0x188
sc

and its hex is this 39 60 01 88 44 00 00 02

A DEX setup and a debugger are required to actually take advantage of any of these :geek:

and a lot of reading if not familiar, like myself :whistle:
Click to expand...
DEX is needed? Did you get ofw working on this ?
 
@k9mo we did not port anything from the PS4, most everything is based on our own findings and we have just used other projects as reference for some things. The PS3 is PowerPC based, so no direct code can be used from projects for ARM, x64, etc.

@spyro2670 yes DEX is needed to test so you can view ASM, registers, memory, etc in debugger. How can you test on OFW alone without seeing what is happening underneath? Once you verify things on DEX, you can test on CEX. That is why having the offsets for both are useful.

I think most are confused perhaps?? idk

hope that clears things up a bit :eek:
 
I'm new to most of this and just a question. What can you use to find these exploits/vulnerabilities on PS3. Just a little question. Thanks to whoever can answer.
 
Status
Not open for further replies.

PSXHAX Categories

PS4 Jailbreak Status
PS5 Jailbreak Status

Latest Forum Topics

Share This Page

Back
Top