Join Us and become a Member for a Verified Badge on Discord to access private areas with the latest PS4 FPKGs.
Category PS4 Jailbreaking       Thread starter PSXHAX       Start date Sep 25, 2020 at 12:39 AM       13,047       16            
Since the PS4 6.XX JSC_ConcatMemcpy WebKit Exploit, PS4 6.20 WebKit Code Execution Exploit, PS4 Webkit Bad_Hoist Exploit for PS4 FW 6.XX, PS4 Webkit Bad_Hoist 6.72 Exploit Port and PS4JB 6.72 Jailbreak Exploit security researchers 0xdagger of quentinmeffre.fr and abu_y0ussef of mtalbi.github.io who work at SYNACKTIV announced plans to discuss exploiting a 0-day PS4 WebKit vulnerability on 6.xx Firmwares at Black Hat Europe 2020. :geek:

This year the annual event will take place virtually from December 7-10th, 2020, and their presentation will outline the exploitation strategy used and the hurdles they encountered along the way for those in the InfoSec field or who are simply interested in learning for fun or to cash in on Bug Bounty Programs.

While most of the PS4 Scene is awaiting someone to make use of the PS4 7.02 Kernel Exploit (KEX) with Mira 7.00-7.02 PS4 WIP Ports already underway, according to @Abkarino of Team Rebug on Twitter to quote: "If it is 6.xx WebKit exploit only, then it will be useless for most unless if it is more stable than the current public one."

And to quote from the event page on BlackHat.com:

This is for the Pwners : Exploiting a WebKit 0-day in PlayStation 4
  • Quentin Meffre | Security Researcher, Synacktiv
    Mehdi Talbi | Security Researcher, Synacktiv
  • Format: 40-Minute Briefings
  • Tracks: Exploit Development, Cloud & Platform Security
Despite an active console hacking community, only few public PlayStation 4 exploits have been released. The exposed WebKit-based browser is usually the entrypoint of a fullchain attack: from browser exploitation to kernel exploitation.

However, browser-engine hardening techniques together with the total absence of debugging capabilities make it very hard to successfully exploit bugs in the latest PS4 firmwares.

In this talk, we will present how we managed to debug then exploit a 0-day WebKit vulnerability on 6.xx firmwares. The bug has been reported by our fuzzers and is currently under the process of responsible disclosure.

The bug is a Use-after-Free (UAF) vulnerability in WebKit engine. The exploitation of this bug requires a deep understanding of WebKit's primary heap allocator. The key concepts of the allocator as well as the primitives required to massage the heap will be introduced to the audience.

In this talk, we will introduce the root cause of the bug. This bug provides limited exploitation primitives. However, thanks to a weakness we identified in ASLR mechanism, we were able to make this bug exploitable.

In this presentation, we will focus on the exploitation strategy we adopted to get code execution in the context of the browser process and how we turned in particular a Use-After-Free into a R/W primitive leading to code execution.

We will conclude our talk by outlining some of the hurdles we faced while attempting to port the exploit on the latest PS4 firmware.
Cheers to MSZ_MGS for passing along this news earlier today! šŸ»
Exploiting 0-Day PS4 WebKit Vulnerability on 6.xx Firmwares at BHEU 2020.jpg
 

Comments

berkayde

Member
Contributor
Since it's 0-day, hopefully Sony hasn't accidentally fixed it yet in their 7.xx fw's. And really hope PS5 hacking will be more active especially since the game prices has gone up which could motivate more hackers perhaps.
 

stripnwild

Senior Member
Contributor
Verified
@berkayde
A/ if we can read/see about it Sony certainly can and does. The more public discussion about such things the more Sony learns and implements.

B/ PS5... well from part A (above) you can almost be guaranteed those webkit entry points wont even be an option period. I don't think you will see a hacked ps5 at all for the first few years of the PS5 (just my opinion)

C/ All companies and developers want to get away from physical copy games. Which means the next gen after the upcoming ps5 and Xbox, won't have drive options at all. It will be digital only. (Yes I know the argument "ya but not everyone has internet or a good one" but at the rate technology is increasing etc... that wont be an issue in 6 or 8 years etc) also just my opinion
 

cerci

Senior Member
Contributor
I thought that the kernel exploit was the hardest part and thats done. I have a good feeling that the webkit problem also will be resolved soon.
 

FakeUser

Member
Contributor
0-day exploit that doesn't work on latest firmware.. More like, 0-way exploit... If it doesn't work in latest firmware it is just going to be an alternative to pre-existing exploit.
 
Recent Articles
PS5 Fan to Receive Optimization Software Updates Confirms Sony VP
Similar to many of Sony's other consoles, the PlayStation 5 will indubitably receive PS5 Firmware Updates, DualSense PS5 Wireless Controller Software Updates (now appearing at retailers including...
WWE 2K19 PS4 Mod Ports and Modding Tutorial by Tekken57
These are mods which I have sculpted and created for the steam version of the game and have now ported to the PS4 version of the game. The video clips are recorded on the PS4. WWE 2k mods by...
PS4 6.72 Exploit Menu Updates by Leeful74, PlayStation Bounty by TheFloW
Following his PS4 6.72 Jailbreak Exploit Menu & PS-Phwoar! Host Menu Demo, PlayStation 4 homebrew developer @Leeful (Leeful74 on Twitter) recently shared some new PS4 6.72 Exploit Menu Updates...
How to Update Codebreaker Cheat Database on PS4 with PS2 Games Tutorial
Let's get this out of the way. Yes, things have gotten fancier, gaming has come on leaps and bounds but the PlayStation 2 was (and still is) the best video game console of all time! And as funny...
Top