5.05 who are curious about PS4 exploits will be pleased to hear that following his PS4NES v1.01 update developer m0rph3us1987 is scheduled to speak at this month's 35c3 Chaos Communication Congress 2018 hacking event about exploiting PS4 Video Apps in order to run unsigned code regardless of the firmware version installed!
The 35th Chaos Communication Congress (35c3) 4-day event runs from December 27th to the 30th 2018 in Leipzig Germany with pre-sale tickets and additional details available for those interested in attending.
Download: Relive Exploiting PS4 Video Apps – 35C3 Streaming.mp4 (379 MB - Starts at 16:06)
To quote from the 35c3 Event Page, roughly translated: Exploiting PS4 Video Apps
Almost three years ago, my wife gave me a PS4 for my birthday. She could not have guessed that I would do anything with the console, just do not gamble. This talk will be about the project with which I set foot in the PS4 underground scene.
Step by step we will see what was needed to run unsigned code on a foreign / unknown system. I will explain the exploit and its steps in as much detail as possible, and thus show that software exploits are not magic but a consequence of logical processes."
Previously from Chaos Communication Congress events we've seen awesome PlayStation 4 hacking and homebrew demonstrations including Linux on PS4, PS4 Hardware Reversing, Steam on PS4, a GameCube / Wii Dolphin Emulator on PS4, Fail0verflow's PS4 Console Hacking progress alongside a Liverpool AMDGPU Port for PS4 Linux!
So far this year PlayStation 4 scene developers have brought us a PS4 Media Player 3.50 (VR) Patched for 5.05 / 5.07, YouTube NoPSN PKGs, Netflix and Plex NoPSN PKGs, a Crunchyroll NoPSN PKG and Littlstar NoPSN PKG... with the speech's focus being on exploiting PS4 video applications it will be interesting to see if Sharefactory is exploitable among other apps and to what extent on all PS4 Firmware versions.
35C3 Exploiting PS4 Video Apps Slides from @DEFAULTDNB and below is a Spanish translated video from @RetroGamer74, and here is a rough English translation summary via The Leash:
- His research is from 2015 (doesnt know if its fixed since then, video apps need PSN access, therefore "should" work on latest fw)
- No code available / Is not sure if all that said even still works today
- Exploits webkit version found in video apps (which is/was the same webkit version which allowed the 1.76 exploit)
- Video apps often didnt have any encryption, therefore it was easy for him tcpdump it all
- With 1.76 exploit he gained hexdumps
- Used same method as 1.76 method to gain userland code execution, but the video apps are more limited than the webbrowser. (Says it was/should be ok to trigger kexploit, but didnt say anything about it if he either did find a kexploit or used one)
And a similar English summary translation from @Wultra (aka C0rpVultra):
- His research since 2015 (idk if it has been corrected since then, video applications need PSN access, so "should" work on the last fw)
- There is no code available / Not sure that everything that has been said even still works today
- Uses the version of webkit found in video applications (which was / was the same version of webkit, which allowed to use the exploit 1.76).
- Video applications often didn't have any encryption, so it was easy for him to tcpdump it all
Download: exploiting_ps4_video__apps.odp (4.4 MB - Slides)
Download: exploiting_ps4_video_apps_english.odp (1.1 MB - English Translated Slides)
Download: exploiting_ps4_video__apps.de.en.pdf (1.0 MB - English Translated Slides)