Category PS3 Jailbreaking       Thread starter PSXHAX       Start date Aug 7, 2017 at 2:49 AM       177,058       532            
Status
Not open for further replies.
Following his PS3 OFW PSID Dump Tool Tutorial and recent d0 / d1 pdb file findings PlayStation 3 developer @esc0rtd3w (Twitter) set up some new work-in-progress Github forks for a PS3 WebKitSploit and PS3 Playground port. :ninja:

Download: ps3-webkitsploit-master.zip / PS3 WebKitSploit GIT / ps3-playground-master.zip / PS3 Playground GIT / Websploit.org / PS3 Playground Test Page / PS3 Webkit POC / PlayStation 3 Browser Investigation

The PS3 WebKitSploit is based on original PS4 code from Cryptogenic and qwertyoruiopz focusing on PS3 3.xx / 4.xx code execution, while the PS3 Playground WebKit exploit port is based on CTurt and Cryptogenics PS4 code. :ninja:

From the README.md file, to quote: PS3 Playground

A collection of PS3 tools and experiments using the WebKit, Flash, and other options.
We are only testing on firmware 4.81 only at the moment.

THIS REPO IS FOR THE PUBLIC PS3 COMMUNITY TO EXPLORE AND TEST ON THEIR OWN

OUR TEAM IS CURRENTLY WORKING ON THIS PROJECT PRIVATELY AND WILL UPDATE WHEN FINISHED!

FOR A LIVE DEMO WITH PUBLIC TESTS TO TRY OUT, PLEASE VISIT: http://www.websploit.org/ps3/ps3-playground/test/

There are a lot of files here for reference and exploration.

Once more testing has been done, these will be cleaned up over time.

CREDITS:

Inspired by original work from CTurt (https://github.com/CTurt/PS4-playground/) and Cryptogenic (https://github.com/Cryptogenic/PS4-Playground-3.55)

Spoiler: Original (Outdated) Information
If anyone can lend him a hand on Github that would be much appreciated, and cheers to @B7U3 C50SS, @Bultra and @spyro2670 for the heads-up in the PSXHAX Shoutbox earlier today! :beer:
PS3 WebKitSploit and PS3 Playground WIP Github Forks by Esc0rtd3w.jpg
 

Comments

Status
Not open for further replies.

ShadixAced

Member
Contributor
Mmmph. 2011 Webkit. Please wait while i'm searching for userland, and then maybe for kernel.
Found this, not sure how useful it would be to anyone but I'll just leave it here: http://www.edepot.com/ps3_linux.html
PS3 = UNIX-coded, with an outdated Chromium and 2011 AppleWebkit. To achieve something, we need a Webkit exploit that goes through the kernel (UNIX-based) and then exploit it to make a probable "something-something" we already have LV1:LV2 access thanks to RSXploit by zecoxao. We can adapt the code to launch the Webkit accompanied with RSXploit + code for a probable and maybe good kernel access (BUT NO R/W only READ ONLY).

For example, this can be used : http://www.cvedetails.com/cve/CVE-2016-4584/
And this to attack directly the old Chromium : https://www.cvedetails.com/cve/CVE-2011-1797/
 

esc0rtd3w

Developer
Member
Contributor
i heard you guys already achieved kernel access on ofw ? Is that true ? Can we have a poc soon :D
this is true :p

additional details cannot be revealed at this time.....yet.

more testing and work is still needed before any type of PoC or release to the public.

once things are finalized, the plan is to put all code onto GitHub from the team :coffee:
 

ShadixAced

Member
Contributor
this is true :p

additional details cannot be revealed at this time.....yet.

more testing and work is still needed before any type of PoC or release to the public.

once things are finalized, the plan is to put all code onto GitHub from the team :coffee:
Awesome ! Make S0ny suffer :p

And thanks @PSXHAX for linking the RSXploit article.
If I helped with the linked CVE's, this will make my day XD
 

ShadixAced

Member
Contributor
this is true :p

additional details cannot be revealed at this time.....yet.

more testing and work is still needed before any type of PoC or release to the public.

once things are finalized, the plan is to put all code onto GitHub from the team :coffee:
Also one more question, does this permit R/W access to the firmware, and probably a JB or code injection ?
 

B7U3 C50SS

~ Team_Zer0 ~
Senior Member
Contributor
Wow, I actually did some digging and I found this post from 8 years ago.

I guess people were doing this before most others knew it was a feasible way to attack the PS3

Also this.
 
Status
Not open for further replies.
Recent Articles
PSPlay: PS4 Remote Play App for Android Devices by Grill2010
Hi, In case someone is interested, after PSJoy which I've released one year ago and following my RemotePlayPrototype open source research project I have developed a new Android app called PSPlay...
PS4 Open-world RPG Shenmue III Joins New Games Next Week
Next week Yu Suzuki's open-world RPG series returns in the legendary Shenmue III on PS4 among the new video game releases! 🕹 PlayStation 4 fans can catch up with Ryo Hazuki in his ongoing quest...
Sony Asks PS4 Players for Feedback Ahead of PS5 Launch Next Year
According to kasual7, Sony recently sent out a survey asking for feedback from PS4 players ahead of the PS5 Launch late next year. 🤔 The questionnaire states: Tell us about your time with PS4 -...
Harsh Survival RPG Rust Launches on PlayStation 4 in 2020, PS4 Trailer
Video game developers Facepunch Studios and Double Eleven announced that the harsh survival RPG Rust on PC is slated to launch on PlayStation 4 in 2020 complete with a PS4 announcement trailer...
Top