Join Us and become a Member for a Verified Badge to access private areas with the latest PS4 PKGs.

PS3 WebKitSploit and PS3 Playground WIP Github Forks by Esc0rtd3w

PS3 Jailbreaking       Thread starter PSXHAX       Start date Aug 7, 2017 at 2:49 AM       532      
Status
Not open for further replies.
Following his PS3 OFW PSID Dump Tool Tutorial and recent d0 / d1 pdb file findings PlayStation 3 developer @esc0rtd3w (Twitter) set up some new work-in-progress Github forks for a PS3 WebKitSploit and PS3 Playground port. :ninja:

Download: ps3-webkitsploit-master.zip / PS3 WebKitSploit GIT / ps3-playground-master.zip / PS3 Playground GIT / Websploit.org / PS3 Playground Test Page / PS3 Webkit POC / PlayStation 3 Browser Investigation

The PS3 WebKitSploit is based on original PS4 code from Cryptogenic and qwertyoruiopz focusing on PS3 3.xx / 4.xx code execution, while the PS3 Playground WebKit exploit port is based on CTurt and Cryptogenics PS4 code. :ninja:

From the README.md file, to quote: PS3 Playground

A collection of PS3 tools and experiments using the WebKit, Flash, and other options.
We are only testing on firmware 4.81 only at the moment.

THIS REPO IS FOR THE PUBLIC PS3 COMMUNITY TO EXPLORE AND TEST ON THEIR OWN

OUR TEAM IS CURRENTLY WORKING ON THIS PROJECT PRIVATELY AND WILL UPDATE WHEN FINISHED!

FOR A LIVE DEMO WITH PUBLIC TESTS TO TRY OUT, PLEASE VISIT: http://www.websploit.org/ps3/ps3-playground/test/

There are a lot of files here for reference and exploration.

Once more testing has been done, these will be cleaned up over time.

CREDITS:

Inspired by original work from CTurt (https://github.com/CTurt/PS4-playground/) and Cryptogenic (https://github.com/Cryptogenic/PS4-Playground-3.55)

Spoiler: Original (Outdated) Information
If anyone can lend him a hand on Github that would be much appreciated, and cheers to @B7U3 C50SS, @Bultra and @spyro2670 for the heads-up in the PSXHAX Shoutbox earlier today! :beer:
PS3 WebKitSploit and PS3 Playground WIP Github Forks by Esc0rtd3w.jpg
 
Click to expand...
PSXHAX
PSXHAX
Live in Your World, HAX in Ours!
Hello World! I've been reporting on Sony PlayStation hacking news since 2000 and started PSXHAX in 2014 to cover PlayStation (PSX), PlayStation 2 (PS2), PlayStation 3 (PS3), PlayStation 4 (PS4), PlayStation Portable (PSP), PlayStation Vita (PS Vita), PlayStation TV (PS TV) and next-gen PlayStation 5 (PS5) platforms along with anything else of interest.

Click on my UserName author link above and you'll be able to view a curated list of all the articles I've contributed thus far to PSXHAX.COM.

If you enjoy gaming and would like to write (unpaid) for this site, Contact Us and we'll be happy to have ya join our Authors! :)

Comments

esc0rtd3w said:
we currently do not need any outside testers. No offense, just have to keep it tight for now.

you are free to test things on your own and report through PM or another way if you would like
Click to expand...
i know you want to keep it quiet, would it be possible of you update the ps3 playground website you have a version number (somewhere on the index (maybe bottom right)) so we know if there has been a change or if not?
 
When do you think the whole working hack will go into full effect? September? October? And will this webkit hack feature an FTP server like the PS4 one?

Thanks and also nice work.
 
updated test page on playground. This is just something a little extra for people to test on their own and try out some things if they wish!

still making progress, although no related information can be disclosed still, at this time :)
 
without disclosing too much info, i have discovered a lot more vulnerabilities and added them to the Private WebKit Testing page, including kernel crash dumps and other info, than are listed on the Public WebKit Testing page. :(

unfortunately, i cannot disclose more to most of these until we have several solid footholds into WebKit, the VSH, and other areas.

I am offering a WebKit UAF vulnerability that is not on the public page for anyone that has a DEX setup and is willing to do some testing to get userland memory dumping at the minimum using it. if anyone is interested, please PM me privately.

Thanks (y)
 
Keep up the good work ! Some progress is better than nothing. Hope soon we will find a way to get the idps on 4.81 among several other things.
 
Gambt said:
Keep up the good work ! Some progress is better than nothing. Hope soon we will find a way to get the idps on 4.81 among several other things.
Click to expand...

Err. Unless the PS3 patched their loaders extensively, it's far, far better than simply IDPS.

This could actually lead to an exploit just like HENKaku, except it should be a bit easier because a lot of the things the Vita uses are far, far, far greater security wise than what the PS3 does.

So don't be surprised if we see the late PSP 'LCFW' all over again.
 
Status
Not open for further replies.

PSXHAX Categories

PS4 Jailbreak Status
PS5 Jailbreak Status

Latest Forum Topics

Share This Page

Back
Top