Join Us and become a Member for a Verified Badge to access private areas with the latest PS4 PKGs.
PS3 Jailbreaking       Thread starter PSXHAX       Start date Aug 7, 2017 at 2:49 AM       532      
Status
Not open for further replies.
Following his PS3 OFW PSID Dump Tool Tutorial and recent d0 / d1 pdb file findings PlayStation 3 developer @esc0rtd3w (Twitter) set up some new work-in-progress Github forks for a PS3 WebKitSploit and PS3 Playground port. :ninja:

Download: ps3-webkitsploit-master.zip / PS3 WebKitSploit GIT / ps3-playground-master.zip / PS3 Playground GIT / Websploit.org / PS3 Playground Test Page / PS3 Webkit POC / PlayStation 3 Browser Investigation

The PS3 WebKitSploit is based on original PS4 code from Cryptogenic and qwertyoruiopz focusing on PS3 3.xx / 4.xx code execution, while the PS3 Playground WebKit exploit port is based on CTurt and Cryptogenics PS4 code. :ninja:

From the README.md file, to quote: PS3 Playground

A collection of PS3 tools and experiments using the WebKit, Flash, and other options.
We are only testing on firmware 4.81 only at the moment.

THIS REPO IS FOR THE PUBLIC PS3 COMMUNITY TO EXPLORE AND TEST ON THEIR OWN

OUR TEAM IS CURRENTLY WORKING ON THIS PROJECT PRIVATELY AND WILL UPDATE WHEN FINISHED!

FOR A LIVE DEMO WITH PUBLIC TESTS TO TRY OUT, PLEASE VISIT: http://www.websploit.org/ps3/ps3-playground/test/

There are a lot of files here for reference and exploration.

Once more testing has been done, these will be cleaned up over time.

CREDITS:

Inspired by original work from CTurt (https://github.com/CTurt/PS4-playground/) and Cryptogenic (https://github.com/Cryptogenic/PS4-Playground-3.55)

Spoiler: Original (Outdated) Information
If anyone can lend him a hand on Github that would be much appreciated, and cheers to @B7U3 C50SS, @Bultra and @spyro2670 for the heads-up in the PSXHAX Shoutbox earlier today! :beer:
PS3 WebKitSploit and PS3 Playground WIP Github Forks by Esc0rtd3w.jpg
 

Comments

@roflrofl0056 i believe this was patched already, but have not looked into it much further than that. No bother :p

FYI: we currently have a working method that can dump userland memory and write data to 2 major areas of user space. If anyone has more info on getting a working payload to execute and test, please PM me. No further details can be announced here! Sorry.... and Thanks (y)
 
Reborn Persona are you going to help esc0rtd3w to make this exploit?

Hah! I wish. No, unfortunately, while I have a programming background to an extent, it is nowhere near enough to be able to design these types of exploits. I understand the concepts because I've studied certain aspects of security since I was very young, but that sadly does not give me the ability to attack security at low level like Return Oriented Programming myself.

I would if I could though! I've been wanting to get Vesperia English working on my Super Slim for years now!
 
@roflrofl0056 i believe this was patched already, but have not looked into it much further than that. No bother :p

FYI: we currently have a working method that can dump userland memory and write data to 2 major areas of user space. If anyone has more info on getting a working payload to execute and test, please PM me. No further details can be announced here! Sorry.... and Thanks (y)
Awpps, i meant <4.40 not >4.40.. Sorry lel, damn this smartphone and his small keys. :unsure:

I proposed implementing that one until we can find a 4.81 kexploit, which should be easier being able to dump <4.40s lv2. But well idk what i'm talking about so nvm XD..
Good luck and keep us updated!
 
Status
Not open for further replies.
Back
Top