Join Us and become a Member for a Verified Badge to access private areas with the latest PS4 PKGs.
PS3 Jailbreaking       Thread starter PSXHAX       Start date Aug 7, 2017 at 2:49 AM       532      
Status
Not open for further replies.
Following his PS3 OFW PSID Dump Tool Tutorial and recent d0 / d1 pdb file findings PlayStation 3 developer @esc0rtd3w (Twitter) set up some new work-in-progress Github forks for a PS3 WebKitSploit and PS3 Playground port. :ninja:

Download: ps3-webkitsploit-master.zip / PS3 WebKitSploit GIT / ps3-playground-master.zip / PS3 Playground GIT / Websploit.org / PS3 Playground Test Page / PS3 Webkit POC / PlayStation 3 Browser Investigation

The PS3 WebKitSploit is based on original PS4 code from Cryptogenic and qwertyoruiopz focusing on PS3 3.xx / 4.xx code execution, while the PS3 Playground WebKit exploit port is based on CTurt and Cryptogenics PS4 code. :ninja:

From the README.md file, to quote: PS3 Playground

A collection of PS3 tools and experiments using the WebKit, Flash, and other options.
We are only testing on firmware 4.81 only at the moment.

THIS REPO IS FOR THE PUBLIC PS3 COMMUNITY TO EXPLORE AND TEST ON THEIR OWN

OUR TEAM IS CURRENTLY WORKING ON THIS PROJECT PRIVATELY AND WILL UPDATE WHEN FINISHED!

FOR A LIVE DEMO WITH PUBLIC TESTS TO TRY OUT, PLEASE VISIT: http://www.websploit.org/ps3/ps3-playground/test/

There are a lot of files here for reference and exploration.

Once more testing has been done, these will be cleaned up over time.

CREDITS:

Inspired by original work from CTurt (https://github.com/CTurt/PS4-playground/) and Cryptogenic (https://github.com/Cryptogenic/PS4-Playground-3.55)

Spoiler: Original (Outdated) Information
If anyone can lend him a hand on Github that would be much appreciated, and cheers to @B7U3 C50SS, @Bultra and @spyro2670 for the heads-up in the PSXHAX Shoutbox earlier today! :beer:
PS3 WebKitSploit and PS3 Playground WIP Github Forks by Esc0rtd3w.jpg
 

Comments

@esc0rtd3w Im thinking about an exploit using the webkit + DTU. i want to try if i can open a ''Fake facebook app'' (black ops 2 support it no?) to get in the hdd or ram. idk is just an idea

Again thanks for this exploit!!
 
from above discussions i concluded that we can extract IDPS using exploit (which is of no use as for superslim as IDPS injection it is fixed on fw 4.81) and flash dump (it is also unavailable for superslim as it uses eMMC).

So we are left with lv2 syscalls about which I don't know anything. Anybody who can explain what other things happen with it.??
 
*double bubbles*
try DC Universe Online, when it connects at start, using a proxy, capture the URL and inject an exploit (needs to be coded to match the game structure and also triggers some parts of the PS3, but that's as I say "makeable")

4xxx superslims because of the additions of minver are a lot harder to hack, but... RSXploit can do a LV1 and LV2 write job. Adapt the code of it, and make the dreams come true.

from above discussions i concluded that we can extract IDPS using exploit (which is of no use as for superslim as IDPS injection it is fixed on fw 4.81) and flash dump (it is also unavailable for superslim as it uses eMMC).

So we are left with lv2 syscalls about which I don't know anything. Anybody who can explain what other things happen with it.??
Mmmh hmm. IDPS extract IS now possible thanks to the webkit exploit.
 
Hello @esc0rtd3w

WOW bro!!! It`s amazing news!!! My main interest on it is being able to run homebrew apps on PS3 4.81 (mainly UDKUltimate Engine). So will it be possible to run unsigned code upon release of this new exploit?
 
Status
Not open for further replies.
Back
Top