PS4 3.15 Firmware Entry Point for Testing from Zecoxao

Following the recent PS4 Dlclose Exploit for 1.76 Firmware, today I'd like to share a talk between zecoxao and Zer0xFF on finding an entry point for testing with PS4 Firmware 3.15 and also 3.50.

• http://2.83.228.148/totally_not_gachimuchi/

@zecoxao seems to be working on an entry point for the PS4 3.15 FW and wants some testers
1. Entry point:

<iframe></iframe><object onbeforeload="crash()">
    <script>
    if (window.testRunner) {
        testRunner.dumpAsText();
        testRunner.waitUntilDone();
    }

    function crash() {
        document.getElementsByTagName("iframe")[0].contentWindow.scrollX;
        document.open();
    }

    document.body.offsetLeft;
    setTimeout(function() {
        document.close();
        document.body.innerHTML = 'PASS if not crashed.';
        testRunner.notifyDone();
    }, 1);
    </script>

2. Entry point:

<input id="t1" type="time">
    <script>
    var time1 = document.getElementById('t1');
    document.addEventListener('beforeload', function(event) {
        time1.value = time1.value ? '' : '23:59';
    }, true);

    if (window.testRunner) {
        testRunner.dumpAsText();
        testRunner.waitUntilDone();
    }
    setTimeout(function() {
        document.body.innerHTML = 'PASS if not crashed.';
        testRunner.notifyDone();
    }, 100);
    time1.focus();
    </script>
    <embed src="data:text/html,PASS"></embed>

Also the the source code from the Webkit from Sony

• EDIT / Update by B7U3 C50SS & source files from zecoxao & and a file server for accessing the PS4 Tests page - via, pasha4ur:
• You may also crash test your PS4 browser ATM on any FW from zecoxao's Github Page.

3. Entry Point:

<script>
function inituaf() {
  for(var i=0; i<100; i++) {
    for(var j=0; j<32; j++) {
    }
  }
  try { CollectGarbage(); } catch(err) {
    try { window.gc(); } catch(err) {
      for(var i=0; i<100; i++) {
      }
    }
  }
}

function eventhandler2() {

  try { var00002 = document; } catch(err) { } //line 2
  try { var00003 = var00002; } catch(err) { } //line 3
  try { var00043 = 0; } catch(err) { } //line 45
  try { var00044 = var00003.getElementsByTagName("iframe")[var00043]; } catch(err) { } //line 46
  try { var00045 = var00044.contentWindow; } catch(err) { } //line 47
  try { var00063 = -1; } catch(err) { } //line 67
  try { var00064 = 0; } catch(err) { } //line 68
  try { var00045.scrollTo(var00063,var00064); } catch(err) { } //line 69
  try { var00002.write(); } catch(err) { } //line 185
}


</script>
><object onbeforeload="eventhandler2()"><iframe>

4. Entry Point:

<!DOCTYPE html>
<html>
<body>
<iframe></iframe>
<script>

var _gc;

function run()
{
    var iframe = document.getElementsByTagName('iframe')[0];
    iframe.contentDocument.documentElement.contentEditable = true;

    iframe.contentDocument.documentElement.addEventListener('focusout', function () {
        iframe.parentNode.removeChild(iframe);
    }, false);

    iframe.contentDocument.documentElement.focus();
}
document.addEventListener('DOMContentLoaded', run);
</script>
</body>
</html>

 

[pasha4ur]

what makes sence to you? y would some1 post a processor in a ps4 thread? perhaps the ps4 is not running what you were told cuz people are so use2 being bottle fed they dont look for themselves and just cause the processor says jaguar on it hell i can print jaguar on any cpu but dont mean it is as stated now does it?

I just asked. Because I don't understand connection between IBM CPU and PS4 AMD CPU x86x64

Docs say powerpc 440 use ddr2

 

[Chaos Kid]

I just asked. Because I don't understand connection between IBM CPU and PS4 AMD CPU x86x64

Docs say powerpc 440 use ddr2

Yes I know what doc says I did read thro it myself. And as I said just cuz some1 tells you it's something don't mean it is. Do you think Sony wod like for them to be hacked?
The ps4 is a ppc cuz Sony has used everything from ibm from the beginning. Put all the pieces together between the systems and you wod see.

I just asked. Because I don't understand connection between IBM CPU and PS4 AMD CPU x86x64

Docs say powerpc 440 use ddr2

When gta kid stated it was similar to a ps2 she wasn't wrong in the aspect processor wise that's it but what it also states in the documentation I have says FPU is used on x32 to make x64 bit systems.
Now if you read xlc/c++ src code it also gives you some nice details on what processor it realy is. Then do the math add the missing pieces so no this is no amd machine all ibm except the video card. Maybe do some research and learn for yourself so you know no offence.
I have 20+ yrs in this stuff so I do know what I'm talking about

 

[proskopina]

soon or later everything is going to be hacked
this is a trip with different paths
hack is just a word wich defines many things

 

[Chaos Kid]

Incorrect programmers know how to hack just as hackers do what defines them is what it's actualy used for. Some hackers is just fame and others use it for development saving them costs of actual machines that's not needed.
End goal is what defines

 

[pasha4ur]

Unfortunatelly I can't read c++. Only js + PHP (I am beginner)

If this true Sony is really sucks company. They use outdated CPU and cheat customers. And this explains why ps4 so weak and ports to pc have so many bugs.

I don't find info about IBM in ps4 in other place in Internet

 

[Chaos Kid]

Unfortunatelly I can't read c++. Only js + PHP (I am beginner)

If this true Sony is really sucks company. They use outdated CPU and cheat customers. And this explains why ps4 so weak and ports to pc has so many bugs.

I don't find info about IBM in ps4 in other place in Internet

Of course not can you blame them they don't want there system to get hacked so they made a story and cuz every1 on the scene is use2 being fed info they all listened.
N I hate to tell you ppc systems are amazing units I love them myself regardless of an outdated CPU or not they are powerful. And if you think they are so outdated you shod see the actual OS systems it realy is

Unfortunatelly I can't read c++. Only js + PHP (I am beginner)

If this true Sony is really sucks company. They use outdated CPU and cheat customers. And this explains why ps4 so weak and ports to pc have so many bugs.

I don't find info about IBM in ps4 in other place in Internet

One good piece of info if your into programming learn what your base compiler will be don't matter what version it is then you can set a cross compiler and chain them together if you wish I've chained 5 compilers into one big setup rather then using separate chains and scripts my backend compiler is alot lower then my base compiler but depends the road you wish to go. Good luck

 

[GritNGrind]

I can get Fire30's POC fakedns.py to run on 3.50fw and can see it dump servers it's trying to talk too, but still no luck on the exploit running.

 

[Chaos Kid]

I can get Fire30's POC fakedns.py to run on 3.50fw and can see it dump servers it's trying to talk too, but still no luck on the exploit running.

View attachment 539

Are you using the same tools that I have and require fpga?

 

[GritNGrind]

No fpga required, and actually seems like the exploit is trying to run, but comes back with Error: dump not received. So crashing somewhere.

 

[Chaos Kid]

No fpga required, and actually seems like the exploit is trying to run, but comes back with Error: dump not received. So crashing somewhere.

Are you using cturt opensdk? I'm almost certain it's required
So data isn't dumping from the system hmmm makes me think of communication bus error