Join Us and become a Member for a Verified Badge to access private areas with the latest PS4 PKGs.
PS4 Jailbreaking       Thread starter PSXHAX       Start date Mar 2, 2018 at 3:25 AM       39      
Status
Not open for further replies.
Since his 4.05 PS4 Exploit, related Documentation, release of the full 4.55 PS4 Jailbreak and 4.55 PS4 Holy Grail homebrew enabler today PlayStation 4 developer @SpecterDev made available via Twitter his 4.55 WebKit exploit write-up for the "setAttributeNodeNS()" bug so other scene devs and enthusiasts can learn from it. :geek:

Here's an excerpt from the complete setAttributeNodeNS UAF Write-up.md file, to quote: Conclusion

For a seasoned webkit attacker, this bug is trivial to exploit. For non-seasoned ones such as myself however, working with WebKit to leverage a read/write primitive from WebCore heap corruption can be confusing and challenging.

I hope through this write-up that it can help other researchers new to webkit to understand a bit of the magic that happens behind webkit exploitation, as without understanding fundamental data structures such as JSObjects and JSValues, it can be difficult to make sense of what's happening.

This is why I focused the core of the write-up on going from heap corruption to obtaining a read/write primitive, and how type confusion with internal objects can be used to achieve it.

In the next section (yet to be published), we will cover the kernel exploit portion of the 4.55 jailbreak chain. While this WebKit exploit will work on 5.02 and lower, the kernel exploit will only work on firmware 4.55 and lower.

Credits
References
Cheers to @Denisuu for the news tip in the PSXHAX Shoutbox tonight! :beer:
PS4 4.55 WebKit Exploit Documentation Write-up by SpecterDev.jpg
 

Comments

It's bad that people are complaining about psxhax being down. You guys have no idea how tough it is to maintain a forum like this.

Good job psxhax
 
Thanks as always for all the knowledge share here be the community. this write-up sure is interesting to read and understand all the "Hen" process and exploit to achieve it...I've got to read it
Big thanks @SpecterDev
 
Status
Not open for further replies.
Back
Top