Recently we reported on the PS4 3.50 Webkit Crash avenue to exploit the PlayStation 4 browser, and thanks to @toni1988, @Chaos Kid and @mcmrc1 in the Shoutbox comes news of PS4 Linux also running on 3.50 OFW using the PlayStation 4 Blu-ray drive as the loader through a BDLive bug from 00001234.
To quote, roughly translated: So great is the vulnerability hardly, it is unencrypted and the code is freely available. Funny that's, this is on the 3.50. Thus one can save anything on the PS4 and also run! So you can even boot Linux.
What do you need:
1. Windows or Linux system
2. Charles web debugging proxy or burpsuite
3. A film with BDLive (in my test it was by Universal Pictures) others will surely go well. Can you really test yourself.
4. Connect to best PS4 with Lan.
It is described for Charles... Insert and start now to film, short wait at Charles appears Universal Pictures after about 1 minute a bootloader file.
Looks like this:
XML source
This copy or save as txt (very important as txt save on the PC)
Change the first line
eg change in
with map local ... Change the txt file.
Now wait are the download is completed. You have to add a little code in the next line so that the boots or executes before that. Thus, almost all run on the PS4, because it is indeed stored internally. One has the storage path.
In the next emergency update when PlayStation it will probably initially be no BDLive needs indeed no man
Wishes to test you much fun in
Who finds spelling mistakes may keep them.
To quote, roughly translated: So great is the vulnerability hardly, it is unencrypted and the code is freely available. Funny that's, this is on the 3.50. Thus one can save anything on the PS4 and also run! So you can even boot Linux.
What do you need:
1. Windows or Linux system
2. Charles web debugging proxy or burpsuite
3. A film with BDLive (in my test it was by Universal Pictures) others will surely go well. Can you really test yourself.
4. Connect to best PS4 with Lan.
It is described for Charles... Insert and start now to film, short wait at Charles appears Universal Pictures after about 1 minute a bootloader file.
Looks like this:
XML source
Code:
<?xml version="1.0" encoding="utf-8"?>
<update version="1" targetTitle="89">
<statusCodes>
<statusCode id="100" type="Information">Successful</statusCode>
</statusCodes>
<resources>
<resourceFile uri="http://cdn.www.universalhidefclub.com/u/ContentServer/Universal/xxxxxxx/Package/xxxx-xxxx-xxxx-xxxx-xxxx/boot.bin" fileSizeInBytes="1234" localStorage="common/boot.bin">
</Resource file>
<resourceFile uri="http://cdn.www.universalhidefclub.com/u/ContentServer/Universal/xxxxxxx/Package/xxxx-xxxx-xxxx-xxxx-xxxx/boot.xml" fileSizeInBytes="1234" localStorage="common/boot.xml">
</Resource file>
<resourceFile uri="http://cdn.www.universalhidefclub.com/u/ContentServer/Universal/xxxxxxx/Package/xxxx-xxxx-xxxx-xxxx-xxxx/v3.zip" fileSizeInBytes="1234" localStorage="v1.zip">
</Resource file>
</Resources>
<bumf>
<bumfFile uri="http://cdn.www.universalhidefclub.com/u/ContentServer/Universal/xxxxxxx/Package/xxxx-xxxx-xxxx-xxxx-xxxx/bumf.bmf" fileSizeInBytes="17013" localStorage="bumf.bmf">
</bumfFile>
</bumf>
<busf>
<busfFile uri="http://cdn.www.universalhidefclub.com/u/ContentServer/Universal/xxxxxxx/Package/xxxx-xxxx-xxxx-xxxx-xxxx/bumf.bsf" fileSizeInBytes="132" localStorage="bumf.bsf">
</busfFile>
</busf>
</update>
Change the first line
Code:
<resourcefile uri="http://cdn.www.universalhidefclub.com/u/ContentServer/Universal/xxxxxxx/Package/xxxx-xxxx-xxxx-xxxx-xxxx/boot.bin" fileSizeInBytes = "1234" localStorage = "common / boot.bin">
Code:
<resourcefile uri = " releases.ubuntu.com/14.04/ubuntu-14.04.4-desktop-amd64.iso " fileSizeInBytes = "1234" localStorage = "common / boot.bin">
Now wait are the download is completed. You have to add a little code in the next line so that the boots or executes before that. Thus, almost all run on the PS4, because it is indeed stored internally. One has the storage path.
In the next emergency update when PlayStation it will probably initially be no BDLive needs indeed no man
Wishes to test you much fun in
Who finds spelling mistakes may keep them.