Category PS4 Jailbreaking       Thread starter PSXHAX       Start date Apr 21, 2016 at 9:12 PM       11,702       10            
Status
Not open for further replies.
Following news of the PS4 Dlclose Exploit for 1.76 and more recently the Entry Point findings, today Wololo reports that PlayStation 4 developer Fire30 made available on Github a PS4 Webkit Exploit proof-of-concept for PlayStation 4 Firmware 2.XX.

Download: PS4-2014-1303-POC-master.zip / PS4-2014-1303-POC GIT

From the ReadMe file: CVE 2014-1303 Proof Of Concept for PS4

This repository contains a poc for the CVE 2014-1303 originally disclosed by Liang Chen. It has been tested to work on system firmware 2.03, but should work for systems on a firmware < 2.50, the ROP test will however only work on 2.03.

Usage

You need to edit the dns.conf to point to the ip address of your machine, and modify your consoles dns settings to point to it as well. Then run
Code:
python fakedns.py -c dns.conf
then
Code:
python server.py
Debug output will come from this process.

Navigate to the User's Guide page on the PS4 and various information should be printed to the console. The ROP test will print what is stored in the rsp register. Continuing execution after rsp is pivoted still needs to be done.

Acknowledgements

Liang Chen
thexyz
dreadlyei

Fire30 also notes, to quote: This implementation will not work on the vita as it uses a different memory allocator. In fact I am using the same exploit that is used in https://github.com/Hykem/vitasploit for 3.36, so that is the farthest this vulnerability will go.

Thanks to CnCore for the tip in the PSXHAX.COM Shoutbox! :D

CVE-2014-1303.jpg
 

Comments

Status
Not open for further replies.

Fimo

Senior Member
Contributor
Open the webkit..
Open the ofw...
Open the hdd...
Create the cfw...
Great ......
Jailbreak...
Bingo....
You're forgeting the most important part, the kernel exploit ! max 2.03 OFW for dlclose exploit and max 2.xx for the 80% completed badiret expoit.
 

mcmrc1

Senior Member
Contributor
Verified
and i think first we need keys to create a cfw and decrypt files and so one...

without keys no cfw if iam not wrong
 

Fimo

Senior Member
Contributor
What about 2.57 ?
- Badiret patch released on FreeBSD 9 (Orbis) = 2015-08-25
- 2.57 = Jully 2015
A JB may come soon for 2.03 with the dlclose exploit with the help of FIRE30.

A POC has been posted on twitter of POC 3.50 webkit exploit (twit deleted). With a Badiret exploit, there is still hope for a 2.57 (even 3.00 ?) Jailbreak.
 
Status
Not open for further replies.
Recent Articles
Windbound Sails to PlayStation 4 on August 28th, PS4 Trailer Video
The forbidden islands are calling survival adventure fans eager to unravel the mystery as Windbound from 5 Lives Studios sets sail on PlayStation 4 this August 28th. 🌊 ⛵ 🔎 Prepare to explore...
PS Store Spring Sale Offers Savings Up to Half Off Select PSN Titles
The latest PlayStation Store sale is here featuring savings of up to 50% off select PS4 games and movies including Death Stranding, NBA 2K20, Dragon Ball Z: Kakarot and more! 🤩 PlayStation...
Rebug 4.86.1 LITE PS3 CFW with Cobra 8.2 and Toolbox 2.03.04
A few days back Sony released PS3 Firmware 4.86, and following their previous release today the Rebug Team made available Rebug 4.86.1 LITE (CEX) PS3 CFW with Cobra 8.2 and Toolbox 2.03.04 for...
Sony Unveils PlayStation Plus Free Games for April 2020
It's officially 4/20 all month, and today Sony officially unveiled the free PlayStation Plus games for April 2020 alongside a PS Plus preview trailer video below! 🌺🌼🌸 Headlining the free...
Top