PS3Xploit Tools v3.0 updates, PlayStation 3 developer Derrik (aka @GhzGangster on Twitter) recently made available Zerosense which is an exploit toolkit for the PS3 Browser via ROP exploitation in development with details below.
Download: zerosense-master.zip / GIT
To quote from the README.md: zerosense
Zerosense is an exploit toolkit for the PlayStation 3 Browser, based on work by the PS3Xploit team, and the proof-of-concepts which came before. It also takes inspiration other projects, such as PegaSwitch and PS4 Playground.
This project is primarily designed to manipulate files for the SaveMGO MGO2 Revival project, to aid users on official firmware. Additional functionality may be added in the future.
Project is still under heavy development. Things may completely change in the future.
We create an array a certain size, number of elements, and first element for verification. After searching, we should find the address of the array in memory. Once we have this, we can get the addresses of elements within the array.
Once we have the array, we can create our ROP chains, figure out their addresses, and then trigger the Use-After-Free exploit.
This approach allows us to conduct only one initial, cheap search, as opposed to searching for each chain in memory.
- Have a clean and easy-to-understand codebase
- Be easily extendable
- Be able to execute quickly and reliably
- Be able to easily add support for different firmware
Node.js and NPM should be installed beforehand. See https://docs.npmjs.com/getting-started/installing-node
This project has been built using Node 7.10.1 and NPM 4.2.0. There may be some issues that arise for other versions.Code:npm install
RunningCode:npm run build
The web server will be running on port 9000, by default.Code:npm start
Cheers to @HydrogenNGU for the heads up on the news via Twitter below!