Vita webkit hack: Codelion releases memtools_vita
Developer Codelion (a.k.a. @BBalling1), one of the main people behind the recently revealed webkit exploit on the Vita, just released an advanced tool for developers who want to play with the exploit. More specifically, memtools_vita allows developers to dump the content of the modules used from within the webkit process on the Vita.
In order to do so, you’ll need to run Codelion’s special python server, and access your computer’s local IP with the Vita, on port 8888. The readme explains it all, however let me emphasize once again that this is not a release for “end users”, but for developers.
The tools around this exploit are still quite crude, and I am sure many developers are working on their own sets of tools. CodeLion mentions however that this could help people to start doing some significant reverse engineering and ROP. From the readme:
Allows to play with the Vita’s webkit process’ memory through by leveraging a webkit vuln. Autoresolve is a little iffy, supports no special cases and skips alot of modules because it crashes (reading invalid memory)
Known issues: Does not dump the data section, only executable code. IDA does not like that, but its enough for ROP and some reversing.
Now if you’ll excuse me, I think I have a python server to put in place on my PC…
CodeLion did mention earlier this week that this work was done partially by “a good friend”, but no specific name is mentioned in the readme.