Vita Webkit exploit: JSoS Module Dumper released
On the weekend, most people rest. But not Bballing1 (CodeLion), TomTomDu80, and Smoke. Working with the recently released SDK by acez, they created a new Module Dumper that dumps all modules visible by the webkit process on the vita.
Codelion had already released memtools_vita, which was dumping modules as well, albeit not as efficiently a this one. This seems to be providing a clean dump of the modules’s Code section , rodata, as well as additional metadata for some of the modules.
People not in the trade can already glance at a few of the things being dumped, from a screenshot that bballing1 shared, and which was apparently taken by our very own Smoke:
- SceAppUtil
- SceAvcodecUser
- SceCommondialog
- SceDriverUser
- SceGpuEs4User
- SceGxm
- SceHafnium
- SceLibc
- SceLibDbg
- SceLibFios2
- SceLibFt2
- SceLibHttp
- SceLibKernel
- SceLibNetCtl
- SceLibPvf
- SceLibVitaJSExtObj
- SceNet
- ScePsp2Compat
- SceShellSvc
- SceWebFiltering
- SceWebkit
- SceWebkitProcess
- …
It wouldn’t be surprising if several hackers have started reverse engineering some of these modules, in the search for additional vulnerabilities that could help gain access to more than just the webkit process.
Download
You can download JSoS Module Dumper here
Note: BBalling mentions that the akai SDK is from acez, Tomtomdu80 contributed to the code, Smoke was testing, and Yifan Lu provided him with the UVL source code.
Raise your hand if you’ve given memtools_vita, HTMLIt, and other native tools a try so far 🙂
Im the first!
Im the best guy im the world. Everyone loves me.
Not everyone loves you,
I kind of hate you
@GDS I kind of love u 😀
Im the 2nd!
Sorry bro, nobody loves you 🙁
I’m the third!
cada vez se esta mas cerca de llegar al objetivo deseado
Forth! Yes!
I’m Last !!
Ohh *** !!
Do you people even read the article? Who cares about post position?
Yay, I guess? It’s nice to see *things* happening, but what can possibly come out of this?
I don’t want to get excited for no reason, I want to get excited for no reason when I see some mysterious awesomely sounding words, like “kernel access”, “decryption keys” etc.
Not to say that VitaJSexObj doesn’t exciting, but still…
I want to play with these so bad but idk how to run the server ….. it open and the closes really fast …… what am I doing wrong???
OS/vita version? capstone installed? run “python serv.py” in terminal, what’s the output?
windows 7… capstone installed… I have python 2.7.8 and 3.4.2 installed…. Original Vita at 3.18…. how do I run in terminal?
Do you want Python in your path, as in if you run the Command Prompt, and run “python”, does it find it? If it does, which version is it?
Try running “serv.py” or “python serv.py” from the Command Prompt and see what error it gives.
It works fine for me on Windows 7 using Python 2.7.8 and also works fine on Ubuntu.
Ugg. “Do you have” instead of “Do you want”…
Its running the 3.4.2 instead of 2.7.8 how can I change that
You can try changing the environment variable “PYTHONHOME” to be the path to your Python 2.7.8 installation (mine is “C:\Python27” for instance). You could also just try changing the file association of “.py” files to open with the 2.7.8 version so when you double-click it, it’s opened with the correct version.
Porting the code to python 3 is not so terrible. I made it recently with akay’s code. Additionnally you don’t even need capstone to be included in this case.
And I am stuck at configuring capstone on wibdows python 🙁
WTH Man, this is kiddish but so funny. First, Second, Third, Fourth……. Haha. Makes me laugh hard. But it’s good for health and I like it. 🙂
Hi Wololo! Any chance you could create some sort of bot-code barrier thing which stops people from commenting “FIRST”Fured1!!here4ubbz1stplacem8 inb4u h8rs k “2ndSecond” is mi middle naem ppl yolo 3rd 4 a swagster thx
Well, he could, but wouldnt it be pointless?
Its a cat and a mouse game. So itll disable one thing, and people will try to bypass or replace it using another.(for exemple:they could write “first” in different language.)
It really isn’t that big of a deal anyway.
But it’s a tradition here lol
15TH!
Is it really hard to just continue scrolling past these comments?
*raises hand*
always crashes the vita’s browser at
“[+] DBG: Dumping SceWebKit.seg0.bin Remaining: 0x6970”
on fw 3.15 for me.
nicely done nonetheless
Its possible you have the slightly older version, there was an error in moving it to the release. its patched now though
yup, i got the version containing
“var bytes = get_bytes(aspace, xaddr, 30000);”
makes sense, 0x7530 > 0x6970 :S
this work on vita 3.30?
NO!!!
Ну наконец-то процесс полного взлома Виты сдвинулся с места!!!
couldnt they just dump to a bios file of 300mb that consist of …
a virtual disk file called psp2bios.bin
two partitions for flash0 and flash1 or the entinre internal dump
…
lol
great work
keep up the phaze
raises hand! /°
could a c port to js be happening soon ?
pspsdk port to native in the wild ?
?.?