Advertising (This ad goes away for registered users. You can Login or Register)

OFW Code Execution

Underground PS3 information and discussions
Forum rules
Forum rule Nº 15 is strictly enforced in this subforum.
Post Reply
kiuvi
Posts: 3
Joined: Sun Oct 07, 2012 10:12 pm

OFW Code Execution

Post by kiuvi » Sat Jun 29, 2013 12:08 am

Hi,
I just want to know if someone with real ps3 knowledge could read this info and if this could end with something good for the people of OFW.
OFW 4.31 Code Execution Vulnerability (Fixed on FW 4.40)
http://seclists.org/fulldisclosure/2013/May/113
Then a lv2 exploit (This isn't ready or no public PoC)
http://www.twitlonger.com/show/jcmh80
http://nwert.wordpress.com/2012/09/19/exploiting-lv2/ PoC FW 3.41:http://pastie.org/4755699
And finaly
http://devram0.blogspot.com.es/2012/01/ ... lware.html
I thing this could be achived with syscall 837.
Thats for reading.

All this info is not for sure, so this could be nothing.
Sorry for my bad english, it isn't my native language.
Advertising
Top
User avatar
JeoWay
Posts: 1052
Joined: Fri Jan 11, 2013 2:59 am
Location: vs0:/app/JEOWAY/mybedroom.bin
Contact:
Contact JeoWay

Re: OFW Code Execution

Post by JeoWay » Mon Jul 01, 2013 1:33 am

Well, not really actually. Unless we have the private keys (unknown and complete random), there won't be a Custom Firmware for Official users.

BUT, if we had another exploit (usable) on our hands, then yes we possibly can. However, the ECDSA bug was patched, and that is what originally gave us our 3.55 Custom Firmware. (Apart from Other OS)
Advertising
Intel Core i7 4770K @4.7Ghz
MSI Z87-GD65 Motherboard
32GB Corsair Vengeance PRO RAM
Radeon 7950 OC DD (XFX)
Corsair H100i Water Cooling
Corsair HX1050 PSU
Corsair 900D
1TB WD Blue - 128GB 840 PRO SSD
BenQ XL2420TE Gaming Monitor
Top
kiuvi
Posts: 3
Joined: Sun Oct 07, 2012 10:12 pm

Re: OFW Code Execution

Post by kiuvi » Tue Jul 02, 2013 8:41 pm

This exploit coul be usefull?
http://seclists.org/fulldisclosure/2013/May/113
Top
User avatar
JeoWay
Posts: 1052
Joined: Fri Jan 11, 2013 2:59 am
Location: vs0:/app/JEOWAY/mybedroom.bin
Contact:
Contact JeoWay

Re: OFW Code Execution

Post by JeoWay » Tue Jul 02, 2013 8:59 pm

kiuvi wrote:This exploit coul be usefull?
http://seclists.org/fulldisclosure/2013/May/113
To be honest on that, it wouldn't get you anywhere near an OFW Jailbreak. Because that is talking about PARAMS keys and their uses. For a jailbroken ps3 to be usable, you would have to have the private keys period. The only known way to do this is by having a *** take them from Sony and leak them, bruteforce them, or find some vulnerability in the firmware itself that allows actual firmware modification. This was AKA the Signing fail that FailOverFlow found. That is now patched. What GeoHot done was get the metldr keys (basically what we have today known as lv0) and geohot used failoverflows exploit to take advantage of hacking it. If you have never watched the video of him doing, you will understand more from what he actually said happen:
Intel Core i7 4770K @4.7Ghz
MSI Z87-GD65 Motherboard
32GB Corsair Vengeance PRO RAM
Radeon 7950 OC DD (XFX)
Corsair H100i Water Cooling
Corsair HX1050 PSU
Corsair 900D
1TB WD Blue - 128GB 840 PRO SSD
BenQ XL2420TE Gaming Monitor
Top
kiuvi
Posts: 3
Joined: Sun Oct 07, 2012 10:12 pm

Re: OFW Code Execution

Post by kiuvi » Wed Jul 03, 2013 12:22 pm

You said:
or find some vulnerability in the firmware itself that allows actual firmware modification.
http://seclists.org/fulldisclosure/2013/May/113
This is at least a usermode vulnerability, alone I think that doesn't alow firmware modification but, we could use a lv2 vulnerabilitys like this ones:
1-http://www.twitlonger.com/show/jcmh80
2-http://nwert.wordpress.com/2012/09/19/exploiting-lv2/
to at least run homebrew and if we are lucky enought and like this says: http://devram0.blogspot.com.es/2012/01/ ... lware.html
GameOS is allowed to write in the metldr flash region
we could write in flash and how knows maibe we can write a CFW over our OFW.
Top
Post Reply

Return to “Programming & security”