I would greatly appreciate it, I'd like to try a experiment.
Advertising
3.60 browser
Forum rules
Forum rule Nº 15 is strictly enforced in this subforum.
Forum rule Nº 15 is strictly enforced in this subforum.
3.60 browser
Could someone please upload a copy of the 3.60 browser
I would greatly appreciate it, I'd like to try a experiment.
I would greatly appreciate it, I'd like to try a experiment.
-
GonnaGetPSVita
- Posts: 214
- Joined: Fri Feb 24, 2012 2:08 am
Re: 3.60 browser
- PSVita 3G / 32GB
- PSVita Wifi / 64GB
- Wacom Cintiq 13HD
- AKG K701
- PSVita Wifi / 64GB
- Wacom Cintiq 13HD
- AKG K701
-
wololofan1
- Posts: 3
- Joined: Mon Aug 22, 2016 12:24 pm
Re: 3.60 browser
I'm wondering once you have the sony webkit, how you compile it.
xyz says “If you run it on a Linux host using Sony’s WebKit” where "it" is a snippet of javascript , which implies they got it to compile.
I downloaded the 3.50-3.60 webkit archive, and tried various ways(makefile, ./configure, cmake) to build the make files. The sourcode seems to indicate using xcodebuild, but xyz mentioned linux and that is also what I am using. I got the farthest with clang and cmake, but I was still halted when it says missing headers like JITBridge.h, RemotePointerWrapper.h, and missing structures which I assume are in those headers like sStructureClassInfo.
My search on google indicates no mention of any of these missing headers or structures.
I’m guessing they used the JSC utility , which can run javascript engine standalone on the command line for testing.
Are those headers in some obtusely named tarbal/zipfile on sony’s site, in a leaked sdk, or by what methods are people like xyz using? Did they go through and rewrite the whole entire codebase to get it to compile? Are they using a different webkit like a ps4 version? Are they using the original webkit and mispoke on saying it was sony's?
It would be nice if in the series on how the exploit works, xyz took a few sentences to explain his build enviroment and what he did to set it up, as it is a major step if indeed they are using sony webkit + linux. That way we can follow along and experiment with the javascript stuff they are using.
xyz says “If you run it on a Linux host using Sony’s WebKit” where "it" is a snippet of javascript , which implies they got it to compile.
I downloaded the 3.50-3.60 webkit archive, and tried various ways(makefile, ./configure, cmake) to build the make files. The sourcode seems to indicate using xcodebuild, but xyz mentioned linux and that is also what I am using. I got the farthest with clang and cmake, but I was still halted when it says missing headers like JITBridge.h, RemotePointerWrapper.h, and missing structures which I assume are in those headers like sStructureClassInfo.
My search on google indicates no mention of any of these missing headers or structures.
I’m guessing they used the JSC utility , which can run javascript engine standalone on the command line for testing.
Are those headers in some obtusely named tarbal/zipfile on sony’s site, in a leaked sdk, or by what methods are people like xyz using? Did they go through and rewrite the whole entire codebase to get it to compile? Are they using a different webkit like a ps4 version? Are they using the original webkit and mispoke on saying it was sony's?
It would be nice if in the series on how the exploit works, xyz took a few sentences to explain his build enviroment and what he did to set it up, as it is a major step if indeed they are using sony webkit + linux. That way we can follow along and experiment with the javascript stuff they are using.
Re: 3.60 browser
i thin they use gyp to build
-
wololofan1
- Posts: 3
- Joined: Mon Aug 22, 2016 12:24 pm
Re: 3.60 browser
They might use gyp in part, but that would only solve part of the problem, doesn't fixup all the JITBridge and custom structure, variables, etc from headers that are missing.
Re: 3.60 browser
Kind of. https://xyz.is/misc/patch-buildable3.diffwololofan1 wrote:Did they go through and rewrite the whole entire codebase to get it to compile?
and one more https://gist.github.com/xyzz/b89bc1c0d9 ... cd072348e8
-
wololofan1
- Posts: 3
- Joined: Mon Aug 22, 2016 12:24 pm
Re: 3.60 browser
Thank you for making your work more accessible. These and a little jostling allowed it to compile.xyz wrote:Kind of. https://xyz.is/misc/patch-buildable3.diffwololofan1 wrote:Did they go through and rewrite the whole entire codebase to get it to compile?
and one more https://gist.github.com/xyzz/b89bc1c0d9470425192bcdcd072348e8
------------------------------------
Alright I have gotten it to compile thanks to the above. Here is a small script to setup pre-build using those files. It will generate the JITStubEntries.h header, but you'll still need to download the patch-buildable3.diff (base64 encoded mirrors here: 1 | 2 | 3) file so it can apply it since I didn't want to uuencode it into the below. It also sed a couple files, chmods some build scripts, touch to create some headers, etc. It is very basic and dumb also, so can be used as a guide of what you need to do if it fails to work.
Code: Select all
echo run this in the same folder that contains the webkit_537_73 folder unzipped.
patch -p5 < patch-buildable3.diff
cat << "JITSTUB" > JITStubEntries.h
#pragma once
#define DEFINE_STATIC_sStructureClassInfo
#define DEFINE_STATIC_sJSStringClassInfo
#define DEFINE_STATIC_sJSObjectClassInfo
#define DEFINE_STATIC_sJSFinalObjectClassInfo
#define DEFINE_STATIC_sFunctionExecutableClassInfo
#define DEFINE_STATIC_sArgumentsClassInfo
#define DEFINE_STATIC_sJSArrayClassInfo
#define DEFINE_STATIC_sJSFunctionClassInfo
#define DEFINE_STATIC_sStringObjectClassInfo
#define DEFINE_STATIC_CLASSINFO(a)
#define DEFINE_REMOTE_VAR_PTR(a, b)
#define REMOTE_VAR_PTR(a) &a
#define ASSERT_NOT_REACHED_BY_DETACHED_JIT()
#define ENABLE_DETACHED_JIT 0
#define BUILDING_DETACHED_JIT 0
#define sFunctionExecutableClassInfo &FunctionExecutable::s_info
#define sJSFinalObjectClassInfo &JSFinalObject::s_info
#define sJSFunctionClassInfo &JSFunction::s_info
#define sJSObjectClassInfo &JSObject::s_info
#define sJSStringClassInfo &JSString::s_info
#define sStringObjectClassInfo &StringObject::s_info
#define sArgumentsClassInfo &Arguments::s_info
#define sJSArrayClassInfo &JSArray::s_info
#define sInternalFunctionClassInfo &InternalFunction::s_info
#define sArgumentsClassInfo &Arguments::s_info
JITSTUB
cp JITStubEntries.h webkit_537_73/Source/JavaScriptCore/JITStubEntries.h
chmod +x webkit_537_73/autogen.sh
chmod +x webkit_537_73/Tools/gtk/generate-feature-defines-files
chmod +x webkit_537_73/Tools/Scripts/build-webkit
touch webkit_537_73/Source/JavaScriptCore/runtime/JSCBridgeToll.h
touch webkit_537_73/Source/JavaScriptCore/bytecode/JSCBridge.h
sed -i 's/ASSERT(structure/\/\/ASSERT(structure/g' webkit_537_73/Source/JavaScriptCore/runtime/Structure.h
sed -i 's/ASSERT(structure/\/\/ASSERT(structure/g' webkit_537_73/Source/JavaScriptCore/runtime/Structure.cpp
Seems to work fine with clang and gcc.
If you want to get --enable-static working (and --disable-shared if you want a static executable), at minimum you'll have to edit Source/autotools/SetupLibtool.m4 and remove the thin "T" from the "cruT" flags for ar , and do the same for libtool in the build directory if you already generated it, and ensure you are starting with a clean build. Or modify the build steps for libWTF to not be made thin.
You'll see jsc in Programs, it can run scripts as shown in xyz's writeup.