wololo.net/talk

hi,
i finally got around to do some cleanup and...
here you are: https://www.sendspace.com/file/mdunzp

this package contains:

• ROP POC
• Module Dumpers
• helper script for creating rop chains
• other stuff

thanks a lot to Proxima for helping me!

thanks nas! nice work mate!

nas wrote:...

Always interested to see how other people are doing theirs.
Thanks for sharing nas and Proxima.

That one WebKit bug is the gift that keeps on giving.

so i take it that this is a port of the vita webkit but for PS4.

is it safe to say i should NOT update my PS4's fw to 2.00 when it is released?

just looking forward to some cool homebrew and hacks for my psvita and PS4.

anhell28 wrote:so i take it that this is a port of the vita webkit but for PS4.

I don't believe so, no. This was done in tandem, separately.

We're referring to the same bug in WebKit itself that is being used by different people in different ways.

The 64bit version is a bit different. It is the same heap corruption via the sort() bug, but from there its different. On 32bit you can set the Uint32Array to 0x40000000 size and access any memory. On 64bit, you have to carefully change the base address since the 0x40000000 trick doesn't work for a 64bit address space.

How does a average joe like me, test this POC with the download files given

Proxima wrote:The 64bit version is a bit different. It is the same heap corruption via the sort() bug, but from there its different. On 32bit you can set the Uint32Array to 0x40000000 size and access any memory. On 64bit, you have to carefully change the base address since the 0x40000000 trick doesn't work for a 64bit address space.

Yeah, I noticed that when having a look through. Nice, by the way.

thank you guy's for all your work so far...keep it up.