Advertising (This ad goes away for registered users. You can Login or Register)

Working Webkit exploit on FW 3.15

Underground PS4 discussions
Forum rules
Forum rule Nº 15 is strictly enforced in this subforum.
Locked
m0rph3us1987
Posts: 1
Joined: Thu Mar 24, 2016 10:15 am

Working Webkit exploit on FW 3.15

Post by m0rph3us1987 »

Hi,
by snooping around in FW 3.15 I have found at least two new
entry points where the webkit exploit is working. Yes the
webkit exploit is still working on FW 3.15 (the skilled people here already knew this),
the difference is, it cannot be exploited in the browser but from a different place.

Changing some of Nas, Proxima and CTurt's code I am able to dump the memory the ps4.

I have identified the base address of two processes and some modules loaded by the
application I am using as entry point.

I am trying to get some code execution in form of ROP to work, this could be used
to trigger some kernel exploit that maybe will be found in the future.

The problem I am facing, is that I do not know how to find the address on the stack
where I should write the ROP chain.

Is there anybody out there who is able to give me some help? Thank you in advance.


And of course thanks to Nas, Proxima and CTurt.
Advertising
fx0day
Posts: 17
Joined: Tue Mar 15, 2016 4:51 pm

Re: Working Webkit exploit on FW 3.15

Post by fx0day »

The apps that are using the webkit are useless, since as Cturt said, they have no access to JIT... only the main browser does.
but he did say, ROP still works in them, and you could trigger a kernel exploit from them, but for the most part they're not feasible....

Thanx to Zer0xFF for the tip ;)
Advertising
abcdf
Posts: 2
Joined: Fri Oct 31, 2014 3:26 pm

Re: Working Webkit exploit on FW 3.15

Post by abcdf »

fimox@hotmail.com
Posts: 1
Joined: Sun Apr 17, 2016 7:45 am

Re: Working Webkit exploit on FW 3.15

Post by fimox@hotmail.com »

Well done m0rph3us1987 ! :)

Have you thinked about selling your 3.15 PS4 for a new or 2nd hand 2.xx PS4 ? (easy to find...)
You won't loose too much money and you will be able to reuse the dlclose kernel exploit.

Open it to 2.xx PS4 will make it grow the comunity at least by x10 I think !
Locked

Return to “Programming and Security”