by snooping around in FW 3.15 I have found at least two new
entry points where the webkit exploit is working. Yes the
webkit exploit is still working on FW 3.15 (the skilled people here already knew this),
the difference is, it cannot be exploited in the browser but from a different place.
Changing some of Nas, Proxima and CTurt's code I am able to dump the memory the ps4.
I have identified the base address of two processes and some modules loaded by the
application I am using as entry point.
I am trying to get some code execution in form of ROP to work, this could be used
to trigger some kernel exploit that maybe will be found in the future.
The problem I am facing, is that I do not know how to find the address on the stack
where I should write the ROP chain.
Is there anybody out there who is able to give me some help? Thank you in advance.
And of course thanks to Nas, Proxima and CTurt.
Advertising