JavaScript, The PSV web browser and Hacking the Vita

[hgoel0974]

Read the page on javascript on wikipedia, look into security section, in the subsection browser and plugin coding errors there is a magical word "buffer overflow".

We can use JavaScript to run the unsigned code,a widget/function that might be exploited is the file uploader,on psv browser allows to upload images stored on the system , through javascript we could hack through the browser using a buffer overflow, just an idea and i am working into it, I guess to hack the vita we also need to start thinking a bit like virus programmers or web hackers, just a bit, we might be able to use techniques generally used by such hackers to get unsigned content on the psv, html5 isn't preferable because the psv doesn't seem to use it very well

[yifanlu]

Webkit's sandbox is very tight which is why so many companies use it. In fact, if you can hack the vita by exploiting webkit (or javascriptkit as part of webkit), google will pay you tens of thousands of dollars. If you sell that exploit in the black market, you may make even more.

In fact, if you manage to hack webkit, you possibly have just hacked ios, android, windows (chrome), osx (chrome/safari), and so on. Which is why it's so valuable.

[jrbo]

Webkit's sandbox is very tight which is why so many companies use it. In fact, if you can hack the vita by exploiting webkit (or javascriptkit as part of webkit), google will pay you tens of thousands of dollars. If you sell that exploit in the black market, you may make even more.

In fact, if you manage to hack webkit, you possibly have just hacked ios, android, windows (chrome), osx (chrome/safari), and so on. Which is why it's so valuable.

Wasn't there an ios jailbreak that u had to go to.a website and s slide a bar to jailbreak?

[celcodioc]

IIRC JailbreakMe exploited a PDF security flaw, which wasn't related to WebKit at all.

[jrbo]

IIRC JailbreakMe exploited a PDF security flaw, which wasn't related to WebKit at all.

Thanks for clearing the up,
All this is very interesting how do u guys go about to finding these flaws and exploits is their a program that monitors buffer overflows or something?

[yifanlu]

IIRC JailbreakMe exploited a PDF security flaw, which wasn't related to WebKit at all.

Thanks for clearing the up,
All this is very interesting how do u guys go about to finding these flaws and exploits is their a program that monitors buffer overflows or something?

I think there's a tutorial on how to find them on the psp. Now, if we know how to do it on vita, we would have found one already.

[hgoel0974]

did some research on html5 ,it seems it might be more easily exploited.according to a google search on html5 vulnerability i got results which may really be the
key but there is something i don't understand ,the psv browser is
told to support html5 but none of the websites identify it as such


as for the webkit security well I have also heard of that challenge but had not known that the psv uses webkit

[wololo]

In fact, if you manage to hack webkit, you possibly have just hacked ios, android, windows (chrome), osx (chrome/safari), and so on. Which is why it's so valuable.

The webkit version on the vita suggests that it might be vulnerable to this:
http://www.exploit-db.com/exploits/16974/

I have tried, and indeed got some weird behavior, but never got to a point where I could definitely say "well yeah, it is vulnerable". Some of you might want to look into it.
I tested back on 1.61, it is possible they updated the browser since then.

[celcodioc]

In fact, if you manage to hack webkit, you possibly have just hacked ios, android, windows (chrome), osx (chrome/safari), and so on. Which is why it's so valuable.

The webkit version on the vita suggests that it might be vulnerable to this:
http://www.exploit-db.com/exploits/16974/

I have tried, and indeed got some weird behavior, but never got to a point where I could definitely say "well yeah, it is vulnerable". Some of you might want to look into it.
I tested back on 1.61, it is possible they updated the browser since then.

What exactly happened? I can't seem to get it working on 1.69.1.

[wololo]

What exactly happened? I can't seem to get it working on 1.69.1.

The browser looked like it was thinking a lot for a few minutes, and was basically unusable. A fixed version would display an error or strange page almost immediately, from what I could see. I am not entirely sure, and without the proper tools to test I decided to give up on this one, so I am not entirely sure the browser is actually vulnerable to this.