Advertising (This ad goes away for registered users. You can Login or Register)

PS4 1.76 Webkit ROP POC

Underground PS4 discussions
Forum rules
Forum rule Nº 15 is strictly enforced in this subforum.
nas
Posts: 10
Joined: Thu Aug 14, 2014 6:35 am

PS4 1.76 Webkit ROP POC

Post by nas » Thu Oct 23, 2014 7:49 pm

hi,
i finally got around to do some cleanup and...
here you are: https://www.sendspace.com/file/mdunzp

this package contains:
  • ROP POC
  • Module Dumpers
  • helper script for creating rop chains
  • other stuff :P
thanks a lot to Proxima for helping me!
Advertising

Belmondo
Posts: 102
Joined: Sat Jan 01, 2011 6:32 pm

Re: PS4 1.76 Webkit ROP POC

Post by Belmondo » Thu Oct 23, 2014 8:31 pm

thanks nas! nice work mate! :)
Advertising

User avatar
josh_axey
Retired Mod
Posts: 266
Joined: Sun Oct 07, 2012 10:14 pm
Location: /dev/null
Contact:

Re: PS4 1.76 Webkit ROP POC

Post by josh_axey » Thu Oct 23, 2014 9:38 pm

nas wrote:...
Always interested to see how other people are doing theirs.
Thanks for sharing nas and Proxima.
Catch me: on Twitter | on GitHub | Rambling
【・ヘ・?】0b00000101

yifanlu
Guru
Posts: 760
Joined: Sun Mar 11, 2012 6:42 am
Contact:

Re: PS4 1.76 Webkit ROP POC

Post by yifanlu » Thu Oct 23, 2014 10:01 pm

That one WebKit bug is the gift that keeps on giving.

anhell28
Posts: 33
Joined: Mon Apr 16, 2012 2:07 am

Re: PS4 1.76 Webkit ROP POC

Post by anhell28 » Thu Oct 23, 2014 10:59 pm

so i take it that this is a port of the vita webkit but for PS4.

is it safe to say i should NOT update my PS4's fw to 2.00 when it is released?

just looking forward to some cool homebrew and hacks for my psvita and PS4.

User avatar
josh_axey
Retired Mod
Posts: 266
Joined: Sun Oct 07, 2012 10:14 pm
Location: /dev/null
Contact:

Re: PS4 1.76 Webkit ROP POC

Post by josh_axey » Thu Oct 23, 2014 11:41 pm

anhell28 wrote:so i take it that this is a port of the vita webkit but for PS4.
I don't believe so, no. This was done in tandem, separately.

We're referring to the same bug in WebKit itself that is being used by different people in different ways.
Catch me: on Twitter | on GitHub | Rambling
【・ヘ・?】0b00000101

Proxima
Guru
Posts: 47
Joined: Mon Jan 03, 2011 2:38 pm

Re: PS4 1.76 Webkit ROP POC

Post by Proxima » Fri Oct 24, 2014 12:11 am

The 64bit version is a bit different. It is the same heap corruption via the sort() bug, but from there its different. On 32bit you can set the Uint32Array to 0x40000000 size and access any memory. On 64bit, you have to carefully change the base address since the 0x40000000 trick doesn't work for a 64bit address space.

ninjadudexp
Posts: 30
Joined: Sat Feb 08, 2014 8:42 am

Re: PS4 1.76 Webkit ROP POC

Post by ninjadudexp » Fri Oct 24, 2014 12:29 am

How does a average joe like me, test this POC with the download files given

User avatar
josh_axey
Retired Mod
Posts: 266
Joined: Sun Oct 07, 2012 10:14 pm
Location: /dev/null
Contact:

Re: PS4 1.76 Webkit ROP POC

Post by josh_axey » Fri Oct 24, 2014 1:26 am

Proxima wrote:The 64bit version is a bit different. It is the same heap corruption via the sort() bug, but from there its different. On 32bit you can set the Uint32Array to 0x40000000 size and access any memory. On 64bit, you have to carefully change the base address since the 0x40000000 trick doesn't work for a 64bit address space.
Yeah, I noticed that when having a look through. Nice, by the way.
Catch me: on Twitter | on GitHub | Rambling
【・ヘ・?】0b00000101

anhell28
Posts: 33
Joined: Mon Apr 16, 2012 2:07 am

Re: PS4 1.76 Webkit ROP POC

Post by anhell28 » Fri Oct 24, 2014 2:14 am

thank you guy's for all your work so far...keep it up.

Post Reply

Return to “Programming and Security”