HENkaku: xyz explains the PS Vita 3.60 / PS4 3.55 Webkit exploit in details
Developer xyz just published a lengthy and detailed explanation of the Webkit exploit (used in the HENkaku hack on PS Vita 3.60) on his blog.
The first step of the HENkaku hack is a webkit exploit, based on a proof of concept acquired by Team molecule from an undisclosed source. The exploit was not a known bug in Webkit, at least not publicly.
In the writeup, xyz explains how the exploit is initially triggered, how it unlocks arbitrary Read/Write in memory while defeating ASLR, Stack pivot protection, and other security measures put in place on the Vita to prevent arbitrary code execution. Xyz also explains how the Webkit part of the hack was patched in firmware 3.61.
The Webkit exploit itself is only the first step of the HENkaku hack. Some people have already partially explained some of the HENkaku hack (also see here), but obviously the explanation from one of the authors of the hack brings lots of additional details.
Yifanlu has challenged people from the security community to reverse engineer the HENkaku exploit, in an attempt to bring more interest to the Vita hacking scene. Xyz, as one of the hackers behind HENkaku, is not participating in the challenge but promised to bring full explanations after other people unravel more layers of the exploit by themselves.
You can read the full writeup on xyz’s blog here.
Last
First…
I feel important now.
I was reading this in the morning….quite interesting stuff,I didn’t realized that it was written by xyz until now.
It was a bit of a dissapointment really…I was hoping that the person who wrote it would win the KOTH challenge.
haha…
me 2…
thanks to everyone working on ressurecting psvita .. 🙂
>resurrecting the psvita
And yet another person who completely looks over the fact that the vita has some amazing third party support and has in fact been very much alive and well over the past few years.
Amazing japanese trash support 😀
I second that. 2D indie platformers definitely don’t make the console alive… Obviously if you’d be in that target group who likes jrpgs and platformers you’d think PSV is so rich in games. I’m may more in the generic/mainstream type of player who likes to see big titles and games with rich new content. For me the PSV is dead, since the console was intended for mainly AAA titles but that never happened.
Closed-minded much?
The sadness of your words only reflects the state of your soul. 🙂
Vita has been oriented to anime-fans for years now, you shouldn’t even bother with it if you’re not into anime/Jrpg related games.
Beside, each consoles in the past has got their own “weird” games released, crying about the vita’s ones isn’t relevant.
Vita was oriented to Uncharted, Wipeout, Unit 13, Resistance, Call of Duty, Sly Cooper, Need for Speed, Assassin’s Creed, Killzone, Batman when I bought it.
That’s a nicely made answer to a challenging question
Like what? Trash barrage by IF, which didn’t even sell that well back home, so it geta shoveled of to western weebs who will lap it up and ask for more? Titty games for 30-year-old japaneese basement virgins, which wouldn’t even be considered for localization in PSP days? OMG 16-bit Earthbound-Metroid-Castlevania-roguelike-(ripoff) 2d pixel procedurally generated nostalgia-fueled trash (1 dollar on steam sale in a week after release)?
I’m glad I’m not the only person who realises this.
where is the ps4 webkit
Hi, I’ve been on holiday in Japan wit no way of getting my Vita online. Is t possible to update to 3.60 without going to 3.61?
It’s not a big issue if not, I hardly play my vita but it’d be nice to have.
Thanks
http://wololo.net/2016/08/09/manually-update-ps-vita-firmware-3-60/
Just waiting for emulator of psp and ps1
This is almost the same as the jailbreakme.com jailbrek for iPhone used on iOS 5
TN-V will be launch for Henkaku?
xyz says “If you run it[a snipped of javascript] on a Linux host using Sony’s WebKit” , but what exactly are they doing to compile Sony’s version of webkit?
I’m guessing they used the https://trac.webkit.org/wiki/JSC , JSC utility which can run javascript standalone on the engine for testing.
I downloaded the webkit for 3.50 to 3.60 from here: http://doc.dl.playstation.net/doc/psvita-oss/webkit.html , managed to build the make files with clang and cmake, and it says missing headers like JITBridge, RemotePointerWrapper, and missing structures which I assume are in those headers like sStructureClassInfo.
Are those packages in some obtusely named tarbal/zipfile on sony’s site, in a leaked sdk, or by what methods are people like xyz using? Did they go through and rewrite the whole entire codebase to get it to compile?
It would be nice if such a large step had a few sentences of how to get it working so we can run the javascript like they are.
They responded with some patch files here: http://wololo.net/talk/viewtopic.php?p=410353&sid=88c3e96ed48e24f7e73a33890929794b#p410353
wololofan1 wrote:
>Did they go through and rewrite the whole entire codebase to get it to compile?
xyz:
>Kind of. https://xyz.is/misc/patch-buildable3.diff
>and one more https://gist.github.com/xyzz/b89bc1c0d9470425192bcdcd072348e8
Simply a smiling visitant here to share the love (:, btw outstanding design and style.