PS4: Webkit exploit released for 6.xx, could potentially work on 7.xx
Security researchers Mehdi Talbi and Quentin Meffre of French Infosec company Synacktiv have disclosed yesterday a Webkit exploit running on the PS4. The exploit, they say, runs on 6.xx firmwares, and could possibly be tweaked to run on 7.xx.
The fact that hacking utilities are publicly available up to 6.72 made it easier for the security researchers to weaponize their exploit on firmwares 6.xx. On 7.xx, however, they say further research is required to port their work. It is possible that hackers on the scene, with access to more exploits, could work on porting this webkit entry point to 7.xx firmwares.
Brute forcing on the PS4 is tedious as the browser requires a user interaction in order to restart. Our idea is to plug a Raspberry Pi that acts as a keyboard on the PS4. Its main goal is to hit enter at periodical time (5s) to restart the browser after the crash. The brute forced address is updated at each attempt and stored in a cookie. Unfortunately, we didn’t get any result so far. We probably haven’t run the brute force for a long enough period of time to cover the entire address space.
The exploit in itself leverages a use-after-free bug in function ValidationMessage::buildBubbleTree() of the Webkit DOM engine. People interested in how console exploitation works should give a read to the full writeup on Synacktiv’s blog.
For the PS4 hacking scene, this means it could be possible to couple this webkit exploit with TheFlow’s 7.02 kernel exploit, in order to provide a jailbreak for 7.02 owners.
It is unclear if, and when, Sony patched this exploit on the PS4. More digging will probably be required by the scene on that front.
Download PS4 6.xx Webkit exploit from Synacktiv
The exploit proof of concept can be downloaded on Synacktiv’s github. This will probably only be useful at the moment for people who intend to work on a port for firmwares above 6.72
Source: Synacktiv on twitter
Don’t Do That. Don’t Give Me Hope
Well finally there is some progress at least so let´s hope there will be 7.xxx JB soon but without the need of Raspberry – dongle times should die with PS3!
i hope so christmas gift for all of us
PS4 is still a great console, this is good news.
You wont have it. I believe they will give us in late 2021 to early 2022. Dont bother. 🙂
This would be great, exactly a Christmas present I am still on 3.55
Homer had this all worked out years ago, who needs a Raspberry Pi
[img]https://i.makeagif.com/media/7-28-2014/AnSME7.gif[/img]
Great article Wololo, we know you’re a busy guy so we appreciate it.