The PlayStation 4 (PS4) firmware of choice for the hacking community has been firmware v1.76, as developer's have taken advantage of that webkit exploit in the firmware and have been able to achieve various things, most notable being able to install Linux on your PS4 with the ability to run apps like the Steam App with graphic acceleration for example However things could change for the PS4 as the recent HENkaku exploit for the PS Vita / PSTV has been ported to the PS4 's 3.55 Firmware by developer Fire30.
So this means a new webkit exploit is now in the wild for the PS4 and provides us code execution in 3.55, The webkit exploit for 3.55 would still need some additional work and exploitation before things would shake out like it is in the current 1.76 firmware on the PS4 with regards to things like Linux Support. However, this HENkaku exploit could bring some intriguing things to 3.55 firmware and being a current firmware will sure be avaiable to much more people then the advancements we seen in v1.76. So, stay tuned to your leader in PlayStation Hacking Coverage the one and only PSX-Place, as this story will is sure to develop and evolve over the next several days / weeks / months..
PS4 3.55 Code Execution
This repo contains a PoC for getting code execution on ps4's with firmware version 3.55 It uses the same webkit vulnerability as the henkaku project. So far there is basic ROP working and returning to normal execution is included. Next steps will be to map a jit page sucessfully and getting actual shellcode executed.
UsageYou need to edit the dns.conf to point to the ip address of your machine, and modify your consoles dns settings to point to it as well.
- python fakedns.py -c dns.conf
Debug output will come from this process.
- python server.py
Navigate to the User's Guide page on the PS4 and information about the exploit and all loaded modules should be printed out. This is an example of what running it will look like: https://gist.github.com/Fire30/2e0ea2d73d3a1f6f95d80aea77b75df8
There are a few notes:
- The exploit is not 100% reliable currently. It is more like 80% which is good enough for our purposes. So if it does not work on first try, try a few more times. Also doing to much allocating after the sort() is called can make it more unstable.
- The process will crash after the rop is done executing.
- xyz - Much of the code is based off of his code used for the henkaku project
- Anonymous contributor - WebKit vulnerability PoC
- CTurt - I basically copied his JuSt-ROP idea
PS4 HENkaku Ported to PlayStation 4 (PS4) - 3.55 Firmware Code Execution POC by Fire30
By STLcardsWS on Aug 6, 2016 at 6:34 PM
FERROX 4.82 v1.01 COBRA 7.55 by AlexanderNew CFW build released from developer @Alexander, in this build we can find the introduction of the new 7.55 COBRA This updated version of COBRA includes a bug fix for deleting PKGs and Game Updates that was present in v7.54. Alexander & Beta Tester's (@ CyberModding,it) discovered this problem during a late test session before release of FERROX v1.01. There are also other fixes contained in this new build as outlined in the release note provided below for 4.82 FERROX COBRA (v7.55) CFW v1.01Continue reading
4.82 NoBD CFW Options ( REBUG / FERROX / OVERFLOW ) : Unable to boot Apps / Games from PS3 XMB?Here is a type of CFW for PlayStation 3 consoles with a broken BD Logic Board/Drive and contains an issue of not being able to boot anything from the PS3 XMB. It does not matter if the content is stored on the DISC or HDD, you can not launch anything from the XMB with PS3 Console's contain this defect. If that sounds like a PS3 console you have laying around or know someone who might have that issue, there is good news as there is an easy fix (Yes, Sony its easy and Sony should issue this patch themselves). Simply by disabling & patching the Disc drive, developer's in the PS3 community have found out this allows those otherwise useless consoles to launch items once again from the PS3 XMB, So play your purchased Content from PSN / Disc Backups ect/ Purchase things from PSN store/ play video & use services once again on your PS3. noBD CFW for a majority will never be used, but is a great option for PS3 owners that are otherwise stuck with a broken console that would only use would be a power hungry screensaver. So lets take a look at some of the NoBD CFW options and favors we have seen released to this pointContinue reading
TubeVita v1.02 [by thehero_] "The Return of YouTube on your PSVITA"Two years ago the YouTube application for PSVITA was deleted from the PlayStation Store along with support. I created a simple application that allows you to use YouTube directly from the web browser with the use of uri call and with easy functions. I also posted the code source on GitHub (editable by everyone) and the download availableContinue reading
Share This Page
- 4.81 cfw
- henkaku homebrew
- homebrew game
- playstation 2
- playstation 2 emulator
- playstation 2 resources
- playstation portable
- playstation portable cfw
- playstation portable emulator
- playstation portable resources
- playstation tv
- ps tv
- ps vita
- ps2 emulator
- ps2 resources
- ps3 cfw
- ps3 homebrew
- psp cfw
- psp emulator
- psp resources
- pstv homebrew
- vita homebrew
- vita tv
- webman mod
- xmb mod
- User Record:
- Latest Member:
- Nuno Fernandes