PS4 HENkaku Ported to PlayStation 4 (PS4) - 3.55 Firmware Code Execution POC by Fire30

Discussion in 'PS4 News' started by STLcardsWS, Aug 6, 2016.

By STLcardsWS on Aug 6, 2016 at 6:34 PM
  1. 5,564
    3,046
    123
    STLcardsWS

    STLcardsWS Administrator

    Joined:
    Sep 18, 2014
    Messages:
    5,564
    Likes Received:
    3,046
    Trophy Points:
    123
    The PlayStation 4 (PS4) firmware of choice for the hacking community has been firmware v1.76, as developer's have taken advantage of that webkit exploit in the firmware and have been able to achieve various things, most notable being able to install Linux on your PS4 with the ability to run apps like the Steam App with graphic acceleration for example However things could change for the PS4 as the recent HENkaku exploit for the PS Vita / PSTV has been ported to the PS4 's 3.55 Firmware by developer Fire30.

    So this means a new webkit exploit is now in the wild for the PS4 and provides us code execution in 3.55, The webkit exploit for 3.55 would still need some additional work and exploitation before things would shake out like it is in the current 1.76 firmware on the PS4 with regards to things like Linux Support. However, this HENkaku exploit could bring some intriguing things to 3.55 firmware and being a current firmware will sure be avaiable to much more people then the advancements we seen in v1.76. So, stay tuned to your leader in PlayStation Hacking Coverage the one and only PSX-Place, as this story will is sure to develop and evolve over the next several days / weeks / months..

    playstation4-250-update.jpg


    • PS4 3.55 Code Execution

      This repo contains a PoC for getting code execution on ps4's with firmware version 3.55 It uses the same webkit vulnerability as the henkaku project. So far there is basic ROP working and returning to normal execution is included. Next steps will be to map a jit page sucessfully and getting actual shellcode executed.​

    • Usage
      You need to edit the dns.conf to point to the ip address of your machine, and modify your consoles dns settings to point to it as well.
      Then run
      • python fakedns.py -c dns.conf
      then
      • python server.py
      Debug output will come from this process.
      Navigate to the User's Guide page on the PS4 and information about the exploit and all loaded modules should be printed out. This is an example of what running it will look like: https://gist.github.com/Fire30/2e0ea2d73d3a1f6f95d80aea77b75df8
      There are a few notes:
      • The exploit is not 100% reliable currently. It is more like 80% which is good enough for our purposes. So if it does not work on first try, try a few more times. Also doing to much allocating after the sort() is called can make it more unstable.
      • The process will crash after the rop is done executing.

    • Acknowledgements
      • xyz - Much of the code is based off of his code used for the henkaku project
      • Anonymous contributor - WebKit vulnerability PoC
      • CTurt - I basically copied his JuSt-ROP idea


    Source: github.com/Fire30/
    Thanks to our own moderator: @atreyu187 for the News Alert
     
    Last edited by a moderator: Aug 6, 2016

Comments

Discussion in 'PS4 News' started by STLcardsWS, Aug 6, 2016.

    1. STLcardsWS
      STLcardsWS
      Looks like i might have to finally buy me a PS4, all of sudden it has features that interest me :)
      cocoba, bitsbubba and ed89 like this.
    2. ed89
      ed89
      I just had the same thoughts after reading the thread
      STLcardsWS likes this.
    3. barelynotlegal
      barelynotlegal
      Not sure what ofw im on its the latest, and just got done inplugging my lan cable lol. Was bummed, got it in dec and it had the 1.76 but at that time no exploit was available.
      Just keeps getting better and better. Must be a good one since their contest is to see who can reverse engineer their mod/hack and is available for personal hosting or offline
    4. bguerville
      bguerville
      The 1.76 webkit exploit was officially announced in December....!! [emoji6]

      Am glad I was patient & waited for another webkit exploit on a more recent fw.
      Now let's hope an exploit like the current dlclose for 1.76 is found soon for 3.55 as well....
      3.55.. funny the coincidence with the ps3 fw version... A milestone for both consoles? Maybe.. Maybe not...

      Sent with Tapatalk
      Last edited: Aug 6, 2016
      cocoba, atreyu187 and STLcardsWS like this.
    5. STLcardsWS
      STLcardsWS
      PSTV / VITA -- 3.60 not far off lol

      But PS3 was actually 3.41 :)
      cocoba, bitsbubba and bguerville like this.
    6. bguerville
      bguerville
      Yeah... [emoji5]️

      Sent with Tapatalk
    7. barelynotlegal
      barelynotlegal
      Thats is was bummed. Got a few weeks before it was out. Couldnt wait to play online lol
    8. bigbossu
      bigbossu
      wow, scene gone wild these days.
      Kinda remenbers me of the old days when ps3/psp blow open. I knew sony should have skiped 3.55 firmware for ps4 ;)
    9. noctis90210
      noctis90210
      they should postpone this hack until ps4neo's release, so that ps4neo could also benefit from this.

      if they release this early, sony might fix it and it couldn't reach ps4neo
    10. kozarovv
      kozarovv
      Good point, but after vita henkaku release $ony will check their webkit on every console for future firmwares, doesn't matter is other platform henkaku released or no.
      STLcardsWS likes this.
    11. Xplaya
      Xplaya
      Wow just Wow !!!!
    12. bguerville
      bguerville
      Henkaku had to come out at some point & I am asking myself if there is ever a "good time" to release an exploit knowing it will be patched in the next update?
      I think to begin with, we are just lucky some people looked for it, found it & released it!
      Now a kernel exploit would be nice... [emoji5]️

      Anyway with the wave of webkit exploit lately Sxxy should surely be more vigilant in the future with its browser..

      Sent with Tapatalk
      cocoba, STLcardsWS and atreyu187 like this.
    13. atreyu187
      atreyu187

      There is no way Sony wouldn't patch this by Neo launch. Better now then never.
      bguerville likes this.
    14. STLcardsWS
      STLcardsWS
      I may have to disagree with you right on that one. :).. They can delay or do anything they want.
    15. ed89
      ed89
      PS Vita Webkit exploit now hacking the ps4 what a irony
      OK ps Vita and PS4 are not fully hacked but its a good and unforseen progression especially for PS Vita because most hackers are more interested in hacking the PS4 rather than the PS Vita
      Last edited: Aug 7, 2016
    16. pinky
      pinky
      I just downloaded the August ps+ free games just in case sony patches this exploit. hopefully, that ps4 update blocker works for later firmware, so I can continue getting all the ps+ free games.
      El Juri likes this.
    17. Skiller
      Skiller
      Sony could just take the web browser out. of there next systems .
      STLcardsWS likes this.
    18. STLcardsWS
      STLcardsWS
      Its a fair point to consider (i assume you mean firmware), They did it with Linux on PS3, however linux (hacking) was only part of the story there with that IMO. I do not think they do it for HENkaku, but down the road if patched and more exploiting is made then i could see it. But then again i could also see it now. Who knows but a great point to consider
      bitsbubba likes this.
    19. bguerville
      bguerville
      I wonder to what extent they could actually contemplate releasing a console without some kind of browser nowadays...

      Sent with Tapatalk

Share This Page