The PlayStation 4 (PS4) firmware of choice for the hacking community has been firmware v1.76, as developer's have taken advantage of that webkit exploit in the firmware and have been able to achieve various things, most notable being able to install Linux on your PS4 with the ability to run apps like the Steam App with graphic acceleration for example However things could change for the PS4 as the recent HENkaku exploit for the PS Vita / PSTV has been ported to the PS4 's 3.55 Firmware by developer Fire30.
So this means a new webkit exploit is now in the wild for the PS4 and provides us code execution in 3.55, The webkit exploit for 3.55 would still need some additional work and exploitation before things would shake out like it is in the current 1.76 firmware on the PS4 with regards to things like Linux Support. However, this HENkaku exploit could bring some intriguing things to 3.55 firmware and being a current firmware will sure be avaiable to much more people then the advancements we seen in v1.76. So, stay tuned to your leader in PlayStation Hacking Coverage the one and only PSX-Place, as this story will is sure to develop and evolve over the next several days / weeks / months..
PS4 3.55 Code Execution
This repo contains a PoC for getting code execution on ps4's with firmware version 3.55 It uses the same webkit vulnerability as the henkaku project. So far there is basic ROP working and returning to normal execution is included. Next steps will be to map a jit page sucessfully and getting actual shellcode executed.
UsageYou need to edit the dns.conf to point to the ip address of your machine, and modify your consoles dns settings to point to it as well.
- python fakedns.py -c dns.conf
Debug output will come from this process.
- python server.py
Navigate to the User's Guide page on the PS4 and information about the exploit and all loaded modules should be printed out. This is an example of what running it will look like: https://gist.github.com/Fire30/2e0ea2d73d3a1f6f95d80aea77b75df8
There are a few notes:
- The exploit is not 100% reliable currently. It is more like 80% which is good enough for our purposes. So if it does not work on first try, try a few more times. Also doing to much allocating after the sort() is called can make it more unstable.
- The process will crash after the rop is done executing.
- xyz - Much of the code is based off of his code used for the henkaku project
- Anonymous contributor - WebKit vulnerability PoC
- CTurt - I basically copied his JuSt-ROP idea
PS4 HENkaku Ported to PlayStation 4 (PS4) - 3.55 Firmware Code Execution POC by Fire30
By STLcardsWS on Aug 6, 2016 at 6:34 PM
PS3xploit Resigner v1.3.0 + How to Convert PSX / PS2 / PSP for PS3Xploit HAN (v3.0)Ps3Xploit HAN (v3.0) has been a successful release and the team has continued the progression of the Resigning Tool. Since the release of et"HAN"al hack developer habib has made several updates to the resigning tool, However some user's have been having difficulty using and finding instructions for some tools but here is a great tutorial by PSX-Place user's @Sakimotor which cover the conversion of PSX / PS2 / PSP for PS3Xploit HAN, various details about this release can be found in the included notes attached.
PS3Xploit Tools v3.0 "HAN" released NoN CFW Compatible Slim & SuperSlim Models)The PS3Xploit Team has done it yet once again with an incredible breakthrough that has now just gone LIVE for everyone and as the recent teaser recently suggested it's for those later Slim & SuperSlim models who are not capable of using CFW (aka NoN CFW Compatible Models). While not a HEN (Homebrew Enabler) it's a volatile dose of "HAN" (short for etHANol). This version of the hack has evolved to offer something to every PS3 model now. All existing models will now have the ability to get PS3 games backup pkg installation and PS1/PS2/PSP emulators support among other features as outlined by developer bguerville who is going to take from here with this introduction of PS3Xploit v3.0 -- Codenamed: "HAN"
CelesteBlue previews a decrypted Kernel Dump from FW 3.65!
Not only the PS4 saw it's "Holy Grail release" a few days ago, now developer CelesteBlue has previewed on his Twitter-Account the Vita's version of the "holy grail". A decrypted kernel dump from the PS Vita's System Firmware 3.65, which looks very promising for future exploits on higher Firmware >3.60 and above.
Share This Page
Latest: mitrut0123, Mar 17, 2018 at 12:22 PM
Latest: JeffBofa, Mar 17, 2018 at 12:19 PM
Latest: Ps3_dev, Mar 17, 2018 at 12:06 PM
Latest: Shock, Mar 17, 2018 at 11:45 AM
Latest: Yan`, Mar 17, 2018 at 11:39 AM
Latest: homebrewisnice, Mar 17, 2018 at 11:29 AM
Latest: Not_Too_Noob, Mar 17, 2018 at 11:27 AM
- henkaku homebrew
- homebrew game
- playstation 2
- playstation 2 emulator
- playstation 2 resources
- playstation portable
- playstation portable cfw
- playstation portable emulator
- playstation portable resources
- playstation tv
- ps tv
- ps vita
- ps2 emulator
- ps2 resources
- ps3 cfw
- ps3 homebrew
- psp cfw
- psp emulator
- psp resources
- pstv homebrew
- vita homebrew
- vita tv
- webman mod
- xmb mod
- User Record:
- Latest Member: