WebKit ROP Chain Tutorials [Creation/Editing/Debugging] - PS3 Development

Discussion in 'PS3Xploit DeV / PoC' started by esc0rtd3w, Dec 18, 2017.

  1. 20
    4
    3
    V1CT0R PS3

    V1CT0R PS3 New Member

    Joined:
    Mar 5, 2018
    Messages:
    20
    Likes Received:
    4
    Trophy Points:
    3
    Gender:
    Male
    Did you mean that I can do this by watching your channel's ROP CHAIN videos?

    Sorry for my bad English
     
    esc0rtd3w likes this.
  2. 689
    1,580
    103
    esc0rtd3w

    esc0rtd3w Developer

    Joined:
    Mar 10, 2017
    Messages:
    689
    Likes Received:
    1,580
    Trophy Points:
    103
    Gender:
    Male
    Occupation:
    Hacker
    Location:
    OHIO, USA
    Home Page:
    Well...that and using the actual project files, yeah...I would say so.
     
  3. 20
    4
    3
    V1CT0R PS3

    V1CT0R PS3 New Member

    Joined:
    Mar 5, 2018
    Messages:
    20
    Likes Received:
    4
    Trophy Points:
    3
    Gender:
    Male
    Ok
     
    esc0rtd3w likes this.
  4. 20
    4
    3
    V1CT0R PS3

    V1CT0R PS3 New Member

    Joined:
    Mar 5, 2018
    Messages:
    20
    Likes Received:
    4
    Trophy Points:
    3
    Gender:
    Male
    I think it will not give I do not have a PS3 with REBUG installed only with HAN
     
  5. 689
    1,580
    103
    esc0rtd3w

    esc0rtd3w Developer

    Joined:
    Mar 10, 2017
    Messages:
    689
    Likes Received:
    1,580
    Trophy Points:
    103
    Gender:
    Male
    Occupation:
    Hacker
    Location:
    OHIO, USA
    Home Page:
    well clearly you did not read anything...as it supports 100% of all consoles, including all 4.xx FW versions and both OFW/CFW
     
  6. 20
    4
    3
    V1CT0R PS3

    V1CT0R PS3 New Member

    Joined:
    Mar 5, 2018
    Messages:
    20
    Likes Received:
    4
    Trophy Points:
    3
    Gender:
    Male
    Oh, sorry man, thank you.
     
    esc0rtd3w likes this.
  7. 261
    124
    53
    Sakimotor

    Sakimotor Member

    Joined:
    Nov 13, 2017
    Messages:
    261
    Likes Received:
    124
    Trophy Points:
    53
    Gender:
    Male
    Is there a way to boot an usb game mounted to dev_bdvd ? It gives a 8001009 error no matter the game
     
    KILLER_SEVEN likes this.
  8. 689
    1,580
    103
    esc0rtd3w

    esc0rtd3w Developer

    Joined:
    Mar 10, 2017
    Messages:
    689
    Likes Received:
    1,580
    Trophy Points:
    103
    Gender:
    Male
    Occupation:
    Hacker
    Location:
    OHIO, USA
    Home Page:
    you missed the point....that is a MOUNT TEST for a TUTORIAL lmao
     
  9. 261
    124
    53
    Sakimotor

    Sakimotor Member

    Joined:
    Nov 13, 2017
    Messages:
    261
    Likes Received:
    124
    Trophy Points:
    53
    Gender:
    Male
    I know, but I'm enoughly desperate to test stupid stuff :c
     
    esc0rtd3w likes this.
  10. 42
    19
    8
    KILLER_SEVEN

    KILLER_SEVEN Member

    Joined:
    Feb 28, 2018
    Messages:
    42
    Likes Received:
    19
    Trophy Points:
    8
    Gender:
    Male
    Location:
    Germany
    i think it has to do with the storage manager service and the sb_iso_spu_module.self but i don't know it exactly
     
    Sakimotor likes this.
  11. 42
    19
    8
    KILLER_SEVEN

    KILLER_SEVEN Member

    Joined:
    Feb 28, 2018
    Messages:
    42
    Likes Received:
    19
    Trophy Points:
    8
    Gender:
    Male
    Location:
    Germany
    hi

    is there any way to load a html file directly from a folder on dev_hdd0 or dev_usb000 on a ofw console?
     
    Sakimotor and V1CT0R PS3 like this.
  12. 7,075
    5,569
    123
    bguerville

    bguerville Moderator Developer

    Joined:
    Feb 25, 2015
    Messages:
    7,075
    Likes Received:
    5,569
    Trophy Points:
    123
    Location:
    Earth
    It's one of the first things the team considered back in October when we first got ROP execution.
    If there was a way, we would already have released all ps3xploit tools using that method rather than hosting them on a web server (locally on LAN or remotely like ps3xploit.com).

    The ps3 browser can use a number of protocols like http but none of them will let us load a local html file.
    There is a localhost web server on the PS3 however it's not a http server but rather a xml server, it won't serve html files to the browser through http as far as we can make out. To find out whether one of the various xml based protocols might help us with this would require more investigation as available documentation is limited.

    Having said that, currently, nobody knows a way to run local html files in the ps3 browser but it doesn't mean we won't find one, and if not with the ps3 browser itself, maybe with an embedded webkit in an official app. We are currently investigating a few of those, it may yield results..
     
    Last edited: Apr 10, 2018
    esc0rtd3w and KILLER_SEVEN like this.
  13. 42
    19
    8
    KILLER_SEVEN

    KILLER_SEVEN Member

    Joined:
    Feb 28, 2018
    Messages:
    42
    Likes Received:
    19
    Trophy Points:
    8
    Gender:
    Male
    Location:
    Germany
    ok

    and what about bd java? is there a way to run han enabler from a burned disc?
     
    esc0rtd3w likes this.
  14. 85
    35
    18
    PattrickH

    PattrickH Member

    Joined:
    Feb 22, 2018
    Messages:
    85
    Likes Received:
    35
    Trophy Points:
    18
    Gender:
    Male
    Location:
    Compton
    Run vía bd means homebrew

    Send from my PS5 via NASA
     
  15. 42
    19
    8
    KILLER_SEVEN

    KILLER_SEVEN Member

    Joined:
    Feb 28, 2018
    Messages:
    42
    Likes Received:
    19
    Trophy Points:
    8
    Gender:
    Male
    Location:
    Germany
    i know but i think if we find a way around the bd-j (Blu-Ray Disc Java) security checks/restrictions then we are able to run some exploits on a burned disc over the ps3 internal movie player!

    the bd-j system is used by bd movies for menus and bonus content etc...

    since the ps3xploit team has found a way to replace some files on the dev_flash of an ofw console i think it's possible to modify the bd-j files inside /dev_flash/bdplayer/bdjstack/ to disable the security restrictions on the bd-j system but i don't have the knowledge to do this I'm just an advanced user who can give ideas to go in the right direction

    sorry for my bad english
     
    esc0rtd3w and PattrickH like this.
  16. 689
    1,580
    103
    esc0rtd3w

    esc0rtd3w Developer

    Joined:
    Mar 10, 2017
    Messages:
    689
    Likes Received:
    1,580
    Trophy Points:
    103
    Gender:
    Male
    Occupation:
    Hacker
    Location:
    OHIO, USA
    Home Page:
    Search Is Now Fixed For Newest Repo Files!

    any issues, let me know.

    4.82 DEX support still needs added

    @KILLER_SEVEN i also was curious about java stuff and modification of the files in bdjstack directory/ mainly the bdjstack.jar and classes.zip. more of a curiousity to see if PS3 will do anything cool with modifications to these and other BD files

    PETT can replace these manually typing path names or adding to dropdown boxes, but a standalone tool to replace these files can easily be made, maybe we can push that out if anyone is curious as well

    also PETT XMB Menu updated to auto-support DEX/CEX depending on which VSH is loaded (thanks @DeViL303) links in OP
     
    Last edited: Apr 22, 2018
  17. 2
    0
    1
    cireap

    cireap New Member

    Joined:
    Jun 29, 2018
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Gender:
    Male
    Hi
    I've been following the times the hack development for ps3.
    There was a question and a possible suggestion ...
    It is possible to create a tool now that has the HAN. To do spoof of idps on OFW console?
    so PS3 ofw banned could install games through act.dat and rif files. It would need to have a valid id of course.
    Sorry for my bad English.
    I look forward to returning if possible, thank you!
     
  18. 7,075
    5,569
    123
    bguerville

    bguerville Moderator Developer

    Joined:
    Feb 25, 2015
    Messages:
    7,075
    Likes Received:
    5,569
    Trophy Points:
    123
    Location:
    Earth
    HAN is not sufficient, you would need a full jailbreak to spoof idps. There is currently no such thing available.
     
    cireap likes this.
  19. 2
    0
    1
    cireap

    cireap New Member

    Joined:
    Jun 29, 2018
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Gender:
    Male
    Okay, thanks for the answer.
     

Share This Page