EurAsiayour console hacking resource
Select topic
  Create an account Home  ·  Your Account  ·  Online Shop  ·  Forums  ·  Downloads new  ·  Wiki  
Main Menu
· Home
· About Us
· Downloads
· FAQ
· Forums
· Info Pages
· Members List
· Online Shop
· PDA - AvantGo
· Private Messages
· Search Stories
· Statistics
· Stories Archive
· Submit Story
· Top 10
· Topics
· Upload
· WAP
· Web Links
· Wiki
· Your Account

Online Shop
Credit Card

Bitcoin

EurAsia Online Shop
enter

new products
· R4i Gold 3DS RTS
· Mars Pro GM-816HD
· EurAsia File Collection 2017
· Matrix Infinity 2.0
· Sky3DS Plus
· Modbo 5.0
· Screwdriver GC/SNES
· X360ACE V3
· E3 NOR Flasher
· TX J-R Programmer v2
· Corona Postfix Adapter V2
· SuperCIC SNES kit
· SuperCIC cart key
· Gateway 3DS
· X360ACE V1
· Wasp Fusion
· 3k3y 3KR (SATA)
· Mtx Glitcher v1
· Xk3y Reloaded (XKR)
· 3k3y Ripper v2

complete price list

Tor Hidden Service
Tor Project
EurAsia Onion URL: wrqgfbrcgttkp6pi.onion

Who's Online
There are currently 391 guest(s) and 13 member(s) online.

Alexw535434 - apcalero - badhero - encoder - godzivan - konkz - mark - menudajodienda - playxgames - Pstwo4u - Skarfais - snk2 - tecnor

Welcome honored guest. You can register for free by clicking here.

Site Protection
INFOSEC
BM

Hot Wikis
PS4 firmware updates
3k3y nokeys ISO tutorial
3DS game fw updates
3k3y microSD recovery
PS3 SKU Models
PS3 Metldrpwn
Xk3y microSD recovery
Xbox360 motherboards
Xbox360 Reset Glitch Hack
PS3 Blu-ray Drive
Homemade Sputnik360
PS3 BD drive swap
PSP Crypto Keys
PS3_Crypto_Keys
PS3 Hypervisor RE
PS3 Dongle User Guide
PSGroove tutorial
Xecuter LT Fakir
PS3 YLOD Fix
NSMB Modchip Tutorial
PS3 Glitch Hack
Xbox360NoDvdRom
Ps3FactoryRestore
Free60JtagHack
Ps3HddDecrypt
WiiKey2EjectFix
SaveMiiFree
WiiHwDiagram
Ps3OsRels
PandoraNoHomebrewPsp
GcOsMultiGameWiiHowTo
Xbox360LinuxBurn
Xbox360EraserFix
Xbox360Kernel
Xbox360DisasmXtreme
Ps2HdlPatchTutorial
Ps2VersionTable
XboxErrorCodes
XboxVersionTable
GameCubeLaserTweak
ModchipSolderingGuide
PspUmdIsoHaxorLinux

RSS Feed
News & Downloads & Wiki

IRC
#eur
EFnet

Hosted By

Ad

Respected Sites
Home of the Hitmen
radare
gc-forever
pouet.net
English Amiga Board
GXArena OFW Repo
WiiBrew
WiiUBrew
3DBrew
SwitchBrew
Games and Consoles
Maxconsole.com
Console Wizard
GameCube Linux
Xbox Linux
Xbox-Scene.com
XboxHacker.Net
xbins.org
Doom9.net
bunnie's blog
debugmo.de
GX-Mod.com
ElOtroLado.net
uCON64
GBADEV.ORG
GBAtemp.net
PocketHeaven.com
PDRoms
GameSX.com
ASSEMbler
phrack.org
Woz.org

Support...

Pirate Party

Bitcoin

Namecoin

radare

OpenCores
Electronic Frontier Foundation
Amnesty International

Nectarine Radio

Demovibes Radio

GNU
Linux
Mozilla

Total Page Views
We received
141195818
page views since June 2002


Moderated by: Robert

EurAsia : Index PS4 PS4 WebKit RCE exploit released for firmware 4.0x
New Topic   Post Reply
Author PS4 WebKit RCE exploit released for firmware 4.0x
modrobert



donor

Registered: 2003-10-17
From: Bangkok
Messages: 6206
Status: Offline
 _#35250 posted 2017-03-29 @ 17:39 GMT   
qwertyoruiop just released a PS4 WebKit RCE (Remote Code Execution) exploit for firmware 4.0x on Twitter. Right now the exploit does nothing except give you access to arbitrary JavaScript object primitives. The bug used is a stack uninit read yielding a Use-After-Free vulnerability.

If you want to test this then enter the following URL in the PS4 browser:

http://rce.party/ps4/

[ This message was edited by modrobert on 2017-03-29 @ 17:44 GMT ]
  _____________________________ ____________     __________________ /\________
  \    __________________      \      _____/____/     _    \       /_        /
 /     /       |       l/     _/    ____)     _/      _     \     \/  cREAM /
/______________l_______/       \______________\_______|      \_   /________/
 -+--Mo!-------------- \________/ ------------------- l_______/_____\ -----+-

Attachments: expl.js index.html  

 Profile  pm  www    Quote
garyopa



lt

Registered: 2003-11-06
From: Toronto
Messages: 74
Status: Offline
 _#35253 posted 2017-03-30 @ 01:40 GMT   
Updates From Qwerty:

updated the ps4 exploit with some more comments and it no longer alerts a JSValue, but prints a function pointer
  ________                         ________    __________    _____     
 /  _____/ _____  _______  ___.__. \_____  \   \______   \  /  _  \    
/   \  ___ \__  \ \_  __ \<   |  |  /   |   \   |     ___/ /  /_\  \   
\    \_\  \ / __ \_|  | \/ \___  | /    |    \  |    |    /    |    \  
 \______  /(____  /|__|    / ____| \_______  //\|____|  /\\____|__  //\
        \/      \/         \/              \/ \/        \/        \/ \/
                                                                       

 Profile  pm  Email  www   skype   Quote
garyopa



lt

Registered: 2003-11-06
From: Toronto
Messages: 74
Status: Offline
 _#35255 posted 2017-03-30 @ 07:55 GMT   
Now with confirmed v4.06 support

updated ps4 exploit with rop code exec (for 4.06 specifically).
  ________                         ________    __________    _____     
 /  _____/ _____  _______  ___.__. \_____  \   \______   \  /  _  \    
/   \  ___ \__  \ \_  __ \<   |  |  /   |   \   |     ___/ /  /_\  \   
\    \_\  \ / __ \_|  | \/ \___  | /    |    \  |    |    /    |    \  
 \______  /(____  /|__|    / ____| \_______  //\|____|  /\\____|__  //\
        \/      \/         \/              \/ \/        \/        \/ \/
                                                                       

 Profile  pm  Email  www   skype   Quote
garyopa



lt

Registered: 2003-11-06
From: Toronto
Messages: 74
Status: Offline
 _#35256 posted 2017-03-30 @ 22:40 GMT   
More updates from @qwerty

updated ps4 rce with actually functioning fcall and syscall primitives
  ________                         ________    __________    _____     
 /  _____/ _____  _______  ___.__. \_____  \   \______   \  /  _  \    
/   \  ___ \__  \ \_  __ \<   |  |  /   |   \   |     ___/ /  /_\  \   
\    \_\  \ / __ \_|  | \/ \___  | /    |    \  |    |    /    |    \  
 \______  /(____  /|__|    / ____| \_______  //\|____|  /\\____|__  //\
        \/      \/         \/              \/ \/        \/        \/ \/
                                                                       

 Profile  pm  Email  www   skype   Quote
garyopa



lt

Registered: 2003-11-06
From: Toronto
Messages: 74
Status: Offline
 _#35257 posted 2017-03-30 @ 23:38 GMT   
Sony giving @qwerty some coding trouble

so it turns out sony is doing sneaky syscall shit. updated code some further, you'll have to manually call libkernel syscall stub
  ________                         ________    __________    _____     
 /  _____/ _____  _______  ___.__. \_____  \   \______   \  /  _  \    
/   \  ___ \__  \ \_  __ \<   |  |  /   |   \   |     ___/ /  /_\  \   
\    \_\  \ / __ \_|  | \/ \___  | /    |    \  |    |    /    |    \  
 \______  /(____  /|__|    / ____| \_______  //\|____|  /\\____|__  //\
        \/      \/         \/              \/ \/        \/        \/ \/
                                                                       

 Profile  pm  Email  www   skype   Quote
modrobert



donor

Registered: 2003-10-17
From: Bangkok
Messages: 6206
Status: Offline
 _#35259 posted 2017-03-31 @ 14:57 GMT   
Looks like qwerty has been working hard; "30 hours of no sleep later i am finally happy about the ps4 exploit"
  _____________________________ ____________     __________________ /\________
  \    __________________      \      _____/____/     _    \       /_        /
 /     /       |       l/     _/    ____)     _/      _     \     \/  cREAM /
/______________l_______/       \______________\_______|      \_   /________/
 -+--Mo!-------------- \________/ ------------------- l_______/_____\ -----+-

 Profile  pm  www    Quote
modrobert



donor

Registered: 2003-10-17
From: Bangkok
Messages: 6206
Status: Offline
 _#35260 posted 2017-03-31 @ 16:57 GMT   

  _____________________________ ____________     __________________ /\________
  \    __________________      \      _____/____/     _    \       /_        /
 /     /       |       l/     _/    ____)     _/      _     \     \/  cREAM /
/______________l_______/       \______________\_______|      \_   /________/
 -+--Mo!-------------- \________/ ------------------- l_______/_____\ -----+-

 Profile  pm  www    Quote
garyopa



lt

Registered: 2003-11-06
From: Toronto
Messages: 74
Status: Offline
 _#35262 posted 2017-03-31 @ 18:38 GMT   
Quote:
On 2017-03-31 @ 14:57 GMT, modrobert wrote:
Looks like qwerty has been working hard; "30 hours of no sleep later i am finally happy about the ps4 exploit"



Yep looks like, I guess now he will take a break from it, here is digest of all his PS4 'Tweets'

Quote:

ORIGINAL Tweets:

  • http://rce.party/ps4/ < ps4 4.0x WebKit RCE
  • bug used is a stack uninit read yielding UaF
  • actual exploit does nothing but give you read/write/infoleak arbitrary JS object primitives, have fun

UPDATE Tweets:

  • updated the ps4 exploit with some more comments and it no longer alerts a JSValue, but prints a function pointer
  • updated ps4 exploit with rop code exec (for 4.06 specifically)
  • updated ps4 rce with actually functioning fcall and syscall primitives
  • so it turns out sony is doing sneaky syscall shit. updated code some further, you'll have to manually call libkernel syscall stubs
  • 30 hours of no sleep later i am finally happy about the ps4 exploit
  • Nothing to kernel in 5 days. GG sony




Now we have to see what others will be able to do with all this, and hopefully turn it into something more!

[ This message was edited by garyopa on 2017-04-01 @ 00:20 GMT ]
  ________                         ________    __________    _____     
 /  _____/ _____  _______  ___.__. \_____  \   \______   \  /  _  \    
/   \  ___ \__  \ \_  __ \<   |  |  /   |   \   |     ___/ /  /_\  \   
\    \_\  \ / __ \_|  | \/ \___  | /    |    \  |    |    /    |    \  
 \______  /(____  /|__|    / ____| \_______  //\|____|  /\\____|__  //\
        \/      \/         \/              \/ \/        \/        \/ \/
                                                                       

 Profile  pm  Email  www   skype   Quote
modrobert



donor

Registered: 2003-10-17
From: Bangkok
Messages: 6206
Status: Offline
 _#35265 posted 2017-04-02 @ 09:07 GMT   

  _____________________________ ____________     __________________ /\________
  \    __________________      \      _____/____/     _    \       /_        /
 /     /       |       l/     _/    ____)     _/      _     \     \/  cREAM /
/______________l_______/       \______________\_______|      \_   /________/
 -+--Mo!-------------- \________/ ------------------- l_______/_____\ -----+-

Attachments: ps4_jailbreakme_4_0x.zip   

 Profile  pm  www    Quote
_
New Topic   Post Reply
Jump To
 

All trademarks and copyrights on this page are owned by their respective owners.
Comments and forum messages are owned by the Poster.