It’s all well and good saying “updated”, but how you gonna do dat?What do you think
thank you for your opinion. I don't want to imply it's easy, absolutely not. I wanted to know your opinion on this, instead of finding a new kernel exploit since in theory I thought that the existing one should work.It’s all well and good saying “updated”, but how you gonna do dat?
First you need to find a “STABLE” web->userland->kernel exploit chain for your chosen firmware, craft ROP/gadgets, dump kernel, finally then you can use this to find the offsets to port existing payloads (debug or hen etc) to work on the firmware you have kernel access to.
It’s so simple to say, or ask for. But without relevant skill set it’s very difficult to implement.
thank you for your opinion. I don't want to imply it's easy, absolutely not. I wanted to know your opinion on this, instead of finding a new kernel exploit since in theory I thought that the existing one should work.
To find the necessary offsets you need kernel access, The chain always breaks without a kernel exploit on chosen firmware.
What I was thinking is to take advantage of the current kernel exploit, which should also work on newer firmware ( 6.XX -7.XX ?? ). Potentially there are many webkit exploits with userland access with ready-made ROPs, the problem would be the kernel exploit.
There must be a secondary road to update payload offsets for access to the system's debug menu, otherwise you are point and head
Very lucid explanation, some interesting information.The current (5.05) kex won’t work on >5.50.
ROP is bespoke afaik. I don’t think there can be “pre made” ROP that will magically work on PS4s environment, even if it is FBSD based.
I have heard there is a 0day USB based exploit for dumping apps and kernel, but I don’t know how far along it is or how high it functions on.
Offsets are pretty important, otherwise you would be blindly poking around hoping to hit a needle in a haystack. We have a dumped decrypted kernel for 7.xx, but even if you did port offsets using this, we have no public exploit to implement these ported payloads, even for testing.
It’s a chicken or egg scenario.
they still work? i'm supprisedWatch M0rph3us1987’s talk on PS4.
Sploit dem apps.
they still work? i'm supprised
Hi to all,
So where am i ?
i try to get the 6.70 Webkit cause since the begin i work with the 6.50 or 7.00.
Since i don't have any interrest in 6.50 cause i don't own one i let you my research i made with this .
Thanks to liveoverflow for his exelent series on it.
it seems like it was patch in the 6.70, so if you have an adress other than : "[*] 0x7ff8000000000000" it should work .
Thanks you for the support and see y'a all.
@OP
have you seen this... not sure if its gong to help much
https://github.com/Cryptogenic/PS4-6.20-WebKit-Code-Execution-Exploit
I hope all of you will be ok soon.Hi to all,
The last time was not à good time for me... I have some infected person in my family and got it myself... Just getting à little better those Day but cant get my head clear enought time to do something...
See ya