I know you have been seeing a lot of PS Vita hacks as of late, well now that changes with PS4-3.55-Code-Execution-POC!
It seems that dev Fire30 may have just found a way to get code execution on ps4’s with firmware version 3.55, and it uses the same webkit vulnerability as the henkaku project.
Here is what Fire30 had to say:
This repo contains a PoC for getting code execution on ps4’s with firmware version 3.55 It uses the same webkit vulnerability as the henkaku project. So far there is basic ROP working and returning to normal execution is included. Next steps will be to map a jit page successfully and getting actual shellcode executed.
USAGE:
You need to edit the dns.conf to point to the ip address of your machine, and modify your consoles dns settings to point to it as well. Then run
python fakedns.py -c dns.conf
then
python server.py
Debug output will come from this process.
Navigate to the User’s Guide page on the PS4 and information about the exploit and all loaded modules should be printed out. This is an example of what running it will look like: https://gist.github.com/Fire30/2e0ea2d73d3a1f6f95d80aea77b75df8
There are a few notes:
- The exploit is not 100% reliable currently. It is more like 80% which is good enough for our purposes. So if it does not work on first try, try a few more times. Also doing to much allocating after the sort() is called can make it more unstable.
- The process will crash after the rop is done executing.
Now this is some awesome news to come out and could open the door for so much more on the PS4. Plus being that it’s on the latest FW for the PS4 that means a lot of people could give it a try and see whats up
Please go here to download and find out more and to help with this project.
Thanks for reading and keep doing it for the love of the game.