ورود
ثبت نام
صفحه اصلی
اخبار بازی
بررسی بازی
حقایق بازیها
داستان بازی
بررسی سخت افزار
برنامههای ویدیویی
انجمنها
نوشتههای جدید
پرمخاطبها
جستجوی انجمنها
جدیدترینها
ارسالهای جدید
آخرین فعالیتها
کاربران
کاربران آنلاین
جستجو
جستجو فقط عنوان ها
توسط:
جستجو فقط عنوان ها
توسط:
ورود
ثبت نام
جستجو
جستجو فقط عنوان ها
توسط:
جستجو فقط عنوان ها
توسط:
Menu
Install the app
Install
فراخوان عضویت در تحریریه بازیسنتر | برای ثبت درخواست کلیک کنید
صفحه اصلی
انجمنها
همه چیز در مورد كنسولهای بازی
PlayStation 4
آخرین اخبار هک PS4 | آخرین ورژن Firmware هک 9.00 | (پست اول مطالعه شود)
ارسال پاسخ
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
متن گفتگو
<blockquote data-quote=".M.A.H." data-source="post: 4000086" data-attributes="member: 42451"><p style="text-align: left"><span style="font-size: 22px"><strong><a href="http://www.psxhax.com/threads/ps4-webkit-exploit-poc-for-playstation-4-firmware-2-xx-by-fire30.362/">PS4 Webkit Exploit PoC for PlayStation 4 Firmware 2.XX by Fire30</a></strong></span></p> <p style="text-align: left"></p> <p style="text-align: left"><span style="font-size: 22px"><strong><span style="font-size: 12px">Following news of the <a href="http://www.psxhax.com/threads/ps4-dlclose-exploit-for-playstation-4-firmware-1-76-is-released.325/">PS4 Dlclose Exploit for 1.76</a> and more recently the <a href="http://www.psxhax.com/threads/ps4-3-15-firmware-entry-point-for-testing-from-zecoxao.342/">Entry Point</a> findings, today <a href="http://wololo.net/2016/04/21/proof-of-concept-webkit-exploit-running-on-ps4-firmwares-up/">Wololo</a> reports that PlayStation 4 developer <strong>Fire30</strong> made available a PS4 Webkit Exploit proof-of-concept for PlayStation 4 Firmware 2.XX.</span></strong></span></p> <p style="text-align: left"></p> <p style="text-align: left"><span style="font-size: 22px"><strong><span style="font-size: 12px">Download: <a href="https://github.com/Fire30/PS4-2014-1303-POC/archive/master.zip">PS4-2014-1303-POC-master.zip</a> / <a href="https://github.com/Fire30/PS4-2014-1303-POC">PS4-2014-1303-POC GIT</a></span></strong></span></p> <p style="text-align: left"></p> <p style="text-align: left"><span style="font-size: 22px"><strong><span style="font-size: 12px">From the ReadMe file: <strong>CVE 2014-1303 Proof Of Concept for PS4</strong></span></strong></span></p> <p style="text-align: left"></p> <p style="text-align: left"><span style="font-size: 22px"><strong><span style="font-size: 12px">This repository contains a poc for the CVE 2014-1303 originally disclosed by Liang Chen. It has been tested to work on system firmware 2.03, but should work for systems on a firmware < 2.50, the ROP test will however only work on 2.03.</span></strong></span></p> <p style="text-align: left"></p> <p style="text-align: left"><span style="font-size: 22px"><strong><span style="font-size: 12px"><strong>Usage</strong></span></strong></span></p> <p style="text-align: left"></p> <p style="text-align: left"><span style="font-size: 22px"><strong><span style="font-size: 12px">You need to edit the dns.conf to point to the ip address of your machine, and modify your consoles dns settings to point to it as well. Then run</span></strong></span></p> <p style="text-align: left"></p> <p style="text-align: left"><span style="font-size: 22px"><strong><span style="font-size: 12px">Code:</span></strong></span></p> <p style="text-align: left"></p> <p style="text-align: left"><span style="font-size: 22px"><strong><span style="font-size: 12px">python fakedns.py -c dns.conf</span></strong></span></p> <p style="text-align: left"><span style="font-size: 22px"></span></p> <p style="text-align: left"><span style="font-size: 22px"><strong><span style="font-size: 12px"> then</span></strong></span></p> <p style="text-align: left"></p> <p style="text-align: left"><span style="font-size: 22px"><strong><span style="font-size: 12px">Code:</span></strong></span></p> <p style="text-align: left"></p> <p style="text-align: left"><span style="font-size: 22px"><strong><span style="font-size: 12px">python server.py</span></strong></span></p> <p style="text-align: left"><span style="font-size: 22px"></span></p> <p style="text-align: left"><span style="font-size: 22px"><strong><span style="font-size: 12px"> Debug output will come from this process.</span></strong></span></p> <p style="text-align: left"></p> <p style="text-align: left"><span style="font-size: 22px"><strong><span style="font-size: 12px">Navigate to the User's Guide page on the PS4 and various information should be printed to the console. The ROP test will print what is stored in the rsp register. Continuing execution after rsp is pivoted still needs to be done.</span></strong></span></p> <p style="text-align: left"></p> <p style="text-align: left"><span style="font-size: 22px"><strong><span style="font-size: 12px"><strong>Acknowledgements</strong></span></strong></span></p> <p style="text-align: left"></p> <p style="text-align: left"><span style="font-size: 22px"><strong><span style="font-size: 12px">Liang Chen</span></strong></span></p> <p style="text-align: left"><span style="font-size: 22px"><strong><span style="font-size: 12px">thexyz</span></strong></span></p> <p style="text-align: left"><span style="font-size: 22px"><strong><span style="font-size: 12px">dreadlyei</span></strong></span></p> <p style="text-align: left"></p> <p style="text-align: left"><span style="font-size: 22px"><strong><span style="font-size: 12px"><strong>Fire30</strong> also notes, to quote: This implementation will not work on the vita as it uses a different memory allocator. In fact I am using the same exploit that is used in <a href="https://github.com/Hykem/vitasploit">GitHub - Hykem/vitasploit: PlayStation Vita native exploitation framework</a> for 3.36, so that is the farthest this vulnerability will go.</span></strong></span></p> <p style="text-align: left"></p> <p style="text-align: left"><span style="font-size: 22px"><strong><span style="font-size: 12px">Thanks to <a href="http://www.psxhax.com/members/cncore.465713/">CnCore</a> for the tip in the <a href="http://www.psxhax.com/shoutbox/">PSXHAX.COM Shoutbox</a>! <img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite151" alt=":D" title="4 :D" loading="lazy" data-shortname=":D" /></span></strong></span></p> <p style="text-align: left"></p> <p style="text-align: left"><span style="font-size: 22px"><strong><img src="http://www.psxhax.com/attachments/cve-2014-1303-jpg.538/" alt="" class="fr-fic fr-dii fr-draggable " style="" /></strong></span></p> <p style="text-align: left"><span style="font-size: 22px"></span></p> <p style="text-align: left"><span style="font-size: 22px"></span></p> <p style="text-align: left"><span style="font-size: 12px"><strong>=================</strong></span></p> <p style="text-align: left"><span style="font-size: 12px"></span></p> <p style="text-align: left"><strong><strong>Download and install the CVE 2014-1303 Proof Of Concept for PS4</strong></strong></p> <p style="text-align: left"><strong>You can <a href="https://github.com/Fire30/PS4-2014-1303-POC">Download Fire30’s proof of concept on his github here</a>. You’ll need a PS4 running below firmware 2.50, ideally firmware 2.03. According to the readme:</strong></p> <p style="text-align: left"><strong></strong></p> <p style="text-align: left"><strong>a poc for the CVE 2014-1303 originally disclosed by Liang Chen. It has been tested to work on system firmware 2.03, but should work for systems on a firmware < 2.50, the ROP test will however only work on 2.03.</strong></p> <p style="text-align: left"><strong><strong>Usage</strong></strong></p> <p style="text-align: left"><strong>You need to edit the dns.conf to point to the ip address of your machine, and modify your consoles dns settings to point to it as well. Then run</strong></p> <p style="text-align: left"><strong><em>python fakedns.py -c dns.conf</em></strong></p> <p style="text-align: left"><strong>then</strong></p> <p style="text-align: left"><strong><em>python server.py</em></strong></p> <p style="text-align: left"><strong>Debug output will come from this process.</strong></p> <p style="text-align: left"><strong></strong></p> <p style="text-align: left"><strong>Navigate to the User’s Guide page on the PS4 and various information should be printed to the console. The ROP test will print what is stored in the rsp register. Continuing execution after rsp is pivoted still needs to be done.</strong></p> <p style="text-align: left"><strong></strong></p> <p style="text-align: left"><strong>fire30 credits the following people, in addition to Liang Chen who revealed the vulnerability in 2014:</strong></p> <p style="text-align: left"><strong><em>thexyz</em></strong></p> <p style="text-align: left"><strong><em> dreadlyei</em></strong></p> <p style="text-align: left"><strong></strong></p> <p style="text-align: left"><strong>If you happen to have a PS4 running a firmware below 2.50, and have the skills to 1) confirm that this is true and 2) try and get the dlclose exploit to run on this, then by all means, help the PS4 scene!</strong></p> <p style="text-align: left"><strong></strong></p></blockquote><p></p>
[QUOTE=".M.A.H., post: 4000086, member: 42451"] [LEFT][SIZE=6][B][URL='http://www.psxhax.com/threads/ps4-webkit-exploit-poc-for-playstation-4-firmware-2-xx-by-fire30.362/']PS4 Webkit Exploit PoC for PlayStation 4 Firmware 2.XX by Fire30[/URL][/B][/SIZE] [SIZE=6][B][SIZE=3]Following news of the [URL='http://www.psxhax.com/threads/ps4-dlclose-exploit-for-playstation-4-firmware-1-76-is-released.325/']PS4 Dlclose Exploit for 1.76[/URL] and more recently the [URL='http://www.psxhax.com/threads/ps4-3-15-firmware-entry-point-for-testing-from-zecoxao.342/']Entry Point[/URL] findings, today [URL='http://wololo.net/2016/04/21/proof-of-concept-webkit-exploit-running-on-ps4-firmwares-up/']Wololo[/URL] reports that PlayStation 4 developer [B]Fire30[/B] made available a PS4 Webkit Exploit proof-of-concept for PlayStation 4 Firmware 2.XX.[/SIZE][/B][/SIZE] [SIZE=6][B][SIZE=3][/SIZE][/B][/SIZE] [SIZE=6][B][SIZE=3]Download: [URL='https://github.com/Fire30/PS4-2014-1303-POC/archive/master.zip']PS4-2014-1303-POC-master.zip[/URL] / [URL='https://github.com/Fire30/PS4-2014-1303-POC']PS4-2014-1303-POC GIT[/URL][/SIZE][/B][/SIZE] [SIZE=6][B][SIZE=3][/SIZE][/B][/SIZE] [SIZE=6][B][SIZE=3]From the ReadMe file: [B]CVE 2014-1303 Proof Of Concept for PS4[/B][/SIZE][/B][/SIZE] [SIZE=6][B][SIZE=3][/SIZE][/B][/SIZE] [SIZE=6][B][SIZE=3]This repository contains a poc for the CVE 2014-1303 originally disclosed by Liang Chen. It has been tested to work on system firmware 2.03, but should work for systems on a firmware < 2.50, the ROP test will however only work on 2.03.[/SIZE][/B][/SIZE] [SIZE=6][B][SIZE=3][/SIZE][/B][/SIZE] [SIZE=6][B][SIZE=3][B]Usage[/B][/SIZE][/B][/SIZE] [SIZE=6][B][SIZE=3][/SIZE][/B][/SIZE] [SIZE=6][B][SIZE=3]You need to edit the dns.conf to point to the ip address of your machine, and modify your consoles dns settings to point to it as well. Then run[/SIZE][/B][/SIZE] [SIZE=6][B][SIZE=3][/SIZE][/B][/SIZE] [SIZE=6][B][SIZE=3]Code:[/SIZE][/B][/SIZE] [SIZE=6][B][SIZE=3][/SIZE][/B][/SIZE] [SIZE=6][B][SIZE=3]python fakedns.py -c dns.conf[/SIZE][/B][/SIZE] [SIZE=6][B][/B] [B][SIZE=3] then[/SIZE][/B][/SIZE] [SIZE=6][B][SIZE=3][/SIZE][/B][/SIZE] [SIZE=6][B][SIZE=3]Code:[/SIZE][/B][/SIZE] [SIZE=6][B][SIZE=3][/SIZE][/B][/SIZE] [SIZE=6][B][SIZE=3]python server.py[/SIZE][/B][/SIZE] [SIZE=6][B][/B] [B][SIZE=3] Debug output will come from this process.[/SIZE][/B][/SIZE] [SIZE=6][B][SIZE=3][/SIZE][/B][/SIZE] [SIZE=6][B][SIZE=3]Navigate to the User's Guide page on the PS4 and various information should be printed to the console. The ROP test will print what is stored in the rsp register. Continuing execution after rsp is pivoted still needs to be done.[/SIZE][/B][/SIZE] [SIZE=6][B][SIZE=3][/SIZE][/B][/SIZE] [SIZE=6][B][SIZE=3][B]Acknowledgements[/B][/SIZE][/B][/SIZE] [SIZE=6][B][SIZE=3][/SIZE][/B][/SIZE] [SIZE=6][B][SIZE=3]Liang Chen[/SIZE][/B][/SIZE] [SIZE=6][B][SIZE=3]thexyz[/SIZE][/B][/SIZE] [SIZE=6][B][SIZE=3]dreadlyei[/SIZE][/B][/SIZE] [SIZE=6][B][SIZE=3][/SIZE][/B][/SIZE] [SIZE=6][B][SIZE=3][B]Fire30[/B] also notes, to quote: This implementation will not work on the vita as it uses a different memory allocator. In fact I am using the same exploit that is used in [URL='https://github.com/Hykem/vitasploit']GitHub - Hykem/vitasploit: PlayStation Vita native exploitation framework[/URL] for 3.36, so that is the farthest this vulnerability will go.[/SIZE][/B][/SIZE] [SIZE=6][B][SIZE=3][/SIZE][/B][/SIZE] [SIZE=6][B][SIZE=3]Thanks to [URL='http://www.psxhax.com/members/cncore.465713/']CnCore[/URL] for the tip in the [URL='http://www.psxhax.com/shoutbox/']PSXHAX.COM Shoutbox[/URL]! :D[/SIZE][/B][/SIZE] [SIZE=6][B][SIZE=3][/SIZE][/B][/SIZE] [SIZE=6][B][IMG]http://www.psxhax.com/attachments/cve-2014-1303-jpg.538/[/IMG][/B] [B][/B] [B][/B][/SIZE] [SIZE=3][B]=================[/B] [/SIZE] [B][B]Download and install the CVE 2014-1303 Proof Of Concept for PS4[/B] You can [URL='https://github.com/Fire30/PS4-2014-1303-POC']Download Fire30’s proof of concept on his github here[/URL]. You’ll need a PS4 running below firmware 2.50, ideally firmware 2.03. According to the readme: a poc for the CVE 2014-1303 originally disclosed by Liang Chen. It has been tested to work on system firmware 2.03, but should work for systems on a firmware < 2.50, the ROP test will however only work on 2.03. [B]Usage[/B] You need to edit the dns.conf to point to the ip address of your machine, and modify your consoles dns settings to point to it as well. Then run [I]python fakedns.py -c dns.conf[/I] then [I]python server.py[/I] Debug output will come from this process. Navigate to the User’s Guide page on the PS4 and various information should be printed to the console. The ROP test will print what is stored in the rsp register. Continuing execution after rsp is pivoted still needs to be done. fire30 credits the following people, in addition to Liang Chen who revealed the vulnerability in 2014: [I]thexyz[/I] [I] dreadlyei[/I] If you happen to have a PS4 running a firmware below 2.50, and have the skills to 1) confirm that this is true and 2) try and get the dlclose exploit to run on this, then by all means, help the PS4 scene! [/B][/LEFT] [SIZE=6][B][/B][/SIZE] [/QUOTE]
Insert quotes…
Verification
پایتخت ایران
ارسال نوشته
صفحه اصلی
انجمنها
همه چیز در مورد كنسولهای بازی
PlayStation 4
آخرین اخبار هک PS4 | آخرین ورژن Firmware هک 9.00 | (پست اول مطالعه شود)
Top
نام کاربری یا ایمیل
رمز عبور
نمایش
رمز عبور خود را فراموش کرده اید؟
مرا به خاطر بسپار
ورود
اگر میخواهی عضوی از بازی سنتر باشی
همین حالا ثبت نام کن
or ثبتنام سریع از طریق سرویسهای زیر
Twitter
Google
Microsoft