؟(Rumor) PS4 Webkit exploit for 3.50 incoming)
BY
WOLOLO · MAY 20, 2016
Rumors of hacker
qwertyoruiop having a Proof of Concept Webkit exploit for the PS4 started to ignite the scene earlier today.
Playstationhax
report that the hacker’s recent work on a use after free Webkit exploit is compatible with the PS4. The author on playstationhax (whom I have to assume is GregoryRasputin?) implies that the exploit works on the PS4, on the latest firmware 3.50.
Qwertyoruiop himself hasn’t been so specific. On twitter, he actually seemed to say he wasn’t sure if the exploit would actually work on the PS4 or not. Apparently, the code does crash the PS4, but it’s not guaranteed, based on the hacker’s post, if the crash is exploitable or not:
also bug seems to trigger on ps4- but it’s impossible to distinguish between OOM and segfault on ps4 :/
— qwertyoruiop (@qwertyoruiopz)
May 20, 2016
Qwertyoruiop is a trusted dev of the iPhone hacking scene, and has also been credited in the past for helping
CTurt on the
PS4 kernel exploits.
Some details on the vulnerability are publicly available on the
webkit github, so people with the right sets of skills could be able to confirm if this works. A successful approach might be to try the exploit on firmware 1.76 where some (albeit limited) debug tools exist, to avoid having to work on a proof of concept in the dark directly for 3.50.
Qwertyoruiop stated on twitter he would upload the exploit some time later.
btw
heap use-after-free at WebCore::TimerBase::heapPopMin() · WebKit/webkit@98845d9 · GitHub is the bug i’m playing with. will upload code for the exploit at some point
— qwertyoruiop (@qwertyoruiopz)
May 20, 2016
Note that his work is focused on the iPhone currently so it is not sure if the PoC he plans to upload will actually work on the PS4. But, that’s the magic of Webkit: since many devices rely on it, a vulnerability in the web engine means several devices may have the same vulnerability. But again, the hacker has provided no confirmation that anything is in the works, let alone plans to release, for the PS4.
Will PS4 3.50 firmware be hacked soon?
Today the only people enjoying a
PS4 Jailbreak are people running on PS4 firmware 1.76. That firmware is fairly old and it is becoming expensive to get your hands on a PS4 running 1.76. (
We have a list of links of PS4 models running 1.76 here if you want to get one).
So getting public exploits running on the latest PS4 firmware 3.50 would be really helpful.
A Webkit exploit such as the one described here, however, would not instantly turn firmware 3.50 into the “golden” firmware of PS4 hacking: This would only give us access to the Webkit process, and additional privilege escalation (kernel exploits) would be required to get full access on PS4 3.50, like is possible today on firmware 1.76. On Firmware 1.76 this is achieved through a combination of a webkit exploit and the
dlclose kernel exploit.
The dlclose kernel exploit does run on some 2.xx firmwares, so a 3.50 kernel exploit would in theory give kernel access to people running 2.00 and the like.
Google