(adsbygoogle = window.adsbygoogle || []).push({});

So as of recently PS4 has made some major breakthroughs in terms of exploits. So most of them have to do with kernel explotation. My goal in this thread to better educate those who don't know what cturt,chaitain, and many others are doing.

We will go over:

• Entry points
  
• binary analysis
  
• ASLR
  
• Encryption
  
• KERNEL TALK BB
  

When trying to develop a exploit or trying find vulnerabilities in general. We try to find what we hackers call an "Entry Point".

Entry Point: The entry point is usually a component of a predetermined trading strategy for minimizing investment risk and removing the emotion from trading decisions. Recognizing a good entry point is the first step in achieving a successful trade.

Sounds nothing like hacking but it speaks true to the fundamental of how a entry point works in hacking. Eliminate risk of bricking your console, bypass security checks to further remove frustration.

So CTURT found an ENTRY POINT within the webkit exploit and found a way to modify the KERNEL. Whitch is explained You must login or register to view this content. and on my thread You must login or register to view this content.

CONCLUSION: PS4's security is not well protected... its worse than the PS vita because the You must login or register to view this content. DOESNT HAVE You must login or register to view this content. PROTECTION!!! So now what is left is use the found entry point and find a way to read and write the kernel to futher exploit development.

We could of went another route and could have found a way through sonys security processor that executes ASLR encryption upon the entire PS4 device! But we LAZZZY. ASLR was used on PS3 but Fail0verFl0w did the math that many other wouldn't do and cracked it! Here is the equation used to encrypt most of the PS3.

Ps3 ASLR equation
You must login or register to view this content.

First of all, ASLR is not an encryption. It is a mechanism that randomizes the location of system binaries in memory.
Also, ASLR is indeed enabled in the Playstation 4.

You must login or register to view this content.
You must login or register to view this content.


and yeah aslr is enabled but not in the KERNEL... big difference RED EYE... considering on your twitter your interested in "EXPLOITATION" in your bio you might want to reconsider

You must login or register to view this content.

Erm no, it is true that KSLR was not present in earlier firmwares such as 1.76, it has since been enabled. It's not great, but it is there. Encryption also has nothing to do with ASLR, ASLR stands for "Address Space Layout Randomization", and it does exactly that - it randomizes the address space. This makes things like code re-use attacks useless without an information disclosure (a pointer leak for example) because you don't really know where anything is. Encryption is simply the method of taking a plaintext and converting it into ciphertext that can be reversed with the given key.

An entry point is just what it means, a point of entry into an application that allows arbitrary code execution, has nothing to do with trading in the PS4's context. The PS3 image you referenced from fail0verflow's presentation also had nothing to do with ASLR, it had to do with the encryption and being able to sign code to run things such as homebrew on the console.

Haha considering Yifan Lu wrote that like 2 years ago...
ASLR is no equation either lol.

considering you two are very knowledgable on the scene. Why not focus on informing the community and make threads like im doing? Insteading of bulstering why im wrong.

If you have a problem with my articles then talk to staff. And after that maybe try and write a thread on this stuff. Until then im gonna keep typing articles.

Yall gotta chill but go on! GREAT POSTS!

Not bashing on you, just trying to correct you so you don't misinform the community

yeah thats why indicate that by typing "LOL" k red eye

peoples are so ....