Suggestion PS4-playground by CTurt and others.

Storm Shadow

Administrator
Staff member
Developer
Ida Pro Expert
Elite Cracker
PS4 WebKit Playground
CTurt, SKFU, droogie, Xerpi, Hunger, Takezo, nas, Proxima​





PS4-playground


A collection of PS4 tools and experiments using the WebKit exploit. This is for firmware 1.76 only at the moment.
Setup

A live demo can be tried here, without module dumping.
You should clone the repo and upload it your own server to have module dumping capabilities:
git clone git://github.com/CTurt/PS4-playground.git

You can also download a zip of the latest source here.
Usage

Although this is this primarily a framework to help write and execute ROP chains, PS4-playground comes with several experiments for you to try.
After executing a test, you should either refresh the page, or close and reopen the browser entirely; running multiple experiments sequentially is not reliable.
Syscalls

Get PID - Get process ID
Get Login - Get login name and leak a kernel pointer
Modules

Get Loaded Modules - Get a list of currently loaded modules
Dump Loaded Module - Dump a currently loaded module (use Get Loaded Modules to see all available)
Load Module - Load an additional module from this list
Load and Dump Module - Load an additional module and then dump it (see all available here)
Once you have dumped a module, you will need to run dir2bin.py to combine all chunks into a single binary.
Filesystem

Browse - File Browser
Get PSN username - Read your PSN username from account.dat
Get Sandbox Directory - Get the name of the current sandbox directory (10 random characters which change each reboot)
Memory

Get Stack Protection - Get stack base, size, and protection
Get Stack Name - Get stack base, size, and name
Socket

Send Message - Send a TCP message to the specified IP and port

source twitter and https://github.com/CTurt/PS4-playground
 

Attachments

  • PS4-playground-gh-pages.zip
    17 KB · Views: 3

Rip Cord

Administrator
Staff member
Developer
header.png

git-hub-page.png

dug my ps2 out of the closet
insert exploit dvd, turn on console, regular splash
ps2-splash20.png

then launchelf loads

ULE-home20.png

using the file browser, here's the memory card contents
lol, still has code-breaker 9.2 on it.

ule-browser20.png

loaded code-breaker

cb-splash20.png

load cheats

cb-cheats20.png

insert game disc, start game

carl20.png

forgot that Carl curses so much :)

edit: fixed picture
 
Last edited:
Top