Want to Join Us ?

you'll be able to discuss, share and send private messages.

Suggestion PS4-playground by CTurt and others.

Discussion in 'homebrew' started by storm shadow, Aug 16, 2015.

Share This Page

  1. storm shadow

    Techbliss Owner Admin Ida Pro Expert Developer

    PS4 WebKit Playground
    CTurt, SKFU, droogie, Xerpi, Hunger, Takezo, nas, Proxima​


    A collection of PS4 tools and experiments using the WebKit exploit. This is for firmware 1.76 only at the moment.

    A live demo can be tried here, without module dumping.
    You should clone the repo and upload it your own server to have module dumping capabilities:
    git clone git://github.com/CTurt/PS4-playground.git

    You can also download a zip of the latest source here.

    Although this is this primarily a framework to help write and execute ROP chains, PS4-playground comes with several experiments for you to try.
    After executing a test, you should either refresh the page, or close and reopen the browser entirely; running multiple experiments sequentially is not reliable.

    Get PID - Get process ID
    Get Login - Get login name and leak a kernel pointer

    Get Loaded Modules - Get a list of currently loaded modules
    Dump Loaded Module - Dump a currently loaded module (use Get Loaded Modules to see all available)
    Load Module - Load an additional module from this list
    Load and Dump Module - Load an additional module and then dump it (see all available here)
    Once you have dumped a module, you will need to run dir2bin.py to combine all chunks into a single binary.

    Browse - File Browser
    Get PSN username - Read your PSN username from account.dat
    Get Sandbox Directory - Get the name of the current sandbox directory (10 random characters which change each reboot)

    Get Stack Protection - Get stack base, size, and protection
    Get Stack Name - Get stack base, size, and name

    Send Message - Send a TCP message to the specified IP and port

    source twitter and https://github.com/CTurt/PS4-playground

    Attached Files:

    catalinnc and Rip Cord like this.
  2. Rip Cord

    Administrator Staff Member Admin Developer



    dug my ps2 out of the closet
    insert exploit dvd, turn on console, regular splash

    then launchelf loads


    using the file browser, here's the memory card contents
    lol, still has code-breaker 9.2 on it.


    loaded code-breaker


    load cheats


    insert game disc, start game


    forgot that Carl curses so much :)

    edit: fixed picture
    Last edited: Sep 13, 2020
    samoray and storm shadow like this.
  3. storm shadow

    Techbliss Owner Admin Ida Pro Expert Developer

    Rip Cord likes this.