Editing Internet Browser
Jump to navigation
Jump to search
The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.
| Latest revision | Your text | ||
| Line 1: | Line 1: | ||
== Internet Browser == | == Internet Browser == | ||
Based on WebKit/536.26, just like PSVita =>2.00 | |||
== Web Content Guidelines == | |||
* [http://www.scei.co.jp/guideline/PS_Vita_Web_Content-Guidelines_e.pdf PS Vita Web Content Guidelines v3.00] | * [http://www.scei.co.jp/guideline/PS_Vita_Web_Content-Guidelines_e.pdf PS Vita Web Content Guidelines v3.00] | ||
* [http://webassetsc.scea.com/pscomauth/groups/public/documents/webasset/web_content-guidelines_3.10-e.pdf PS3 Web Content Guidelines v3.10] | * [http://webassetsc.scea.com/pscomauth/groups/public/documents/webasset/web_content-guidelines_3.10-e.pdf PS3 Web Content Guidelines v3.10] | ||
* [http://www.scei.co.jp/guideline/PS4_Web_Content-Guidelines_e.pdf PS4 Web Content Guidelines v1.50] | * [http://www.scei.co.jp/guideline/PS4_Web_Content-Guidelines_e.pdf PS4 Web Content Guidelines v1.50] | ||
=== Generic Info | === Generic Info & Test === | ||
* http://coding.vdhdesign.co.nz/?p=351 | |||
* | |||
* http://acid3.acidtests.org score: 100/100 | * http://acid3.acidtests.org score: 100/100 | ||
* http://html5test.com/s/fe55bf1cbf48181d.html | * http://html5test.com/s/fe55bf1cbf48181d.html | ||
* | * https://html5test.com/s/72c1042bfc840b31.html | ||
=== | === User Agents === | ||
Table below indicates known and unknown user-agents. "YES" = known vulnerability in use, "NO" = unknown if vulnerability in use. | |||
{| class="wikitable sortable" | {| class="wikitable sortable" | ||
|- | |- | ||
! | ! useragent !! version !! CVE-2012-3748 !! CVE-2014-1303 !! HENkaku | ||
|- | |- | ||
| Mozilla/5.0 (PlayStation 4 | | Mozilla/5.0 (PlayStation 4 1.000) AppleWebKit/536.26 (KHTML, like Gecko) || [[1.000.051]], [[1.000.071]] || {{yes}} || ? || ? | ||
|- | |- | ||
| Mozilla/5.0 (PlayStation 4 | | Mozilla/5.0 (PlayStation 4 1.010) AppleWebKit/536.26 (KHTML, like Gecko) || [[1.01]], [[1.010.031]] || {{yes}} || ? || ? | ||
|- | |- | ||
| Mozilla/5.0 (PlayStation 4 | | Mozilla/5.0 (PlayStation 4 1.020) AppleWebKit/536.26 (KHTML, like Gecko) || [[1.020.010]], [[1.020.041]], [[1.020.051]] || {{yes}} || ? || ? | ||
|- | |- | ||
| Mozilla/5.0 (PlayStation 4 | | Mozilla/5.0 (PlayStation 4 1.030) AppleWebKit/536.26 (KHTML, like Gecko) || [[1.030.001]] || {{yes}} || ? || ? | ||
|- | |- | ||
| Mozilla/5.0 (PlayStation 4 | | Mozilla/5.0 (PlayStation 4 1.050) AppleWebKit/536.26 (KHTML, like Gecko) || [[1.05]] || {{yes}} || ? || ? | ||
|- | |- | ||
| Mozilla/5.0 (PlayStation 4 | | Mozilla/5.0 (PlayStation 4 1.060) AppleWebKit/536.26 (KHTML, like Gecko) || [[1.06]] || {{yes}} || ? || ? | ||
|- | |- | ||
| Mozilla/5.0 (PlayStation 4 | | Mozilla/5.0 (PlayStation 4 1.070) AppleWebKit/536.26 (KHTML, like Gecko) || [[1.07]] || {{yes}} || ? || ? | ||
|- | |- | ||
| Mozilla/5.0 (PlayStation 4 | | Mozilla/5.0 (PlayStation 4 1.50) AppleWebKit/536.26 (KHTML, like Gecko) || [[1.500.000]], [[1.500.101]], [[1.501.000]], [[1.501.041]] || {{yes}} || ? || ? | ||
|- | |- | ||
| Mozilla/5.0 (PlayStation 4 | | Mozilla/5.0 (PlayStation 4 1.51) AppleWebKit/536.26 (KHTML, like Gecko) || [[1.510.000]], [[1.510.011]] || {{yes}} || ? || ? | ||
|- | |- | ||
| Mozilla/5.0 (PlayStation 4 | | Mozilla/5.0 (PlayStation 4 1.52) AppleWebKit/536.26 (KHTML, like Gecko) || [[1.520.000]] || {{yes}} || ? || ? | ||
|- | |- | ||
| Mozilla/5.0 (PlayStation 4 | | Mozilla/5.0 (PlayStation 4 1.60) AppleWebKit/536.26 (KHTML, like Gecko) || [[1.600.000]] || {{yes}} || ? || ? | ||
|- | |- | ||
| Mozilla/5.0 (PlayStation 4 | | Mozilla/5.0 (PlayStation 4 1.61) AppleWebKit/536.26 (KHTML, like Gecko) || [[1.610.000]] || {{yes}} || ? || ? | ||
|- | |- | ||
| Mozilla/5.0 (PlayStation 4 | | Mozilla/5.0 (PlayStation 4 1.62) AppleWebKit/536.26 (KHTML, like Gecko) || [[1.620.000]] || {{yes}} || ? || ? | ||
|- | |- | ||
| Mozilla/5.0 (PlayStation 4 | | Mozilla/5.0 (PlayStation 4 1.70) AppleWebKit/536.26 (KHTML, like Gecko) || [[1.700.000]], [[1.700.081]] || {{yes}} || ? || ? | ||
|- | |- | ||
| Mozilla/5.0 (PlayStation 4 | | Mozilla/5.0 (PlayStation 4 1.71) AppleWebKit/536.26 (KHTML, like Gecko) || [[1.710.000]] || {{yes}} || ? || ? | ||
|- | |- | ||
| Mozilla/5.0 (PlayStation 4 | | Mozilla/5.0 (PlayStation 4 1.72) AppleWebKit/536.26 (KHTML, like Gecko) || [[1.720.000]] || {{yes}} || ? || ? | ||
|- | |- | ||
| Mozilla/5.0 (PlayStation 4 | | Mozilla/5.0 (PlayStation 4 1.74) AppleWebKit/536.26 (KHTML, like Gecko) || [[1.740.000]] || {{yes}} || ? || ? | ||
|- | |- | ||
| Mozilla/5.0 (PlayStation 4 | | Mozilla/5.0 (PlayStation 4 1.75) AppleWebKit/536.26 (KHTML, like Gecko) || [[1.750.000]], [[1.750.061]] || {{yes}} || ? || ? | ||
|- | |- | ||
| Mozilla/5.0 ( | | Mozilla/5.0 (PlayStation 4 1.76) AppleWebKit/536.26 (KHTML, like Gecko) || [[1.760.000]], [[1.760.001]] || {{yes}} || ? || ? | ||
|- | |- | ||
| Mozilla/5.0 ( | | Mozilla/5.0 (PlayStation 4 2.00) AppleWebKit/537.73 (KHTML, like Gecko) || [[2.000.000]] || {{no}} || {{yes}} || {{yes}} | ||
|- | |- | ||
| Mozilla/5.0 ( | | Mozilla/5.0 (PlayStation 4 2.01) AppleWebKit/537.73 (KHTML, like Gecko) || [[2.010.000]] || {{no}} || {{yes}} || {{yes}} | ||
|- | |- | ||
| Mozilla/5.0 ( | | Mozilla/5.0 (PlayStation 4 2.02) AppleWebKit/537.73 (KHTML, like Gecko) || [[2.020.000]] || {{no}} || {{yes}} || {{yes}} | ||
|- | |- | ||
| Mozilla/5.0 ( | | Mozilla/5.0 (PlayStation 4 2.03) AppleWebKit/537.73 (KHTML, like Gecko) || [[2.030.000]] || {{no}} || {{yes}} || {{yes}} | ||
|- | |- | ||
| Mozilla/5.0 ( | | Mozilla/5.0 (PlayStation 4 2.04) AppleWebKit/537.73 (KHTML, like Gecko) || [[2.040.000]] || {{no}} || {{yes}} || {{yes}} | ||
|- | |- | ||
| Mozilla/5.0 ( | | Mozilla/5.0 (PlayStation 4 2.50) AppleWebKit/537.73 (KHTML, like Gecko) || [[2.501.000]], [[2.508.000]] || {{no}} || {{no}} || {{no}} | ||
|- | |- | ||
| Mozilla/5.0 ( | | Mozilla/5.0 (PlayStation 4 2.51) AppleWebKit/537.73 (KHTML, like Gecko) || [[2.510.000]] || {{no}} || {{no}} || {{no}} | ||
|- | |- | ||
| Mozilla/5.0 ( | | Mozilla/5.0 (PlayStation 4 2.55) AppleWebKit/537.73 (KHTML, like Gecko) || [[2.550.000]] || {{no}} || {{no}} || {{no}} | ||
|- | |- | ||
| Mozilla/5.0 ( | | Mozilla/5.0 (PlayStation 4 2.57) AppleWebKit/537.73 (KHTML, like Gecko) || [[2.570.000]] || {{no}} || {{no}} || {{no}} | ||
|- | |- | ||
| Mozilla/5.0 ( | | Mozilla/5.0 (PlayStation 4 3.00) AppleWebKit/537.73 (KHTML, like Gecko) || [[3.000.000]] || {{no}} || {{no}} || {{no}} | ||
|- | |- | ||
| Mozilla/5.0 ( | | Mozilla/5.0 (PlayStation 4 3.00) AppleWebKit/537.73 (KHTML, like Gecko) || [[3.008.000]] || {{no}} || {{no}} || {{no}} | ||
|- | |- | ||
| Mozilla/5.0 ( | | Mozilla/5.0 (PlayStation 4 3.10) AppleWebKit/537.73 (KHTML, like Gecko) || [[3.100.000]] || {{no}} || {{no}} || {{no}} | ||
|- | |- | ||
| Mozilla/5.0 ( | | Mozilla/5.0 (PlayStation 4 3.11) AppleWebKit/537.73 (KHTML, like Gecko) || [[3.110.000]] || {{no}} || {{no}} || {{no}} | ||
|- | |- | ||
| Mozilla/5.0 ( | | Mozilla/5.0 (PlayStation 4 3.15) AppleWebKit/537.73 (KHTML, like Gecko) || [[3.150.000]] || {{no}} || {{no}} || {{yes}} | ||
|- | |- | ||
| Mozilla/5.0 ( | | Mozilla/5.0 (PlayStation 4 3.50) AppleWebKit/537.78 (KHTML, like Gecko) || [[3.500.000]] || {{no}} || {{no}} || {{yes}} | ||
|- | |- | ||
| Mozilla/5.0 ( | | Mozilla/5.0 (PlayStation 4 3.55) AppleWebKit/537.78 (KHTML, like Gecko) || [[3.550.000]] || {{no}} || {{no}} || {{yes}} | ||
|- | |- | ||
| Mozilla/5.0 ( | | Mozilla/5.0 (PlayStation 4 5.50) AppleWebKit/601.2 (KHTML, like Gecko) || [[5.500.000]] {{no}} || {{no}} || {{no}} | ||
|- | |- | ||
|} | |} | ||
[https://www.google.com/?q=%22Mozilla/5.0+%28PlayStation+4%22%2B%22AppleWebKit/%22%2B%22%28KHTML,+like+Gecko%29%22&gws_rd=cr&ei=UYS8VNiRNcesPePTgYgD#safe=off&q=%22Mozilla%2F5.0+%28PlayStation+4%22%2B%22AppleWebKit%2F%22%2B%22%28KHTML%2C+like+Gecko%29%22 "Mozilla/5.0 (PlayStation 4" + "AppleWebKit/" + "(KHTML, like Gecko)"] | |||
== | == Webkit exploit == | ||
cross reference: http://www.vitadevwiki.com/index.php?title=Webbrowser#Webkit_exploit | |||
* [http://wololo.net/v/176/ps4_dump.html live test] / [http://wololo.net/v/176/ps4_dump2.html livetest2] / [http://wololo.net/v/176/ps4_rop2.html ROP2] | |||
* [http://daxhordes.org/ps4_176/ps4_dump.html live test] / [http://daxhordes.org/ps4_176/ps4_dump2.html livetest2] / [http://daxhordes.org/ps4_176/ps4_rop2.html ROP2] | |||
* [https://www.sendspace.com/file/mdunzp PS4 1.76 Webkit ROP POC] [http://wololo.net/downloads/index.php/download/8230 mirror] [http://wololo.net/talk/viewtopic.php?p=368577] | |||
* [https://github.com/Fire30/PS4-2014-1303-POC PS4 <2.51 Webkit POC] [http://wololo.net/2016/04/21/proof-of-concept-webkit-exploit-running-on-ps4-firmwares-up] | |||
* [https://github.com/Fire30/PS4-3.55-Code-Execution-PoC PS4 <3.55 Webkit POC] | |||
* [http://rce.party/ps4 PS4 <4.07 Webkit POC][https://gist.github.com/X41/36acd2a6939e4cebbecba45d35bf0d75 mirror] | |||
=== Modules loaded in WebProcess (4.07) === | |||
{| class="wikitable sortable" | {| class="wikitable sortable" | ||
|- | |- | ||
| Line 281: | Line 146: | ||
|- | |- | ||
| 0x59 || libSceCompositeExt.sprx || | | 0x59 || libSceCompositeExt.sprx || | ||
|- | |||
<!--// placeholder, fill in with correct information //--> | |||
|} | |} | ||
=== Modules loaded in WebProcess (4.07) === | |||
{| class="wikitable sortable" | {| class="wikitable sortable" | ||
|- | |- | ||
| Line 291: | Line 157: | ||
| 0x2001 || libkernel.sprx || syscalls (see [http://fxr.watson.org/fxr/source/kern/syscalls.master freebsd num syscall]) | | 0x2001 || libkernel.sprx || syscalls (see [http://fxr.watson.org/fxr/source/kern/syscalls.master freebsd num syscall]) | ||
|- | |- | ||
| 0x2 || libSceLibcInternal.sprx || | | 0x2 || libSceLibcInternal.sprx || LibC | ||
|- | |- | ||
| 0xC || libSceSysmodule.sprx || | | 0xC || libSceSysmodule.sprx || | ||
| Line 324: | Line 190: | ||
|- | |- | ||
| 0x2060 || libSceWebBrowserInjectedBundle.sprx || | | 0x2060 || libSceWebBrowserInjectedBundle.sprx || | ||
|- | |||
<!--// placeholder, fill in with correct information //--> | |||
|} | |} | ||
Ida pro plugin [http://pastebin.com/p7EftFL0 make code]. | |||
As of firmware version 4.07 a patch has been included to prevent a use-after-free segmentation fault from being exploited | |||
this could have led to a rop chain and code execution. would have been cool if someone would have done some real research on it... | |||
details: https://github.com/WebKit/webkit/commit/98845d940e30529098eea7e496af02e14301c704 | |||
{{Software}} | {{Software}} | ||
<noinclude>[[Category:Main]]</noinclude> | <noinclude>[[Category:Main]]</noinclude> | ||