Editing Vulnerabilities
Jump to navigation
Jump to search
The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.
Latest revision | Your text | ||
Line 100: | Line 100: | ||
== Usermode Exploits (Game Savedata) == | == Usermode Exploits (Game Savedata) == | ||
=== PS2 games savedata exploits === | === PS2 games savedata exploits === | ||
Line 152: | Line 120: | ||
* Forbidden Siren | * Forbidden Siren | ||
* Fu'un Super Combo UP0576-CUSA03784_00-SLPS257810000001 https://image.api.playstation.com/cdn/UP0576/CUSA03784_00/QWsetumZLYupFHsOIkoGbKYpySGBdtlp.png | * Fu'un Super Combo UP0576-CUSA03784_00-SLPS257810000001 https://image.api.playstation.com/cdn/UP0576/CUSA03784_00/QWsetumZLYupFHsOIkoGbKYpySGBdtlp.png | ||
* Ghosthunter (English, Japanese) UP9000- | * Ghosthunter (English, Japanese) UP9000-PPSA21974_00-SLUS209930000000 https://image.api.playstation.com/vulcan/ap/rnd/202406/0519/64b26d812ffbfec1acffeaa7d3a61effb12400fff2d95935.png | ||
* GTA III | * GTA III | ||
* GTA Vice City | * GTA Vice City | ||
Line 168: | Line 136: | ||
* Max Payne | * Max Payne | ||
* Metal Slug Anthology | * Metal Slug Anthology | ||
* Okage: Shadow King | * Okage: Shadow King, requires PS4 FW version 3.15, although it was compiled with PS4 SDK version 3.008.000 | ||
* PaRappa the Rapper 2 | * PaRappa the Rapper 2 | ||
* Primal | * Primal | ||
Line 187: | Line 155: | ||
EP1006-CUSA03494_00-SLES503710000001 | EP1006-CUSA03494_00-SLES503710000001 | ||
https://image.api.playstation.com/cdn/EP1006/CUSA03494_00/9MsXVY5UULzSHB5BTreuKhwep3KZwvQP.png | https://image.api.playstation.com/cdn/EP1006/CUSA03494_00/9MsXVY5UULzSHB5BTreuKhwep3KZwvQP.png | ||
* STAR WARS The Clone Wars UP1082- | * STAR WARS The Clone Wars UP1082-PPSA21985_00-SLUS205100000000 https://image.api.playstation.com/vulcan/ap/rnd/202404/2320/798b83df229613be009a6a9a191606a04846b32eab781c14.png | ||
* The King of Fighters Collection: The Orochi Saga | * The King of Fighters Collection: The Orochi Saga | ||
* The King of Fighters '98 Ultimate Match | * The King of Fighters '98 Ultimate Match | ||
Line 193: | Line 161: | ||
* The Mark of Kri | * The Mark of Kri | ||
* The Warriors | * The Warriors | ||
* Tomb Raider: Legend UP8489- | * Tomb Raider: Legend UP8489-PPSA22453_00-SLUS212030000000 https://image.api.playstation.com/vulcan/ap/rnd/202405/0816/1d9bea712b88097f61b829fac5e96f956fb67225be456f36.png | ||
* Twisted Metal: Black | * Twisted Metal: Black | ||
* War of the Monsters | * War of the Monsters | ||
Line 224: | Line 192: | ||
These PS2onPS4 games can be bought online directly via Limited Run Games for brand new or for example on Ebay for second hand or like new. | These PS2onPS4 games can be bought online directly via Limited Run Games for brand new or for example on Ebay for second hand or like new. | ||
=== PS4/PS5 PS2emu sandbox escape (mast1c0re) === | === PS4/PS5 PS2emu sandbox escape (mast1c0re) === | ||
Line 374: | Line 323: | ||
Tested working on PS4 FWs 10.00-11.52 and PS5 FWs 6.00-9.60. | Tested working on PS4 FWs 10.00-11.52 and PS5 FWs 6.00-9.60. | ||
=== FW 10.00-11.02 - JSC DFG Abstract Intepreter clobberWorld Type Confusion (no CVE) leading to | === FW 10.00-11.02 - JSC DFG Abstract Intepreter clobberWorld Type Confusion (no CVE) leading to arbitrary RW === | ||
==== Credits ==== | ==== Credits ==== | ||
Line 386: | Line 335: | ||
==== Bug Description ==== | ==== Bug Description ==== | ||
* TODO | |||
==== Exploit Implementation ==== | ==== Exploit Implementation ==== | ||
Line 406: | Line 350: | ||
* Sergei Glazunov, Google Project Zero, for reporting the bug in 2013-01 and answering Maddie Stone's questions in 2022 (2013) | * Sergei Glazunov, Google Project Zero, for reporting the bug in 2013-01 and answering Maddie Stone's questions in 2022 (2013) | ||
* Maddie Stone, Google Project Zero, for sharing a write-up describing this vulnerability (2022-06-14) | * Maddie Stone, Google Project Zero, for sharing a write-up describing this vulnerability (2022-06-14) | ||
* | * Anonymous for making an OOM PoC for webkit-gtk, PS4 and PS5 (2023-10-03) then making an arbitrary RW PoC (PSFree) for webkit-gtk, PS4 6.00-9.60 and PS5 1.00-5.50 (2023-10-24) | ||
* CelesteBlue for testing and porting | * CelesteBlue for testing and porting anonymous' PSFree to PS4 6.00-9.60 and PS5 1.00-5.50 (2023-11-04) | ||
==== Analysis ==== | ==== Analysis ==== | ||
Line 461: | Line 405: | ||
* Simple PoC for ASAN webkit-gtk by Maddie Stone in Maddie Stone's writeups | * Simple PoC for ASAN webkit-gtk by Maddie Stone in Maddie Stone's writeups | ||
* [https://github.com/springsec/CVE-2022-22620/blob/main/CVE-2022-22620_infoleak_exploit.html Information leak PoC for webkit-gtk by springsec] | * [https://github.com/springsec/CVE-2022-22620/blob/main/CVE-2022-22620_infoleak_exploit.html Information leak PoC for webkit-gtk by springsec] | ||
* [https://discord.com OOM PoC for PS4 and PS5 by | * [https://discord.com OOM PoC for PS4 and PS5 by anonymous on ps4-dev discord (to mirror)] | ||
* [https://discord.com Arbitrary RW PoC (PSFree) for PS4 6.00-9.60 and PS5 1.00-5.50 by | * [https://discord.com Arbitrary RW PoC (PSFree) for PS4 6.00-9.60 and PS5 1.00-5.50 by anonymous on ps4-dev discord (to mirror)] | ||
==== Patched ==== | ==== Patched ==== | ||
Line 802: | Line 746: | ||
==== Tested ==== | ==== Tested ==== | ||
Works on 3.15, 3.50 FW. Maybe working on 3.51 FW. | Works on 3.15, 3.50 FW. Maybe working on 3.51 FW. | ||
---- | ---- | ||