Editing Vulnerabilities
Jump to navigation
Jump to search
The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.
Latest revision | Your text | ||
Line 122: | Line 122: | ||
* flatz, balika011, theflow0, chicken(s), PlayStation for helping CTurt | * flatz, balika011, theflow0, chicken(s), PlayStation for helping CTurt | ||
* McCaulay for sharing publicly his implementation in February 2023. | * McCaulay for sharing publicly his implementation in February 2023. | ||
===== Description ===== | |||
Okage Shadow King has a typical stack buffer overflow if you extend the player or town name in a savedata. | |||
* [https://store.playstation.com/en-us/product/UP9000-CUSA02199_00-SCUS971290000001 PS4 digital version CUSA02199 of SCUS97129 on PS Store] | |||
Okage Shadow King for PS4 (CUSA02282) base version (1.00) requires FW version 3.15, although it was compiled with SDK version 3.008.000. Okage Shadow King for PS4 (CUSA02199 and CUSA02282) patch 1.01 requires FW version 4.05. | |||
===== Analysis ===== | ===== Analysis ===== | ||
Line 127: | Line 132: | ||
* [https://mccaulay.co.uk/mast1c0re-part-2-arbitrary-ps2-code-execution Writeup part 2 by McCaulay (2023-02-10)] | * [https://mccaulay.co.uk/mast1c0re-part-2-arbitrary-ps2-code-execution Writeup part 2 by McCaulay (2023-02-10)] | ||
===== Exploit implementation ===== | |||
===== Exploit | |||
* [https://github.com/McCaulay/okrager Okrager by McCaulay (2023-02-04)] | * [https://github.com/McCaulay/okrager Okrager by McCaulay (2023-02-04)] | ||
Line 156: | Line 156: | ||
* [https://cturt.github.io/mast1c0re-2.html Writeup part 2 by CTurt (2023-04-02)] | * [https://cturt.github.io/mast1c0re-2.html Writeup part 2 by CTurt (2023-04-02)] | ||
==== Bug | ==== Bug description ==== | ||
After getting code execution in a PS2onPS4 game using a savedata exploit, it is possible to exploit the PS2 emulator to get x86-64 usermode ROP execution. It is then possible, without a kernel exploit, to load another PS2 game in the emulator with a compatibility rate based on the PS2 emulator configuration. | After getting code execution in a PS2onPS4 game using a savedata exploit, it is possible to exploit the PS2 emulator to get x86-64 usermode ROP execution. It is then possible, without a kernel exploit, to load another PS2 game in the emulator with a compatibility rate based on the PS2 emulator configuration. | ||