Internet Browser: Difference between revisions

From PS4 Developer wiki
Jump to navigation Jump to search
No edit summary
Line 1: Line 1:
== Internet Browser ==


== Internet Browser ==
=== Web Content Guidelines ===
Based on WebKit/536.26, just like PSVita =>2.00


== Web Content Guidelines ==
* [http://www.scei.co.jp/guideline/PS_Vita_Web_Content-Guidelines_e.pdf PS Vita Web Content Guidelines v3.00]
* [http://www.scei.co.jp/guideline/PS_Vita_Web_Content-Guidelines_e.pdf PS Vita Web Content Guidelines v3.00]
* [http://webassetsc.scea.com/pscomauth/groups/public/documents/webasset/web_content-guidelines_3.10-e.pdf PS3 Web Content Guidelines v3.10]
* [http://webassetsc.scea.com/pscomauth/groups/public/documents/webasset/web_content-guidelines_3.10-e.pdf PS3 Web Content Guidelines v3.10]
Line 9: Line 8:


=== Generic Info & Test ===
=== Generic Info & Test ===
* http://coding.vdhdesign.co.nz/?p=351
* http://coding.vdhdesign.co.nz/?p=351
* http://acid3.acidtests.org score: 100/100
* http://acid3.acidtests.org score: 100/100
* http://html5test.com/s/fe55bf1cbf48181d.html
* html5test.com/s/fe55bf1cbf48181d.html
* https://html5test.com/s/72c1042bfc840b31.html
* html5test.com/s/72c1042bfc840b31.html


=== User Agents ===
=== User Agents ===
==== Scheme ====
"Mozilla/5.0 (PlayStation 4" + PS4_FW_ver + "AppleWebKit/" + user_agent_version + "(KHTML, like Gecko)"
==== List ====
developers.whatismybrowser.com/useragents/explore/operating_platform/sony-playstation-4/ List of PS4 WebBrowser User-agents
Table below indicates known and unknown user-agents. "YES" = known vulnerability in use, "NO" = unknown if vulnerability in use.
Table below indicates known and unknown user-agents. "YES" = known vulnerability in use, "NO" = unknown if vulnerability in use.


{| class="wikitable sortable"
{| class="wikitable sortable"
|-
|-
! useragent !! version !! CVE-2012-3748 !! CVE-2014-1303 !! HENkaku
! user agent !! version !! CVE-2012-3748 !! CVE-2014-1303 !! Firekaku
|-
|-
| Mozilla/5.0 (PlayStation 4 1.000) AppleWebKit/536.26 (KHTML, like Gecko) || [[1.000.051]], [[1.000.071]] || {{yes}} || ? || ?
| Mozilla/5.0 (PlayStation 4 1.000) AppleWebKit/536.26 (KHTML, like Gecko) || [[1.000.051]], [[1.000.071]] || {{yes}} || ? || ?
Line 98: Line 107:
|-
|-
|}
|}
[https://www.google.com/?q=%22Mozilla/5.0+%28PlayStation+4%22%2B%22AppleWebKit/%22%2B%22%28KHTML,+like+Gecko%29%22&gws_rd=cr&ei=UYS8VNiRNcesPePTgYgD#safe=off&q=%22Mozilla%2F5.0+%28PlayStation+4%22%2B%22AppleWebKit%2F%22%2B%22%28KHTML%2C+like+Gecko%29%22 "Mozilla/5.0 (PlayStation 4" + "AppleWebKit/" + "(KHTML, like Gecko)"]


=== Webkit exploits ===
=== Webkit exploits ===
Line 104: Line 112:
See [[Working_Exploits#WebKit.2FUserland_Exploits]].
See [[Working_Exploits#WebKit.2FUserland_Exploits]].


=== Modules loaded in WebProcess (4.07) ===
=== Modules ===
 
==== Modules loaded in WebProcess (1.76) ====
{| class="wikitable sortable"
{| class="wikitable sortable"
|-
|-
Line 146: Line 156:
|-
|-
| 0x59 || libSceCompositeExt.sprx ||
| 0x59 || libSceCompositeExt.sprx ||
|-
<!--// placeholder, fill in with correct information //-->
|}
|}


=== Modules loaded in WebProcess (4.07) ===
==== Modules loaded in WebProcess (3.55) ====
{| class="wikitable sortable"
{| class="wikitable sortable"
|-
|-
Line 157: Line 165:
| 0x2001 || libkernel.sprx || syscalls (see [http://fxr.watson.org/fxr/source/kern/syscalls.master freebsd num syscall])
| 0x2001 || libkernel.sprx || syscalls (see [http://fxr.watson.org/fxr/source/kern/syscalls.master freebsd num syscall])
|-
|-
| 0x2 || libSceLibcInternal.sprx || LibC
| 0x2 || libSceLibcInternal.sprx ||  
|-
|-
| 0xC || libSceSysmodule.sprx ||  
| 0xC || libSceSysmodule.sprx ||  
Line 190: Line 198:
|-
|-
| 0x2060 || libSceWebBrowserInjectedBundle.sprx ||
| 0x2060 || libSceWebBrowserInjectedBundle.sprx ||
|-
<!--// placeholder, fill in with correct information //-->
|}
|}
IDA pro plugin [http://pastebin.com/p7EftFL0 make code].
As of firmware version 4.07 a patch has been included to prevent a use-after-free segmentation fault from being exploited.
This could have led to ROP chain and code execution. It would have been cool if someone would have done some real research on it...
details: https://github.com/WebKit/webkit/commit/98845d940e30529098eea7e496af02e14301c704




{{Software}}
{{Software}}
<noinclude>[[Category:Main]]</noinclude>
<noinclude>[[Category:Main]]</noinclude>

Revision as of 23:07, 28 March 2019

Internet Browser

Web Content Guidelines

Generic Info & Test

User Agents

Scheme

"Mozilla/5.0 (PlayStation 4" + PS4_FW_ver + "AppleWebKit/" + user_agent_version + "(KHTML, like Gecko)"

List

developers.whatismybrowser.com/useragents/explore/operating_platform/sony-playstation-4/ List of PS4 WebBrowser User-agents

Table below indicates known and unknown user-agents. "YES" = known vulnerability in use, "NO" = unknown if vulnerability in use.

user agent version CVE-2012-3748 CVE-2014-1303 Firekaku
Mozilla/5.0 (PlayStation 4 1.000) AppleWebKit/536.26 (KHTML, like Gecko) 1.000.051, 1.000.071 Yes ? ?
Mozilla/5.0 (PlayStation 4 1.010) AppleWebKit/536.26 (KHTML, like Gecko) 1.01, 1.010.031 Yes ? ?
Mozilla/5.0 (PlayStation 4 1.020) AppleWebKit/536.26 (KHTML, like Gecko) 1.020.010, 1.020.041, 1.020.051 Yes ? ?
Mozilla/5.0 (PlayStation 4 1.030) AppleWebKit/536.26 (KHTML, like Gecko) 1.030.001 Yes ? ?
Mozilla/5.0 (PlayStation 4 1.050) AppleWebKit/536.26 (KHTML, like Gecko) 1.05 Yes ? ?
Mozilla/5.0 (PlayStation 4 1.060) AppleWebKit/536.26 (KHTML, like Gecko) 1.06 Yes ? ?
Mozilla/5.0 (PlayStation 4 1.070) AppleWebKit/536.26 (KHTML, like Gecko) 1.07 Yes ? ?
Mozilla/5.0 (PlayStation 4 1.50) AppleWebKit/536.26 (KHTML, like Gecko) 1.500.000, 1.500.101, 1.501.000, 1.501.041 Yes ? ?
Mozilla/5.0 (PlayStation 4 1.51) AppleWebKit/536.26 (KHTML, like Gecko) 1.510.000, 1.510.011 Yes ? ?
Mozilla/5.0 (PlayStation 4 1.52) AppleWebKit/536.26 (KHTML, like Gecko) 1.520.000 Yes ? ?
Mozilla/5.0 (PlayStation 4 1.60) AppleWebKit/536.26 (KHTML, like Gecko) 1.600.000 Yes ? ?
Mozilla/5.0 (PlayStation 4 1.61) AppleWebKit/536.26 (KHTML, like Gecko) 1.610.000 Yes ? ?
Mozilla/5.0 (PlayStation 4 1.62) AppleWebKit/536.26 (KHTML, like Gecko) 1.620.000 Yes ? ?
Mozilla/5.0 (PlayStation 4 1.70) AppleWebKit/536.26 (KHTML, like Gecko) 1.700.000, 1.700.081 Yes ? ?
Mozilla/5.0 (PlayStation 4 1.71) AppleWebKit/536.26 (KHTML, like Gecko) 1.710.000 Yes ? ?
Mozilla/5.0 (PlayStation 4 1.72) AppleWebKit/536.26 (KHTML, like Gecko) 1.720.000 Yes ? ?
Mozilla/5.0 (PlayStation 4 1.74) AppleWebKit/536.26 (KHTML, like Gecko) 1.740.000 Yes ? ?
Mozilla/5.0 (PlayStation 4 1.75) AppleWebKit/536.26 (KHTML, like Gecko) 1.750.000, 1.750.061 Yes ? ?
Mozilla/5.0 (PlayStation 4 1.76) AppleWebKit/536.26 (KHTML, like Gecko) 1.760.000, 1.760.001 Yes ? ?
Mozilla/5.0 (PlayStation 4 2.00) AppleWebKit/537.73 (KHTML, like Gecko) 2.000.000 No Yes Yes
Mozilla/5.0 (PlayStation 4 2.01) AppleWebKit/537.73 (KHTML, like Gecko) 2.010.000 No Yes Yes
Mozilla/5.0 (PlayStation 4 2.02) AppleWebKit/537.73 (KHTML, like Gecko) 2.020.000 No Yes Yes
Mozilla/5.0 (PlayStation 4 2.03) AppleWebKit/537.73 (KHTML, like Gecko) 2.030.000 No Yes Yes
Mozilla/5.0 (PlayStation 4 2.04) AppleWebKit/537.73 (KHTML, like Gecko) 2.040.000 No Yes Yes
Mozilla/5.0 (PlayStation 4 2.50) AppleWebKit/537.73 (KHTML, like Gecko) 2.501.000, 2.508.000 No No No
Mozilla/5.0 (PlayStation 4 2.51) AppleWebKit/537.73 (KHTML, like Gecko) 2.510.000 No No No
Mozilla/5.0 (PlayStation 4 2.55) AppleWebKit/537.73 (KHTML, like Gecko) 2.550.000 No No No
Mozilla/5.0 (PlayStation 4 2.57) AppleWebKit/537.73 (KHTML, like Gecko) 2.570.000 No No No
Mozilla/5.0 (PlayStation 4 3.00) AppleWebKit/537.73 (KHTML, like Gecko) 3.000.000 No No No
Mozilla/5.0 (PlayStation 4 3.00) AppleWebKit/537.73 (KHTML, like Gecko) 3.008.000 No No No
Mozilla/5.0 (PlayStation 4 3.10) AppleWebKit/537.73 (KHTML, like Gecko) 3.100.000 No No No
Mozilla/5.0 (PlayStation 4 3.11) AppleWebKit/537.73 (KHTML, like Gecko) 3.110.000 No No No
Mozilla/5.0 (PlayStation 4 3.15) AppleWebKit/537.73 (KHTML, like Gecko) 3.150.000 No No Yes
Mozilla/5.0 (PlayStation 4 3.50) AppleWebKit/537.78 (KHTML, like Gecko) 3.500.000 No No Yes
Mozilla/5.0 (PlayStation 4 3.55) AppleWebKit/537.78 (KHTML, like Gecko) 3.550.000 No No Yes
Mozilla/5.0 (PlayStation 4 4.07) AppleWebKit/537.78 (KHTML, like Gecko) 4.070.000 No No No
Mozilla/5.0 (PlayStation 4 5.00) AppleWebKit/601.2 (KHTML, like Gecko) 5.000.000 No No No
Mozilla/5.0 (PlayStation 4 5.50) AppleWebKit/601.2 (KHTML, like Gecko) 5.500.000 No No No

Webkit exploits

See Working_Exploits#WebKit.2FUserland_Exploits.

Modules

Modules loaded in WebProcess (1.76)

Descriptor Module Remark
0x1 libkernel.sprx syscalls (see freebsd num syscall)
0x2 libSceLibcInternal.sprx LibC
0xC libSceSysmodule.sprx
0xE libSceNet.sprx
0xF libSceNetCtl.sprx
0x11 libSceIpmi.sprx
0x12 libSceMbus.sprx
0x13 libSceRegMgr.sprx
0x14 libSceRtc.sprx
0x15 libScePad.sprx
0x16 libSceVideoOut.sprx
0x17 libScePigletv2VSH.sprx vsh function and some opengl primitive
0x18 libSceOrbisCompat.sprx
0x19 libSceWebKit2.sprx
0x1A libSceSysCore.sprx
0x1B libSceSsl.sprx
0x1E libSceVideoCoreServerInterface.sprx
0x37 libSceSystemService.sprx psno:, psns:, loadExec, sceSystemServiceLaunchApp,startLaunchAppByTitleId ...
0x59 libSceCompositeExt.sprx

Modules loaded in WebProcess (3.55)

Descriptor Module Remark
0x2001 libkernel.sprx syscalls (see freebsd num syscall)
0x2 libSceLibcInternal.sprx
0xC libSceSysmodule.sprx
0xE libSceNet.sprx
0x1B libSceNetCtl.sprx
0x1D libSceIpmi.sprx
0x1E libSceMbus.sprx
0x1F libSceRegMgr.sprx
0x20 libSceRtc.sprx
0x21 libScePad.sprx
0x22 libSceVideoOut.sprx
0x23 libSceOrbisCompat.sprx
0x24 libSceWebKit2.sprx
0x25 libSceSysCore.sprx
0x26 libSceSystemService.sprx psno:, psns:, loadExec, sceSystemServiceLaunchApp,startLaunchAppByTitleId ...
0x35 libSceSsl.sprx
0x38 libSceVideoCoreServerInterface.sprx
0x2060 libSceWebBrowserInjectedBundle.sprx