Internet Browser: Difference between revisions
Jump to navigation
Jump to search
(Added FW 3.5 User Agent) |
No edit summary |
||
Line 88: | Line 88: | ||
|- | |- | ||
| Mozilla/5.0 (PlayStation 4 3.50) AppleWebKit/537.78 (KHTML, like Gecko) || [[3.500.000]] || {{no}} || {{no}} | | Mozilla/5.0 (PlayStation 4 3.50) AppleWebKit/537.78 (KHTML, like Gecko) || [[3.500.000]] || {{no}} || {{no}} | ||
|- | |||
| Mozilla/5.0 (PlayStation 4 3.55) AppleWebKit/537.78 (KHTML, like Gecko) || [[3.550.000]] || {{no}} || {{no}} | |||
|} | |} | ||
[https://www.google.com/?q=%22Mozilla/5.0+%28PlayStation+4%22%2B%22AppleWebKit/%22%2B%22%28KHTML,+like+Gecko%29%22&gws_rd=cr&ei=UYS8VNiRNcesPePTgYgD#safe=off&q=%22Mozilla%2F5.0+%28PlayStation+4%22%2B%22AppleWebKit%2F%22%2B%22%28KHTML%2C+like+Gecko%29%22 "Mozilla/5.0 (PlayStation 4" + "AppleWebKit/" + "(KHTML, like Gecko)"] | [https://www.google.com/?q=%22Mozilla/5.0+%28PlayStation+4%22%2B%22AppleWebKit/%22%2B%22%28KHTML,+like+Gecko%29%22&gws_rd=cr&ei=UYS8VNiRNcesPePTgYgD#safe=off&q=%22Mozilla%2F5.0+%28PlayStation+4%22%2B%22AppleWebKit%2F%22%2B%22%28KHTML%2C+like+Gecko%29%22 "Mozilla/5.0 (PlayStation 4" + "AppleWebKit/" + "(KHTML, like Gecko)"] | ||
Line 145: | Line 147: | ||
Ida pro plugin [http://pastebin.com/p7EftFL0 make code]. | Ida pro plugin [http://pastebin.com/p7EftFL0 make code]. | ||
As of firmware version 3.55 a patch has been included to prevent a use-after-free segmentation fault from being exploited | |||
this could have led to a rop chain and code execution. would have been cool if someone would have done some real research on it... | |||
details: https://github.com/WebKit/webkit/commit/98845d940e30529098eea7e496af02e14301c704 | |||
{{Software}} | {{Software}} | ||
<noinclude>[[Category:Main]]</noinclude> | <noinclude>[[Category:Main]]</noinclude> |
Revision as of 18:20, 21 June 2016
Internet Browser
Based on WebKit/536.26, just like PSVita =>2.00
Web Content Guidelines
- PS Vita Web Content Guidelines v3.00
- PS3 Web Content Guidelines v3.10
- PS4 Web Content Guidelines v1.50
Generic Info & Test
- http://coding.vdhdesign.co.nz/?p=351
- http://acid3.acidtests.org score: 100/100
- http://html5test.com/s/fe55bf1cbf48181d.html
- https://html5test.com/s/72c1042bfc840b31.html
User Agents
Table below indicates known and unknown user-agents. "YES" = known vulnerability in use, "NO" = unknown if vulnerability in use.
useragent | version | CVE-2012-3748 | CVE-2014-1303 |
---|---|---|---|
Mozilla/5.0 (PlayStation 4 1.000) AppleWebKit/536.26 (KHTML, like Gecko) | 1.000.051, 1.000.071 | Yes | ? |
Mozilla/5.0 (PlayStation 4 1.010) AppleWebKit/536.26 (KHTML, like Gecko) | 1.01, 1.010.031 | Yes | ? |
Mozilla/5.0 (PlayStation 4 1.020) AppleWebKit/536.26 (KHTML, like Gecko) | 1.020.010, 1.020.041, 1.020.051 | Yes | ? |
Mozilla/5.0 (PlayStation 4 1.030) AppleWebKit/536.26 (KHTML, like Gecko) | 1.030.001 | Yes | ? |
Mozilla/5.0 (PlayStation 4 1.050) AppleWebKit/536.26 (KHTML, like Gecko) | 1.05 | Yes | ? |
Mozilla/5.0 (PlayStation 4 1.060) AppleWebKit/536.26 (KHTML, like Gecko) | 1.06 | Yes | ? |
Mozilla/5.0 (PlayStation 4 1.070) AppleWebKit/536.26 (KHTML, like Gecko) | 1.07 | Yes | ? |
Mozilla/5.0 (PlayStation 4 1.50) AppleWebKit/536.26 (KHTML, like Gecko) | 1.500.000, 1.500.101, 1.501.000, 1.501.041 | Yes | ? |
Mozilla/5.0 (PlayStation 4 1.51) AppleWebKit/536.26 (KHTML, like Gecko) | 1.510.000, 1.510.011 | Yes | ? |
Mozilla/5.0 (PlayStation 4 1.52) AppleWebKit/536.26 (KHTML, like Gecko) | 1.520.000 | Yes | ? |
Mozilla/5.0 (PlayStation 4 1.60) AppleWebKit/536.26 (KHTML, like Gecko) | 1.600.000 | Yes | ? |
Mozilla/5.0 (PlayStation 4 1.61) AppleWebKit/536.26 (KHTML, like Gecko) | 1.610.000 | Yes | ? |
Mozilla/5.0 (PlayStation 4 1.62) AppleWebKit/536.26 (KHTML, like Gecko) | 1.620.000 | Yes | ? |
Mozilla/5.0 (PlayStation 4 1.70) AppleWebKit/536.26 (KHTML, like Gecko) | 1.700.000, 1.700.081 | Yes | ? |
Mozilla/5.0 (PlayStation 4 1.71) AppleWebKit/536.26 (KHTML, like Gecko) | 1.710.000 | Yes | ? |
Mozilla/5.0 (PlayStation 4 1.72) AppleWebKit/536.26 (KHTML, like Gecko) | 1.720.000 | Yes | ? |
Mozilla/5.0 (PlayStation 4 1.74) AppleWebKit/536.26 (KHTML, like Gecko) | 1.740.000 | Yes | ? |
Mozilla/5.0 (PlayStation 4 1.75) AppleWebKit/536.26 (KHTML, like Gecko) | 1.750.000, 1.750.061 | Yes | ? |
Mozilla/5.0 (PlayStation 4 1.76) AppleWebKit/536.26 (KHTML, like Gecko) | 1.760.000, 1.760.001 | Yes | ? |
Mozilla/5.0 (PlayStation 4 2.00) AppleWebKit/537.73 (KHTML, like Gecko) | 2.000.000 | No | Yes |
Mozilla/5.0 (PlayStation 4 2.01) AppleWebKit/537.73 (KHTML, like Gecko) | 2.010.000 | No | Yes |
Mozilla/5.0 (PlayStation 4 2.02) AppleWebKit/537.73 (KHTML, like Gecko) | 2.020.000 | No | Yes |
Mozilla/5.0 (PlayStation 4 2.03) AppleWebKit/537.73 (KHTML, like Gecko) | 2.030.000 | No | Yes |
Mozilla/5.0 (PlayStation 4 2.04) AppleWebKit/537.73 (KHTML, like Gecko) | 2.040.000 | No | Yes |
Mozilla/5.0 (PlayStation 4 2.50) AppleWebKit/537.73 (KHTML, like Gecko) | 2.501.000, 2.508.000 | No | Yes |
Mozilla/5.0 (PlayStation 4 2.51) AppleWebKit/537.73 (KHTML, like Gecko) | 2.510.000 | No | No |
Mozilla/5.0 (PlayStation 4 2.55) AppleWebKit/537.73 (KHTML, like Gecko) | 2.550.000 | No | No |
Mozilla/5.0 (PlayStation 4 2.57) AppleWebKit/537.73 (KHTML, like Gecko) | 2.570.000 | No | No |
Mozilla/5.0 (PlayStation 4 3.00) AppleWebKit/537.73 (KHTML, like Gecko) | 3.000.000 | No | No |
? | 3.008.000 | ? | ? |
? | 3.100.000 | ? | ? |
Mozilla/5.0 (PlayStation 4 3.11) AppleWebKit/537.73 (KHTML, like Gecko) | 3.110.000 | ? | ? |
Mozilla/5.0 (PlayStation 4 3.15) AppleWebKit/537.73 (KHTML, like Gecko) | 3.150.000 | No | No |
Mozilla/5.0 (PlayStation 4 3.50) AppleWebKit/537.78 (KHTML, like Gecko) | 3.500.000 | No | No |
Mozilla/5.0 (PlayStation 4 3.55) AppleWebKit/537.78 (KHTML, like Gecko) | 3.550.000 | No | No |
"Mozilla/5.0 (PlayStation 4" + "AppleWebKit/" + "(KHTML, like Gecko)"
Webkit exploit
cross reference: http://www.vitadevwiki.com/index.php?title=Webbrowser#Webkit_exploit
- live test / livetest2 / ROP2
- live test / livetest2 / ROP2
- PS4 1.76 Webkit ROP POC mirror [1]
- PS4 <2.51 Webkit POC [2]
Modules loaded in WebProcess
Descriptor | Module | Remark |
---|---|---|
0x1 | libkernel.sprx | syscalls (see freebsd num syscall) |
0x2 | libSceLibcInternal.sprx | LibC |
0xC | libSceSysmodule.sprx | |
0xE | libSceNet.sprx | |
0xF | libSceNetCtl.sprx | |
0x11 | libSceIpmi.sprx | |
0x12 | libSceMbus.sprx | |
0x13 | libSceRegMgr.sprx | |
0x14 | libSceRtc.sprx | |
0x15 | libScePad.sprx | |
0x16 | libSceVideoOut.sprx | |
0x17 | libScePigletv2VSH.sprx | vsh function and some opengl primitive |
0x18 | libSceOrbisCompat.sprx | |
0x19 | libSceWebKit2.sprx | |
0x1A | libSceSysCore.sprx | |
0x1B | libSceSsl.sprx | |
0x1E | libSceVideoCoreServerInterface.sprx | |
0x37 | libSceSystemService.sprx | psno:, psns:, loadExec, sceSystemServiceLaunchApp,startLaunchAppByTitleId ... |
0x59 | libSceCompositeExt.sprx |
Ida pro plugin make code.
As of firmware version 3.55 a patch has been included to prevent a use-after-free segmentation fault from being exploited
this could have led to a rop chain and code execution. would have been cool if someone would have done some real research on it...
details: https://github.com/WebKit/webkit/commit/98845d940e30529098eea7e496af02e14301c704