Internet Browser: Difference between revisions
Jump to navigation
Jump to search
m (→User Agents) |
(add POC CVE 2014-1303) |
||
| Line 94: | Line 94: | ||
* [http://daxhordes.org/ps4_176/ps4_dump.html live test] / [http://daxhordes.org/ps4_176/ps4_dump2.html livetest2] / [http://daxhordes.org/ps4_176/ps4_rop2.html ROP2] | * [http://daxhordes.org/ps4_176/ps4_dump.html live test] / [http://daxhordes.org/ps4_176/ps4_dump2.html livetest2] / [http://daxhordes.org/ps4_176/ps4_rop2.html ROP2] | ||
* [https://www.sendspace.com/file/mdunzp PS4 1.76 Webkit ROP POC] [http://wololo.net/downloads/index.php/download/8230 mirror] [http://wololo.net/talk/viewtopic.php?p=368577] | * [https://www.sendspace.com/file/mdunzp PS4 1.76 Webkit ROP POC] [http://wololo.net/downloads/index.php/download/8230 mirror] [http://wololo.net/talk/viewtopic.php?p=368577] | ||
* [https://github.com/Fire30/PS4-2014-1303-POC PS4 <2.51 Webkit POC] [http://wololo.net/2016/04/21/proof-of-concept-webkit-exploit-running-on-ps4-firmwares-up] | |||
=== Modules loaded in WebProcess === | === Modules loaded in WebProcess === | ||
{| class="wikitable sortable" | {| class="wikitable sortable" | ||
Revision as of 20:01, 21 April 2016
Internet Browser
Based on WebKit/536.26, just like PSVita =>2.00
Web Content Guidelines
- PS Vita Web Content Guidelines v3.00
- PS3 Web Content Guidelines v3.10
- PS4 Web Content Guidelines v1.50
Generic Info & Test
- http://coding.vdhdesign.co.nz/?p=351
- http://acid3.acidtests.org score: 100/100
- http://html5test.com/s/fe55bf1cbf48181d.html
- https://html5test.com/s/72c1042bfc840b31.html
User Agents
Table below indicates known and unknown. "YES" = known vulnerability in use, "NO" = unknown if vulnerability in use.
| useragent | version | vulnerability |
|---|---|---|
| Mozilla/5.0 (PlayStation 4 1.000) AppleWebKit/536.26 (KHTML, like Gecko) | 1.000.051, 1.000.071 | Yes |
| Mozilla/5.0 (PlayStation 4 1.010) AppleWebKit/536.26 (KHTML, like Gecko) | 1.01, 1.010.031 | Yes |
| Mozilla/5.0 (PlayStation 4 1.020) AppleWebKit/536.26 (KHTML, like Gecko) | 1.020.010, 1.020.041, 1.020.051 | Yes |
| Mozilla/5.0 (PlayStation 4 1.030) AppleWebKit/536.26 (KHTML, like Gecko) | 1.030.001 | Yes |
| Mozilla/5.0 (PlayStation 4 1.050) AppleWebKit/536.26 (KHTML, like Gecko) | 1.05 | Yes |
| Mozilla/5.0 (PlayStation 4 1.060) AppleWebKit/536.26 (KHTML, like Gecko) | 1.06 | Yes |
| Mozilla/5.0 (PlayStation 4 1.070) AppleWebKit/536.26 (KHTML, like Gecko) | 1.07 | Yes |
| Mozilla/5.0 (PlayStation 4 1.50) AppleWebKit/536.26 (KHTML, like Gecko) | 1.500.000, 1.500.101, 1.501.000, 1.501.041 | Yes |
| Mozilla/5.0 (PlayStation 4 1.51) AppleWebKit/536.26 (KHTML, like Gecko) | 1.510.000, 1.510.011 | Yes |
| Mozilla/5.0 (PlayStation 4 1.52) AppleWebKit/536.26 (KHTML, like Gecko) | 1.520.000 | Yes |
| Mozilla/5.0 (PlayStation 4 1.60) AppleWebKit/536.26 (KHTML, like Gecko) | 1.600.000 | Yes |
| Mozilla/5.0 (PlayStation 4 1.61) AppleWebKit/536.26 (KHTML, like Gecko) | 1.610.000 | Yes |
| Mozilla/5.0 (PlayStation 4 1.62) AppleWebKit/536.26 (KHTML, like Gecko) | 1.620.000 | Yes |
| Mozilla/5.0 (PlayStation 4 1.70) AppleWebKit/536.26 (KHTML, like Gecko) | 1.700.000, 1.700.081 | Yes |
| Mozilla/5.0 (PlayStation 4 1.71) AppleWebKit/536.26 (KHTML, like Gecko) | 1.710.000 | Yes |
| Mozilla/5.0 (PlayStation 4 1.72) AppleWebKit/536.26 (KHTML, like Gecko) | 1.720.000 | Yes |
| Mozilla/5.0 (PlayStation 4 1.74) AppleWebKit/536.26 (KHTML, like Gecko) | 1.740.000 | Yes |
| Mozilla/5.0 (PlayStation 4 1.75) AppleWebKit/536.26 (KHTML, like Gecko) | 1.750.000, 1.750.061 | Yes |
| Mozilla/5.0 (PlayStation 4 1.76) AppleWebKit/536.26 (KHTML, like Gecko) | 1.760.000, 1.760.001 | Yes |
| Mozilla/5.0 (PlayStation 4 2.00) AppleWebKit/537.73 (KHTML, like Gecko) | 2.000.000 | No |
| Mozilla/5.0 (PlayStation 4 2.01) AppleWebKit/537.73 (KHTML, like Gecko) | 2.010.000 | No |
| Mozilla/5.0 (PlayStation 4 2.02) AppleWebKit/537.73 (KHTML, like Gecko) | 2.020.000 | No |
| Mozilla/5.0 (PlayStation 4 2.03) AppleWebKit/537.73 (KHTML, like Gecko) | 2.030.000 | No |
| Mozilla/5.0 (PlayStation 4 2.04) AppleWebKit/537.73 (KHTML, like Gecko) | 2.040.000 | No |
| Mozilla/5.0 (PlayStation 4 2.50) AppleWebKit/537.73 (KHTML, like Gecko) | 2.501.000, 2.508.000 | No |
| Mozilla/5.0 (PlayStation 4 2.51) AppleWebKit/537.73 (KHTML, like Gecko) | 2.510.000 | No |
| Mozilla/5.0 (PlayStation 4 2.55) AppleWebKit/537.73 (KHTML, like Gecko) | 2.550.000 | No |
| Mozilla/5.0 (PlayStation 4 2.57) AppleWebKit/537.73 (KHTML, like Gecko) | 2.570.000 | No |
| Mozilla/5.0 (PlayStation 4 3.00) AppleWebKit/537.73 (KHTML, like Gecko) | 3.000.000 | No |
| ? | 3.008.000 | ? |
| ? | 3.100.000 | ? |
| Mozilla/5.0 (PlayStation 4 3.11) AppleWebKit/537.73 (KHTML, like Gecko) | 3.110.000 | ? |
| Mozilla/5.0 (PlayStation 4 3.15) AppleWebKit/537.73 (KHTML, like Gecko) | 3.150.000 | No |
"Mozilla/5.0 (PlayStation 4" + "AppleWebKit/" + "(KHTML, like Gecko)"
Webkit exploit
cross reference: http://www.vitadevwiki.com/index.php?title=Webbrowser#Webkit_exploit
- live test / livetest2 / ROP2
- live test / livetest2 / ROP2
- PS4 1.76 Webkit ROP POC mirror [1]
- PS4 <2.51 Webkit POC [2]
Modules loaded in WebProcess
| Descriptor | Module | Remark |
|---|---|---|
| 0x1 | libkernel.sprx | syscalls (see freebsd num syscall) |
| 0x2 | libSceLibcInternal.sprx | LibC |
| 0xC | libSceSysmodule.sprx | |
| 0xE | libSceNet.sprx | |
| 0xF | libSceNetCtl.sprx | |
| 0x11 | libSceIpmi.sprx | |
| 0x12 | libSceMbus.sprx | |
| 0x13 | libSceRegMgr.sprx | |
| 0x14 | libSceRtc.sprx | |
| 0x15 | libScePad.sprx | |
| 0x16 | libSceVideoOut.sprx | |
| 0x17 | libScePigletv2VSH.sprx | vsh function and some opengl primitive |
| 0x18 | libSceOrbisCompat.sprx | |
| 0x19 | libSceWebKit2.sprx | |
| 0x1A | libSceSysCore.sprx | |
| 0x1B | libSceSsl.sprx | |
| 0x1E | libSceVideoCoreServerInterface.sprx | |
| 0x37 | libSceSystemService.sprx | psno:, psns:, loadExec, sceSystemServiceLaunchApp,startLaunchAppByTitleId ... |
| 0x59 | libSceCompositeExt.sprx |
Ida pro plugin make code.
