Internet Browser: Difference between revisions
Jump to navigation
Jump to search
m (→User Agents) |
m (→User Agents) |
||
Line 90: | Line 90: | ||
|- | |- | ||
| Mozilla/5.0 (PlayStation 4 3.55) AppleWebKit/537.78 (KHTML, like Gecko) || [[3.550.000]] || {{no}} || {{no}} || {{yes}} | | Mozilla/5.0 (PlayStation 4 3.55) AppleWebKit/537.78 (KHTML, like Gecko) || [[3.550.000]] || {{no}} || {{no}} || {{yes}} | ||
|- | |||
| Mozilla/5.0 (PlayStation 4 4.07) AppleWebKit/537.78 (KHTML, like Gecko) || [[4.070.000]] || {{no}} || {{no}} || {{no}} | |||
|- | |- | ||
| Mozilla/5.0 (PlayStation 4 5.00) AppleWebKit/601.2 (KHTML, like Gecko) || [[5.000.000]] || {{no}} || {{no}} || {{no}} | | Mozilla/5.0 (PlayStation 4 5.00) AppleWebKit/601.2 (KHTML, like Gecko) || [[5.000.000]] || {{no}} || {{no}} || {{no}} |
Revision as of 21:39, 8 February 2018
Internet Browser
Based on WebKit/536.26, just like PSVita =>2.00
Web Content Guidelines
- PS Vita Web Content Guidelines v3.00
- PS3 Web Content Guidelines v3.10
- PS4 Web Content Guidelines v1.50
Generic Info & Test
- http://coding.vdhdesign.co.nz/?p=351
- http://acid3.acidtests.org score: 100/100
- http://html5test.com/s/fe55bf1cbf48181d.html
- https://html5test.com/s/72c1042bfc840b31.html
User Agents
Table below indicates known and unknown user-agents. "YES" = known vulnerability in use, "NO" = unknown if vulnerability in use.
useragent | version | CVE-2012-3748 | CVE-2014-1303 | HENkaku |
---|---|---|---|---|
Mozilla/5.0 (PlayStation 4 1.000) AppleWebKit/536.26 (KHTML, like Gecko) | 1.000.051, 1.000.071 | Yes | ? | ? |
Mozilla/5.0 (PlayStation 4 1.010) AppleWebKit/536.26 (KHTML, like Gecko) | 1.01, 1.010.031 | Yes | ? | ? |
Mozilla/5.0 (PlayStation 4 1.020) AppleWebKit/536.26 (KHTML, like Gecko) | 1.020.010, 1.020.041, 1.020.051 | Yes | ? | ? |
Mozilla/5.0 (PlayStation 4 1.030) AppleWebKit/536.26 (KHTML, like Gecko) | 1.030.001 | Yes | ? | ? |
Mozilla/5.0 (PlayStation 4 1.050) AppleWebKit/536.26 (KHTML, like Gecko) | 1.05 | Yes | ? | ? |
Mozilla/5.0 (PlayStation 4 1.060) AppleWebKit/536.26 (KHTML, like Gecko) | 1.06 | Yes | ? | ? |
Mozilla/5.0 (PlayStation 4 1.070) AppleWebKit/536.26 (KHTML, like Gecko) | 1.07 | Yes | ? | ? |
Mozilla/5.0 (PlayStation 4 1.50) AppleWebKit/536.26 (KHTML, like Gecko) | 1.500.000, 1.500.101, 1.501.000, 1.501.041 | Yes | ? | ? |
Mozilla/5.0 (PlayStation 4 1.51) AppleWebKit/536.26 (KHTML, like Gecko) | 1.510.000, 1.510.011 | Yes | ? | ? |
Mozilla/5.0 (PlayStation 4 1.52) AppleWebKit/536.26 (KHTML, like Gecko) | 1.520.000 | Yes | ? | ? |
Mozilla/5.0 (PlayStation 4 1.60) AppleWebKit/536.26 (KHTML, like Gecko) | 1.600.000 | Yes | ? | ? |
Mozilla/5.0 (PlayStation 4 1.61) AppleWebKit/536.26 (KHTML, like Gecko) | 1.610.000 | Yes | ? | ? |
Mozilla/5.0 (PlayStation 4 1.62) AppleWebKit/536.26 (KHTML, like Gecko) | 1.620.000 | Yes | ? | ? |
Mozilla/5.0 (PlayStation 4 1.70) AppleWebKit/536.26 (KHTML, like Gecko) | 1.700.000, 1.700.081 | Yes | ? | ? |
Mozilla/5.0 (PlayStation 4 1.71) AppleWebKit/536.26 (KHTML, like Gecko) | 1.710.000 | Yes | ? | ? |
Mozilla/5.0 (PlayStation 4 1.72) AppleWebKit/536.26 (KHTML, like Gecko) | 1.720.000 | Yes | ? | ? |
Mozilla/5.0 (PlayStation 4 1.74) AppleWebKit/536.26 (KHTML, like Gecko) | 1.740.000 | Yes | ? | ? |
Mozilla/5.0 (PlayStation 4 1.75) AppleWebKit/536.26 (KHTML, like Gecko) | 1.750.000, 1.750.061 | Yes | ? | ? |
Mozilla/5.0 (PlayStation 4 1.76) AppleWebKit/536.26 (KHTML, like Gecko) | 1.760.000, 1.760.001 | Yes | ? | ? |
Mozilla/5.0 (PlayStation 4 2.00) AppleWebKit/537.73 (KHTML, like Gecko) | 2.000.000 | No | Yes | Yes |
Mozilla/5.0 (PlayStation 4 2.01) AppleWebKit/537.73 (KHTML, like Gecko) | 2.010.000 | No | Yes | Yes |
Mozilla/5.0 (PlayStation 4 2.02) AppleWebKit/537.73 (KHTML, like Gecko) | 2.020.000 | No | Yes | Yes |
Mozilla/5.0 (PlayStation 4 2.03) AppleWebKit/537.73 (KHTML, like Gecko) | 2.030.000 | No | Yes | Yes |
Mozilla/5.0 (PlayStation 4 2.04) AppleWebKit/537.73 (KHTML, like Gecko) | 2.040.000 | No | Yes | Yes |
Mozilla/5.0 (PlayStation 4 2.50) AppleWebKit/537.73 (KHTML, like Gecko) | 2.501.000, 2.508.000 | No | No | No |
Mozilla/5.0 (PlayStation 4 2.51) AppleWebKit/537.73 (KHTML, like Gecko) | 2.510.000 | No | No | No |
Mozilla/5.0 (PlayStation 4 2.55) AppleWebKit/537.73 (KHTML, like Gecko) | 2.550.000 | No | No | No |
Mozilla/5.0 (PlayStation 4 2.57) AppleWebKit/537.73 (KHTML, like Gecko) | 2.570.000 | No | No | No |
Mozilla/5.0 (PlayStation 4 3.00) AppleWebKit/537.73 (KHTML, like Gecko) | 3.000.000 | No | No | No |
Mozilla/5.0 (PlayStation 4 3.00) AppleWebKit/537.73 (KHTML, like Gecko) | 3.008.000 | No | No | No |
Mozilla/5.0 (PlayStation 4 3.10) AppleWebKit/537.73 (KHTML, like Gecko) | 3.100.000 | No | No | No |
Mozilla/5.0 (PlayStation 4 3.11) AppleWebKit/537.73 (KHTML, like Gecko) | 3.110.000 | No | No | No |
Mozilla/5.0 (PlayStation 4 3.15) AppleWebKit/537.73 (KHTML, like Gecko) | 3.150.000 | No | No | Yes |
Mozilla/5.0 (PlayStation 4 3.50) AppleWebKit/537.78 (KHTML, like Gecko) | 3.500.000 | No | No | Yes |
Mozilla/5.0 (PlayStation 4 3.55) AppleWebKit/537.78 (KHTML, like Gecko) | 3.550.000 | No | No | Yes |
Mozilla/5.0 (PlayStation 4 4.07) AppleWebKit/537.78 (KHTML, like Gecko) | 4.070.000 | No | No | No |
Mozilla/5.0 (PlayStation 4 5.00) AppleWebKit/601.2 (KHTML, like Gecko) | 5.000.000 | No | No | No |
Mozilla/5.0 (PlayStation 4 5.50) AppleWebKit/601.2 (KHTML, like Gecko) | 5.500.000 | No | No | No |
"Mozilla/5.0 (PlayStation 4" + "AppleWebKit/" + "(KHTML, like Gecko)"
Webkit exploit
cross reference: http://www.vitadevwiki.com/index.php?title=Webbrowser#Webkit_exploit
- live test / livetest2 / ROP2
- live test / livetest2 / ROP2
- PS4 1.76 Webkit ROP POC mirror [1]
- PS4 <2.51 Webkit POC [2]
- PS4 <3.55 Webkit POC
- PS4 <4.07 Webkit POCmirror
Modules loaded in WebProcess (4.07)
Descriptor | Module | Remark |
---|---|---|
0x1 | libkernel.sprx | syscalls (see freebsd num syscall) |
0x2 | libSceLibcInternal.sprx | LibC |
0xC | libSceSysmodule.sprx | |
0xE | libSceNet.sprx | |
0xF | libSceNetCtl.sprx | |
0x11 | libSceIpmi.sprx | |
0x12 | libSceMbus.sprx | |
0x13 | libSceRegMgr.sprx | |
0x14 | libSceRtc.sprx | |
0x15 | libScePad.sprx | |
0x16 | libSceVideoOut.sprx | |
0x17 | libScePigletv2VSH.sprx | vsh function and some opengl primitive |
0x18 | libSceOrbisCompat.sprx | |
0x19 | libSceWebKit2.sprx | |
0x1A | libSceSysCore.sprx | |
0x1B | libSceSsl.sprx | |
0x1E | libSceVideoCoreServerInterface.sprx | |
0x37 | libSceSystemService.sprx | psno:, psns:, loadExec, sceSystemServiceLaunchApp,startLaunchAppByTitleId ... |
0x59 | libSceCompositeExt.sprx |
Modules loaded in WebProcess (4.07)
Descriptor | Module | Remark |
---|---|---|
0x2001 | libkernel.sprx | syscalls (see freebsd num syscall) |
0x2 | libSceLibcInternal.sprx | LibC |
0xC | libSceSysmodule.sprx | |
0xE | libSceNet.sprx | |
0x1B | libSceNetCtl.sprx | |
0x1D | libSceIpmi.sprx | |
0x1E | libSceMbus.sprx | |
0x1F | libSceRegMgr.sprx | |
0x20 | libSceRtc.sprx | |
0x21 | libScePad.sprx | |
0x22 | libSceVideoOut.sprx | |
0x23 | libSceOrbisCompat.sprx | |
0x24 | libSceWebKit2.sprx | |
0x25 | libSceSysCore.sprx | |
0x26 | libSceSystemService.sprx | psno:, psns:, loadExec, sceSystemServiceLaunchApp,startLaunchAppByTitleId ... |
0x35 | libSceSsl.sprx | |
0x38 | libSceVideoCoreServerInterface.sprx | |
0x2060 | libSceWebBrowserInjectedBundle.sprx |
Ida pro plugin make code.
As of firmware version 4.07 a patch has been included to prevent a use-after-free segmentation fault from being exploited
this could have led to a rop chain and code execution. would have been cool if someone would have done some real research on it...
details: https://github.com/WebKit/webkit/commit/98845d940e30529098eea7e496af02e14301c704