Webbrowser

Web Content Guidelines[edit | edit source]

• PS Vita Web Content Guidelines v3.00
• PS3 Web Content Guidelines v3.10
• PS4 Web Content Guidelines v1.50

Supports[edit | edit source]

• Cookies
• Javascript 1.7
• partial HTML 5
• Partial Video support (added from 2.10 update)

Not supported[edit | edit source]

• Flash
• Youtube (no HTML5: video)

Known Useragents[edit | edit source]

YouTube[edit | edit source]

PlayStation Vita YouTube/1.0 libhttp/1.67 (PS Vita)
PlayStation Vita YouTube/2.1 libhttp/2.60 (PS Vita)

WebBrowser[edit | edit source]

Useragent (Vita TV has trailing "Silk/3.2 VTE/2.50" or "Silk/3.2 VTE/3.30" as subidentifier):

Table below indicates known and unknown. "YES" = known vulnerability in use, "NO" = unknown if vulnerability in use.

Webkit exploits[edit | edit source]

Terminology[edit | edit source]

An information security vulnerability is a mistake in software that can be directly used by a hacker to gain access to a system or network.

An information security exposure is a system configuration issue or a mistake in software that allows access to information or 
capabilities that can be used by a hacker as a stepping-stone into a system or network.

Common Vulnerabilities and Exposures list[edit | edit source]

1.50-1.81 (CVE-2010-1807 and CVE-2010-4577)

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1807
• http://imthezuk.blogspot.com/2010/11/float-parsing-use-after-free.html

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4577
• https://code.google.com/p/chromium/issues/detail?id=63866

2.00-3.20 (CVE-2013-0903-1)

• Acama's write-up
• http://packetstormsecurity.com/files/123088/
• http://packetstormsecurity.com/files/123089/Packet-Storm-Advisory-2013-0903-1-Apple-Safari-Heap-Buffer-Overflow.html
• related to http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3748 and https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3748

3.30-3.36 (CVE-2014-1303)

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1303
• http://wololo.net/2015/04/22/new-webkit-exploit-found-vita-maybe-playstation-4
• https://www.blackhat.com/docs/eu-14/materials/eu-14-Chen-WebKit-Everywhere-Secure-Or-Not.PDF
• https://www.blackhat.com/docs/eu-14/materials/eu-14-Chen-WebKit-Everywhere-Secure-Or-Not-WP.pdf
• https://cansecwest.com/slides/2015/Liang_CanSecWest2015.pdf

3.50-3.60 (no CVE at the time it was written, credits to xyz)

• https://blog.xyz.is/2016/webkit-360.html
• Mike H.'s write-up
• Mike H.'s write-up #2

Repositories[edit | edit source]

<=1.81 webkit exploit PoC:

• article by Davee
• discarded repro reduction for <=1.81 by Josh Axey

1.50-1.69-1.80 HTMLit:

• htmlit by Davee

ROPtool:

• roptool article by Davee
• old version by Davee
• first release by Davee
• new version by Davee

1.61 files for HTMLit and ROPtool:

• files+webkitby xyz

1.80 files for ROPtool:

• files by Davee

1.81 ROP:

• Support_Uri ROP script by SMOKE
• VitaROP by SMOKE

2.60 webkit exploit PoC:

• credits article
• psvita-260-webkit by Davee
• psvita-webkit by Davee

3.18 webkit exploit PoC:

• codelion_poc by Codelion and BrianBTB

3.01-3.15-3.18 memory dumping:

• memory-splicer by Archaemic
• JSoS-Module-Dump-Release by BrianBTB
  • http://pastie.org/private/ugchhaqctvmw5rrg5w37ka <- load more modules for the JSoS module dumper :)
• memtools_vita by BrianBTB

3.15-3.18 webkitties:

• webkitties by Acama

3.00-3.15-3.18 vitasploit:

• vitasploit (dead link) by Hykem
• vitasploit (mirror) by Hykem

2.02-2.12-3.00-3.01-3.18 vitasploit:

• vitasploit by xyz

3.36 webkit exploit:

• 3.36 webkit exploit by xyz

2.00-2.01-2.02-2.05-2.10-2.11-2.12-2.50-2.60-2.61-3.00-3.01-3.10-3.12-3.18-3.20 + 3.30-3.35-3.36 vitasploit:

• vitasploit by Sorvigolova

Other tools:

• vitadump IDA plugin by xyz

Online Tests[edit | edit source]

• live test
• live test (miror)
• live test 2.60 (old)

Webkit Modules[edit | edit source]

• (3.18 dump) dead link

Browsertests[edit | edit source]

• http://www.roshi.tv/2011/12/psvitano.html

Access to the PS3 Store and get content in Vita[edit | edit source]

Video

[1]

PS Vita's browser has some secrets function, such as enter in ps store or open an app.

For example:

How it works

 psns:browse

This command supports several arguments, the most usables are:

 psns:browse?category=
 
 psns:browse?product=

By defining a category or product ID, this command will redirect you to the PSN Store and show you the chosen category/product. A few examples:

The syntax for categories works as follows:

 PN + CONSOLE ID + REGION ID + PN + CONSOLE ID + STORE ID + REGION ID + PAGE

Common Console ID's are:

 P3 --> PS3
 
 VT --> PS VITA
 
 PC --> MEDIA GO / PSP

Common Store ID's are:

 GAME or VIDEO

Redeem Comand

 psns:redeem?code1=123&code2=456&code3=789

This command will immediantly prompt you to the PSN Stores' redeem function, taking the arguments with it.