PSVita Webkit exploit for 2.60 PoC

[reprep]

Right to the point.

https://bitbucket.org/DaveeFTW/psvita-260-webkit

Advertising

[chihuahua]

the 2.60 part worries me.

Advertising

[reprep]

the 2.60 part worries me.

Don't worry, quoted from DaveeFTW "This is a PoC of webkit exploit running on psvita. The PoC will work on firmware 2.60 only, but should be simple to adapt to new firmwares."

[MadZiontist]

Very nice.

[xyz]

Nice one. This should work on firmwares 2.00-3.18 (not sure about 3.20) that use webkit 536.26. It doesn't work on FWs < 2.00 because webkit is too old and doesn't have shift/unshift optimizations that trigger the exploit and on >=3.30 because it's too new and this is fixed. And while we're at it, anybody managed to get new webkit source code from Sony?

[yifanlu]

Hmm seeing roptool was created 2013-07-14, I'm guessing somebody has been pretty busy

[gnubaver]

So does this mean a Webkit exploit for 2.0-3.18 is ready to go?

[yifanlu]

As soon as people find gadgets for each fw version, sure. But end of the day, it will only benefit hackers looking to find a kernel exploit and although some people are more optimistic, I don't think homebrew will come from rop.

[gnubaver]

As soon as people find gadgets for each fw version, sure. But end of the day, it will only benefit hackers looking to find a kernel exploit and although some people are more optimistic, I don't think homebrew will come from rop.

What could we expect from ROP? I'm a total newbie when it comes to Vita. I'm pretty new to this, The PSP on the other hand.

Will we see highly illegal stuff? (I'm sure you know what i mean, without the need to discuss this further)

[yifanlu]

My hope is that people will pick up this hack and use it to dump WebKit and start attacking the kernel. With only this, you can't do much and definitely can't load any pirated games (or even homebrew code). It's also likely that whatever kernel exploit comes out would require a userland component which this would provide.