1. Forums /
  2. Gaming Lounge /
  3. PS4 /
  4. PS4 Mods and Cheats /
  5. CVE 2014-1303 Proof Of Concept for PS4
Post: CVE 2014-1303 Proof Of Concept for PS4
04-19-2016, 05:10 AM #1
Hydrogen's Avatar
Hydrogen
Super Mod
(adsbygoogle = window.adsbygoogle || []).push({}); Hello NextGenUpdate, Hydrogen here. Today I will like to show you something I ran into. Maybe some good devs could use it for something useful. Basically, this is a ported CVE 2014-1303 to the ps4 by Fire_30, here is a poc repository: You must login or register to view this content.

CVE 2014-1303 Proof Of Concept for PS4


This repository contains a poc for the CVE 2014-1303 originally disclosed by Liang Chen. It has been tested to work on system firmware 2.03, but should work for systems on a firmware < 2.50, the ROP test will however only work on 2.03.

Usage


You need to edit the dns.conf to point to the ip address of your machine, and modify your consoles dns settings to point to it as well. Then run
python fakedns.py -c dns.conf
then
python server.py
Debug output will come from this process.

Navigate to the User's Guide page on the PS4 and various information should be printed to the console. The ROP test will print what is stored in the rsp register. Continuing execution after rsp is pivoted still needs to be done.

Cheers, Hydrogen Hi

The following 2 users say thank you to Hydrogen for this useful post:

Krxxl, Jon Snow
04-19-2016, 05:29 AM #2
Red-EyeX32's Avatar
Red-EyeX32
AstroCFG
Originally posted by Hydrogen View Post
Hello NextGenUpdate, Hydrogen here. Today I will like to show you something I ran into. Maybe some good devs could use it for something useful. Basically, this is a ported CVE 2014-1303 to the ps4 by Fire_30, here is a poc repository: You must login or register to view this content.

CVE 2014-1303 Proof Of Concept for PS4


This repository contains a poc for the CVE 2014-1303 originally disclosed by Liang Chen. It has been tested to work on system firmware 2.03, but should work for systems on a firmware < 2.50, the ROP test will however only work on 2.03.

Usage


You need to edit the dns.conf to point to the ip address of your machine, and modify your consoles dns settings to point to it as well. Then run
python fakedns.py -c dns.conf
then
python server.py
Debug output will come from this process.

Navigate to the User's Guide page on the PS4 and various information should be printed to the console. The ROP test will print what is stored in the rsp register. Continuing execution after rsp is pivoted still needs to be done.

Cheers, Hydrogen Hi


How the hell did you find this lol? It was barely shared :p
04-19-2016, 05:38 AM #3
AFG's Avatar
AFG
The One and Only
Originally posted by EyeX32 View Post
How the hell did you find this lol? It was barely shared :p


I'm telling you this guy probably works closely with those devs and then shares the released information right away on here. Sal
Last edited by AFG ; 04-19-2016 at 05:49 AM.
04-19-2016, 05:43 AM #4
Hydrogen's Avatar
Hydrogen
Super Mod
Originally posted by EyeX32 View Post
How the hell did you find this lol? It was barely shared :p


Shhh I got meh peeps Red Sal Smile

The following user thanked Hydrogen for this useful post:

AFG
04-19-2016, 07:31 AM #5
codefollow's Avatar
codefollow
Do a barrel roll!
All your doing is copy and pasting content actually write this yourself or link the post.

The following user thanked codefollow for this useful post:

JATOCH
04-19-2016, 07:39 AM #6
Hydrogen's Avatar
Hydrogen
Super Mod
Originally posted by codefollow View Post
All your doing is copy and pasting content actually write this yourself or link the post.


Obviously, that's why I showed credit at the top of the thread. I'm here to post information, and keep everyone updated in the PS4 Hacking Scene. Some threads I reword, and some threads I C&P w/ source. If your going to start an argument for no reason wont work bud :p

The following user thanked Hydrogen for this useful post:

Mxntas
04-19-2016, 01:10 PM #7
Jon Snow's Avatar
Jon Snow
Di DonDadda
Originally posted by codefollow View Post
All your doing is copy and pasting content actually write this yourself or link the post.

it doesnt matter if he C&P, he is just trying to share the info, dont be a hater and jump on the bandwagon however i do agree that he should link source but if higher rank staff doesnt have a problem then its fine i guess.

Originally posted by Hydrogen View Post
Obviously, that's why I showed credit at the top of the thread. I'm here to post information, and keep everyone updated in the PS4 Hacking Scene. Some threads I reword, and some threads I C&P w/ source. If your going to start an argument for no reason wont work bud :p
04-19-2016, 01:45 PM #8
Hydrogen's Avatar
Hydrogen
Super Mod
Originally posted by Jon
it doesnt matter if he C&P, he is just trying to share the info, dont be a hater and jump on the bandwagon however i do agree that he should link source but if higher rank staff doesnt have a problem then its fine i guess.


That's literally the whole link to the source lol? I gave credit to the owner, plus all that was in the link was the download with all the info. So no source needed except the github link :p
04-19-2016, 01:50 PM #9
Jon Snow's Avatar
Jon Snow
Di DonDadda
Originally posted by Hydrogen View Post
That's literally the whole link to the source lol? I gave credit to the owner, plus all that was in the link was the download with all the info. So no source needed except the github link :p


u do know im your side right Cool Troll

The following user thanked Jon Snow for this useful post:

Krxxl
04-19-2016, 04:20 PM #10
Hydrogen's Avatar
Hydrogen
Super Mod
Originally posted by Jon
u do know im your side right Cool Troll


Haha yeah I know, i'm just saying :p aha

Copyright © 2024, NextGenUpdate.
All Rights Reserved.

Gray NextGenUpdate Logo