CVE 2014-1303 Proof Of Concept for PS4

Post: CVE 2014-1303 Proof Of Concept for PS4

04-19-2016, 05:10 AM #1

Hydrogen

Super Mod

5,393

Posts

93,350

Reputation

Credits

Former Staff

Aug 2015

NextGenUpdate

(adsbygoogle = window.adsbygoogle || []).push({}); Hello NextGenUpdate, Hydrogen here. Today I will like to show you something I ran into. Maybe some good devs could use it for something useful. Basically, this is a ported CVE 2014-1303 to the ps4 by Fire_30, here is a poc repository: You must login or register to view this content.

CVE 2014-1303 Proof Of Concept for PS4

This repository contains a poc for the CVE 2014-1303 originally disclosed by Liang Chen. It has been tested to work on system firmware 2.03, but should work for systems on a firmware < 2.50, the ROP test will however only work on 2.03.

Usage

You need to edit the dns.conf to point to the ip address of your machine, and modify your consoles dns settings to point to it as well. Then run
python fakedns.py -c dns.conf
then
python server.py
Debug output will come from this process.

Navigate to the User's Guide page on the PS4 and various information should be printed to the console. The ROP test will print what is stored in the rsp register. Continuing execution after rsp is pivoted still needs to be done.

Cheers, Hydrogen

The following 2 users say thank you to Hydrogen for this useful post:

Krxxl, Jon Snow

04-19-2016, 05:43 PM #11

OGConsoleModz

Grunt

Posts

175

Reputation

Credits

Member

Dec 2015

NextGenUpdate

Originally posted by Hydrogen

Obviously, that's why I showed credit at the top of the thread. I'm here to post information, and keep everyone updated in the PS4 Hacking Scene. Some threads I reword, and some threads I C&P w/ source. If your going to start an argument for no reason wont work bud :p

We appreciate the information you have shared with us especially the devs.