PS4-6.20-WebKit-Code-Execution-Exploit icon indicating copy to clipboard operation
PS4-6.20-WebKit-Code-Execution-Exploit copied to clipboard
verified publisher icon Cryptogenic

PoC has raised failed to find smashed butterfly in 5.53 version

Open mohsen-mahmoudi opened this issue 6 years ago • 3 comments

Hi @Cryptogenic. I use tomcat in my PC and I created local net. In PS4 when I browse index.html and then click on GO, error raised about "failed to find smashed butterfly" after that I saw log about "Phase 1: Obtaining Relative R/W Primitive" on page and then no action do! Is problem for my PS4 version?

mohsen-mahmoudi avatar Sep 19 '19 20:09 mohsen-mahmoudi

I uncomment the debug logs. I found below checking in line 213 in wkexploit.js if (targetButterflies[i].length != 0x10) when I changed the value from 0x10 to 0x0 if (targetButterflies[i].length != 0x0) then Phase 1 complete done. and then in phase 2 after "Leaking address of array leak primitive" log, no action do!

mohsen-mahmoudi avatar Sep 19 '19 20:09 mohsen-mahmoudi

6.20 webkit exploit only works on 6.00-6.20 not below nor upper.

CelesteBlue-dev avatar Sep 20 '19 14:09 CelesteBlue-dev

@CelesteBlue-dev, I used this exploit based on This exploit targets firmware 6.20. It should work on lower firmwares however the gadgets will need to be ported... statement at Note section.

mohsen-mahmoudi avatar Sep 21 '19 04:09 mohsen-mahmoudi