Sponsored Links

Sponsored Links

Results 1 to 7 of 7



  1. #1
    Senior Member GotNoUsername's Avatar
    Join Date
    Feb 2007
    Posts
    319
    Sponsored Links

    Lightbulb Rumor: PS4 Vulnerable to Heartbleed, Seeking Exploit Testers

    Sponsored Links
    Hi, cfwprophet and myself are looking for someone willing to test something on their PS4 , would be a great deed for the community, no risk for your PS4 at all !

    We just want to test something before the update. Would be great if someone is willing. Pls reply here to me ASAP. Thanks for your time.

    Below are the details, as follows: Rumor: PS4 vulnerable to Heartbleed? by hellsing9



    I will keep it short and simple. We need someone with a PS4 to test something. It's kinda odd that rushed attempt from Phony to label a rumour an upcoming update. (mandatory).

    I will not use any kind of links but PS4 uses Openssl and nanossl (or at least what zecoxao said) Not sure though. Either case we don't know which version of OSSL uses. Which cfwprpht is/was researching, even if it the test fails. Well at least they tried.

    What we need?

    Someone willing to test something BEFORE mandatory update appears. This will not mess up your PS4, nor will open enable PS4 to do something. It's just a test.

    So it is about the Heartbleed Bug as Helsing9 mentoined which i want to test on the PS4. But in case my PS4 have a Hardware Error and i can't run Any App or Any Game the result of the Test was negative.

    The thing is that we need something on the PS4 that uses the OpenSSL lib, expecially a importend part of the lib need to be used. Mostly this part is used for Internet communication to test if a connection is still alive. There for it is mostly a part of the Web Browser. And there for i can't run the Web Browser on my PS4 i would like to Test the Heartlbeed Bug on a PS4 that can run the Web Browser.

    What you need to do?

    Well, it's simple just run a .bat on your Computer and wait till something happens or not.

    Do it need something to set up, some files?

    Yes. You can get the needed files here: [Register or Login to view links] / Needed Files (Mirror)

    After that just extract those 3 files on your Desktop. Go to your PS4 and boot into the OS, log in and run the Web Browser. Now open a Command prompt and navigate to your desktop and run the .bat with the paramaters -yourIP- -StartPort- like that: testps4ssl 196.168.1.101 0

    You can find your PS4's IP under [Option/Settings >> Network >> Show Network Status]

    How do i know if the Test has come to a result?

    The bat. will stop and show you some info in the command prompt window. Addittional in the result.txt some infos will be stored and it will be renamed to "resultWithPort.txt"

    If you come to a result please post your info's here and let us all know.

    -Have Fun-

    ps. The command prompt should look like this:



    This Error Message is Ok and just tell's you that it couldn't connect to the port we have definied.

    For linux users, you can check deroad tool: Which was not written for ps4 itself and the code is not fully from deroad.

    [Register or Login to view links] (this is my version) it perform the attack N times (default 200 times)
    Code:
    hb-ps4.sh
    
    #!/bin/bash
    PORT_FOUND="0"
    PORT=0
    
    if [ $# -eq 1 ]; then
        echo "I'm testing the port"
        for port in `seq 1 65535`; do
            echo "port=" $port
            ./hb-test.py $1 -p $port -P >> /dev/null
            if [ $? -eq 0 ]; then
                 PORT_FOUND="1";
                 echo "PS4 port found! port= $port";
                 PORT=$port
                 break;
            fi
        done
        if [ $PORT_FOUND -eq 0 ]; then
            echo "PS4 port not found! Something may went wrong..."
        else
            echo "I'll test the Heartbleed bug. (see the result.txt file)"
            ./hb-test.py $1 -p $PORT -t 1 >> result.txt
        fi
    else
    	echo "hb-ps4 <IP PS4>"
    fi
    Yours GotNoUsername
    Attached Images<br><br> Attached Images

    Attached Files Attached Files

  2. #2
    Senior Member elser1's Avatar
    Join Date
    Oct 2010
    Posts
    2,419
    Sponsored Links
    Sponsored Links
    i'm keen. pm me the details if you want

  3. #3
    Senior Member metzen's Avatar
    Join Date
    Feb 2010
    Posts
    91
    Sponsored Links
    Sponsored Links
    PM me and I'll assist as well.

  4. #4
    Member Mesutg's Avatar
    Join Date
    Sep 2007
    Posts
    38
    Sponsored Links
    Sponsored Links
    yeah i can try 2

  5. #5
    Forum Moderator PS3 News's Avatar
    Join Date
    Apr 2005
    Posts
    27,488

    PS4 AC1D Flash Tool Manager GUI by CFWProphet for PlayStation 4 Out

    Following up on reporting the PS4 Vulnerable to Heartbleed rumor, today PlayStation 4 developer cfwprophet made available a PS4 AC1D Flash Tool Manager GUI application which can read and write from the PS4 Macronix NOR Flash chip with the use of a Teensy++ 2.0 USB development board and judges' SPIWay.py script.

    Download: [Register or Login to view links] / [Register or Login to view links] (Mirror) / [Register or Login to view links] / [Register or Login to view links] / [Register or Login to view links]

    PS4 AC1D Flash Manager
    (c) cfwprpht [Free to use for Every One !!]

    What it is?

    This is a Tool to handle the PS4 Macronix NOR Flash. It can Read/Write the Chip with use of Teensy++ 2.0 USB Dev Board. But there for the Tool is more only a GUI cause it use @judges SPIWay.py script for the Read/Write part.

    Then the Tool can validate a PS4 NOR Dump and Display the infos of your Console in the GUI. If you want you can also store your console infos in a database text file.

    It comes with the Python 2.7 and Python Serial Installer and will check if you have both installed or not. But at least it hase a own extracter and can extract a PS4 NOR Dump file as well a SLB2 Container. The validator Routine isn't perfect right now and even give me on my own dump on 3 of 33 Arrays to check a false negative. This is mostly to do that there need to be done more investigation on Console specific Marks and such they are present on all Consoles.

    But right now there isn't much use for the end user so i still have time to correct that. In case of your a Dev and want to write a Dump to your consoles flash that do not validate, then just create a empty txt file with the name "developer.conf". This will enable the Tool to activate all blocked buttons.

    Used Lib's:
    • ConsoleControle.dll - is a librarie from Dave Kerr
    • ProcessInterface.dll - is a librarie from Dave Kerr
    • SPIway.py - is a script from Judges
    • Log.dll - is a librarie from me (cfwprophet)
    • Tools.dll - is a librarie from me (cfwprophet)
    • nor4ps.dll - is a librarie from me (cfwprophet)
    • SLB2.dll - is a librarie from me (cfwprophet)

    So you may ask for what the SPIway.bat will be ?

    It's simpli. VisualStudio can't handle the python script. For that a python integration to Visual Studio
    will be needed. There are allready projects for that but in a beta phase. So we use the .batch to kind
    of spoof the python script. In case VS understand and can handle .bat's we just do the same within the .bat what we otherwise would do with the python script in VS. We do a "Call" and execute the python script with the needed arguments.

    What to do?
    • Adjust the validator Routine for the PS4 NOR flash.
    • Include a Flash Patcher Routine.
    • (Or) Activate diff Write. (which is already included into judges SPIway.py script).
    • Finish the vdump function which will verify the dumped data against the data on Chip.
    • Modify Console Control to match even more needs. (Like a way to check and wait for the current process to be done without the affect that your whole code stops and will cause a crash of your app).

    Credits and Greets:
    • Judges for his SPIway.py script (many thx)
    • Dave Kerr for his Console Controle Class librarie
    • eussNL for his affinity about the DevWiki (woop woop)
    • flatz for his PS4 unPKG.py script
    • grafchockolo for all his amazing work on the PS3 (i will always credit you in any scene releaded stuff thank you for everything you have done. We would need more guys like you in the Sony PlayStation Hacking Scene)
    • KDSBest for beeing a Mentor and a god friend to me
    • GotNoUsername you know why and that's enough
    • All Devwiki Contributors !! (information have to be free to every one)
    • Pockets69, Sandungas, Helsing9, GregoryRasputin, t000, Ada, _NiceShot, ******.net, ******.net, psx-scene.com and everyone else i forgot....(wink, wink)

    Some usefull Libraries also Released !!

    Finally, from cfwprophet: First the PS4 is a little bit diff guys. And one importend part i've learned this GEN - a Flash Chip shouldn't be readed from the Device it self. It all Depends on the used device but in case of PS4 the Macronix Flash is within a circuit of some other Chip.

    Especially is he in the same sircuit like the MediaCon. If you know trie to boot the Macrnoix Flash while the console is off you will also boot the MediaCon or parts of it. In the end you won't get any data nor a signal nor a ping from the teensy it self and in worst case you even could maybe damage something on the MB.

    But at the point we would need a flash on the PS4, there will be modders, as every time, like me they will you solder a socket onto your PS4 MB for around 20€. If you don't want to buy a flasher and already have a socket on your MB you just need to send me your FW, i'll patch it and if your come i just flash the already patched CFW onto your Macronix with the help of the socket for around 5€ for the flash part.

    Hell it's just a socket where you do a kind of hot swap with the flash chip and done. About the speed, a normall Dump will take arround 2.50 min's. A write process arround 4 min's. So fast enough for a 20€ Open Source Flasher

    o.O There isn't even a exploit nor that we have a way to decrypt any of the internal PS4 files nor that we have access to any of them. So no there is not a CFW coming.

    PS4 AC1D Flash Tool Manager GUI by CFWProphet for PlayStation 4 Out

    PS4 AC1D Flash Tool Manager GUI by CFWProphet for PlayStation 4 Out

    PS4 AC1D Flash Tool Manager GUI by CFWProphet for PlayStation 4 Out

    More PlayStation 4 News...

  6. #6
    Senior Member Tidusnake666's Avatar
    Join Date
    Sep 2008
    Posts
    802
    Not to get your hope high, there was a ps3 nand dumper/extractor/validator for ages before the real jailbreak saw the light, and the algo that ps3 jb used was completely unrellavant to that extractor.

    Great job anyways!

  7. #7
    Senior Member Xplic1T's Avatar
    Join Date
    Jun 2008
    Posts
    66
    Absolutely doubt that sony had used any opensource libs in the ps4 ... openssl was crafted by developers to encrypt web sites and saas appliances. There isn't a link to this being used in anyway on the internal xmb unless I'm missing something.

 

Sponsored Links

Affiliates - Contact Us - PS3 Downloads - Privacy Statement - Site Rules - Top - © 2014 PlayStation 3 News