Hack-monstra pentru Playstation 3 pe LV2 Kernel lansat

 

Cunoscutul dezvoltator de pe PS3 Naehrwert, renumit pentru programele sale SCETool si Libeid dar si pentru reverse engineering pe PS3, a postat pe blogul lui despre posibilitatea unui exploit in LV2 care ar putea functiona pe toate versiunile de firmware curente inclusiv pe ultimul 4.25.

Insa hackul este blocat de lv2 inainte ca acesta sa fie executat prin stergerea sa din memorie.

Un citat de pe blogul lui:



A long while ago KaKaRoTo pointed me to a stack overflow he found while reversing lv2_kernel. But there are two problems:

 

  1. The vulnerability is in a protected syscall (the SELF calling it got to have the 0×40… control flags set). So you’d first need to find a suitable usermode exploit (don’t ask us), that gives you code execution with the right privileges.
  2. The payload data is copied to lv2 heap first and the function will do a free call on it before the payload has any chance to get executed. This might not sound like a problem but it looks like lv2′s heap implementation will overwrite the free’ed space with 0xABADCAFE and thus destroy the payload.


Here is my sample implementation for 3.41 lv2_kernel (although the vulnerability should be present in all versions of lv2 up to the latest firmware), maybe someone of you will find a way to overcome problem (2.) and can get something nice out of it because right now it’s only good to crash lv2.



E bine de stiut ca inca mai sunt dezvoltatori care lucreaza pe PS3 si nu lasa ultima speranta sa moara, dupa limitarea la firmware-ul 3.55

Speram ca cineva va gasi o cale sa execute hackul si sa obtina rezultate.

Sursa:

http://nwert.wordpress.com/2012/09/19/exploiting-lv2/

http://www.ps3crunch.net/

Facebook Comments Box