ورود
ثبت نام
صفحه اصلی
اخبار بازی
بررسی بازی
حقایق بازیها
داستان بازی
بررسی سخت افزار
برنامههای ویدیویی
انجمنها
نوشتههای جدید
پرمخاطبها
جستجوی انجمنها
جدیدترینها
ارسالهای جدید
آخرین فعالیتها
کاربران
کاربران آنلاین
جستجو
جستجو فقط عنوان ها
توسط:
جستجو فقط عنوان ها
توسط:
ورود
ثبت نام
جستجو
جستجو فقط عنوان ها
توسط:
جستجو فقط عنوان ها
توسط:
Menu
Install the app
Install
فراخوان عضویت در تحریریه بازیسنتر | برای ثبت درخواست کلیک کنید
صفحه اصلی
انجمنها
همه چیز در مورد كنسولهای بازی
PlayStation 4
آخرین اخبار هک PS4 | آخرین ورژن Firmware هک 9.00 | (پست اول مطالعه شود)
ارسال پاسخ
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
متن گفتگو
<blockquote data-quote=".M.A.H." data-source="post: 4128681" data-attributes="member: 42451"><p><span style="font-size: 22px"><strong>More Details surface on the PS4 4.01 Jailbreak, potentially enough for a public release “soon”</strong></span></p><p style="text-align: left"></p> <p style="text-align: left">The PS4 scene has been doing a bit of detective work to understand the exploits behind the 4.01 Jailbreak that was demonstrated yesterday in Shanghai. After the hackers of Taichin Tech announced they would <a href="http://wololo.net/2016/10/25/chaitin-tech-bugs-used-ps4-4-01-jailbreak-will-reported-sony/">disclose the exploits to Sony</a>, people were able to find data about the exploit on the FreeBSD mailing list and bug tracker.</p> <p style="text-align: left"></p> <p style="text-align: left"></p> <p style="text-align: left">Of course, not everyone can do much with this information, but in theory the details of <a href="https://www.mail-archive.com/svn-src-all@freebsd.org/msg132464.html">how the bug was fixed</a> should be enough information for people with the right set of skills to cause a kernel panic on the PS4. How that is later used to gain control of the PS4 will be let as an exercise to the people who know what they’re doing. Oh, and naturally, you’d also need a user entry point, some sort of Webkit exploit or something, in order to be able to execute the code in the first place.</p> <p style="text-align: left"></p> <p style="text-align: left">The Kernel exploit itself apparently relies on a CVE (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1885">CVE-2016-1885</a>) that was revealed back in April. It seems that this was not properly patched and this is one of the flaws the security researchers at Taichin Tech used to gain access to the PS4 system.</p> <p style="text-align: left"></p> <p style="text-align: left">The argument validation in r296956 was not enough to close all possible overflows in sysarch(2)</p> <p style="text-align: left"></p> <p style="text-align: left">Modified:</p> <p style="text-align: left"> stable/9/sys/amd64/amd64/sys_machdep.c</p> <p style="text-align: left">Directory Properties:</p> <p style="text-align: left"> stable/9/ (props changed)</p> <p style="text-align: left"> stable/9/sys/ (props changed)</p> <p style="text-align: left"></p> <p style="text-align: left">Modified: stable/9/sys/amd64/amd64/sys_machdep.c</p> <p style="text-align: left">==============================================================================</p> <p style="text-align: left">--- stable/9/sys/amd64/amd64/sys_machdep.c Tue Oct 25 17:16:08 2016 </p> <p style="text-align: left">(r307940)</p> <p style="text-align: left">+++ stable/9/sys/amd64/amd64/sys_machdep.c Tue Oct 25 17:16:58 2016 </p> <p style="text-align: left">(r307941)</p> <p style="text-align: left">@@ -612,6 +612,8 @@ amd64_set_ldt(td, uap, descs)</p> <p style="text-align: left"> largest_ld = uap->start + uap->num;</p> <p style="text-align: left"> if (largest_ld > max_ldt_segment)</p> <p style="text-align: left"> largest_ld = max_ldt_segment;</p> <p style="text-align: left">+ if (largest_ld < uap->start)</p> <p style="text-align: left">+ return (EINVAL);</p> <p style="text-align: left"> i = largest_ld - uap->start;</p> <p style="text-align: left"> mtx_lock(&dt_lock);</p> <p style="text-align: left"> bzero(&((struct user_segment_descriptor *)(pldt->ldt_base))</p> <p style="text-align: left">@@ -624,7 +626,8 @@ amd64_set_ldt(td, uap, descs)</p> <p style="text-align: left"> /* verify range of descriptors to modify */</p> <p style="text-align: left"> largest_ld = uap->start + uap->num;</p> <p style="text-align: left"> if (uap->start >= max_ldt_segment ||</p> <p style="text-align: left">- largest_ld > max_ldt_segment)</p> <p style="text-align: left">+ largest_ld > max_ldt_segment ||</p> <p style="text-align: left">+ largest_ld < uap->start)</p> <p style="text-align: left"> return (EINVAL);</p> <p style="text-align: left"> }</p> <p style="text-align: left"></p> <p style="text-align: left">There are lots of “ifs” here, but with the kernel exploit pretty much in the open, it sounds like a public release is now in the realm of the possible, assuming the right people decide to work on a release.</p> <p style="text-align: left"></p> <p style="text-align: left"><img src="http://wololo.net/wagic/wp-content/uploads/2016/10/ps4_401_jailbreak.jpg" alt="" class="fr-fic fr-dii fr-draggable " style="" /></p> <p style="text-align: left"></p> <p style="text-align: left"><strong>Relevant links:</strong></p> <p style="text-align: left"></p> <ul style="text-align: left"> <li data-xf-list-type="ul"><a href="https://www.freebsd.org/security/advisories/FreeBSD-SA-16:15.sysarch.asc">FreeBSD Security Advisory</a></li> <li data-xf-list-type="ul"><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1885">CVE-2016-1885</a></li> <li data-xf-list-type="ul"><a href="https://www.mail-archive.com/svn-src-all@freebsd.org/msg132464.html">Bug fix </a>with details on what was broken</li> </ul> <p style="text-align: left">As far as I’m concerned, I’m already wondering if I should get a second PS4. <a href="https://www.amazon.com/PlayStation-500GB-Console-Uncharted-Limited-Bundle/dp/B01BEELH52/ref=as_li_ss_tl?ie=UTF8&qid=1477439645&sr=8-5&keywords=PS4&linkCode=ll1&tag=wagic-20&linkId=55485123ddbcad8200a47c456b676dbd">Any PS4 you buy new today</a> is guaranteed to ship with a firmware 4.01 or less.</p> <p style="text-align: left"></p> <p style="text-align: left">Source: <a href="https://www.psxhax.com/threads/entry-point-used-by-chaitin-tech.938/">via psxhax</a>, thanks to everyone who pointed me to the article.</p> <p style="text-align: left"></p> <p style="text-align: left">Share</p> <p style="text-align: left"><a href="http://wololo.net/2016/10/26/details-surface-ps4-4-01-jailbreak-potentially-enough-public-release-soon/#">0</a></p> <p style="text-align: left"><a href="http://wololo.net/2016/10/26/details-surface-ps4-4-01-jailbreak-potentially-enough-public-release-soon/#">2</a></p> <p style="text-align: left"></p></blockquote><p></p>
[QUOTE=".M.A.H., post: 4128681, member: 42451"] [SIZE=6][B]More Details surface on the PS4 4.01 Jailbreak, potentially enough for a public release “soon”[/B][/SIZE] [LEFT] The PS4 scene has been doing a bit of detective work to understand the exploits behind the 4.01 Jailbreak that was demonstrated yesterday in Shanghai. After the hackers of Taichin Tech announced they would [URL='http://wololo.net/2016/10/25/chaitin-tech-bugs-used-ps4-4-01-jailbreak-will-reported-sony/']disclose the exploits to Sony[/URL], people were able to find data about the exploit on the FreeBSD mailing list and bug tracker. Of course, not everyone can do much with this information, but in theory the details of [URL='https://www.mail-archive.com/svn-src-all@freebsd.org/msg132464.html']how the bug was fixed[/URL] should be enough information for people with the right set of skills to cause a kernel panic on the PS4. How that is later used to gain control of the PS4 will be let as an exercise to the people who know what they’re doing. Oh, and naturally, you’d also need a user entry point, some sort of Webkit exploit or something, in order to be able to execute the code in the first place. The Kernel exploit itself apparently relies on a CVE ([URL='https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1885']CVE-2016-1885[/URL]) that was revealed back in April. It seems that this was not properly patched and this is one of the flaws the security researchers at Taichin Tech used to gain access to the PS4 system. The argument validation in r296956 was not enough to close all possible overflows in sysarch(2) Modified: stable/9/sys/amd64/amd64/sys_machdep.c Directory Properties: stable/9/ (props changed) stable/9/sys/ (props changed) Modified: stable/9/sys/amd64/amd64/sys_machdep.c ============================================================================== --- stable/9/sys/amd64/amd64/sys_machdep.c Tue Oct 25 17:16:08 2016 (r307940) +++ stable/9/sys/amd64/amd64/sys_machdep.c Tue Oct 25 17:16:58 2016 (r307941) @@ -612,6 +612,8 @@ amd64_set_ldt(td, uap, descs) largest_ld = uap->start + uap->num; if (largest_ld > max_ldt_segment) largest_ld = max_ldt_segment; + if (largest_ld < uap->start) + return (EINVAL); i = largest_ld - uap->start; mtx_lock(&dt_lock); bzero(&((struct user_segment_descriptor *)(pldt->ldt_base)) @@ -624,7 +626,8 @@ amd64_set_ldt(td, uap, descs) /* verify range of descriptors to modify */ largest_ld = uap->start + uap->num; if (uap->start >= max_ldt_segment || - largest_ld > max_ldt_segment) + largest_ld > max_ldt_segment || + largest_ld < uap->start) return (EINVAL); } There are lots of “ifs” here, but with the kernel exploit pretty much in the open, it sounds like a public release is now in the realm of the possible, assuming the right people decide to work on a release. [IMG]http://wololo.net/wagic/wp-content/uploads/2016/10/ps4_401_jailbreak.jpg[/IMG] [B]Relevant links:[/B] [LIST] [*][URL='https://www.freebsd.org/security/advisories/FreeBSD-SA-16:15.sysarch.asc']FreeBSD Security Advisory[/URL] [*][URL='https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1885']CVE-2016-1885[/URL] [*][URL='https://www.mail-archive.com/svn-src-all@freebsd.org/msg132464.html']Bug fix [/URL]with details on what was broken [/LIST] As far as I’m concerned, I’m already wondering if I should get a second PS4. [URL='https://www.amazon.com/PlayStation-500GB-Console-Uncharted-Limited-Bundle/dp/B01BEELH52/ref=as_li_ss_tl?ie=UTF8&qid=1477439645&sr=8-5&keywords=PS4&linkCode=ll1&tag=wagic-20&linkId=55485123ddbcad8200a47c456b676dbd']Any PS4 you buy new today[/URL] is guaranteed to ship with a firmware 4.01 or less. Source: [URL='https://www.psxhax.com/threads/entry-point-used-by-chaitin-tech.938/']via psxhax[/URL], thanks to everyone who pointed me to the article. Share [URL='http://wololo.net/2016/10/26/details-surface-ps4-4-01-jailbreak-potentially-enough-public-release-soon/#']0 2[/URL] [/LEFT] [/QUOTE]
Insert quotes…
Verification
پایتخت ایران
ارسال نوشته
صفحه اصلی
انجمنها
همه چیز در مورد كنسولهای بازی
PlayStation 4
آخرین اخبار هک PS4 | آخرین ورژن Firmware هک 9.00 | (پست اول مطالعه شود)
Top
نام کاربری یا ایمیل
رمز عبور
نمایش
رمز عبور خود را فراموش کرده اید؟
مرا به خاطر بسپار
ورود
اگر میخواهی عضوی از بازی سنتر باشی
همین حالا ثبت نام کن
or ثبتنام سریع از طریق سرویسهای زیر
Twitter
Google
Microsoft