倒排索引/搜索引擎>> psvita-webkit>> 返回
项目作者: 173210

项目描述 :
PSVita Webkit Exploit
高级语言: JavaScript
项目地址: git://github.com/173210/psvita-webkit.git
创建时间: 2014-10-19T00:52:11Z
项目社区:https://github.com/173210/psvita-webkit
开源协议:
下载


PSVita Webkit Exploit

This is a PoC of webkit exploit running on psvita.
The PoC will work on firmware 2.60 only, but should be simple to adapt to new firmwares.

The modified PoC removes the JIT working of the exploit and replaces it with the ability
to launch ROP based scripts. This will allow interested developers to play around with
ROP and learn about the securities of modern day systems.

Web: http://lolhax.org
Twitter: https://twitter.com/DaveeFTW

Here are the gadgets used:

  1. #!text
  3. ROM:81DE45CA                 LDR             R2, [R0,#0x48]
  4. ROM:81DE45CC                 MOV             R7, 0x8224F950
  5. ROM:81DE45D4                 MOVS            R0, R6
  6. ROM:81DE45D6                 MOVS            R1, R4
  7. ROM:81DE45D8                 BLX             R2
  9. ROM:81A8A3C0                 LDR             R1, [R1]
  10. ROM:81A8A3C2                 CBZ             R1, loc_81A8A3CC
  11. ROM:81A8A3C4                 LDR             R2, [R1]
  12. ROM:81A8A3C6                 LDR             R2, [R2,#8]
  13. ROM:81A8A3C8                 BLX             R2
  15. ROM:81AE84D4                 LDR             R0, [R1]
  16. ROM:81AE84D6                 MOVS            R2, #0
  17. ROM:81AE84D8                 LDR.W           R3, [R0,#0xA4]
  18. ROM:81AE84DC                 ADD             R0, SP, #0x20+var_20
  19. ROM:81AE84DE                 BLX             R3
  21. ROM:81EABC02                 MOVS.W          R2, #0x400
  22. ROM:81EABC06                 BLX             memcpy
  23. ROM:81EABC0A                 POP             {R4-R6,PC}