Rumor: PS4 Vulnerable to Heartbleed, Seeking Exploit Testers
Hi, cfwprophet and myself are looking for someone willing to test something on their PS4 , would be a great deed for the community, no risk for your PS4 at all !
We just want to test something before the update. Would be great if someone is willing. Pls reply here to me ASAP. Thanks for your time.
Below are the details, as follows: Rumor: PS4 vulnerable to Heartbleed? by hellsing9
I will keep it short and simple. We need someone with a PS4 to test something. It's kinda odd that rushed attempt from Phony to label a rumour an upcoming update. (mandatory).
I will not use any kind of links but PS4 uses Openssl and nanossl (or at least what zecoxao said) Not sure though. Either case we don't know which version of OSSL uses. Which cfwprpht is/was researching, even if it the test fails. Well at least they tried.
What we need?
Someone willing to test something BEFORE mandatory update appears. This will not mess up your PS4, nor will open enable PS4 to do something. It's just a test.
So it is about the Heartbleed Bug as Helsing9 mentoined which i want to test on the PS4. But in case my PS4 have a Hardware Error and i can't run Any App or Any Game the result of the Test was negative.
The thing is that we need something on the PS4 that uses the OpenSSL lib, expecially a importend part of the lib need to be used. Mostly this part is used for Internet communication to test if a connection is still alive. There for it is mostly a part of the Web Browser. And there for i can't run the Web Browser on my PS4 i would like to Test the Heartlbeed Bug on a PS4 that can run the Web Browser.
What you need to do?
Well, it's simple just run a .bat on your Computer and wait till something happens or not.
Do it need something to set up, some files?
Yes. You can get the needed files here: PS4Test.rar / Needed Files (Mirror)
After that just extract those 3 files on your Desktop. Go to your PS4 and boot into the OS, log in and run the Web Browser. Now open a Command prompt and navigate to your desktop and run the .bat with the paramaters -yourIP- -StartPort- like that: testps4ssl 184.108.40.206 0
You can find your PS4's IP under [Option/Settings >> Network >> Show Network Status]
How do i know if the Test has come to a result?
The bat. will stop and show you some info in the command prompt window. Addittional in the result.txt some infos will be stored and it will be renamed to "resultWithPort.txt"
If you come to a result please post your info's here and let us all know.
ps. The command prompt should look like this:
This Error Message is Ok and just tell's you that it couldn't connect to the port we have definied.
For linux users, you can check deroad tool: Which was not written for ps4 itself and the code is not fully from deroad.
https://gist.github.com/wargio/10172188 (this is my version) it perform the attack N times (default 200 times)
[Register or Login to view code]
i'm keen. pm me the details if you want
PM me and I'll assist as well.
yeah i can try 2
PS4 AC1D Flash Tool Manager GUI by CFWProphet for PlayStation 4 Out
Following up on reporting the PS4 Vulnerable to Heartbleed rumor, today PlayStation 4 developer cfwprophet made available a PS4 AC1D Flash Tool Manager GUI application which can read and write from the PS4 Macronix NOR Flash chip with the use of a Teensy++ 2.0 USB development board and judges' SPIWay.py script.
Download: PS4_AC1D_Flash-Tool.rar / PS4 AC1D Flash Tool (Mirror) / PS4 AC1D Flash Tool GIT / Useful Libraries / Useful Libraries GIT
PS4 AC1D Flash Manager
(c) cfwprpht [Free to use for Every One !!]
What it is?
This is a Tool to handle the PS4 Macronix NOR Flash. It can Read/Write the Chip with use of Teensy++ 2.0 USB Dev Board. But there for the Tool is more only a GUI cause it use @judges SPIWay.py script for the Read/Write part.
Then the Tool can validate a PS4 NOR Dump and Display the infos of your Console in the GUI. If you want you can also store your console infos in a database text file.
It comes with the Python 2.7 and Python Serial Installer and will check if you have both installed or not. But at least it hase a own extracter and can extract a PS4 NOR Dump file as well a SLB2 Container. The validator Routine isn't perfect right now and even give me on my own dump on 3 of 33 Arrays to check a false negative. This is mostly to do that there need to be done more investigation on Console specific Marks and such they are present on all Consoles.
But right now there isn't much use for the end user so i still have time to correct that. In case of your a Dev and want to write a Dump to your consoles flash that do not validate, then just create a empty txt file with the name "developer.conf". This will enable the Tool to activate all blocked buttons.
- ConsoleControle.dll - is a librarie from Dave Kerr
- ProcessInterface.dll - is a librarie from Dave Kerr
- SPIway.py - is a script from Judges
- Log.dll - is a librarie from me (cfwprophet)
- Tools.dll - is a librarie from me (cfwprophet)
- nor4ps.dll - is a librarie from me (cfwprophet)
- SLB2.dll - is a librarie from me (cfwprophet)
So you may ask for what the SPIway.bat will be ?
It's simpli. VisualStudio can't handle the python script. For that a python integration to Visual Studio
will be needed. There are allready projects for that but in a beta phase. So we use the .batch to kind
of spoof the python script. In case VS understand and can handle .bat's we just do the same within the .bat what we otherwise would do with the python script in VS. We do a "Call" and execute the python script with the needed arguments.
What to do?
- Adjust the validator Routine for the PS4 NOR flash.
- Include a Flash Patcher Routine.
- (Or) Activate diff Write. (which is already included into judges SPIway.py script).
- Finish the vdump function which will verify the dumped data against the data on Chip.
- Modify Console Control to match even more needs. (Like a way to check and wait for the current process to be done without the affect that your whole code stops and will cause a crash of your app).
Credits and Greets:
- Judges for his SPIway.py script (many thx)
- Dave Kerr for his Console Controle Class librarie
- eussNL for his affinity about the DevWiki (woop woop)
- flatz for his PS4 unPKG.py script
- grafchockolo for all his amazing work on the PS3 (i will always credit you in any scene releaded stuff thank you for everything you have done. We would need more guys like you in the Sony PlayStation Hacking Scene)
- KDSBest for beeing a Mentor and a god friend to me
- GotNoUsername you know why and that's enough
- All Devwiki Contributors !! (information have to be free to every one)
- Pockets69, Sandungas, Helsing9, GregoryRasputin, t000, Ada, _NiceShot, ******.net, ******.net, psx-scene.com and everyone else i forgot....(wink, wink)
Some usefull Libraries also Released !!
Finally, from cfwprophet: First the PS4 is a little bit diff guys. And one importend part i've learned this GEN - a Flash Chip shouldn't be readed from the Device it self. It all Depends on the used device but in case of PS4 the Macronix Flash is within a circuit of some other Chip.
Especially is he in the same sircuit like the MediaCon. If you know trie to boot the Macrnoix Flash while the console is off you will also boot the MediaCon or parts of it. In the end you won't get any data nor a signal nor a ping from the teensy it self and in worst case you even could maybe damage something on the MB.
But at the point we would need a flash on the PS4, there will be modders, as every time, like me they will you solder a socket onto your PS4 MB for around 20€. If you don't want to buy a flasher and already have a socket on your MB you just need to send me your FW, i'll patch it and if your come i just flash the already patched CFW onto your Macronix with the help of the socket for around 5€ for the flash part.
Hell it's just a socket where you do a kind of hot swap with the flash chip and done. About the speed, a normall Dump will take arround 2.50 min's. A write process arround 4 min's. So fast enough for a 20€ Open Source Flasher
o.O There isn't even a exploit nor that we have a way to decrypt any of the internal PS4 files nor that we have access to any of them. So no there is not a CFW coming.
More PlayStation 4 News...
Not to get your hope high, there was a ps3 nand dumper/extractor/validator for ages before the real jailbreak saw the light, and the algo that ps3 jb used was completely unrellavant to that extractor.
Great job anyways!
Absolutely doubt that sony had used any opensource libs in the ps4 ... openssl was crafted by developers to encrypt web sites and saas appliances. There isn't a link to this being used in anyway on the internal xmb unless I'm missing something.
As per an anonymous source, certain PS Now servers are reportedly somehow still vulnerable to heartbleed.
This is in direct conflict with the blog post at: community.us.playstation.com/t5/PlayStation-General/Regarding-quot-Heartbleed-quot-and-PSN-SEN-PS-com/td-p/43366954
As reported by some people in the scene, various tests were performed to see if the heartbleed bug was of any use on ps4. It was at that time determined that none of the exposed components were vulnerable (I'm unsure how you would miss the ps now servers).
Anyway, one way or another apparently nobody ever looked to see if the PS NOW servers were vulnerable (maybe it was in beta still?). It has been confirmed by multiple users that you can steal certificates and other sensitive information from the PS NOW service by exploiting heartbleed. Go have a look for yourself! Enjoy!
thanks a lot guys
Jailbreak is still possible base on someone finding the root key. after that is done we just need a tech to DXI it and if lizard Sqaud would help jailbreak it instead off DDOS sony would be good.