forked from Cryptogenic/PS4-Playground-3.55
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathpoc.html
124 lines (110 loc) · 5.05 KB
/
poc.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
<!-- Winter Is Coming -->
<!DOCTYPE html>
<html lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta charset="utf-8">
<title>PS4 Playground :: POC Test</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="This site's description is not available due to the robots.txt">
<meta name="author" content="Specter">
<!-- Le styles -->
<link rel="stylesheet" type="text/css" href="css/metro-bootstrap.css">
<!-- Le HTML5 shim, for IE6-8 support of HTML5 elements -->
<!--[if lt IE 9]>
<script src="http://html5shim.googlecode.com/svn/trunk/html5.js"></script>
<![endif]-->
</head>
<body>
<nav class="navbar navbar-inverse" role="navigation">
<!-- Brand and toggle get grouped for better mobile display -->
<div class="navbar-header">
<button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-ex1-collapse">
<span class="sr-only">Toggle navigation</span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="navbar-brand" href="./index.html">PS4 Playground</a>
</div>
<!-- Collect the nav links, forms, and other content for toggling -->
<div class="collapse navbar-collapse navbar-ex1-collapse">
<ul class="nav navbar-nav">
<li><a href="./index.html">Welcome</a></li>
<li><a href="./sysinfo.html">System Info</a></li>
<li><a href="./dump.html">Memory/Module Dumper</a></li>
<li><a href="#">File Browser (Coming Soon)</a></li>
</ul>
<ul class="nav navbar-nav navbar-right">
<li><a href="#">Latest Compatible Firmware: 3.55</a></li>
</ul>
</div><!-- /.navbar-collapse -->
</nav>
<div class="container">
<!-- Jumbotron -->
<script>
var disableFeatures = false;
var ua = navigator.userAgent;
var playstationOrNot = ua.substring(ua.indexOf("5.0 (") + 5, ua.indexOf(") Apple") - 7);
// If the system is not a playstation, disable features, display error
if(playstationOrNot != "PlayStation")
{
document.write('<div class="alert alert-danger"><strong>You are not on a PlayStation System!</strong> The "Run POC" button and all other features have been disabled</div>');
disableFeatures = true;
}
// If the system is a playstation, ensure the version is 3.55!
else if(ua.substring(ua.indexOf("5.0 (") + 19, ua.indexOf(") Apple")) != "3.55")
{
document.write('<div class="alert alert-danger"><strong>Your PS4 is not on FW 3.55!</strong> Your current running FW version is ' + ua.substring(ua.indexOf("5.0 (") + 19, ua.indexOf(") Apple")) + ', which is not compatible with PS4 Playground. The "Run POC" button and all other features have been disabled</div>');
disableFeatures = true;
}
// If we've made it this far, the system must be a PS4 and must be version 3.55
else
{
document.write('<div class="alert alert-success"><strong>Congratulations!</strong> We\'ve detected your PlayStation 4 is running FW 3.55, which is compatible with PS4 Playground! Enjoy!</div>');
}
</script>
<div class="jumbotron">
<h1>PS4 3.55 POC (JavaScript) Test</h1>
<p class="lead">
<h3 id="codeExecutionStage">Stage: Not Started</h3>
<br />
<h3><strong>Technical Information</strong></h3>
<h4 id="vtableAddress">VTable Address: NOT FOUND</h4>
<h4 id="webkitAddress">WebKit Module Base Address: NOT FOUND</h4>
<h4 id="bufferAddress">Buffer Base Address: NOT FOUND</h4>
<h4 id="uint32Address">Unsigned Int32 Address: NOT FOUND</h4>
</p>
<hr />
<a id="runPocLink" onclick="runPOC('', true)"><button id="runPocBtn" type="button" class="btn btn-danger">Run POC</button></a>
<script>
if(playstationOrNot != "PlayStation")
{
document.getElementById("runPocBtn").disabled = true;
document.getElementById("runPocLink").onclick = "";
}
</script>
</div>
<hr>
<!-- Site footer -->
<div class="footer">
<p>Copyright © PS4 Playground <script>document.write('' + Date().substring(11, 15) + "");</script></p>
</div>
</div> <!-- /container -->
<!-- /container -->
<!-- Le javascript
================================================== -->
<!-- Placed at the end of the document so the pages load faster -->
<!-- Site Scripts -->
<script type="text/javascript" src="js/jquery-1.8.0.js"></script>
<script type="text/javascript" src="js/bootstrap.js"></script>
<script type="text/javascript" src="js/jquery.validate.js"></script>
<script type="text/javascript" src="js/jquery.validate.unobtrusive.js"></script>
<!-- Exploitation Scripts -->
<script src="scripts/long.js"></script>
<script src="scripts/jquery.min.js"></script>
<script src="scripts/utils.js"></script>
<script src="scripts/rop.js"></script>
<script src="scripts/gadgets.js"></script>
<script src="scripts/exploit.js"></script>
</html>