Webbrowser: Difference between revisions

From Vita Developer wiki
Jump to navigation Jump to search
 
(32 intermediate revisions by 7 users not shown)
Line 15: Line 15:


== Known Useragents ==
== Known Useragents ==
=== YouTube ===
  PlayStation Vita YouTube/1.0 libhttp/1.67 (PS Vita)
  PlayStation Vita YouTube/1.0 libhttp/1.67 (PS Vita)
  PlayStation Vita YouTube/2.1 libhttp/2.60 (PS Vita)
  PlayStation Vita YouTube/2.1 libhttp/2.60 (PS Vita)
=== WebBrowser ===
   
   
Useragent (Vita TV has trailing "Silk/3.2 VTE/2.50" or "Silk/3.2 VTE/3.30" as subidentifier):
Useragent (Vita TV has trailing "Silk/3.2 VTE/2.50" or "Silk/3.2 VTE/3.30" as subidentifier):
Line 27: Line 32:
|-
|-
| Mozilla/5.0 (PlayStation Vita 1.00) AppleWebKit/531.22.8 (KHTML, like Gecko) Silk/3.2 || [[01.000.000_CEX|01.000.000]] || {{yes}}
| Mozilla/5.0 (PlayStation Vita 1.00) AppleWebKit/531.22.8 (KHTML, like Gecko) Silk/3.2 || [[01.000.000_CEX|01.000.000]] || {{yes}}
|-
| Mozilla/5.0 (PlayStation Vita 1.03) AppleWebKit/531.22.8 (KHTML, like Gecko) Silk/3.2 || [[01.030.010_CEX|01.030.010]] || {{yes}}
|-
| Mozilla/5.0 (PlayStation Vita 1.04) AppleWebKit/531.22.8 (KHTML, like Gecko) Silk/3.2 || [[01.040.000_CEX|01.040.000]] || {{yes}}
|-
| Mozilla/5.0 (PlayStation Vita 1.05) AppleWebKit/531.22.8 (KHTML, like Gecko) Silk/3.2 || [[01.050.000_CEX|01.050.000]] || {{yes}}
|-
| Mozilla/5.0 (PlayStation Vita 1.06) AppleWebKit/531.22.8 (KHTML, like Gecko) Silk/3.2 || [[01.060.010_CEX|01.060.010]] || {{yes}}
|-
|-
| Mozilla/5.0 (Playstation Vita 1.50) AppleWebKit/531.22.8 (KHTML, like Gecko) Silk/3.2 || [[01.500.000_CEX|01.500.000]] || {{yes}}
| Mozilla/5.0 (Playstation Vita 1.50) AppleWebKit/531.22.8 (KHTML, like Gecko) Silk/3.2 || [[01.500.000_CEX|01.500.000]] || {{yes}}
Line 86: Line 99:
| Mozilla/5.0 (PlayStation Vita 3.20) AppleWebKit/536.26 (KHTML, like Gecko) Silk/3.2 || [[03.200.000_CEX|03.200.000]] || {{yes}}
| Mozilla/5.0 (PlayStation Vita 3.20) AppleWebKit/536.26 (KHTML, like Gecko) Silk/3.2 || [[03.200.000_CEX|03.200.000]] || {{yes}}
|-
|-
| Mozilla/5.0 (PlayStation Vita 3.30) AppleWebKit.537.73 (KHTML, like Gecko) Silk/3.2 || [[03.300.000_CEX|03.300.000]] || {{no}}
| Mozilla/5.0 (PlayStation Vita 3.30) AppleWebKit.537.73 (KHTML, like Gecko) Silk/3.2 || [[03.300.000_CEX|03.300.000]] || {{yes}}
|-
| Mozilla/5.0 (PlayStation Vita 3.35) AppleWebKit.537.73 (KHTML, like Gecko) Silk/3.2 || [[03.350.000_CEX|03.350.000]] || {{yes}}
|-
| Mozilla/5.0 (PlayStation Vita 3.36) AppleWebKit.537.73 (KHTML, like Gecko) Silk/3.2 || [[03.360.000_CEX|03.360.000]] || {{yes}}
|-
| Mozilla/5.0 (PlayStation Vita 3.50) AppleWebKit.537.73 (KHTML, like Gecko) Silk/3.2 || [[03.500.000_CEX|03.500.000]] || {{yes}}
|-
| Mozilla/5.0 (PlayStation Vita 3.52) AppleWebKit.537.73 (KHTML, like Gecko) Silk/3.2 || [[03.520.000_CEX|03.520.000]] || {{yes}}
|-
| Mozilla/5.0 (PlayStation Vita 3.55) AppleWebKit.537.73 (KHTML, like Gecko) Silk/3.2 || [[03.550.000_CEX|03.550.000]] || {{yes}}
|-
| Mozilla/5.0 (PlayStation Vita 3.57) AppleWebKit.537.73 (KHTML, like Gecko) Silk/3.2 || [[03.570.000_CEX|03.570.000]] || {{yes}}
|-
| Mozilla/5.0 (PlayStation Vita 3.60) AppleWebKit.537.73 (KHTML, like Gecko) Silk/3.2 || [[03.600.000_CEX|03.600.000]] || {{yes}}
|-
| Mozilla/5.0 (PlayStation Vita 3.61) AppleWebKit.537.73 (KHTML, like Gecko) Silk/3.2 || [[03.610.000_CEX|03.610.000]] || {{no}}
|-
| Mozilla/5.0 (PlayStation Vita 3.63) AppleWebKit.537.73 (KHTML, like Gecko) Silk/3.2 || [[03.630.000_CEX|03.630.000]] || {{no}}
|-
| Mozilla/5.0 (PlayStation Vita 3.65) AppleWebKit.537.73 (KHTML, like Gecko) Silk/3.2 || [[03.650.000_CEX|03.650.000]] || {{no}}
|-
| ? || [[03.670.000_CEX|03.670.000]] || {{no}}
|-
| ? || [[03.680.000_CEX|03.680.000]] || {{no}}
|-
| ? || [[03.690.000_CEX|03.690.000]] || {{no}}
|-
|-
|}
|}


== Webkit exploit ==
== Webkit exploits ==
* [http://www.lolhax.org/vita.htm live test] [http://wololo.net/v/webkit/vita.htm live test (miror)], [http://wololo.net/v/260.htm live test (old)]
 
* [https://bitbucket.org/DaveeFTW/psvita-260-webkit/ repo]
=== Terminology ===
* [https://github.com/BrianBTB/codelion_poc repo]
 
* [https://bitbucket.org/Archaemic/memory-splicer repo]  
<div style="color: #000000; background-color: #e5e4e2; border: 1px solid #808000; padding: 5px; {{box-shadow|4px|4px|8px|#b0b090}}">
* [https://github.com/joshaxey/badnanna181/tree/master discarded repro reduction for <=1.81]
An information security '''vulnerability''' is a mistake in software that can be directly used by a hacker to gain access to a system or network.
* [http://wololo.net/downloads/index.php/download/8231 memtools_vita]
 
An information security '''exposure''' is a system configuration issue or a mistake in software that allows access to information or
capabilities that can be used by a hacker as a stepping-stone into a system or network.
</div>
 
=== '''C'''ommon '''V'''ulnerabilities and '''E'''xposures list ===
 
1.50-1.81 (CVE-2010-1807 and CVE-2010-4577)
* https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1807
* http://imthezuk.blogspot.com/2010/11/float-parsing-use-after-free.html
 
* https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4577
* https://code.google.com/p/chromium/issues/detail?id=63866
 
2.00-3.20 (CVE-2013-0903-1)
* [http://acez.re/ps-vita-level-1-webkitties-3 Acama's write-up]
* http://packetstormsecurity.com/files/123088/
* http://packetstormsecurity.com/files/123089/Packet-Storm-Advisory-2013-0903-1-Apple-Safari-Heap-Buffer-Overflow.html
* related to http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3748 and https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3748
 
3.30-3.36 (CVE-2014-1303)
* https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1303
* http://wololo.net/2015/04/22/new-webkit-exploit-found-vita-maybe-playstation-4
* https://www.blackhat.com/docs/eu-14/materials/eu-14-Chen-WebKit-Everywhere-Secure-Or-Not.PDF
* https://www.blackhat.com/docs/eu-14/materials/eu-14-Chen-WebKit-Everywhere-Secure-Or-Not-WP.pdf
* https://cansecwest.com/slides/2015/Liang_CanSecWest2015.pdf
 
3.50-3.60 (no CVE at the time it was written, credits to xyz)
* https://blog.xyz.is/2016/webkit-360.html
* [https://pastebin.com/Av2YCR5Q Mike H.'s write-up]
* [https://pastebin.com/aSJQbJyd Mike H.'s write-up #2]
 
=== Repositories ===
 
<=1.81 webkit exploit PoC:
* [http://www.lolhax.org/2014/10/28/psvita-webkit-for-2-00 article] by '''Davee'''
* [https://github.com/joshaxey/badnanna181/tree/master discarded repro reduction for <=1.81] by '''Josh Axey'''
 
1.50-1.69-1.80 HTMLit:
* [https://bitbucket.org/DaveeFTW/htmlit htmlit] by '''Davee'''
 
ROPtool:
* [https://www.lolhax.org/2014/10/04/roptool roptool article] by '''Davee'''
* [https://github.com/xyzz/roptool-legacy old version] by '''Davee'''
* [http://wololo.net/downloads/index.php/download/8233 first release] by '''Davee'''
* [https://bitbucket.org/DaveeFTW/roptool new version] by '''Davee'''
 
1.61 files for HTMLit and ROPtool:
* [https://github.com/xyzz/wk161 files+webkit]by '''xyz'''
 
1.80 files for ROPtool:
* [https://bitbucket.org/DaveeFTW/wk180-roptool-target files] by '''Davee'''
 
1.81 ROP:
* [https://web.archive.org/web/20150811215153/http://pastebin.com/XNeALEbC Support_Uri ROP script] by '''SMOKE'''
* [https://github.com/SMOKE5/VitaROP VitaROP] by '''SMOKE'''
 
2.60 webkit exploit PoC:
* [https://www.lolhax.org/2014/10/19/psvita-webkit-exploit-information-and-credits credits article]
* [https://bitbucket.org/DaveeFTW/psvita-260-webkit psvita-260-webkit] by '''Davee'''
* [https://github.com/173210/psvita-webkit psvita-webkit] by '''Davee'''
 
3.18 webkit exploit PoC:
* [https://github.com/BrianBTB/codelion_poc codelion_poc] by '''Codelion''' and '''BrianBTB'''
 
3.01-3.15-3.18 memory dumping:
* [https://bitbucket.org/Archaemic/memory-splicer memory-splicer] by '''Archaemic'''
* [https://github.com/BrianBTB/JSoS-Module-Dump-Release JSoS-Module-Dump-Release] by '''BrianBTB'''
** http://pastie.org/private/ugchhaqctvmw5rrg5w37ka <- load more modules for the JSoS module dumper :)
* [https://github.com/BrianBTB/memtools_vita memtools_vita] by '''BrianBTB'''
 
3.15-3.18 webkitties:
* [https://github.com/acama/webkitties webkitties] by '''Acama'''
 
3.00-3.15-3.18 vitasploit:
* [https://github.com/Hykem/vitasploit vitasploit] (dead link) by '''Hykem'''
* [https://github.com/wargio/vitasploit vitasploit] (mirror) by '''Hykem'''
 
2.02-2.12-3.00-3.01-3.18 vitasploit:
* [https://github.com/xyzz/vitasploit vitasploit] by '''xyz'''
 
3.36 webkit exploit:
* [http://wololo.net/talk/viewtopic.php?f=54&t=42501 3.36 webkit exploit] by '''xyz'''
 
2.00-2.01-2.02-2.05-2.10-2.11-2.12-2.50-2.60-2.61-3.00-3.01-3.10-3.12-3.18-3.20 + 3.30-3.35-3.36 vitasploit:
* [https://github.com/Sorvigolova/vitasploit vitasploit] by '''Sorvigolova'''
 
Other tools:
* [https://github.com/xyzz/vitadump vitadump IDA plugin] by '''xyz'''
 
=== Online Tests ===
 
* [http://www.lolhax.org/vita.htm live test]
* [http://wololo.net/v/webkit/vita.htm live test (miror)]
* [http://wololo.net/v/260.htm live test 2.60 (old)]
 
=== Webkit Modules ===
 
* [http://rghost.net/private/59665268/46690bd89ae7f298e4df145059c0d3e2 (3.18 dump)] dead link
 
{| class="wikitable sortable"
|-
! Module !! Remark
|-
| SceAacenc ||
|-
| SceActivityDb ||
|-
| SceAppUtil ||
|-
| SceAtrac ||
|-
| SceAudiocodec ||
|-
| SceAvcodecUser ||
|-
| SceAvPlayer ||
|-
| SceBeisobmf ||
|-
| SceBemp2sys ||
|-
| ScebXCe ||
|-
| SceCheckoutDialogPlugin ||
|-
| SceClipboard ||
|-
| SceCommonDialog ||
|-
| SceCommonGuiDialog ||
|-
| SceDbrecoveryUtility ||
|-
| SceDbutil ||
|-
| SceDriverUser ||
|-
| SceDrmPsmKdc ||
|-
| SceFiber ||
|-
| SceFriendListDialogPlugin ||
|-
| SceGpuEs4User ||
|-
| SceGxm ||
|-
| SceHafnium ||
|-
| SceHandwriting ||
|-
| SceIme ||
|-
| SceImeDialogPlugin ||
|-
| SceIniFileProcessor ||
|-
| SceJpegArm ||
|-
| SceJpegEncArm ||
|-
| SceLibc ||
|-
| ScelibDbg ||
|-
| SceLibFios2 ||
|-
| SceLibft2 ||
|-
| SceLibG729 ||
|-
| SceLibGameUpdate ||
|-
| SceLibHttp ||
|-
| SceLibJson ||
|-
| SceLibKernel ||
|-
| SceLibLocation ||
|-
| SceLibLocationExtension ||
|-
| SceLibMp4Recorder ||
|-
| SceLibNetCtl ||
|-
| SceLibPgf ||
|-
| SceLibPspnetAdhoc ||
|-
| SceLibPvf ||
|-
| SceLibRudp ||
|-
| SceLibSsl ||
|-
| SceLibVitaJSExtObj  ||
|-
| SceLibXml ||
|-
| SceLiveAreaUtil ||
|-
| SceMp4 ||
|-
| SceMsgDialogPlugin ||
|-
| SceMusicExport ||
|-
| SceNearDialogUtil ||
|-
| SceNearProfile ||
|-
| SceNearUtil ||
|-
| SceNet ||
|-
| SceNetAdhocMatching ||
|-
| SceNetCheckDialogPlugin ||
|-
| SceNgsUser ||
|-
| SceNotificationUtil ||
|-
| SceNpActivity ||
|-
| SceNpActivityNet ||
|-
| SceNpBasic ||
|-
| SceNpCommerce2 ||
|-
| SceNpCommon ||
|-
| SceNpCommonPs4 ||
|-
| SceNpFriendPrivacyLevel ||
|-
| SceNpKdc ||
|-
| SceNpManager ||
|-
| SceNpMatching2 ||
|-
| SceNpMessage ||
|-
| SceNpMessageContactsPlugin ||
|-
| SceNpMessageDialogPlugin ||
|-
| SceNpMessageDlgImplPlugin ||
|-
| SceNpPartyGameUtil ||
|-
| SceNpScore ||
|-
| SceNpSignaling ||
|-
| SceNpSnsFacebook ||
|-
| SceNpTrophy ||
|-
| SceNpTus ||
|-
| SceNpUtility ||
|-
| SceNpWebApi ||
|-
| ScePaf ||
|-
| ScePartyMemberListPlugin ||
|-
| ScePhotoExport ||
|-
| ScePhotoImportDialogPlugin ||
|-
| ScePhotoReviewDialogPlugin ||
|-
| ScePromoterUtil ||
|-
| ScePsp2Compat ||
|-
| SceSasUser ||
|-
| SceSaveDataDialogPlugin ||
|-
| SceScreenShot ||
|-
| SceShellSvc ||
|-
| SceShutterSound ||
|-
| SceSqlite ||
|-
| SceSqliteVsh ||
|-
| SceStoreCheckoutPlugin ||
|-
| SceSystemGesture ||
|-
| SceTeleportClient ||
|-
| SceTeleportServer ||
|-
| SceTrophySetupDialogPlugin ||
|-
| SceUlt ||
|-
| SceVideoExport ||
|-
| SceVoice ||
|-
| SceVoiceQoS ||
|-
| SceWebFiltering ||
|-
| SceWebKit ||
|-
| SceWebKitProcess ||
|}


== Browsertests ==
== Browsertests ==

Latest revision as of 22:54, 12 December 2018

Web Content Guidelines[edit | edit source]

Supports[edit | edit source]

  • Cookies
  • Javascript 1.7
  • partial HTML 5
  • Partial Video support (added from 2.10 update)

Not supported[edit | edit source]

  • Flash
  • Youtube (no HTML5: video)

Known Useragents[edit | edit source]

YouTube[edit | edit source]

PlayStation Vita YouTube/1.0 libhttp/1.67 (PS Vita)
PlayStation Vita YouTube/2.1 libhttp/2.60 (PS Vita)

WebBrowser[edit | edit source]

Useragent (Vita TV has trailing "Silk/3.2 VTE/2.50" or "Silk/3.2 VTE/3.30" as subidentifier):

Table below indicates known and unknown. "YES" = known vulnerability in use, "NO" = unknown if vulnerability in use.

useragent version vulnerability
Mozilla/5.0 (PlayStation Vita 1.00) AppleWebKit/531.22.8 (KHTML, like Gecko) Silk/3.2 01.000.000 Yes
Mozilla/5.0 (PlayStation Vita 1.03) AppleWebKit/531.22.8 (KHTML, like Gecko) Silk/3.2 01.030.010 Yes
Mozilla/5.0 (PlayStation Vita 1.04) AppleWebKit/531.22.8 (KHTML, like Gecko) Silk/3.2 01.040.000 Yes
Mozilla/5.0 (PlayStation Vita 1.05) AppleWebKit/531.22.8 (KHTML, like Gecko) Silk/3.2 01.050.000 Yes
Mozilla/5.0 (PlayStation Vita 1.06) AppleWebKit/531.22.8 (KHTML, like Gecko) Silk/3.2 01.060.010 Yes
Mozilla/5.0 (Playstation Vita 1.50) AppleWebKit/531.22.8 (KHTML, like Gecko) Silk/3.2 01.500.000 Yes
Mozilla/5.0 (PlayStation Vita 1.51) AppleWebKit/531.22.8 (KHTML, like Gecko) Silk/3.2 01.510.000 Yes
Mozilla/5.0 (PlayStation Vita 1.52) AppleWebKit/531.22.8 (KHTML, like Gecko) Silk/3.2 01.520.000 Yes
Mozilla/5.0 (PlayStation Vita 1.60) AppleWebKit/531.22.8 (KHTML, like Gecko) Silk/3.2 01.600.000 Yes
Mozilla/5.0 (Playstation Vita 1.61) AppleWebKit/531.22.8 (KHTML, like Gecko) Silk/3.2 01.610.000 Yes
Mozilla/5.0 (PlayStation Vita 1.65) AppleWebKit/531.22.8 (KHTML, like Gecko) Silk/3.2 01.650.000 Yes
Mozilla/5.0 (PlayStation Vita 1.66) AppleWebKit/531.22.8 (KHTML, like Gecko) Silk/3.2 01.660.000 Yes
Mozilla/5.0 (PlayStation Vita 1.67) AppleWebKit/531.22.8 (KHTML, like Gecko) Silk/3.2 01.670.000 Yes
Mozilla/5.0 (PlayStation Vita 1.69) AppleWebKit/531.22.8 (KHTML, like Gecko) Silk/3.2 01.690.000 Yes
Mozilla/5.0 (PlayStation Vita 1.80) AppleWebKit/531.22.8 (KHTML, like Gecko) Silk/3.2 01.800.000 Yes
Mozilla/5.0 (PlayStation Vita 1.81) AppleWebKit/531.22.8 (KHTML, like Gecko) Silk/3.2 01.810.000 Yes
Mozilla/5.0 (PlayStation Vita 2.00) AppleWebKit/536.26 (KHTML, like Gecko) Silk/3.2 02.000.000 Yes
Mozilla/5.0 (PlayStation Vita 2.01) AppleWebKit/536.26 (KHTML, like Gecko) Silk/3.2 02.010.000 Yes
Mozilla/5.0 (PlayStation Vita 2.02) AppleWebKit/536.26 (KHTML, like Gecko) Silk/3.2 02.020.000 Yes
Mozilla/5.0 (PlayStation Vita 2.05) AppleWebKit/536.26 (KHTML, like Gecko) Silk/3.2 02.050.000 Yes
Mozilla/5.0 (PlayStation Vita 2.06) AppleWebKit/536.26 (KHTML, like Gecko) Silk/3.2 02.060.000 Yes
Mozilla/5.0 (PlayStation Vita 2.10) AppleWebKit/536.26 (KHTML, like Gecko) Silk/3.2 02.100.000 Yes
Mozilla/5.0 (PlayStation Vita 2.11) AppleWebKit/536.26 (KHTML, like Gecko) Silk/3.2 02.110.000 Yes
Mozilla/5.0 (PlayStation Vita 2.12) AppleWebKit/536.26 (KHTML, like Gecko) Silk/3.2 02.120.000 Yes
Mozilla/5.0 (PlayStation Vita 2.50) AppleWebKit/536.26 (KHTML, like Gecko) Silk/3.2 02.500.000 Yes
Mozilla/5.0 (PlayStation Vita 2.60) AppleWebKit/536.26 (KHTML, like Gecko) Silk/3.2 02.600.000 Yes
Mozilla/5.0 (PlayStation Vita 2.61) AppleWebKit/536.26 (KHTML, like Gecko) Silk/3.2 02.610.000 Yes
Mozilla/5.0 (PlayStation Vita 3.00) AppleWebKit/536.26 (KHTML, like Gecko) Silk/3.2 03.000.000 Yes
Mozilla/5.0 (PlayStation Vita 3.01) AppleWebKit/536.26 (KHTML, like Gecko) Silk/3.2 03.010.000 Yes
Mozilla/5.0 (PlayStation Vita 3.10) AppleWebKit/536.26 (KHTML, like Gecko) Silk/3.2 03.100.000 Yes
Mozilla/5.0 (PlayStation Vita 3.12) AppleWebKit/536.26 (KHTML, like Gecko) Silk/3.2 03.120.000 Yes
Mozilla/5.0 (PlayStation Vita 3.15) AppleWebKit/536.26 (KHTML, like Gecko) Silk/3.2 03.150.000 Yes
Mozilla/5.0 (PlayStation Vita 3.18) AppleWebKit/536.26 (KHTML, like Gecko) Silk/3.2 03.180.000 Yes
Mozilla/5.0 (PlayStation Vita 3.20) AppleWebKit/536.26 (KHTML, like Gecko) Silk/3.2 03.200.000 Yes
Mozilla/5.0 (PlayStation Vita 3.30) AppleWebKit.537.73 (KHTML, like Gecko) Silk/3.2 03.300.000 Yes
Mozilla/5.0 (PlayStation Vita 3.35) AppleWebKit.537.73 (KHTML, like Gecko) Silk/3.2 03.350.000 Yes
Mozilla/5.0 (PlayStation Vita 3.36) AppleWebKit.537.73 (KHTML, like Gecko) Silk/3.2 03.360.000 Yes
Mozilla/5.0 (PlayStation Vita 3.50) AppleWebKit.537.73 (KHTML, like Gecko) Silk/3.2 03.500.000 Yes
Mozilla/5.0 (PlayStation Vita 3.52) AppleWebKit.537.73 (KHTML, like Gecko) Silk/3.2 03.520.000 Yes
Mozilla/5.0 (PlayStation Vita 3.55) AppleWebKit.537.73 (KHTML, like Gecko) Silk/3.2 03.550.000 Yes
Mozilla/5.0 (PlayStation Vita 3.57) AppleWebKit.537.73 (KHTML, like Gecko) Silk/3.2 03.570.000 Yes
Mozilla/5.0 (PlayStation Vita 3.60) AppleWebKit.537.73 (KHTML, like Gecko) Silk/3.2 03.600.000 Yes
Mozilla/5.0 (PlayStation Vita 3.61) AppleWebKit.537.73 (KHTML, like Gecko) Silk/3.2 03.610.000 No
Mozilla/5.0 (PlayStation Vita 3.63) AppleWebKit.537.73 (KHTML, like Gecko) Silk/3.2 03.630.000 No
Mozilla/5.0 (PlayStation Vita 3.65) AppleWebKit.537.73 (KHTML, like Gecko) Silk/3.2 03.650.000 No
? 03.670.000 No
? 03.680.000 No
? 03.690.000 No

Webkit exploits[edit | edit source]

Terminology[edit | edit source]

An information security vulnerability is a mistake in software that can be directly used by a hacker to gain access to a system or network.
An information security exposure is a system configuration issue or a mistake in software that allows access to information or 
capabilities that can be used by a hacker as a stepping-stone into a system or network.

Common Vulnerabilities and Exposures list[edit | edit source]

1.50-1.81 (CVE-2010-1807 and CVE-2010-4577)

2.00-3.20 (CVE-2013-0903-1)

3.30-3.36 (CVE-2014-1303)

3.50-3.60 (no CVE at the time it was written, credits to xyz)

Repositories[edit | edit source]

<=1.81 webkit exploit PoC:

1.50-1.69-1.80 HTMLit:

ROPtool:

1.61 files for HTMLit and ROPtool:

1.80 files for ROPtool:

1.81 ROP:

2.60 webkit exploit PoC:

3.18 webkit exploit PoC:

3.01-3.15-3.18 memory dumping:

3.15-3.18 webkitties:

3.00-3.15-3.18 vitasploit:

2.02-2.12-3.00-3.01-3.18 vitasploit:

3.36 webkit exploit:

2.00-2.01-2.02-2.05-2.10-2.11-2.12-2.50-2.60-2.61-3.00-3.01-3.10-3.12-3.18-3.20 + 3.30-3.35-3.36 vitasploit:

Other tools:

Online Tests[edit | edit source]

Webkit Modules[edit | edit source]

Module Remark
SceAacenc
SceActivityDb
SceAppUtil
SceAtrac
SceAudiocodec
SceAvcodecUser
SceAvPlayer
SceBeisobmf
SceBemp2sys
ScebXCe
SceCheckoutDialogPlugin
SceClipboard
SceCommonDialog
SceCommonGuiDialog
SceDbrecoveryUtility
SceDbutil
SceDriverUser
SceDrmPsmKdc
SceFiber
SceFriendListDialogPlugin
SceGpuEs4User
SceGxm
SceHafnium
SceHandwriting
SceIme
SceImeDialogPlugin
SceIniFileProcessor
SceJpegArm
SceJpegEncArm
SceLibc
ScelibDbg
SceLibFios2
SceLibft2
SceLibG729
SceLibGameUpdate
SceLibHttp
SceLibJson
SceLibKernel
SceLibLocation
SceLibLocationExtension
SceLibMp4Recorder
SceLibNetCtl
SceLibPgf
SceLibPspnetAdhoc
SceLibPvf
SceLibRudp
SceLibSsl
SceLibVitaJSExtObj
SceLibXml
SceLiveAreaUtil
SceMp4
SceMsgDialogPlugin
SceMusicExport
SceNearDialogUtil
SceNearProfile
SceNearUtil
SceNet
SceNetAdhocMatching
SceNetCheckDialogPlugin
SceNgsUser
SceNotificationUtil
SceNpActivity
SceNpActivityNet
SceNpBasic
SceNpCommerce2
SceNpCommon
SceNpCommonPs4
SceNpFriendPrivacyLevel
SceNpKdc
SceNpManager
SceNpMatching2
SceNpMessage
SceNpMessageContactsPlugin
SceNpMessageDialogPlugin
SceNpMessageDlgImplPlugin
SceNpPartyGameUtil
SceNpScore
SceNpSignaling
SceNpSnsFacebook
SceNpTrophy
SceNpTus
SceNpUtility
SceNpWebApi
ScePaf
ScePartyMemberListPlugin
ScePhotoExport
ScePhotoImportDialogPlugin
ScePhotoReviewDialogPlugin
ScePromoterUtil
ScePsp2Compat
SceSasUser
SceSaveDataDialogPlugin
SceScreenShot
SceShellSvc
SceShutterSound
SceSqlite
SceSqliteVsh
SceStoreCheckoutPlugin
SceSystemGesture
SceTeleportClient
SceTeleportServer
SceTrophySetupDialogPlugin
SceUlt
SceVideoExport
SceVoice
SceVoiceQoS
SceWebFiltering
SceWebKit
SceWebKitProcess

Browsertests[edit | edit source]

Access to the PS3 Store and get content in Vita[edit | edit source]

Video

[1]

PS Vita's browser has some secrets function, such as enter in ps store or open an app.

For example:

psns:browse?category=PN.P3.US-PN.P3.GAME.US-BASE opens PS3 store US region
psns:browse?product=IP9100-PCSI00002_00-MUSICUNLIMITED00 opens Music Unlimited product

How it works

 psns:browse

This command supports several arguments, the most usables are:

 psns:browse?category=
 
 psns:browse?product=

By defining a category or product ID, this command will redirect you to the PSN Store and show you the chosen category/product. A few examples:

The syntax for categories works as follows:

 PN + CONSOLE ID + REGION ID + PN + CONSOLE ID + STORE ID + REGION ID + PAGE

Common Console ID's are:

 P3 --> PS3
 
 VT --> PS VITA
 
 PC --> MEDIA GO / PSP

Common Store ID's are:

 GAME or VIDEO

Redeem Comand

 psns:redeem?code1=123&code2=456&code3=789

This command will immediantly prompt you to the PSN Stores' redeem function, taking the arguments with it.