PoC has raised failed to find smashed butterfly in 5.53 version

Cryptogenic / PS4-6.20-WebKit-Code-Execution-Exploit

A WebKit exploit using CVE-2018-4441 to obtain RCE on PS4 6.20.

Do What The F*ck You Want To Public License

201 stars 52 forks source link

PoC has raised failed to find smashed butterfly in 5.53 version #4

Open mohsen-mahmoudi opened 5 years ago

mohsen-mahmoudi commented 5 years ago

Hi @Cryptogenic. I use tomcat in my PC and I created local net. In PS4 when I browse index.html and then click on GO, error raised about "failed to find smashed butterfly" after that I saw log about "Phase 1: Obtaining Relative R/W Primitive" on page and then no action do! Is problem for my PS4 version?

mohsen-mahmoudi commented 5 years ago

I uncomment the debug logs. I found below checking in line 213 in wkexploit.js if (targetButterflies[i].length != 0x10) when I changed the value from 0x10 to 0x0 if (targetButterflies[i].length != 0x0) then Phase 1 complete done. and then in phase 2 after "Leaking address of array leak primitive" log, no action do!

CelesteBlue-dev commented 5 years ago

6.20 webkit exploit only works on 6.00-6.20 not below nor upper.

mohsen-mahmoudi commented 5 years ago

@CelesteBlue-dev, I used this exploit based on This exploit targets firmware 6.20. It should work on lower firmwares however the gadgets will need to be ported... statement at Note section.