This was kind of out of the blue: Developer acez just posted an article on his blog explaining all the details of the Webkit exploit that was recently revealed for the Vita, including how he and a group of friends leveraged it.
The read is extremely interesting, and I won’t pretend I’m able to summarize it in a way that would do it any justice, so I suggest you just read it.
A cynical summary for people like me who have been in the PSP hacking scene previously would be: “ha, the security on the PSP was a joke, now we’re talking”. The article truly shows that the exploit was not only about digging for CVE's and quickly and dirtily implement them on the Vita.
Between the absence of a debugger, ASLR, sandboxing, no JIT, and other bumps in the road, acez’s post clearly explains this was not easy. At all.
From the scene’s perspective, it’s interesting to see that the main people behind this work (freebot, acez, and John The Ropper) are – as far as I know – not people from the PSP or PS3 scene. They seem to be, however, very, very well seasoned hackers (at least acez seems to be a regular CTF – The hacking ones, not the Quake ones – contestant). The things they pulled off, which I understand where very helpful, behind the scene, to some of the releases we’ve seen over the past few days, were not an easy thing.
Credits
Johntheropper and freebot worked with acez directly on the exploit. In addition, he credits Yifanlu and Josh_Axey for their help on the Vita, as well as Acid_Snake and Codelion, and everyone else who “made this possible”.Downloads
The exploit and all related work can be found on acez’s github. At this point I assume this is more or less the same work that has been released in CodeLion’s recent memtools_vita, but it is worth checking it.What’s next?
Let’s hope that the interest of acez, JhonTheRopper, and freebot for the Vita will stay for a while. As mentioned in the blog article, there’s still a lot to do: Webkit is sandboxed, and without additional exploits, the scene will not be able to gain “full” native access to the Vita. From a personal point of view though, I would surely be happy to start seeing a simple SDK, and some simple homebrew, in the sandboxed Webkit exploit. Just for the sake of it.Source: acez.re
No comments:
Post a Comment
Spammers, stay out. Only political and video game discussion here.