Webbrowser
Contents
Web Content Guidelines[edit]
- PS Vita Web Content Guidelines v3.00
- PS3 Web Content Guidelines v3.10
- PS4 Web Content Guidelines v1.50
Supports[edit]
- Cookies
- Javascript 1.7
- partial HTML 5
- Partial Video support (added from 2.10 update)
Not supported[edit]
- Flash
- Youtube (no HTML5: video)
Known Useragents[edit]
PlayStation Vita YouTube/1.0 libhttp/1.67 (PS Vita) PlayStation Vita YouTube/2.1 libhttp/2.60 (PS Vita)
Useragent (Vita TV has trailing "Silk/3.2 VTE/2.50" or "Silk/3.2 VTE/3.30" as subidentifier):
Table below indicates known and unknown. "YES" = known vulnerability in use, "NO" = unknown if vulnerability in use.
useragent | version | vulnerability |
---|---|---|
Mozilla/5.0 (PlayStation Vita 1.00) AppleWebKit/531.22.8 (KHTML, like Gecko) Silk/3.2 | 01.000.000 | Yes |
Mozilla/5.0 (PlayStation Vita 1.03) AppleWebKit/531.22.8 (KHTML, like Gecko) Silk/3.2 | 01.030.010 | Yes |
Mozilla/5.0 (PlayStation Vita 1.04) AppleWebKit/531.22.8 (KHTML, like Gecko) Silk/3.2 | 01.040.000 | Yes |
Mozilla/5.0 (PlayStation Vita 1.05) AppleWebKit/531.22.8 (KHTML, like Gecko) Silk/3.2 | 01.050.000 | Yes |
Mozilla/5.0 (PlayStation Vita 1.06) AppleWebKit/531.22.8 (KHTML, like Gecko) Silk/3.2 | 01.060.010 | Yes |
Mozilla/5.0 (Playstation Vita 1.50) AppleWebKit/531.22.8 (KHTML, like Gecko) Silk/3.2 | 01.500.000 | Yes |
Mozilla/5.0 (PlayStation Vita 1.51) AppleWebKit/531.22.8 (KHTML, like Gecko) Silk/3.2 | 01.510.000 | Yes |
Mozilla/5.0 (PlayStation Vita 1.52) AppleWebKit/531.22.8 (KHTML, like Gecko) Silk/3.2 | 01.520.000 | Yes |
Mozilla/5.0 (PlayStation Vita 1.60) AppleWebKit/531.22.8 (KHTML, like Gecko) Silk/3.2 | 01.600.000 | Yes |
Mozilla/5.0 (Playstation Vita 1.61) AppleWebKit/531.22.8 (KHTML, like Gecko) Silk/3.2 | 01.610.000 | Yes |
Mozilla/5.0 (PlayStation Vita 1.65) AppleWebKit/531.22.8 (KHTML, like Gecko) Silk/3.2 | 01.650.000 | Yes |
Mozilla/5.0 (PlayStation Vita 1.66) AppleWebKit/531.22.8 (KHTML, like Gecko) Silk/3.2 | 01.660.000 | Yes |
Mozilla/5.0 (PlayStation Vita 1.67) AppleWebKit/531.22.8 (KHTML, like Gecko) Silk/3.2 | 01.670.000 | Yes |
Mozilla/5.0 (PlayStation Vita 1.69) AppleWebKit/531.22.8 (KHTML, like Gecko) Silk/3.2 | 01.690.000 | Yes |
Mozilla/5.0 (PlayStation Vita 1.80) AppleWebKit/531.22.8 (KHTML, like Gecko) Silk/3.2 | 01.800.000 | Yes |
Mozilla/5.0 (PlayStation Vita 1.81) AppleWebKit/531.22.8 (KHTML, like Gecko) Silk/3.2 | 01.810.000 | Yes |
Mozilla/5.0 (PlayStation Vita 2.00) AppleWebKit/536.26 (KHTML, like Gecko) Silk/3.2 | 02.000.000 | Yes |
Mozilla/5.0 (PlayStation Vita 2.01) AppleWebKit/536.26 (KHTML, like Gecko) Silk/3.2 | 02.010.000 | Yes |
Mozilla/5.0 (PlayStation Vita 2.02) AppleWebKit/536.26 (KHTML, like Gecko) Silk/3.2 | 02.020.000 | Yes |
Mozilla/5.0 (PlayStation Vita 2.05) AppleWebKit/536.26 (KHTML, like Gecko) Silk/3.2 | 02.050.000 | Yes |
Mozilla/5.0 (PlayStation Vita 2.06) AppleWebKit/536.26 (KHTML, like Gecko) Silk/3.2 | 02.060.000 | Yes |
Mozilla/5.0 (PlayStation Vita 2.10) AppleWebKit/536.26 (KHTML, like Gecko) Silk/3.2 | 02.100.000 | Yes |
Mozilla/5.0 (PlayStation Vita 2.11) AppleWebKit/536.26 (KHTML, like Gecko) Silk/3.2 | 02.110.000 | Yes |
Mozilla/5.0 (PlayStation Vita 2.12) AppleWebKit/536.26 (KHTML, like Gecko) Silk/3.2 | 02.120.000 | Yes |
Mozilla/5.0 (PlayStation Vita 2.50) AppleWebKit/536.26 (KHTML, like Gecko) Silk/3.2 | 02.500.000 | Yes |
Mozilla/5.0 (PlayStation Vita 2.60) AppleWebKit/536.26 (KHTML, like Gecko) Silk/3.2 | 02.600.000 | Yes |
Mozilla/5.0 (PlayStation Vita 2.61) AppleWebKit/536.26 (KHTML, like Gecko) Silk/3.2 | 02.610.000 | Yes |
Mozilla/5.0 (PlayStation Vita 3.00) AppleWebKit/536.26 (KHTML, like Gecko) Silk/3.2 | 03.000.000 | Yes |
Mozilla/5.0 (PlayStation Vita 3.01) AppleWebKit/536.26 (KHTML, like Gecko) Silk/3.2 | 03.010.000 | Yes |
Mozilla/5.0 (PlayStation Vita 3.10) AppleWebKit/536.26 (KHTML, like Gecko) Silk/3.2 | 03.100.000 | Yes |
Mozilla/5.0 (PlayStation Vita 3.12) AppleWebKit/536.26 (KHTML, like Gecko) Silk/3.2 | 03.120.000 | Yes |
Mozilla/5.0 (PlayStation Vita 3.15) AppleWebKit/536.26 (KHTML, like Gecko) Silk/3.2 | 03.150.000 | Yes |
Mozilla/5.0 (PlayStation Vita 3.18) AppleWebKit/536.26 (KHTML, like Gecko) Silk/3.2 | 03.180.000 | Yes |
Mozilla/5.0 (PlayStation Vita 3.20) AppleWebKit/536.26 (KHTML, like Gecko) Silk/3.2 | 03.200.000 | Yes |
Mozilla/5.0 (PlayStation Vita 3.30) AppleWebKit.537.73 (KHTML, like Gecko) Silk/3.2 | 03.300.000 | Yes |
Mozilla/5.0 (PlayStation Vita 3.35) AppleWebKit.537.73 (KHTML, like Gecko) Silk/3.2 | 03.350.000 | Yes |
Mozilla/5.0 (PlayStation Vita 3.36) AppleWebKit.537.73 (KHTML, like Gecko) Silk/3.2 | 03.360.000 | Yes |
Mozilla/5.0 (PlayStation Vita 3.50) AppleWebKit.537.73 (KHTML, like Gecko) Silk/3.2 | 03.500.000 | Yes |
Mozilla/5.0 (PlayStation Vita 3.52) AppleWebKit.537.73 (KHTML, like Gecko) Silk/3.2 | 03.520.000 | Yes |
Mozilla/5.0 (PlayStation Vita 3.55) AppleWebKit.537.73 (KHTML, like Gecko) Silk/3.2 | 03.550.000 | Yes |
Mozilla/5.0 (PlayStation Vita 3.57) AppleWebKit.537.73 (KHTML, like Gecko) Silk/3.2 | 03.570.000 | Yes |
Mozilla/5.0 (PlayStation Vita 3.60) AppleWebKit.537.73 (KHTML, like Gecko) Silk/3.2 | 03.600.000 | Yes |
Mozilla/5.0 (PlayStation Vita 3.61) AppleWebKit.537.73 (KHTML, like Gecko) Silk/3.2 | 03.610.000 | No |
Webkit exploit[edit]
Terminology[edit]
An information security vulnerability is a mistake in software that can be directly used by a hacker to gain access to a system or network.
An information security exposure is a system configuration issue or a mistake in software that allows access to information or capabilities that can be used by a hacker as a stepping-stone into a system or network.
Common Vulnerabilities and Exposures list[edit]
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1807
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4577
http://packetstormsecurity.com/files/123089/Packet-Storm-Advisory-2013-0903-1-Apple-Safari-Heap-Buffer-Overflow.html (related to http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3748 / https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3748)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1303 http://wololo.net/2015/04/22/new-webkit-exploit-found-vita-maybe-playstation-4/ (up to FW 3.36)
Repositories[edit]
- https://github.com/Hykem/vitasploit/ by Hykem
- repo
- discarded repro reduction for <=1.81
- https://github.com/xyzz/vitadump
- https://bitbucket.org/Archaemic/memory-splicer
- repo
- https://github.com/acama/webkitties
Code, Test & Tool[edit]
- live test live test (miror), live test (old)
- memtools_vita https://github.com/BrianBTB/memtools_vita/
- ROPTool
- HTMLIt
- http://pastie.org/private/ugchhaqctvmw5rrg5w37ka <- load more modules for the JSoS module dumper :)
- SMOKE's Support_Uri Rop script
Webkit Modules[edit]
Module | Remark |
---|---|
SceAacenc | |
SceActivityDb | |
SceAppUtil | |
SceAtrac | |
SceAudiocodec | |
SceAvcodecUser | |
SceAvPlayer | |
SceBeisobmf | |
SceBemp2sys | |
ScebXCe | |
SceCheckoutDialogPlugin | |
SceClipboard | |
SceCommonDialog | |
SceCommonGuiDialog | |
SceDbrecoveryUtility | |
SceDbutil | |
SceDriverUser | |
SceDrmPsmKdc | |
SceFiber | |
SceFriendListDialogPlugin | |
SceGpuEs4User | |
SceGxm | |
SceHafnium | |
SceHandwriting | |
SceIme | |
SceImeDialogPlugin | |
SceIniFileProcessor | |
SceJpegArm | |
SceJpegEncArm | |
SceLibc | |
ScelibDbg | |
SceLibFios2 | |
SceLibft2 | |
SceLibG729 | |
SceLibGameUpdate | |
SceLibHttp | |
SceLibJson | |
SceLibKernel | |
SceLibLocation | |
SceLibLocationExtension | |
SceLibMp4Recorder | |
SceLibNetCtl | |
SceLibPgf | |
SceLibPspnetAdhoc | |
SceLibPvf | |
SceLibRudp | |
SceLibSsl | |
SceLibVitaJSExtObj | |
SceLibXml | |
SceLiveAreaUtil | |
SceMp4 | |
SceMsgDialogPlugin | |
SceMusicExport | |
SceNearDialogUtil | |
SceNearProfile | |
SceNearUtil | |
SceNet | |
SceNetAdhocMatching | |
SceNetCheckDialogPlugin | |
SceNgsUser | |
SceNotificationUtil | |
SceNpActivity | |
SceNpActivityNet | |
SceNpBasic | |
SceNpCommerce2 | |
SceNpCommon | |
SceNpCommonPs4 | |
SceNpFriendPrivacyLevel | |
SceNpKdc | |
SceNpManager | |
SceNpMatching2 | |
SceNpMessage | |
SceNpMessageContactsPlugin | |
SceNpMessageDialogPlugin | |
SceNpMessageDlgImplPlugin | |
SceNpPartyGameUtil | |
SceNpScore | |
SceNpSignaling | |
SceNpSnsFacebook | |
SceNpTrophy | |
SceNpTus | |
SceNpUtility | |
SceNpWebApi | |
ScePaf | |
ScePartyMemberListPlugin | |
ScePhotoExport | |
ScePhotoImportDialogPlugin | |
ScePhotoReviewDialogPlugin | |
ScePromoterUtil | |
ScePsp2Compat | |
SceSasUser | |
SceSaveDataDialogPlugin | |
SceScreenShot | |
SceShellSvc | |
SceShutterSound | |
SceSqlite | |
SceSqliteVsh | |
SceStoreCheckoutPlugin | |
SceSystemGesture | |
SceTeleportClient | |
SceTeleportServer | |
SceTrophySetupDialogPlugin | |
SceUlt | |
SceVideoExport | |
SceVoice | |
SceVoiceQoS | |
SceWebFiltering | |
SceWebKit | |
SceWebKitProcess |
Browsertests[edit]
Access to the PS3 Store and get content in Vita[edit]
Video
PS Vita's browser has some secrets function, such as enter in ps store or open an app.
For example:
psns:browse?category=PN.P3.US-PN.P3.GAME.US-BASE | opens PS3 store US region |
---|---|
psns:browse?product=IP9100-PCSI00002_00-MUSICUNLIMITED00 | opens Music Unlimited product |
How it works
psns:browse
This command supports several arguments, the most usables are:
psns:browse?category= psns:browse?product=
By defining a category or product ID, this command will redirect you to the PSN Store and show you the chosen category/product. A few examples:
The syntax for categories works as follows:
PN + CONSOLE ID + REGION ID + PN + CONSOLE ID + STORE ID + REGION ID + PAGE
Common Console ID's are:
P3 --> PS3 VT --> PS VITA PC --> MEDIA GO / PSP
Common Store ID's are:
GAME or VIDEO
Redeem Comand
psns:redeem?code1=123&code2=456&code3=789
This command will immediantly prompt you to the PSN Stores' redeem function, taking the arguments with it.