We recently reported that a team of console modders, dubbed Team Molecule, released a hack for the PlayStation Vita, called "Henkaku." The team, comprised of notable hackers from the PlayStation Vita and Nintendo 3DS scenes like Yifan Lu, developed the hack as a way to bring userland homebrew to the system without the need to own a system with outdated firmware. Since then, the system has received a collection of homebrew, including ports of DOOM, Quake, and a variety of RetroArch emulators. Game modding is even possible, and several mods, such as a Japanese audio mod for Persona 4: Golden (spoiler warning!), have already been released.
Coming hot off the heels of the console hacking scene's renewed interest in the Vita platform, Team Molecule has issued a challenge for interested parties to reverse-engineer their code. Already, several parties have managed to uncover some of Henkaku's secrets. Earlier this morning, a post on /r/vitahacks seems to suggest that Henkaku is actually a kernel mode exploit instead of just a userland one (the difference being that kernel mode exploits could potentially lead to piracy), but the real star of today's show is the news that broke from the hacking scene just a few hours ago.
Github user Fire30 recently uploaded a supposed POC for a userland exploit on PlayStation 4. According to the Github project's README, today's PlayStation 4 vulnerability uses the same webkit exploit that Henkaku uses on Vita. From the page:
This repo contains a PoC for getting code execution on ps4's with firmware version 3.55 It uses the same webkit vulnerability as the henkaku project. So far there is basic ROP working and returning to normal execution is included. Next steps will be to map a jit page sucessfully and getting actual shellcode executed.
For all intents and purposes, the exploit seems to be legit. That being said, until more information surfaces, consider this PlayStation 4 hack just a "rumor" for now.
What do you think about today's news?