5 comments

[ 3.0 ms ] story [ 24.1 ms ] thread
I'm not at all familiar with the PS4, but I love reading these articles!

A thought occured that with this access, it is possible to encrypt corrupted save files which might lead to further exploitation.

It is possible to create save files. However they will be tied to a specific console/account. And creating them requires a kernel exploit while a vulnerable game only gives you a userland exploit. It won't be the most practical even if you find a vulnerable game.
I seem to remember the PSP making use of kernel exploits from vulnerable games, unless I'm thinking of save file exploits. I'm guessing there aren't any similar vulnerabilities with the PS4?
First, there is no "kernel exploits from vulnerable games" as games are applications that run in the OS (FreeBSD based). What happened with the PSP is that game exploits can be used to run code that trigger kernel exploits (which have to be found separately and are a lot harder to find). In terms of game exploits on the PS4; there is no doubt that such vulnerabilities exist, but you're limited to ROP (no JIT in games) in userland.
On note of the save files, I really hope we gain the ability to port PS3 gamesaves to PS4 and also the ability to use save files from the internet. It's madness that Sony doesn't let us do this.

Also, I am somewhat curious as to the API Sony uses for PayPal payments, as it lets you pay within the PS4's GUI. Does anyone know whether the PayPal Payflow API allow Sony to do this or did they get a custom solution?