Hacking Is there a list of all URI calls?

[SilicaAndPina]

Except nothing can make URI calls except for Sony approved software on 3.61+, are you slow?
Sony can't patch an issue in previous firmwares, or are you honestly that slow?
A uri call isn't something that is intentional, even if the browser can do it, that'd require user input and I highly doubt a malicious website can manage to make a URI call on 3.61+
Stop trying to cover your tracks.

Thats where your wrong..

litterally any app that used the webkit. can do it.

i dont think it would work via obvious stuff (browser, email etc)
but someone COULD send someone a fake "Game Invite" and when they click it it executes that uri. or
somthing simular..

or u could do what i did origionally in the video where i put it on a gamecart. then someone who buys secound hand could run into this too :/

 

[Zeroba]

Thats where your wrong..

litterally any app that used the webkit. can do it.

i dont think it would work via obvious stuff (browser, email etc)
but someone COULD send someone a fake "Game Invite" and when they click it it executes that uri. or
somthing simular

And again, on 3.61+, there's no way to get that to happen. You're trying so hard to cover for your stupid mistake rather than attempting to make up for it. Not even people who create viruses (For fun) release it to the public, alot of the time those kinds of things are tossed around privately SO IT DOESN'T GET OUT FOR MALICIOUS USE.
Example: Memz virus.
You fucked up.

 

[SilicaAndPina]

And again, on 3.61+, there's no way to get that to happen. You're trying so hard to cover for your stupid mistake rather than attempting to make up for it. Not even people who create viruses release it to the public, alot of the time those kinds of things are tossed around privately SO IT DOESN'T GET OUT FOR MALICIOUS USE.
Example: Memz virus.
You fucked up.

Anyone with 3.60 could send a specailly crafted message to a 3.61 user. if they accept the "Invite" there memory card would be formatted..

(assuming we get a fw spoofer ofc)

also thats not the only way..
the video i made shows it on a video where i had it on a gamecart. if i put that gamecart into a 3.61 vita it would still work

not only that wifi-based attacks could work too u know that refresh button? it just downloads an xml from the sony server. if u made ur router direct that to whereever u want. including an xml that had said uri calls.

there are lots of ways to get liveitem's with custom uri's on 3.61

normally i dont consider uri's a risk as they just normally run applications.
the fact theres an insta-format uri out there. is bad they should make it ask for confirmation.

 

[Zeroba]

I will admit that much, but doesn't change the fact that something like that didn't have to be publicly released.
If you sent AskPlaystation a legit (Not taunting) tweet that you discovered an exploit rather than trying to annoy them to hell and back, they might actually listen.
Sending an obviously malicious file out onto the net full of malicious people is just a complete lack of common sense.
I'm not a dev, you clearly know more about me when it comes to stuff like URI calls, but not common sense.
You know damn well you didn't have to release it for Sony to figure it out. Sony patched HENkaku before our scene could fully reverse it. They don't need your help.

 

[SilicaAndPina]

I will admit that much, but doesn't change the fact that something like that didn't have to be publicly released.
If you sent AskPlaystation a legit (Not taunting) tweet that you discovered an exploit rather than trying to annoy them to hell and back, they might actually listen.
Sending an obviously malicious file out onto the net full of malicious people is just a complete lack of common sense.
I'm not a dev, you clearly know more about me when it comes to stuff like URI calls, but not common sense.
You know damn well you didn't have to release it for Sony to figure it out. Sony patched HENkaku before our scene could fully reverse it. They don't need your help.

Im trying to make it easy on sony. i know they could patch it otherwise but im trying to make it easyer

whenever i tweet askplaystation they just ignore me, it seems like an automated account anyway (they litterally allways say the same thing)

 

[Zeroba]

They ignore you because you taunt them. "Hey guys, looks like PKG installer is working on CEX, might wanna fix that" Not verbatim, but your wording just sounds trolly as fuck.
You know you didn't have to release the files publicly. I know damn well you know that, no human can be that dense.
Unless you can.

 

[SilicaAndPina]

They ignore you because you taunt them. "Hey guys, looks like PKG installer is working on CEX, might wanna fix that" Not verbatim, but your wording just sounds trolly as fuck.
You know you didn't have to release the files publicly. I know damn well you know that, no human can be that dense.
Unless you can.

your quite right i didnt have to release them..
but it seems like your basicly going around telling devs what they can and cannot release..

i did my part. i warned people that it would format if they downloaded it. and to use at own risk etc. not my fault someone took it and put it up as a backup game

 

[Zeroba]

I'm telling you, a well known malicious member of an otherwise healthy scene, not to release your "Proof of concept" files to everyone.
Keep them private, toss them among well known scene devs, don't make it available to any malicious punk out there.

 

[SilicaAndPina]

I'm telling you, a well known malicious member of an otherwise healthy scene, not to release your "Proof of concept" files to everyone.

how am i suppost to lead sony right to the f**ing awnser on how to patch?

i want to help sony in patching this one.

not just not keep it hidden and leave it to them even though they probably can find out how
just sayin

 

[Zeroba]

Dude you even said it yourself you know they don't need your help.
Do I have to say it again? They patched HENkaku without our help, and they'll fix this without your help.
It probably hasn't been fixed yet as it may be an OS dependent function, and it may not be possible to block one specific URI call without blocking all of them.
Just stop.

 

[SilicaAndPina]

Dude you even said it yourself you know they don't need your help.
Do I have to say it again? They patched HENkaku without our help, and they'll fix this without your help.
It probably hasn't been fixed yet as it may be an OS dependent function, and it may not be possible to block one specific URI call without blocking all of them.
Just stop.

even if its just a os dependant uri..

atleast make it prompt for confirmation..

also ur right they would patch it themselves anyway.
but.. doesnt mean i cannot make it easyer for them

 

[doctorgoat]

no human can be that dense.
Unless you can.

you've seen his code, right

and the way the vpk for his installer was made

 

[SilicaAndPina]

you've seen his code, right

and the way the vpk for his installer was made

basicly just a hex editor on vutaftp eboot.bin

i did have otehr features planned
but i was in a rush

people who say i didnt credit r rong i put it in the fucking app

 

[Tony_93]

According to his logic he released a virus so he can warn Sony that this virus being released can be dangerous...

That's like me freeing a lion in the middle of the city just to let people know that letting a lion free in the middle of the city can be freaking dangerous...

How tf does that make sense again?

 

[Zeroba]

"Hey guys, I know I released the Black Plague upon humanity again, but I did it to test and make sure Scientists still know how to cure it"
"What? How is it my fault everyone has the Black Plague now?"

 

[raulpica]

OP can GTFO, since we don't want malware-writing assholes on this website.

Locked.