Skip to content

Luq2521/PI-Pwn

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

PI Pwn

This is a script to setup PPPwn and PPPwn_cpp on the raspberry pi and run GoldHen on the PS4 fw 11.0, 10.01, 10.00, 9.00
It also supports internet access after pwn and access to ftp, klog and binloader servers launched by goldhen.
A dns blocker is also installed and used to prevent updates.

The Raspberry Pi 4, Raspberry Pi 400 and Raspberry Pi 5 can pass through a usb drive inserted into the pi to the console if the pi is plugged into the console usb port

There is also a webserver to control the pi, change settings and send payloads by accessing http://pppwn.local from the console or your pc if you have internet access enabled.


Tested PI Models

Raspberry Pi 5
Raspberry Pi 4 Model B
Raspberry Pi 400
Raspberry Pi 3B+
Raspberry Pi 2 Model B
Raspberry Pi Zero 2 W with usb to ethernet adapter
Raspberry Pi Zero W with usb to ethernet adapter
ROCK PI 4C Plus with armbian Image
BIGTREETECH BTT Pi V1.2 with armbian minimal
pcDuino3b with armbian Image

Install


You need to install Raspberry Pi OS Lite or Armbian Cli / Minimal onto a sd card.

Place the sd card into the raspberry pi, boot it and connect it to the internet then run the following commands


sudo apt update
sudo apt install git -y
sudo rm -f -r PI-Pwn
sudo systemctl stop pipwn
git clone https://github.com/stooged/PI-Pwn
sudo mkdir /boot/firmware/
cd PI-Pwn
sudo cp -r PPPwn /boot/firmware/
cd /boot/firmware/PPPwn
sudo chmod 777 *
sudo bash install.sh

During the install process you will be asked to set some options.

If you are using a usb to ethernet adapter for the connection to the console you need to select yes
If your pi has an ethernet port and you are using a usb to ethernet adapter your interface for the usb adapter should be eth1
If you are using something like a pi zero 2 the interface will be eth0

Once the pi reboots pppwn will run automatically.

On your PS4:

  • Go to Settings and then Network
  • Select Set Up Internet connection and choose Use a LAN Cable
  • Choose Custom setup and choose PPPoE for IP Address Settings
  • Enter ppp for PPPoE User ID and PPPoE Password
  • NOTE if you enable internet access you must match the username and password entered during the install or use the default ppp
  • Choose Automatic for DNS Settings and MTU Settings
  • Choose Do Not Use for Proxy Server

For GoldHen you need to place the goldhen.bin file onto the root of a usb drive and plug it into the console.
Once goldhen has been loaded for the first time it will be copied to the consoles internal hdd and the usb is no longer required.
To update goldhen just repeat the above process and the new version will be copied to the internal hdd

Console FTP / Binload

If the pi pwn was setup to allow internet access you can use the ftp, klog, and binloader servers on the console
Your pi must be also connected to your home network via wifi or a second ethernet connection
To connect to the servers from your pc just connect to the raspberry pi ip on your network and all requests will be forwarded to the console

For ftp make sure you set the transfer mode on your ftp client software to Active not passive.

USB pass through drive

You can put a usb flash drive in the pi and that will be mounted to the console, you must put a folder on the root of the drive called "payloads"
To use this feature you must plug the raspberry pi 4 / 400 / 5 into the consoles usb port using the usb-c connection on the pi.
If you have power issues you can use a usb Y cable to inject power from another source but in my tests both pi variants ran using a single cable.

Rest Mode

You can enable the option to detect if goldhen is running in the options which will cause pi-pwn to check if goldhen is active before running pppwn, this is useful for rest mode
If you have the pi powered from the console usb port you must disable "Supply Power to USB Ports" in the rest mode settings of the console.
The console must also use the PPPoe user and pass set for the "console internet connection" of pi-pwn or the defaults if you never changed them which are ppp for both user and password.

PI FTP

If you install FTP to access the pppwn folder for the exploit files you must use your root login user/pass to access the server.
The ftp server uses the standard ports 21 and 20.

PI Samba

If you setup samba to access the pppwn folder for the exploit files you can access the drive on...
\\pppwn.local\pppwn
or
smb:\\pppwn.local\pppwn

The share has no user/password required to access it.

What it does

Once everything is setup and the ethernet cable is plugged in between the pi and the console the pi should automatically try and pwn the console.
The exploit may fail many times but the pi will continue to purge the console to keep trying to pwn itself.
Once pwned the process will stop and the pi will shut down if you are not using internet access.

You will need to restart the pi if you wish to pwn the console again.

The idea is you boot the console and the pi together and the pi will keep trying to pwn the console without any input from you, just wait on the home screen until the process completes

Updating

You can edit the exploit scripts by putting the sd card in your computer and going to the PPPwn folder.
The commands above can also be run again to install updates or change the settings.
You can also click the update button on the web ui.

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Python 47.4%
  • Shell 35.6%
  • PHP 17.0%