Add PCAP buffer size option

xfangfang · May 22, 2024 · bd002a5 · bd002a5
1 parent 822b8a3
commit bd002a5
Show file tree

Hide file tree

Showing 4 changed files with 9 additions and 4 deletions.
diff --git a/README.md b/README.md
@@ -47,6 +47,7 @@ pppwn --interface en0 --fw 1100 --stage1 "stage1.bin" --stage2 "stage2.bin" --ti
 - `-t` `--timeout`: the timeout in seconds for ps4 response, 0 means always wait (default: `0`)
 - `-wap` `--wait-after-pin`: the waiting time in seconds after first round CPU pinning (default: `1`)
 - `-gd` `--groom-delay`: wait for 1ms every `groom-delay` rounds during Heap grooming (default: `4`)
+- `-bs` `--buffer-size`: PCAP buffer size in bytes, less than 100 indicates default value (usually 2MB) (default: `0`)
 - `-a` `--auto-retry`: automatically retry when fails or timeout
 - `-nw` `--no-wait-padi`: don't wait one more [PADI](https://en.wikipedia.org/wiki/Point-to-Point_Protocol_over_Ethernet#Client_to_server:_Initiation_(PADI)) before starting the exploit
 
@@ -56,7 +57,7 @@ Supplement:
 2. For `--no-wait-padi`, by default, `pppwn_cpp` will wait for two `PADI` request, according to [TheOfficialFloW/PPPwn/pull/48](https://github.com/TheOfficialFloW/PPPwn/pull/48) this helps to improve stability. You can turn off this feature with this parameter if you don't need it.
 3. For `--wait-after-pin`, according to [SiSTR0/PPPwn/pull/1](https://github.com/SiSTR0/PPPwn/pull/1) set this parameter to `20` helps to improve stability (not work for me).
 4. For `--groom-delay`, This is an empirical value. The Python version of pppwn does not set any wait at Heap grooming, but if the C++ version does not add some wait, there is a probability of kernel panic on my ps4. You can set any value within 1-4097 (4097 is equivalent to not doing any wait).
-
+5. For `--buffer-size`, When running on low-end devices, this value can be set to reduce memory usage. I tested that setting it to 10240 can run normally, and the memory usage is about 3MB. (Note: A value that is too small may cause some packets to not be captured properly)
 
 # Development
 

diff --git a/include/exploit.h b/include/exploit.h
@@ -84,7 +84,7 @@ class Exploit {
 
     int setFirmwareVersion(FirmwareVersion version);
 
-    int setInterface(const std::string &iface);
+    int setInterface(const std::string &iface, int buffer_size = 0);
 
     void setStage1(const std::vector<uint8_t> &&stage1_data);
 

diff --git a/src/exploit.cpp b/src/exploit.cpp
@@ -160,7 +160,7 @@ int Exploit::setFirmwareVersion(FirmwareVersion version) {
 }
 
 
-int Exploit::setInterface(const std::string &iface) {
+int Exploit::setInterface(const std::string &iface, int buffer_size) {
     if (dev != nullptr) this->closeInterface();
 
     dev = pcpp::PcapLiveDeviceList::getInstance().getPcapLiveDeviceByName(iface);
@@ -172,6 +172,7 @@ int Exploit::setInterface(const std::string &iface) {
     // open the device before start capturing/sending packets
     pcpp::PcapLiveDevice::DeviceConfiguration config;
     config.direction = pcpp::PcapLiveDevice::PCPP_IN;
+    config.packetBufferSize = buffer_size;
     config.packetBufferTimeoutMs = 1;
     if (!dev->open(config)) {
         std::cerr << "[-] Cannot open device" << std::endl;

diff --git a/src/main.cpp b/src/main.cpp
@@ -116,6 +116,7 @@ int main(int argc, char *argv[]) {
     int timeout = 0;
     int wait_after_pin = 1;
     int groom_delay = 4;
+    int buffer_size = 0;
     bool retry = false;
     bool no_wait_padi = false;
 
@@ -130,6 +131,8 @@ int main(int argc, char *argv[]) {
             option("-wap", "--wait-after-pin") & integer("seconds", wait_after_pin), \
             "wait for 1ms every `n` rounds during Heap grooming (default: 4)" % option("-gd", "--groom-delay") &
             integer("1-4097", groom_delay), \
+            "PCAP buffer size in bytes, less than 100 indicates default value (usually 2MB)  (default: 0)" %
+            option("-bs", "--buffer-size") & integer("bytes", buffer_size), \
             "automatically retry when fails or timeout" % option("-a", "--auto-retry").set(retry), \
             "don't wait one more PADI before starting" % option("-nw", "--no-wait-padi").set(no_wait_padi)
             ) | \
@@ -163,7 +166,7 @@ int main(int argc, char *argv[]) {
 
     Exploit exploit;
     if (exploit.setFirmwareVersion((FirmwareVersion) fw)) return 1;
-    if (exploit.setInterface(interface)) return 1;
+    if (exploit.setInterface(interface, buffer_size)) return 1;
     auto stage1_data = readBinary(stage1);
     if (stage1_data.empty()) return 1;
     auto stage2_data = readBinary(stage2);