zo0/PSFree-Enhanced-Dockerized
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Rebased PSFree enhanced

Browse Source 
Rebased PSFree Enhanced to make it easier to update the exploit
This commit is contained in:
ArabPixel
2025-08-09 14:17:05 +02:00
parent 52d7ba4d46
commit 1246537503
72 changed files with 2106 additions and 214 deletions
Download Patch File Download Diff File Expand all files Collapse all files

164
src/about.html
View File

@@ -1,164 +0,0 @@
<!-- Copyright (C) 2023-2025 anonymous
This file is part of PSFree.
PSFree is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.
PSFree is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.
-->
<html>
<head>
<meta charset="utf-8" />
<title>About PSFree</title>
</head>
<body>
PSFree is an exploit chain for PS4 and PS5.<br />
PSFree is free software. PSFree's license is GNU-AGPL-3.0-or-later.<br />
Here is the source code of this program:<br />
<br />
HTML files:<br />
<a href="./index.html" download>index.html</a><br />
<a href="./about.html" download>about.html</a><br />
JavaScript files:<br />
<table id="jslicense-labels1">
<tr>
<td><a href="./alert.mjs">alert.mjs</a></td>
<td><a href="https://www.gnu.org/licenses/agpl-3.0.html">GNU-AGPL-3.0-or-later</a></td>
<td><a href="./alert.mjs" download>download</a></td>
</tr>
<tr>
<td><a href="./config.mjs">config.mjs</a></td>
<td><a href="https://www.gnu.org/licenses/agpl-3.0.html">GNU-AGPL-3.0-or-later</a></td>
<td><a href="./config.mjs" download>download</a></td>
</tr>
<tr>
<td><a href="./lapse.mjs">lapse.mjs</a></td>
<td><a href="https://www.gnu.org/licenses/agpl-3.0.html">GNU-AGPL-3.0-or-later</a></td>
<td><a href="./lapse.mjs" download>download</a></td>
</tr>
<tr>
<td><a href="./psfree.mjs">psfree.mjs</a></td>
<td><a href="https://www.gnu.org/licenses/agpl-3.0.html">GNU-AGPL-3.0-or-later</a></td>
<td><a href="./psfree.mjs" download>download</a></td>
</tr>
<tr>
<td><a href="./send.mjs">send.mjs</a></td>
<td><a href="https://www.gnu.org/licenses/agpl-3.0.html">GNU-AGPL-3.0-or-later</a></td>
<td><a href="./send.mjs" download>download</a></td>
</tr>
<tr>
<td><a href="./lapse/ps4/800.mjs">lapse/ps4/800.mjs</a></td>
<td><a href="https://www.gnu.org/licenses/agpl-3.0.html">GNU-AGPL-3.0-or-later</a></td>
<td><a href="./lapse/ps4/800.mjs" download>download</a></td>
</tr>
<tr>
<td><a href="./lapse/ps4/850.mjs">lapse/ps4/850.mjs</a></td>
<td><a href="https://www.gnu.org/licenses/agpl-3.0.html">GNU-AGPL-3.0-or-later</a></td>
<td><a href="./lapse/ps4/850.mjs" download>download</a></td>
</tr>
<tr>
<td><a href="./lapse/ps4/852.mjs">lapse/ps4/852.mjs</a></td>
<td><a href="https://www.gnu.org/licenses/agpl-3.0.html">GNU-AGPL-3.0-or-later</a></td>
<td><a href="./lapse/ps4/852.mjs" download>download</a></td>
</tr>
<tr>
<td><a href="./lapse/ps4/900.mjs">lapse/ps4/900.mjs</a></td>
<td><a href="https://www.gnu.org/licenses/agpl-3.0.html">GNU-AGPL-3.0-or-later</a></td>
<td><a href="./lapse/ps4/900.mjs" download>download</a></td>
</tr>
<tr>
<td><a href="./lapse/ps4/903.mjs">lapse/ps4/903.mjs</a></td>
<td><a href="https://www.gnu.org/licenses/agpl-3.0.html">GNU-AGPL-3.0-or-later</a></td>
<td><a href="./lapse/ps4/903.mjs" download>download</a></td>
</tr>
<tr>
<td><a href="./lapse/ps4/950.mjs">lapse/ps4/950.mjs</a></td>
<td><a href="https://www.gnu.org/licenses/agpl-3.0.html">GNU-AGPL-3.0-or-later</a></td>
<td><a href="./lapse/ps4/950.mjs" download>download</a></td>
</tr>
<tr>
<td><a href="./module/chain.mjs">module/chain.mjs</a></td>
<td><a href="https://www.gnu.org/licenses/agpl-3.0.html">GNU-AGPL-3.0-or-later</a></td>
<td><a href="./module/chain.mjs" download>download</a></td>
</tr>
<tr>
<td><a href="./module/int64.mjs">module/int64.mjs</a></td>
<td><a href="https://www.gnu.org/licenses/agpl-3.0.html">GNU-AGPL-3.0-or-later</a></td>
<td><a href="./module/int64.mjs" download>download</a></td>
</tr>
<tr>
<td><a href="./module/mem.mjs">module/mem.mjs</a></td>
<td><a href="https://www.gnu.org/licenses/agpl-3.0.html">GNU-AGPL-3.0-or-later</a></td>
<td><a href="./module/mem.mjs" download>download</a></td>
</tr>
<tr>
<td><a href="./module/memtools.mjs">module/memtools.mjs</a></td>
<td><a href="https://www.gnu.org/licenses/agpl-3.0.html">GNU-AGPL-3.0-or-later</a></td>
<td><a href="./module/memtools.mjs" download>download</a></td>
</tr>
<tr>
<td><a href="./module/offset.mjs">module/offset.mjs</a></td>
<td><a href="https://www.gnu.org/licenses/agpl-3.0.html">GNU-AGPL-3.0-or-later</a></td>
<td><a href="./module/offset.mjs" download>download</a></td>
</tr>
<tr>
<td><a href="./module/rw.mjs">module/rw.mjs</a></td>
<td><a href="https://www.gnu.org/licenses/agpl-3.0.html">GNU-AGPL-3.0-or-later</a></td>
<td><a href="./module/rw.mjs" download>download</a></td>
</tr>
<tr>
<td><a href="./module/utils.mjs">module/utils.mjs</a></td>
<td><a href="https://www.gnu.org/licenses/agpl-3.0.html">GNU-AGPL-3.0-or-later</a></td>
<td><a href="./module/utils.mjs" download>download</a></td>
</tr>
<tr>
<td><a href="./module/view.mjs">module/view.mjs</a></td>
<td><a href="https://www.gnu.org/licenses/agpl-3.0.html">GNU-AGPL-3.0-or-later</a></td>
<td><a href="./module/view.mjs" download>download</a></td>
</tr>
<tr>
<td><a href="./rop/ps4/800.mjs">rop/ps4/800.mjs</a></td>
<td><a href="https://www.gnu.org/licenses/agpl-3.0.html">GNU-AGPL-3.0-or-later</a></td>
<td><a href="./rop/ps4/800.mjs" download>download</a></td>
</tr>
<tr>
<td><a href="./rop/ps4/850.mjs">rop/ps4/850.mjs</a></td>
<td><a href="https://www.gnu.org/licenses/agpl-3.0.html">GNU-AGPL-3.0-or-later</a></td>
<td><a href="./rop/ps4/850.mjs" download>download</a></td>
</tr>
<tr>
<td><a href="./rop/ps4/900.mjs">rop/ps4/900.mjs</a></td>
<td><a href="https://www.gnu.org/licenses/agpl-3.0.html">GNU-AGPL-3.0-or-later</a></td>
<td><a href="./rop/ps4/900.mjs" download>download</a></td>
</tr>
<tr>
<td><a href="./rop/ps4/950.mjs">rop/ps4/950.mjs</a></td>
<td><a href="https://www.gnu.org/licenses/agpl-3.0.html">GNU-AGPL-3.0-or-later</a></td>
<td><a href="./rop/ps4/950.mjs" download>download</a></td>
</tr>
</table>
kpatch/ files:<br />
<a href="./kpatch/800.c">kpatch/800.c</a><br />
<a href="./kpatch/850.c">kpatch/850.c</a><br />
<a href="./kpatch/900.c">kpatch/900.c</a><br />
<a href="./kpatch/903.c">kpatch/903.c</a><br />
<a href="./kpatch/950.c">kpatch/950.c</a><br />
<a href="./kpatch/Makefile">kpatch/Makefile</a><br />
<a href="./kpatch/script.ld">kpatch/script.ld</a><br />
<a href="./kpatch/types.h">kpatch/types.h</a><br />
<a href="./kpatch/utils.h">kpatch/utils.h</a><br />
fonts/ files:<br />
<a href="./fonts/FONTS.LICENSE">fonts/FONTS.LICENSE</a><br />
<a href="./fonts/LiberationMono-Regular.ttf">fonts/LiberationMono-Regular.ttf</a><br />
<a href="./fonts/README.txt">fonts/README.txt</a><br />
</body>
</html>

38
src/index.html
View File

@@ -1,38 +0,0 @@
<!-- Copyright (C) 2023-2025 anonymous
This file is part of PSFree.
PSFree is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.
PSFree is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.
-->
<html>
<head>
<meta charset="utf-8" />
<title>exploit</title>
<style>
@font-face {
font-family: "logging";
src: url("./fonts/LiberationMono-Regular.ttf");
}
#console {
font-family: "logging";
}
</style>
</head>
<body>
PSFree: A PS4/PS5 Exploit Chain<br />
See <a href="./about.html" data-jslicense="1">JavaScript license information</a> for the source code and license.<br />
<pre id="console"></pre>
</body>
<script type="module" src="./alert.mjs"></script>
</html>

13
src/lapse.mjs
View File

@@ -1979,7 +1979,16 @@ function runPayload(path) {
kexploit().then((success) => {
if (success) {
// runPayload("./payload.bin");
runBinLoader();
if (sessionStorage.getItem('binloader')){
runBinLoader();
} else {
runPayload(window.payload_path);
payloadSucces();
}
}
});
function payloadSucces(){
log("payload executed successfully, reloading page in 4 seconds...");
setTimeout(() => {window.location.reload();}, 4000); // 4 seconds delay
}

2
src/lapse/ps4/700.mjs
View File

@@ -34,4 +34,4 @@ export const off_cpuid_to_pcpu = 0x212cd10;
export const off_sysent_661 = 0x112d250;
export const jmp_rsi = 0x6b192;
export const patch_elf_loc = "./kpatch/700.bin"; // Relative to `../../lapse.mjs`
export const patch_elf_loc = "./src/kpatch/700.bin"; // Relative to `../../lapse.mjs`

2
src/lapse/ps4/750.mjs
View File

@@ -34,4 +34,4 @@ export const off_cpuid_to_pcpu = 0x2261070;
export const off_sysent_661 = 0x1129f30;
export const jmp_rsi = 0x1f842;
export const patch_elf_loc = "./kpatch/750.bin"; // Relative to `../../lapse.mjs`
export const patch_elf_loc = "./src/kpatch/750.bin"; // Relative to `../../lapse.mjs`

2
src/lapse/ps4/751.mjs
View File

@@ -34,7 +34,7 @@ export const off_cpuid_to_pcpu = 0x2261070;
export const off_sysent_661 = 0x1129f30;
export const jmp_rsi = 0x1f842;
export const patch_elf_loc = "./kpatch/750.bin"; // Relative to `../../lapse.mjs`
export const patch_elf_loc = "./src/kpatch/750.bin"; // Relative to `../../lapse.mjs`
// Not a mistake! Only ONE kernel offset differs between 7.50, 7.51, and 7.55.
// It's the `off_kstr` variable in THIS file, the kernel patches are the same.
// That's why 7.51/7.55 are seperate from 7.50, but using the same kpatch file.

2
src/lapse/ps4/800.mjs
View File

@@ -34,4 +34,4 @@ export const off_cpuid_to_pcpu = 0x228e6b0;
export const off_sysent_661 = 0x11040c0;
export const jmp_rsi = 0xe629c;
export const patch_elf_loc = "./kpatch/800.bin"; // Relative to `../../lapse.mjs`
export const patch_elf_loc = "./src/kpatch/800.bin"; // Relative to `../../lapse.mjs`

2
src/lapse/ps4/850.mjs
View File

@@ -34,4 +34,4 @@ export const off_cpuid_to_pcpu = 0x1cfc240;
export const off_sysent_661 = 0x11041b0;
export const jmp_rsi = 0xc810d;
export const patch_elf_loc = "./kpatch/850.bin"; // Relative to `../../lapse.mjs`
export const patch_elf_loc = "./src/kpatch/850.bin"; // Relative to `../../lapse.mjs`

2
src/lapse/ps4/852.mjs
View File

@@ -34,4 +34,4 @@ export const off_cpuid_to_pcpu = 0x1cfc240;
export const off_sysent_661 = 0x11041b0;
export const jmp_rsi = 0xc810d;
export const patch_elf_loc = "./kpatch/850.bin"; // Relative to `../../lapse.mjs`
export const patch_elf_loc = "./src/kpatch/850.bin"; // Relative to `../../lapse.mjs`

2
src/lapse/ps4/900.mjs
View File

@@ -34,4 +34,4 @@ export const off_cpuid_to_pcpu = 0x21ef2a0;
export const off_sysent_661 = 0x1107f00;
export const jmp_rsi = 0x4c7ad;
export const patch_elf_loc = "./kpatch/900.bin"; // Relative to `../../lapse.mjs`
export const patch_elf_loc = "./src/kpatch/900.bin"; // Relative to `../../lapse.mjs`

2
src/lapse/ps4/903.mjs
View File

@@ -34,4 +34,4 @@ export const off_cpuid_to_pcpu = 0x21eb2a0;
export const off_sysent_661 = 0x1103f00;
export const jmp_rsi = 0x5325b;
export const patch_elf_loc = "./kpatch/903.bin"; // Relative to `../../lapse.mjs`
export const patch_elf_loc = "./src/kpatch/903.bin"; // Relative to `../../lapse.mjs`

2
src/lapse/ps4/950.mjs
View File

@@ -34,4 +34,4 @@ export const off_cpuid_to_pcpu = 0x21a66c0;
export const off_sysent_661 = 0x1100ee0;
export const jmp_rsi = 0x15a6d;
export const patch_elf_loc = "./kpatch/950.bin"; // Relative to `../../lapse.mjs`
export const patch_elf_loc = "./src/kpatch/950.bin"; // Relative to `../../lapse.mjs`

2
src/rop/ps4/700.mjs
View File

@@ -136,7 +136,7 @@ function get_bases() {
const textarea = document.createElement("textarea");
const webcore_textarea = mem.addrof(textarea).readp(off.jsta_impl);
const textarea_vtable = webcore_textarea.readp(0);
const off_ta_vt = 0x23ba060;
const off_ta_vt = 0x23ba070;
const libwebkit_base = textarea_vtable.sub(off_ta_vt);
const stack_chk_fail_import = libwebkit_base.add(offset_wk_stack_chk_fail);