Push updates...
1. Cleanup/Linting/Tweaks/Fixes/etc - Default Prettier config w/ 999 line length - Default eslint config "problems" list trimmed down 2. Fixed corrupt pointer cleanup by abc 3. Fixed `ip6po_rthdr` offset for PS5 by abc 4. Verified the number of blocking requests needed to be two by abc 5. Only run kernel exploit once by checking setuid by @JTAG7371 6. Kernel patches from pOOBs4 by @ChendoChap (Ported for 8.00-9.60) 7. Payload loader from pOOBs4 by @ChendoChap 8. Restore syscall 661 (`sys_aio_submit()`) after patching by @janisslsm 9. Add `PROT_READ`, `PROT_WRITE`, `PROT_EXEC` constants for payload loader by @janisslsm The ONLY things that should need changes are the `/rop/ps4/*.mjs` files (850, 900, and 950). Firmware 8.00 appears to be stable/have a good success rate now.
This commit is contained in:
Al Azif
@@ -7,7 +7,7 @@ PSFree is a collection of exploits for the PS4 console. The main focus of the re
|
||||
* **Auto-detection:** Automatically detects console type and firmware version (via `src/config.mjs`).
|
||||
* **WebKit Exploit (PSFree):** Entry point via the console's web browser.
|
||||
* **Kernel Exploit (Lapse):** Escalates privileges to kernel level.
|
||||
* ~~Payload Loader: After successful kernel exploitation listens for a payload on port 9020.~~ **WIP**
|
||||
* **Payload Loader:** After successful kernel exploitation listens for a payload on port 9020.
|
||||
|
||||
## Vulnerability Scope
|
||||
|
||||
@@ -29,7 +29,6 @@ This table indicates firmware versions for which the *current version* of this r
|
||||
|
||||
## TODO List
|
||||
|
||||
- [ ] Integrate payload loader (Test on 8.00-8.03)
|
||||
- [ ] Rewrite JOP chains in `rop/ps4/850.mjs`, `rop/ps4/900.mjs`, and `rop/ps4/950.mjs`
|
||||
- I scrapped the ones I had...
|
||||
- [ ] `lapse.mjs`: Just set the bits for JIT privs
|
||||
|
||||
Reference in New Issue
Block a user