Removing Debug console auto scroll to restore stability. having it inside utils.mjs sometimes causes 9.xx (9.60 at least) firmwre to show unresponsive browser tab and freeze if any operation was made (launching an app or restarting the console)..
This commit adds the ability to load payloads using GoldHENs BinLoader by visiting the mirrored http host. Improvements in blocking payloads loading if your firmware is unsupported..
- Made constants match FreeBSD9 headers
- Added more constants that are used but were just magic numbers
- Save and reset pinned core and scheduler priority post exploit
- Use correct size for rtprio, 0x10 vs 8
- Double check value before closing fd or freeing object in post exploit cleanup
1. Cleanup/Linting/Tweaks/Fixes/etc
- Default Prettier config w/ 999 line length
- Default eslint config "problems" list trimmed down
2. Fixed corrupt pointer cleanup by abc
3. Fixed `ip6po_rthdr` offset for PS5 by abc
4. Verified the number of blocking requests needed to be two by abc
5. Only run kernel exploit once by checking setuid by @JTAG7371
6. Kernel patches from pOOBs4 by @ChendoChap (Ported for 8.00-9.60)
7. Payload loader from pOOBs4 by @ChendoChap
8. Restore syscall 661 (`sys_aio_submit()`) after patching by @janisslsm
9. Add `PROT_READ`, `PROT_WRITE`, `PROT_EXEC` constants for payload loader by @janisslsm
The ONLY things that should need changes are the `/rop/ps4/*.mjs` files (850, 900, and 950).
Firmware 8.00 appears to be stable/have a good success rate now.
### Added
- `.gitignore` for kpatch output
- Auto detect console type and firmware in `config.mjs`
- Used elsewhere to determine which offsets/patches/ROP chain are used
- WIP: Add 8.50-9.60 support
- All offsets found
- Running into some issue here. Wiped out my JOP chains to redo them...
### Fixed
- Call `lapse.mjs` rather than `code.mjs`
- Makefile for kpatch builds all currently available
### Changed
- Use relative locations rather than absolute
- Changed kpatch binaries to just be shellcode vs full ELFs
- 5,216 bytes to 257 bytes.
- Build kpatch binaries with `-Os` rather than `-O`
- 257 bytes to 233 bytes.
- Renamed/Formatted `CHANGELOG.md`, `README.md`, and `LICENSE`
