zo0/PSFree-Enhanced-Dockerized
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
943f06ddc3f85f9e3d300aed4f06aaa6f7457db1
PSFree-Enhanced-Dockerized/src/lapse/ps4/903.mjs
Al Azif 3ab19c3a0b Push updates... 
1. Cleanup/Linting/Tweaks/Fixes/etc
  - Default Prettier config w/ 999 line length
  - Default eslint config "problems" list trimmed down
2. Fixed corrupt pointer cleanup by abc
3. Fixed `ip6po_rthdr` offset for PS5 by abc
4. Verified the number of blocking requests needed to be two by abc
5. Only run kernel exploit once by checking setuid by @JTAG7371
6. Kernel patches from pOOBs4 by @ChendoChap (Ported for 8.00-9.60)
7. Payload loader from pOOBs4 by @ChendoChap
8. Restore syscall 661 (`sys_aio_submit()`) after patching by @janisslsm
9. Add `PROT_READ`, `PROT_WRITE`, `PROT_EXEC` constants for payload loader by @janisslsm

The ONLY things that should need changes are the `/rop/ps4/*.mjs` files (850, 900, and 950).
Firmware 8.00 appears to be stable/have a good success rate now.
2025-06-01 03:46:23 -07:00

38 lines
1.2 KiB
JavaScript
Raw Blame History

/* Copyright (C) 2025 anonymous
This file is part of PSFree.
PSFree is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.
PSFree is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>. */
// 9.03, 9.04
export const pthread_offsets = new Map(
Object.entries({
pthread_create: 0x25510,
pthread_join: 0xafa0,
pthread_barrier_init: 0x273d0,
pthread_barrier_wait: 0xa320,
pthread_barrier_destroy: 0xfea0,
pthread_exit: 0x77a0,
}),
);
export const off_kstr = 0x7f4ce7;
export const off_cpuid_to_pcpu = 0x21eb2a0;
export const off_sysent_661 = 0x1103f00;
export const jmp_rsi = 0x5325b;
export const patch_elf_loc = "./kpatch/903.bin"; // Relative to `../../lapse.mjs`
Reference in New Issue View Git Blame Copy Permalink