Created
March 9, 2016 20:46
-
-
Save psxdev/7da7d16186a735569558 to your computer and use it in GitHub Desktop.
sys_dynlib_prepare_dclose poc with clang libps4/ps4link/ps4sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| log: [PS4][INFO]: ready to have a lot of fun... | |
| log: [PS4][DEBUG]: [PS4LINK] Server request thread UID: 0x80C43A20 | |
| log: [PS4][DEBUG]: [PS4LINK] Created ps4link_requests_sock: 85 | |
| log: [PS4][DEBUG]: [PS4LINK] Server command thread UID: 0x80C74FC0 | |
| log: [PS4][DEBUG]: [PS4LINK] bind to ps4link_requests_sock done | |
| log: [PS4][DEBUG]: [PS4LINK] Command Thread Started. | |
| log: [PS4][DEBUG]: [PS4LINK] Created ps4link_commands_sock: 86 | |
| log: [PS4][DEBUG]: [PS4LINK] Ready for connection 1 | |
| log: [PS4][DEBUG]: [PS4LINK] Waiting for connection | |
| log: [PS4][DEBUG]: [PS4LINK] Command listener waiting for commands... | |
| ps4sh> execpayload | |
| log: [HOST][DEBUG]: [PS4SH] [PS4SH] argc=0 argv= | |
| log: [PS4][DEBUG]: [PS4LINK] commands listener received packet size (266) | |
| log: [PS4][DEBUG]: [PS4LINK] Received command execpayload argc=0 argv= | |
| log: [PS4][DEBUG]: socket opened is now equeals fd 3840 | |
| log: [PS4][DEBUG]: Created event queue 0x0000000000000F01 | |
| log: [PS4][DEBUG]: Created event queue 0x0000000000000F02 | |
| log: [PS4][DEBUG]: Created event queue 0x0000000000000F03 | |
| log: [PS4][DEBUG]: Created event queue 0x0000000000000F04 | |
| log: [PS4][DEBUG]: Created event queue 0x0000000000000F05 | |
| log: [PS4][DEBUG]: Created event queue 0x0000000000000F06 | |
| log: [PS4][DEBUG]: Created event queue 0x0000000000000F07 | |
| log: [PS4][DEBUG]: Created event queue 0x0000000000000F08 | |
| log: [PS4][DEBUG]: Created event queue 0x0000000000000F09 | |
| log: [PS4][DEBUG]: Created event queue 0x0000000000000F0A | |
| log: [PS4][DEBUG]: Created event queue 0x0000000000000F0B | |
| log: [PS4][DEBUG]: Created event queue 0x0000000000000F0C | |
| log: [PS4][DEBUG]: Created event queue 0x0000000000000F0D | |
| log: [PS4][DEBUG]: Created event queue 0x0000000000000F0E | |
| log: [PS4][DEBUG]: Created event queue 0x0000000000000F0F | |
| log: [PS4][DEBUG]: Created event queue 0x0000000000000F10 | |
| log: [PS4][DEBUG]: Created event queue 0x0000000000000F11 | |
| log: [PS4][DEBUG]: Created event queue 0x0000000000000F12 | |
| log: [PS4][DEBUG]: Created event queue 0x0000000000000F13 | |
| log: [PS4][DEBUG]: Created event queue 0x0000000000000F14 | |
| log: [PS4][DEBUG]: Created event queue 0x0000000000000F15 | |
| log: [PS4][DEBUG]: Created event queue 0x0000000000000F16 | |
| log: [PS4][DEBUG]: Created event queue 0x0000000000000F17 | |
| log: [PS4][DEBUG]: Created event queue 0x0000000000000F18 | |
| log: [PS4][DEBUG]: Created event queue 0x0000000000000F19 | |
| log: [PS4][DEBUG]: Created event queue 0x0000000000000F1A | |
| log: [PS4][DEBUG]: Created event queue 0x0000000000000F1B | |
| log: [PS4][DEBUG]: Created event queue 0x0000000000000F1C | |
| log: [PS4][DEBUG]: Created event queue 0x0000000000000F1D | |
| log: [PS4][DEBUG]: Created event queue 0x0000000000000F1E | |
| log: [PS4][DEBUG]: Created event queue 0x0000000000000F1F | |
| log: [PS4][DEBUG]: Created event queue 0x0000000000000F20 | |
| log: [PS4][DEBUG]: Created event queue 0x0000000000000F21 | |
| log: [PS4][DEBUG]: Created event queue 0x0000000000000F22 | |
| log: [PS4][DEBUG]: Created event queue 0x0000000000000F23 | |
| log: [PS4][DEBUG]: Created event queue 0x0000000000000F24 | |
| log: [PS4][DEBUG]: Created event queue 0x0000000000000F25 | |
| log: [PS4][DEBUG]: Created event queue 0x0000000000000F26 | |
| log: [PS4][DEBUG]: Created event queue 0x0000000000000F27 | |
| log: [PS4][DEBUG]: Created event queue 0x0000000000000F28 | |
| log: [PS4][DEBUG]: Created event queue 0x0000000000000F29 | |
| log: [PS4][DEBUG]: Created event queue 0x0000000000000F2A | |
| log: [PS4][DEBUG]: Created event queue 0x0000000000000F2B | |
| log: [PS4][DEBUG]: Created event queue 0x0000000000000F2C | |
| log: [PS4][DEBUG]: Created event queue 0x0000000000000F2D | |
| log: [PS4][DEBUG]: Created event queue 0x0000000000000F2E | |
| log: [PS4][DEBUG]: Created event queue 0x0000000000000F2F | |
| log: [PS4][DEBUG]: Created event queue 0x0000000000000F30 | |
| log: [PS4][DEBUG]: Created event queue 0x0000000000000F31 | |
| log: [PS4][DEBUG]: Created event queue 0x0000000000000F32 | |
| log: [PS4][DEBUG]: Created event queue 0x0000000000000F33 | |
| log: [PS4][DEBUG]: Created event queue 0x0000000000000F34 | |
| log: [PS4][DEBUG]: Created event queue 0x0000000000000F35 | |
| log: [PS4][DEBUG]: Created event queue 0x0000000000000F36 | |
| log: [PS4][DEBUG]: Created event queue 0x0000000000000F37 | |
| log: [PS4][DEBUG]: Created event queue 0x0000000000000F38 | |
| log: [PS4][DEBUG]: Created event queue 0x0000000000000F39 | |
| log: [PS4][DEBUG]: Created event queue 0x0000000000000F3A | |
| log: [PS4][DEBUG]: Created event queue 0x0000000000000F3B | |
| log: [PS4][DEBUG]: Created event queue 0x0000000000000F3C | |
| log: [PS4][DEBUG]: Created event queue 0x0000000000000F3D | |
| log: [PS4][DEBUG]: Created event queue 0x0000000000000F3E | |
| log: [PS4][DEBUG]: Created event queue 0x0000000000000F3F | |
| log: [PS4][DEBUG]: Created event queue 0x0000000000000F40 | |
| log: [PS4][DEBUG]: Created event queue 0x0000000000000F41 | |
| log: [PS4][DEBUG]: Created event queue 0x0000000000000F42 | |
| log: [PS4][DEBUG]: Created event queue 0x0000000000000F43 | |
| log: [PS4][DEBUG]: Created event queue 0x0000000000000F44 | |
| log: [PS4][DEBUG]: Created event queue 0x0000000000000F45 | |
| log: [PS4][DEBUG]: Created event queue 0x0000000000000F46 | |
| log: [PS4][DEBUG]: Created event queue 0x0000000000000F47 | |
| log: [PS4][DEBUG]: Created event queue 0x0000000000000F48 | |
| log: [PS4][DEBUG]: Created event queue 0x0000000000000F49 | |
| log: [PS4][DEBUG]: Created event queue 0x0000000000000F4A | |
| log: [PS4][DEBUG]: Created event queue 0x0000000000000F4B | |
| log: [PS4][DEBUG]: Created event queue 0x0000000000000F4C | |
| log: [PS4][DEBUG]: Created event queue 0x0000000000000F4D | |
| log: [PS4][DEBUG]: Created event queue 0x0000000000000F4E | |
| log: [PS4][DEBUG]: Created event queue 0x0000000000000F4F | |
| log: [PS4][DEBUG]: Created event queue 0x0000000000000F50 | |
| log: [PS4][DEBUG]: Created event queue 0x0000000000000F51 | |
| log: [PS4][DEBUG]: Created event queue 0x0000000000000F52 | |
| log: [PS4][DEBUG]: Created event queue 0x0000000000000F53 | |
| log: [PS4][DEBUG]: Created event queue 0x0000000000000F54 | |
| log: [PS4][DEBUG]: Created event queue 0x0000000000000F55 | |
| log: [PS4][DEBUG]: Created event queue 0x0000000000000F56 | |
| log: [PS4][DEBUG]: Created event queue 0x0000000000000F57 | |
| log: [PS4][DEBUG]: Created event queue 0x0000000000000F58 | |
| log: [PS4][DEBUG]: Created event queue 0x0000000000000F59 | |
| log: [PS4][DEBUG]: Created event queue 0x0000000000000F5A | |
| log: [PS4][DEBUG]: Created event queue 0x0000000000000F5B | |
| log: [PS4][DEBUG]: Created event queue 0x0000000000000F5C | |
| log: [PS4][DEBUG]: Created event queue 0x0000000000000F5D | |
| log: [PS4][DEBUG]: Created event queue 0x0000000000000F5E | |
| log: [PS4][DEBUG]: Created event queue 0x0000000000000F5F | |
| log: [PS4][DEBUG]: Created event queue 0x0000000000000F60 | |
| log: [PS4][DEBUG]: Created event queue 0x0000000000000F61 | |
| log: [PS4][DEBUG]: Created event queue 0x0000000000000F62 | |
| log: [PS4][DEBUG]: Created event queue 0x0000000000000F63 | |
| log: [PS4][DEBUG]: Created event queue 0x0000000000000F64 | |
| log: [PS4][DEBUG]: Created event queue 0x0000000000000F65 | |
| log: [PS4][DEBUG]: m event queue created 0x00000F65 | |
| log: [PS4][DEBUG]: Created event queue 0x0000000000000F66 | |
| log: [PS4][DEBUG]: m2 event queue created 0x00000F66 | |
| log: [PS4][DEBUG]: sceKernelDeleteEqueue return: 0x00000000 | |
| log: [PS4][DEBUG]: mapping pointer 2017fc000 | |
| log: [PS4][DEBUG]: before SYS_dynlib_prepare_dlclose | |
| log: [PS4][DEBUG]: SYS_dynlib_prepare_dlclose: -1 | |
| log: [PS4][DEBUG]: before sceKernelDeleteEqueue | |
| after this payload is called from a trampoline code and a few messages calling sys_sendto on port 9023 are received so kernel execution is done | |
| [+] Entered critical payload | |
| after messages are received a wonderfull panic and console switch off | |
| i suppose that panic is in knote_drop call i must figured out return address in stack to try to avoid that. | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Thx