Antonio Jose Ramos Marquez psxdev
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <psp2/moduleinfo.h> | |
| #include <debugnet.h> | |
| #include <psp2/io/fcntl.h> | |
| #include <psp2/io/dirent.h> | |
| #include <psp2link.h> | |
| #define LOGLEVEL 3 | |
| void debugNetUDPPrintf(const char* fmt, ...); | |
| int main() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <string.h> | |
| #include <unistd.h> | |
| #define PSP2LINK_MAX_PATH 1024 | |
| void win_to_unix(char *pathname) | |
| { | |
| int loop0 = 0; | |
| for (loop0=0; loop0<strlen(pathname); loop0++) { if (pathname[loop0] == '\\') { pathname[loop0] = '/'; } } | |
| return; |
psxdev
/ output.txt
Created
March 9, 2016 20:46
sys_dynlib_prepare_dclose poc with clang libps4/ps4link/ps4sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| log: [PS4][INFO]: ready to have a lot of fun... | |
| log: [PS4][DEBUG]: [PS4LINK] Server request thread UID: 0x80C43A20 | |
| log: [PS4][DEBUG]: [PS4LINK] Created ps4link_requests_sock: 85 | |
| log: [PS4][DEBUG]: [PS4LINK] Server command thread UID: 0x80C74FC0 | |
| log: [PS4][DEBUG]: [PS4LINK] bind to ps4link_requests_sock done | |
| log: [PS4][DEBUG]: [PS4LINK] Command Thread Started. | |
| log: [PS4][DEBUG]: [PS4LINK] Created ps4link_commands_sock: 86 | |
| log: [PS4][DEBUG]: [PS4LINK] Ready for connection 1 | |
| log: [PS4][DEBUG]: [PS4LINK] Waiting for connection | |
| log: [PS4][DEBUG]: [PS4LINK] Command listener waiting for commands... |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| log: [PS4][DEBUG]: [PS4LINK] commands listener received packet size (266) | |
| log: [PS4][DEBUG]: [PS4LINK] Received command execpayload argc=0 argv= | |
| log: [PS4][DEBUG]: [PS4LINK] execpayload command thread UID: 0x80D2A520 | |
| log: [PS4][DEBUG]: [PS4LINK] commands listener waiting for next command | |
| log: [PS4][DEBUG]: Loaded on corer 7 | |
| log: [PS4][DEBUG]: Setting affinity return 0x00000000 | |
| log: [PS4][DEBUG]: xpageEntryHi = ffffffff833249a8 | |
| log: [PS4][DEBUG]: mmap codepe0 825fc000 | |
| log: [PS4][DEBUG]: mmap codepe1 1825fc000 | |
| log: [PS4][DEBUG]: mmap codepe2 2825fc000 |
psxdev
/ output.txt
Created
March 20, 2016 23:44
ps4 poc with libps4/ps4link/ps4sh dlclose root Privilege escalation achieved
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| debug.sh | |
| [PS4][INFO]: ready to have a lot of fun... | |
| [PS4][DEBUG]: [PS4LINK] Server payload thread UID: 0x80659740 | |
| [PS4][DEBUG]: [PS4LINK] Server request thread UID: 0x80607500 | |
| [PS4][DEBUG]: [PS4LINK] Server command thread UID: 0x806549E0 | |
| [PS4][DEBUG]: executing kernel_exec | |
| [PS4][DEBUG]: [PS4LINK] Created ps4link_requests_sock: 160 | |
| [PS4][DEBUG]: [PS4LINK] bind to ps4link_requests_sock done | |
| [PS4][DEBUG]: [PS4LINK] Ready for connection 1 | |
| [PS4][DEBUG]: [PS4LINK] Waiting for connection |
psxdev
/ output.txt
Last active
March 21, 2016 21:00
ps4 poc with libps4/ps4link/ps4sh dlclose root Privilege escalation+ prison break+sandbox break
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| debug.sh | |
| [PS4][INFO]: debugnet initialized | |
| [PS4][INFO]: Copyright (C) 2010,2016 Antonio Jose Ramos Marquez aka bigboss @psxdev | |
| [PS4][INFO]: ready to have a lot of fun... | |
| [PS4][DEBUG]: executing kernel_exec | |
| [PS4][DEBUG]: [PS4LINK] Server payload thread UID: 0x802E5860 | |
| [PS4][DEBUG]: [PS4LINK] Server request thread UID: 0x802F83A0 | |
| [PS4][DEBUG]: [PS4LINK] Server command thread UID: 0x802ADF20 | |
| [PS4][DEBUG]: [PS4LINK] Created ps4link_requests_sock: 114 | |
| [PS4][DEBUG]: [PS4LINK] bind to ps4link_requests_sock done |
psxdev
/ command execshowdir
Created
March 26, 2016 10:02
problem with close after payload execution
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| void ps4LinkCmdExecShowDir(ps4link_pkt_exec_cmd *pkg) | |
| { | |
| debugNetPrintf(DEBUG,"[PS4LINK] Received command execshowdir\n"); | |
| char *buffer; | |
| struct dirent *dent; | |
| struct stat stats; | |
| int dfd; | |
| int i; | |
| if(UID==0 && GID==0 && pkg->argv!=NULL) | |
| { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Test with new toolchain GCC 6.2.0 and binutils 2.26.1 patches from soarqin | |
| cd libvita2d/ | |
| cd sample/ | |
| make clean | |
| make | |
| arm-vita-eabi-gcc -Wl,-q -Wall -O3 -c -o main.o main.c | |
| arm-vita-eabi-ld -r -b binary -o image.o image.png | |
| arm-vita-eabi-gcc -Wl,-q -Wall -O3 main.o image.o -lvita2d -lSceKernel_stub -lSceDisplay_stub -lSceGxm_stub -lSceSysmodule_stub -lSceCtrl_stub -lScePgf_stub -lSceCommonDialog_stub -lfreetype -lpng -ljpeg -lz -lm -lc -o vita2dsample.elf | |
| vita-elf-create vita2dsample.elf vita2dsample.velf |
psxdev
/ test_last_binutils.txt
Last active
September 30, 2016 17:15
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Test with new toolchain GCC 6.2.0 and binutils 2.27 with last patched applied from git://sourceware.org/git/binutils-gdb.git and patch for . = ALIGN(0x10000); | |
| cd libvita2d/ | |
| cd sample/ | |
| make clean | |
| make | |
| arm-vita-eabi-gcc -Wl,-q -Wall -O3 -c -o main.o main.c | |
| arm-vita-eabi-ld -r -b binary -o image.o image.png | |
| arm-vita-eabi-gcc -Wl,-q -Wall -O3 main.o image.o -lvita2d -lSceKernel_stub -lSceDisplay_stub -lSceGxm_stub -lSceSysmodule_stub -lSceCtrl_stub -lScePgf_stub -lSceCommonDialog_stub -lfreetype -lpng -ljpeg -lz -lm -lc -o vita2dsample.elf | |
| vita-elf-create vita2dsample.elf vita2dsample.velf |
psxdev
/ gist:2802a41673889bfed00dd366c574aefd
Created
October 14, 2016 14:29
playstation vr usb descriptor
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Bus 020 Device 002: ID 054c:09af | |
| Device Descriptor: | |
| bLength 18 | |
| bDescriptorType 1 | |
| bcdUSB 2.00 | |
| bDeviceClass 0 | |
| bDeviceSubClass 0 | |
| bDeviceProtocol 0 | |
| bMaxPacketSize0 64 | |
| idVendor 0x054c |