Antonio Jose Ramos Marquez psxdev
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <string.h> | |
| #include <unistd.h> | |
| #define PSP2LINK_MAX_PATH 1024 | |
| void win_to_unix(char *pathname) | |
| { | |
| int loop0 = 0; | |
| for (loop0=0; loop0<strlen(pathname); loop0++) { if (pathname[loop0] == '\\') { pathname[loop0] = '/'; } } | |
| return; |
psxdev
/ output.txt
Last active
March 21, 2016 21:00
ps4 poc with libps4/ps4link/ps4sh dlclose root Privilege escalation+ prison break+sandbox break
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| debug.sh | |
| [PS4][INFO]: debugnet initialized | |
| [PS4][INFO]: Copyright (C) 2010,2016 Antonio Jose Ramos Marquez aka bigboss @psxdev | |
| [PS4][INFO]: ready to have a lot of fun... | |
| [PS4][DEBUG]: executing kernel_exec | |
| [PS4][DEBUG]: [PS4LINK] Server payload thread UID: 0x802E5860 | |
| [PS4][DEBUG]: [PS4LINK] Server request thread UID: 0x802F83A0 | |
| [PS4][DEBUG]: [PS4LINK] Server command thread UID: 0x802ADF20 | |
| [PS4][DEBUG]: [PS4LINK] Created ps4link_requests_sock: 114 | |
| [PS4][DEBUG]: [PS4LINK] bind to ps4link_requests_sock done |
psxdev
/ command execshowdir
Created
March 26, 2016 10:02
problem with close after payload execution
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| void ps4LinkCmdExecShowDir(ps4link_pkt_exec_cmd *pkg) | |
| { | |
| debugNetPrintf(DEBUG,"[PS4LINK] Received command execshowdir\n"); | |
| char *buffer; | |
| struct dirent *dent; | |
| struct stat stats; | |
| int dfd; | |
| int i; | |
| if(UID==0 && GID==0 && pkg->argv!=NULL) | |
| { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Test with new toolchain GCC 6.2.0 and binutils 2.26.1 patches from soarqin | |
| cd libvita2d/ | |
| cd sample/ | |
| make clean | |
| make | |
| arm-vita-eabi-gcc -Wl,-q -Wall -O3 -c -o main.o main.c | |
| arm-vita-eabi-ld -r -b binary -o image.o image.png | |
| arm-vita-eabi-gcc -Wl,-q -Wall -O3 main.o image.o -lvita2d -lSceKernel_stub -lSceDisplay_stub -lSceGxm_stub -lSceSysmodule_stub -lSceCtrl_stub -lScePgf_stub -lSceCommonDialog_stub -lfreetype -lpng -ljpeg -lz -lm -lc -o vita2dsample.elf | |
| vita-elf-create vita2dsample.elf vita2dsample.velf |
psxdev
/ test_last_binutils.txt
Last active
September 30, 2016 17:15
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Test with new toolchain GCC 6.2.0 and binutils 2.27 with last patched applied from git://sourceware.org/git/binutils-gdb.git and patch for . = ALIGN(0x10000); | |
| cd libvita2d/ | |
| cd sample/ | |
| make clean | |
| make | |
| arm-vita-eabi-gcc -Wl,-q -Wall -O3 -c -o main.o main.c | |
| arm-vita-eabi-ld -r -b binary -o image.o image.png | |
| arm-vita-eabi-gcc -Wl,-q -Wall -O3 main.o image.o -lvita2d -lSceKernel_stub -lSceDisplay_stub -lSceGxm_stub -lSceSysmodule_stub -lSceCtrl_stub -lScePgf_stub -lSceCommonDialog_stub -lfreetype -lpng -ljpeg -lz -lm -lc -o vita2dsample.elf | |
| vita-elf-create vita2dsample.elf vita2dsample.velf |
psxdev
/ gist:fad83bcc8c355918b677a63bdd642b15
Created
October 26, 2016 19:30
test fix para windows psp2client
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| CC = gcc | |
| LIBS = -lwsock32 -lpthreadGC2 | |
| FIX = -mno-ms-bitfields | |
psxdev
/ session.txt
Created
November 17, 2016 00:10
testing new features of ps4link/ps4sh with clang 4.0 ps4sdk 0.1.0 under macOS Sierra :) firmware 1.76
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| bigmini:bin bigboss$ debug.sh | |
| [PS4][INFO]: debugnet initialized | |
| [PS4][INFO]: Copyright (C) 2010,2016 Antonio Jose Ramos Marquez aka bigboss @psxdev | |
| [PS4][INFO]: ready to have a lot of fun... | |
| [PS4][DEBUG]: getuid() : 1 | |
| [PS4][DEBUG]: executing privilege scalation | |
| [PS4][DEBUG]: ps4KernelExecute ret=0 | |
| [PS4][DEBUG]: getuid() : 0 | |
| [PS4][DEBUG]: [PS4LINK] Server request thread UID: 0x80C189C0 | |
| [PS4][DEBUG]: [PS4LINK] Server command thread UID: 0x80CA8A20 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [PS4][DEBUG]: [PS4LINK] commands listener received packet size (266) | |
| [PS4][DEBUG]: [PS4LINK] Received command execuserelf argc=1 argv=host0:listproc.elf | |
| [PS4][DEBUG]: [PS4LINK] file open req (host0:listproc.elf, 0 0) | |
| [PS4][DEBUG]: [PS4LINK] file open reply received (ret 8) | |
| [PS4][DEBUG]: [PS4LINK] file lseek req (fd: 8) | |
| [PS4][DEBUG]: [PS4LINK] ps4link_lseek_file: lseek reply received (ret 21904) | |
| [PS4][DEBUG]: [PS4LINK] file lseek req (fd: 8) | |
| [PS4][DEBUG]: [PS4LINK] ps4link_lseek_file: lseek reply received (ret 0) | |
| [PS4][DEBUG]: [PS4LINK] ps4link_read_file: Reply said there's 21904 bytes to read (wanted 21904) | |
| [PS4][DEBUG]: [PS4LINK] ps4link_read_file: chunk 0 readed 4096 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| PID PPID PGID SID TSID LOGIN WCHAN EMUL COMM TDNAME | |
| 65 0 0 0 0 - lvdhddwk - lvd0 lvd0hdd0 | |
| [PS4][ERROR]: PID 65 number of vmaps is 0 | |
| PID PPID PGID SID TSID LOGIN WCHAN EMUL COMM TDNAME | |
| 66 0 0 0 0 - lvddft1w - lvd1 lvd1dflt1 | |
| [PS4][ERROR]: PID 66 number of vmaps is 0 | |
| PID PPID PGID SID TSID LOGIN WCHAN EMUL COMM TDNAME | |
| 67 0 0 0 0 - lvddft0w - lvd2 lvd2dflt0 | |
| [PS4][ERROR]: PID 67 number of vmaps is 0 | |
| PID PPID PGID SID TSID LOGIN WCHAN EMUL COMM TDNAME |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ps4sh> mkdir -p ps4/system/sys | |
| ps4sh> execdecrypt /system/sys | |
| [PS4][DEBUG]: [PS4LINK] commands listener received packet size (266) | |
| [PS4][DEBUG]: [PS4LINK] Received command execdecrypt argc=1 argv=/system/sys | |
| [PS4][DEBUG]: [DIR]: . | |
| [PS4][DEBUG]: [DIR]: .. | |
| [PS4][DEBUG]: [FILE]: coredump.elf | |
| [PS4][DEBUG]: [PS4LINK] file name to decrypt /system/sys/coredump.elf | |
| [PS4][DEBUG]: [PS4LINK] savefile in your host host0:ps4/system/sys/coredump.elf | |
| [PS4][DEBUG]: [PS4LINK] kernel hook |