Advertising (This ad goes away for registered users. You can Login or Register)

Progress/Help on PS4 hacking, running BadIRET, dlclose, etc

Underground PS4 discussions
Forum rules
Forum rule Nº 15 is strictly enforced in this subforum.
ipspx
Posts: 111
Joined: Wed Apr 18, 2012 11:16 pm

Re: Progress/Help on PS4 hacking, running BadIRET, dlclose,

Post by ipspx »

i'm trying to get the dl close kernel exploit working using wifi loader and tcpdump,but when i open the exploit using wifi loader using the command in cmd,it says not enough system memory on the ps4 playground webkit.what am i doing wrong ? and i want to use tcpdump,but idk how to use i.i open the tcpdump using cmd and type in the command TCPdump 9023 log.bin it freezes the cmd.I'm on 1.76
Advertising
fx0day
Posts: 17
Joined: Tue Mar 15, 2016 4:51 pm

Re: Progress/Help on PS4 hacking, running BadIRET, dlclose,

Post by fx0day »

Download https://github.com/Thunder07/PS4-dlclos ... master.zip

- open source/main.c
- edit this line :
server.sin_addr.s_addr = IP(192, 168, 1, 91);

- Put the ip of your computer who is listening with Tcpdump
- Compile and send the binary with Wifiloader
ipspx wrote:i open the tcpdump using cmd and type in the command TCPdump 9023 log.bin it freezes the cmd.I'm on 1.76
It's normal Tcpdump is listening and waiting , if you want to check it's working just do
Telnet 127.0.0.1 9023
and type anything , you should see what you typed in Tcpdump ...
ipspx wrote:but when i open the exploit using wifi loader using the command in cmd,it says not enough system
Are you sure of the code you are sending ?? i have the same issue when i send crappy code ...
Are you using the real browser or cheating with manual link ??
If you are using the "real browser" : delete cookies, and delete any website data that has been temporarily saved to the browser. When a web page is displayed, press the OPTIONS button and then select [Settings].
Advertising
nzaar9
Posts: 2
Joined: Sat Dec 14, 2013 12:54 am

wifi-loader and tcp-dump replacement

Post by nzaar9 »

guys i had wrote a simple app in C# that can replace wifi-loader and tcp-dump please try it out and feed me back with suggestion
[Download Link]https://usercontent.irccloud-cdn.com/fi ... stener.exe
[Virus Scan Report]https://www.virustotal.com/en/url/aaba4 ... 459499767/
asho721
Posts: 29
Joined: Sun Mar 23, 2014 10:38 am

Re: wifi-loader and tcp-dump replacement

Post by asho721 »

nzaar9 wrote:guys i had wrote a simple app in C# that can replace wifi-loader and tcp-dump please try it out and feed me back with suggestion
[Download Link]https://usercontent.irccloud-cdn.com/fi ... stener.exe
[Virus Scan Report]https://www.virustotal.com/en/url/aaba4 ... 459499767/
Thanks dude
i founded easy to use
HarmfulMushroom
Posts: 752
Joined: Wed Dec 25, 2013 10:02 pm

Re: wifi-loader and tcp-dump replacement

Post by HarmfulMushroom »

nzaar9 wrote:guys i had wrote a simple app in C# that can replace wifi-loader and tcp-dump please try it out and feed me back with suggestion
[Download Link]https://usercontent.irccloud-cdn.com/fi ... stener.exe
[Virus Scan Report]https://www.virustotal.com/en/url/aaba4 ... 459499767/
What an unfortunate day to release anything on haha. I'll still test none the less later on and get back.
CTurt
Posts: 1
Joined: Thu Jul 30, 2015 7:56 pm

Re: Progress/Help on PS4 hacking, running BadIRET, dlclose,

Post by CTurt »

I find it funny that so many people are using the basic networking tools that I quickly wrote for personal use (TCP-Dump and WiFi-Loader). Considering that sending and receiving TCP data is such a trivial task, I'm sure that there are much better, more standard networking tools you could use instead.

For example, as mentioned in the README.md file of PS4-playground, if you are using Linux you can just use `netcat` instead of any custom tools like WiFi-Loader to send a binary file to the PS4:

Code: Select all

nc -w 3 192.168.0.7 9023 < *.bin
Though I'm still not aware of any out of the box tool to do this on Windows.

kr105, you're code is nice, but it is missing some privilege check bypasses for the custom Sony checks like `sceSblACMgrIsSystemUcred`. I took a look at my old sources, and the main thing is just to set the `td->td_ucred->sonyCred` member (offset 96 in `struct ucred`) to `0xffffffffffffffff` which will enable most stuff. I used `td_ucred`in my source instead of `p_ucred`, but they point to the same address, so it shouldn't make a difference which you use.

In my code I also changed the values at `0xFFFFFFFF832CC2E8`, and `0xFFFFFFFF8323DA18` which are used by `priv_check_cred` and `priv_check`, which you should look into.
fx0day
Posts: 17
Joined: Tue Mar 15, 2016 4:51 pm

Re: Progress/Help on PS4 hacking, running BadIRET, dlclose,

Post by fx0day »

Good work Kr105 :D

New version of PS4-playground with Linux loader also available here: https://github.com/kR105/PS4-playground

bZimage can be found here : https://mega.nz/#!eBQnAY7K!0-uWRH6bDUGn ... 3c7i3gZZqU
initramfs.cpio.gz here : https://mega.nz/#!KEI22ToD!_YmafYibOkoi ... mVnSmGYiWI
Orgad1992
Posts: 13
Joined: Fri Mar 04, 2016 7:45 pm

Re: Progress/Help on PS4 hacking, running BadIRET, dlclose,

Post by Orgad1992 »

Just download kr105 files, put it to usb. Then go into to ps4playground and "load linux" (usb connected)
Then, it load some linux image and write something and stop. Its ok? How or what i need to do to load linux?
guck
Posts: 4
Joined: Sun Mar 01, 2015 5:56 pm

Re: Progress/Help on PS4 hacking, running BadIRET, dlclose,

Post by guck »

Tried the linux load and playground today on 1.76.
I get the message "There is not enough free system memory" after I see "Waiting for payload..." in Code execution segment.
Same result when clicking "Load!" in Linux loader segment.

I've tried via normal browser (with normal account) and manual (with fresh account).
In the browser I've deleted cookies and site data as well.

Any idea how to fix this?
Locked

Return to “Programming and Security”