Advertising
Progress/Help on PS4 hacking, running BadIRET, dlclose, etc
Forum rules
Forum rule Nº 15 is strictly enforced in this subforum.
Forum rule Nº 15 is strictly enforced in this subforum.
Re: Progress/Help on PS4 hacking, running BadIRET, dlclose,
i'm trying to get the dl close kernel exploit working using wifi loader and tcpdump,but when i open the exploit using wifi loader using the command in cmd,it says not enough system memory on the ps4 playground webkit.what am i doing wrong ? and i want to use tcpdump,but idk how to use i.i open the tcpdump using cmd and type in the command TCPdump 9023 log.bin it freezes the cmd.I'm on 1.76
Re: Progress/Help on PS4 hacking, running BadIRET, dlclose,
Download https://github.com/Thunder07/PS4-dlclos ... master.zip
- open source/main.c
- edit this line :
server.sin_addr.s_addr = IP(192, 168, 1, 91);
- Put the ip of your computer who is listening with Tcpdump
- Compile and send the binary with Wifiloader
Telnet 127.0.0.1 9023
and type anything , you should see what you typed in Tcpdump ...
Are you using the real browser or cheating with manual link ??
If you are using the "real browser" : delete cookies, and delete any website data that has been temporarily saved to the browser. When a web page is displayed, press the OPTIONS button and then select [Settings].
- open source/main.c
- edit this line :
server.sin_addr.s_addr = IP(192, 168, 1, 91);
- Put the ip of your computer who is listening with Tcpdump
- Compile and send the binary with Wifiloader
It's normal Tcpdump is listening and waiting , if you want to check it's working just doipspx wrote:i open the tcpdump using cmd and type in the command TCPdump 9023 log.bin it freezes the cmd.I'm on 1.76
Telnet 127.0.0.1 9023
and type anything , you should see what you typed in Tcpdump ...
Are you sure of the code you are sending ?? i have the same issue when i send crappy code ...ipspx wrote:but when i open the exploit using wifi loader using the command in cmd,it says not enough system
Are you using the real browser or cheating with manual link ??
If you are using the "real browser" : delete cookies, and delete any website data that has been temporarily saved to the browser. When a web page is displayed, press the OPTIONS button and then select [Settings].
Advertising
wifi-loader and tcp-dump replacement
guys i had wrote a simple app in C# that can replace wifi-loader and tcp-dump please try it out and feed me back with suggestion
[Download Link]https://usercontent.irccloud-cdn.com/fi ... stener.exe
[Virus Scan Report]https://www.virustotal.com/en/url/aaba4 ... 459499767/
[Download Link]https://usercontent.irccloud-cdn.com/fi ... stener.exe
[Virus Scan Report]https://www.virustotal.com/en/url/aaba4 ... 459499767/
Re: wifi-loader and tcp-dump replacement
Thanks dudenzaar9 wrote:guys i had wrote a simple app in C# that can replace wifi-loader and tcp-dump please try it out and feed me back with suggestion
[Download Link]https://usercontent.irccloud-cdn.com/fi ... stener.exe
[Virus Scan Report]https://www.virustotal.com/en/url/aaba4 ... 459499767/
i founded easy to use
-
- Posts: 752
- Joined: Wed Dec 25, 2013 10:02 pm
Re: wifi-loader and tcp-dump replacement
What an unfortunate day to release anything on haha. I'll still test none the less later on and get back.nzaar9 wrote:guys i had wrote a simple app in C# that can replace wifi-loader and tcp-dump please try it out and feed me back with suggestion
[Download Link]https://usercontent.irccloud-cdn.com/fi ... stener.exe
[Virus Scan Report]https://www.virustotal.com/en/url/aaba4 ... 459499767/
Re: Progress/Help on PS4 hacking, running BadIRET, dlclose,
I find it funny that so many people are using the basic networking tools that I quickly wrote for personal use (TCP-Dump and WiFi-Loader). Considering that sending and receiving TCP data is such a trivial task, I'm sure that there are much better, more standard networking tools you could use instead.
For example, as mentioned in the README.md file of PS4-playground, if you are using Linux you can just use `netcat` instead of any custom tools like WiFi-Loader to send a binary file to the PS4:
Though I'm still not aware of any out of the box tool to do this on Windows.
kr105, you're code is nice, but it is missing some privilege check bypasses for the custom Sony checks like `sceSblACMgrIsSystemUcred`. I took a look at my old sources, and the main thing is just to set the `td->td_ucred->sonyCred` member (offset 96 in `struct ucred`) to `0xffffffffffffffff` which will enable most stuff. I used `td_ucred`in my source instead of `p_ucred`, but they point to the same address, so it shouldn't make a difference which you use.
In my code I also changed the values at `0xFFFFFFFF832CC2E8`, and `0xFFFFFFFF8323DA18` which are used by `priv_check_cred` and `priv_check`, which you should look into.
For example, as mentioned in the README.md file of PS4-playground, if you are using Linux you can just use `netcat` instead of any custom tools like WiFi-Loader to send a binary file to the PS4:
Code: Select all
nc -w 3 192.168.0.7 9023 < *.bin
kr105, you're code is nice, but it is missing some privilege check bypasses for the custom Sony checks like `sceSblACMgrIsSystemUcred`. I took a look at my old sources, and the main thing is just to set the `td->td_ucred->sonyCred` member (offset 96 in `struct ucred`) to `0xffffffffffffffff` which will enable most stuff. I used `td_ucred`in my source instead of `p_ucred`, but they point to the same address, so it shouldn't make a difference which you use.
In my code I also changed the values at `0xFFFFFFFF832CC2E8`, and `0xFFFFFFFF8323DA18` which are used by `priv_check_cred` and `priv_check`, which you should look into.
Re: Progress/Help on PS4 hacking, running BadIRET, dlclose,
Good work Kr105
New version of PS4-playground with Linux loader also available here: https://github.com/kR105/PS4-playground
bZimage can be found here : https://mega.nz/#!eBQnAY7K!0-uWRH6bDUGn ... 3c7i3gZZqU
initramfs.cpio.gz here : https://mega.nz/#!KEI22ToD!_YmafYibOkoi ... mVnSmGYiWI
New version of PS4-playground with Linux loader also available here: https://github.com/kR105/PS4-playground
bZimage can be found here : https://mega.nz/#!eBQnAY7K!0-uWRH6bDUGn ... 3c7i3gZZqU
initramfs.cpio.gz here : https://mega.nz/#!KEI22ToD!_YmafYibOkoi ... mVnSmGYiWI
Re: Progress/Help on PS4 hacking, running BadIRET, dlclose,
Just download kr105 files, put it to usb. Then go into to ps4playground and "load linux" (usb connected)
Then, it load some linux image and write something and stop. Its ok? How or what i need to do to load linux?
Then, it load some linux image and write something and stop. Its ok? How or what i need to do to load linux?
Re: Progress/Help on PS4 hacking, running BadIRET, dlclose,
Tried the linux load and playground today on 1.76.
I get the message "There is not enough free system memory" after I see "Waiting for payload..." in Code execution segment.
Same result when clicking "Load!" in Linux loader segment.
I've tried via normal browser (with normal account) and manual (with fresh account).
In the browser I've deleted cookies and site data as well.
Any idea how to fix this?
I get the message "There is not enough free system memory" after I see "Waiting for payload..." in Code execution segment.
Same result when clicking "Load!" in Linux loader segment.
I've tried via normal browser (with normal account) and manual (with fresh account).
In the browser I've deleted cookies and site data as well.
Any idea how to fix this?