jigsaw wrote:thecobra wrote:Hi Everyone,
I want to ask a quick question. Let say for argument sake that I found a kernel exploit and i wanted to make a HEN out of it for 6.60. What source code or what information should i look at? It just a quick question i asking to know what i should do after I find an exploit which may take a while but i like to know what i should do after that.
Thank you.
Make a PoC first, once u find it. The PoC is as simple as reading from 0x88000000.
Then port it to procfw. That's all.
+1. The first step is always dumping the kernel range memory.
For that you can check into procfw too, as there is a kernel dumper example code for kxploit creation in it that is enabled if you build with the DEBUG=1 flag.
Usually, dumping the kernel memory works like this... you create a kernel callback from your kxploit which gets executed in a kernel context, this piece of code clones the kernel memory range into the p2 user partition... and upon returning to user context, you dump the now p2 located kernel clone to a file via the sceIo functions.