File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change @@ -9,7 +9,7 @@ Those interested in contributing to PS5 research/dev can join a discord I have s
99
1010Exploit should now support the following firmwares:
1111
12- - 3.00 (partially)
12+ - 3.00
1313- 3.10 (partially)
1414- 3.20
1515- 3.21
Original file line number Diff line number Diff line change @@ -373,12 +373,12 @@ let syscall_map = {
373373 0x2D2 : 0x32750 , // sys_workspace_ctrl
374374} ;
375375
376- const OFFSET_KERNEL_DATA_KQUEUE_LOW_WORD = 0x7301 ; //check
377- const OFFSET_KERNEL_DATA_KQUEUE_BASE_SLIDE = 0x0 ; //check
378- const OFFSET_KERNEL_TEXT_KQUEUE_BASE_SLIDE = 0x0 ; //check
379- const OFFSET_KERNEL_DATA_BASE_ALLPROC = 0x0 ; //check
380- const OFFSET_KERNEL_DATA_BASE_SECURITYFLAGS = 0x0 ; //check
381- const OFFSET_KERNEL_DATA_BASE_QA_FLAGS = 0x0 ; //check
382- const OFFSET_KERNEL_DATA_BASE_UTOKEN_FLAGS = 0x0 ; //check
383- const OFFSET_KERNEL_DATA_BASE_PRISON0 = 0x0 ; //check
384- const OFFSET_KERNEL_DATA_BASE_ROOTVNODE = 0x0 ; //check
376+ const OFFSET_KERNEL_DATA_KQUEUE_LOW_WORD = 0x7301 ;
377+ const OFFSET_KERNEL_DATA_KQUEUE_BASE_SLIDE = 0x317301 ;
378+ const OFFSET_KERNEL_TEXT_KQUEUE_BASE_SLIDE = 0xEE7301 ;
379+ const OFFSET_KERNEL_DATA_BASE_ALLPROC = 0x276DC58 ;
380+ const OFFSET_KERNEL_DATA_BASE_SECURITYFLAGS = 0x6466474 ;
381+ const OFFSET_KERNEL_DATA_BASE_QA_FLAGS = 0x6466498 ;
382+ const OFFSET_KERNEL_DATA_BASE_UTOKEN_FLAGS = 0x6466500 ;
383+ const OFFSET_KERNEL_DATA_BASE_PRISON0 = 0x1CC2670 ;
384+ const OFFSET_KERNEL_DATA_BASE_ROOTVNODE = 0x67AB4C0 ;
Original file line number Diff line number Diff line change @@ -376,9 +376,9 @@ let syscall_map = {
376376const OFFSET_KERNEL_DATA_KQUEUE_LOW_WORD = 0x0 ; //check
377377const OFFSET_KERNEL_DATA_KQUEUE_BASE_SLIDE = 0x0 ; //check
378378const OFFSET_KERNEL_TEXT_KQUEUE_BASE_SLIDE = 0x0 ; //check
379- const OFFSET_KERNEL_DATA_BASE_ALLPROC = 0x0 ; //check
380- const OFFSET_KERNEL_DATA_BASE_SECURITYFLAGS = 0x0 ; //check
381- const OFFSET_KERNEL_DATA_BASE_QA_FLAGS = 0x0 ; //check
382- const OFFSET_KERNEL_DATA_BASE_UTOKEN_FLAGS = 0x0 ; //check
383- const OFFSET_KERNEL_DATA_BASE_PRISON0 = 0x0 ; //check
384- const OFFSET_KERNEL_DATA_BASE_ROOTVNODE = 0x0 ; //check
379+ const OFFSET_KERNEL_DATA_BASE_ALLPROC = 0x276DC58 ;
380+ const OFFSET_KERNEL_DATA_BASE_SECURITYFLAGS = 0x6466474 ;
381+ const OFFSET_KERNEL_DATA_BASE_QA_FLAGS = 0x6466498 ;
382+ const OFFSET_KERNEL_DATA_BASE_UTOKEN_FLAGS = 0x6466500 ;
383+ const OFFSET_KERNEL_DATA_BASE_PRISON0 = 0x1CC2670 ;
384+ const OFFSET_KERNEL_DATA_BASE_ROOTVNODE = 0x67AB4C0 ;
Original file line number Diff line number Diff line change @@ -15,26 +15,25 @@ def server_program():
1515 conn .settimeout (60 ) # 60 second timeout
1616 print ("Connection from: " + str (address ))
1717
18- dump_data = bytearray ()
19- while True :
20- try :
21- data = conn .recv (0x10000 )
22- if not data :
23- break
24- dump_data .extend (data )
25- print ("Received " + str (len (dump_data )) + " bytes..." )
26- except socket .timeout :
27- print ("Timeout reached for receiving data (1 min)" )
28- break
29-
30- # write to file
18+
3119 timestr = time .strftime ("%Y%m%d-%H%M%S" )
3220 print ("[+] Writing dump to dump-" + timestr + ".bin..." )
33- f = open ("dump-" + timestr + ".bin" , "wb" )
34- f .write (dump_data )
35- f .close ()
3621
22+ total_received = 0
23+ with open ("dump-" + timestr + ".bin" , "wb" ) as f :
24+ while True :
25+ try :
26+ data = conn .recv (0x10000 )
27+ total_received += len (data )
28+ print ("Received " + str (total_received ) + " bytes..." )
29+ if not data :
30+ break
31+ f .write (data );
32+ except :
33+ break
34+ f .close ()
3735 conn .close ()
36+ server_socket .close ()
3837
3938if __name__ == '__main__' :
4039 server_program ()
You can’t perform that action at this time.
0 commit comments