Skip to content

Commit 5e57fec

Browse files
author
CC
committed
wip:
- add full 4.02 support
1 parent 3f67115 commit 5e57fec

2 files changed

Lines changed: 23 additions & 25 deletions

File tree

README.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -13,8 +13,8 @@ Exploit should now support the following firmwares:
1313
- 3.10 (partially)
1414
- 3.20
1515
- 3.21
16-
- 4.00 (potentially partially)
17-
- 4.02 (potentially partially)
16+
- 4.00 (todo)
17+
- 4.02
1818
- 4.03
1919
- 4.50
2020
- 4.51

document/en/ps5/offsets/4.02.js

Lines changed: 21 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -1,20 +1,19 @@
1-
const OFFSET_wk_vtable_first_element = 0x00D04580; //check
2-
const OFFSET_wk_memset_import = 0x028F9D38; //check
3-
const OFFSET_wk___stack_chk_guard_import = 0x028F9A18; //check
1+
const OFFSET_wk_vtable_first_element = 0x00D04580;
2+
const OFFSET_wk_memset_import = 0x028F9D38;
3+
const OFFSET_wk___stack_chk_guard_import = 0x028F9A18;
44

5-
const OFFSET_lk___stack_chk_guard = 0x00069190; //check
6-
const OFFSET_lk_pthread_create_name_np = 0x00001B60; //check
7-
const OFFSET_lk_pthread_join = 0x0002FAD0; //check
8-
const OFFSET_lk_pthread_exit = 0x00020A80; //check
9-
const OFFSET_lk__thread_list = 0x000601A8; //check
5+
const OFFSET_lk___stack_chk_guard = 0x00069190;
6+
const OFFSET_lk_pthread_create_name_np = 0x00001B60;
7+
const OFFSET_lk_pthread_join = 0x0002FAD0;
8+
const OFFSET_lk_pthread_exit = 0x00020A80;
9+
const OFFSET_lk__thread_list = 0x000601A8;
1010

11-
const OFFSET_lc_memset = 0x000148F0; //check
12-
const OFFSET_lc_setjmp = 0x0005E9B0; //check
13-
const OFFSET_lc_longjmp = 0x0005EA00; //check
11+
const OFFSET_lc_memset = 0x000148F0;
12+
const OFFSET_lc_setjmp = 0x0005E9B0;
13+
const OFFSET_lc_longjmp = 0x0005EA00;
1414

15-
const OFFSET_WORKER_STACK_OFFSET = 0x0007FB88; //check
15+
const OFFSET_WORKER_STACK_OFFSET = 0x0007FB88;
1616

17-
//check
1817
let wk_gadgetmap = {
1918
"ret" : 0x00000042,
2019
"pop rdi": 0x00043B7C,
@@ -45,7 +44,6 @@ let wk_gadgetmap = {
4544
"inc dword [rax]": 0x017629AF,
4645
};
4746

48-
//check
4947
let syscall_map = {
5048
0x001: 0x34230, // sys_exit
5149
0x002: 0x351E0, // sys_fork
@@ -376,12 +374,12 @@ let syscall_map = {
376374
0x2D2: 0x32E00, // sys_workspace_ctrl
377375
};
378376

379-
const OFFSET_KERNEL_DATA_KQUEUE_LOW_WORD = 0x0; //check
380-
const OFFSET_KERNEL_DATA_KQUEUE_BASE_SLIDE = 0x0; //check
381-
const OFFSET_KERNEL_TEXT_KQUEUE_BASE_SLIDE = 0x0; //check
382-
const OFFSET_KERNEL_DATA_BASE_ALLPROC = 0x0; //check
383-
const OFFSET_KERNEL_DATA_BASE_SECURITYFLAGS = 0x0; //check
384-
const OFFSET_KERNEL_DATA_BASE_QA_FLAGS = 0x0; //check
385-
const OFFSET_KERNEL_DATA_BASE_UTOKEN_FLAGS = 0x0; //check
386-
const OFFSET_KERNEL_DATA_BASE_PRISON0 = 0x0; //check
387-
const OFFSET_KERNEL_DATA_BASE_ROOTVNODE = 0x0; //check
377+
const OFFSET_KERNEL_DATA_KQUEUE_LOW_WORD = 0x8D2F;
378+
const OFFSET_KERNEL_DATA_KQUEUE_BASE_SLIDE = 0x318D2F;
379+
const OFFSET_KERNEL_TEXT_KQUEUE_BASE_SLIDE = 0xF18D2F;
380+
const OFFSET_KERNEL_DATA_BASE_ALLPROC = 0x27EDCB8;
381+
const OFFSET_KERNEL_DATA_BASE_SECURITYFLAGS = 0x6505474;
382+
const OFFSET_KERNEL_DATA_BASE_QA_FLAGS = 0x6505498;
383+
const OFFSET_KERNEL_DATA_BASE_UTOKEN_FLAGS = 0x6505500;
384+
const OFFSET_KERNEL_DATA_BASE_PRISON0 = 0x1D34D00;
385+
const OFFSET_KERNEL_DATA_BASE_ROOTVNODE = 0x66E64C0;

0 commit comments

Comments
 (0)