Update ELF loader entrypoint args

Cryptogenic · Cryptogenic · commit 6ad2dbfc2acd · 2022-10-30T15:25:49.000-04:00
diff --git a/document/en/ps5/exploit.js b/document/en/ps5/exploit.js
@@ -1438,11 +1438,12 @@ async function userland() {
         p.write4(rwpair_mem.add32(0x04), victim_sock);
 
         // Arguments to entrypoint
-        p.write8(args.add32(0x00), dlsym_addr);         // arg1 = dlsym fptr
-        p.write8(args.add32(0x08), pipe_mem);           // arg2 = int *pipe[2]
+        p.write8(args.add32(0x00), dlsym_addr);         // arg1 = dlsym_t* dlsym
+        p.write8(args.add32(0x08), pipe_mem);           // arg2 = int *rwpipe[2]
         p.write8(args.add32(0x10), rwpair_mem);         // arg3 = int *rwpair[2]
-        p.write8(args.add32(0x18), data_base_addr);     // arg4 = uint64_t kdata_base
-        p.write8(args.add32(0x20), test_payload_store); // arg5 = out buffer
+        p.write8(args.add32(0x18), pipe_addr);          // arg4 = uint64_t kpipe_addr
+        p.write8(args.add32(0x20), data_base_addr);     // arg5 = uint64_t kdata_base_addr
+        p.write8(args.add32(0x28), test_payload_store); // arg6 = int *payloadout
 
         // Execute payload in pthread
         await log("  [+] Executing!");
