Tweet
By cfwprophet
ELF Loader (Runs 64-bit Elf files in-process on Linux, FreeBSD and PS4)
libps4-symbols (Used to track the most recent symbols by firmware for analysis and convenience)
WELL, well, well,.....see what we got here.
Lot of fun stuff. Looks like we have some one new in the scene or it just might be some of the actual dev's that just try to keep on the safe side which is nothing wrong imho. His name is Hitodama, and just the last few hours he Gitted the Repo ps4dev.
But let's keep focus on the technical. Shall we talk about a bit here and may shall I explain to you some stuff of the one or other release? Sure I shall, I already can hear you scream.
#include "ps4.h"
int sock;
#define printf(format, ...)\
do {\
char buffer[512];\
int size = sprintf(buffer, format, ##__VA_ARGS__);\
sceNetSend(sock, buffer, size, 0);\
} while(0)
int _main(void) {
initKernel();
initLibc();
initNetwork();
initJIT();
struct sockaddr_in server;
server.sin_len = sizeof(server);
server.sin_family = AF_INET;
server.sin_addr.s_addr = IP(192, 168, 0, 4);
server.sin_port = sceNetHtons(9023);
memset(server.sin_zero, 0, sizeof(server.sin_zero));
sock = sceNetSocket("debug", AF_INET, SOCK_STREAM, 0);
sceNetConnect(sock, (struct sockaddr *)&server, sizeof(server));
void *executableAddress = NULL;
void *writableAddress = NULL;
void *dataAddress = NULL;
allocateJIT(PAGE_SIZE, &executableAddress, &writableAddress);
dataAddress = malloc(PAGE_SIZE);
printf("Executable address: %p\n", executableAddress);
printf("Writable address: %p\n", writableAddress);
printf("Data address: %p\n", dataAddress);
sceNetSocketClose(sock);
// writableAddress and executableAddress are 2 different virtual mappings, with different protections, but which point to the same physical memory
//unsigned char ret[] = { 0xc3 };
unsigned char loop[] = { 0xeb, 0xfe };
memcpy(writableAddress, loop, sizeof(loop));
((void (*)())executableAddress)();
return 0;
...will do the magic here. What this is and what it can do ? That is the part of the WebKit exploit where you can run your own executeables and where previous was sayed "If you can allocate some RAM, you will be able to run your own apps". Something like PS4-FTP as example. How does that work ? The WebKit Engine have pre-defined a so called JIT Array which is most the time used by Developers for Debugging Applications. (JIT == Just In Time [Compilation]). I won't go on and explain detailed the JIT Compilation now but if you're interested, you can read some more here: https://en.wikipedia.org/wiki/Just-in-time_compilation
The "PAGE_SIZE" is not really of interest for the user here so I skip that...
The "executableAddress" is the space or Array in RAM where our Code, that is executed, will be loaded to.
The "writeableAddress" -"- -"- -"- -"- -"- -"- where variables are stored, which are not allowed to be executed. Even if some executeable code is placed there it won't run. You can also call or split this writeableAddress into Stack and/or Heap.
Quite a nice base to write some small apps and may do some fun stuff. (depends on how much RAM we can allocate and on what you want to do)
MUCH, MUCH MORE
ELF Loader (Runs 64-bit Elf files in-process on Linux, FreeBSD and PS4)
libps4-symbols (Used to track the most recent symbols by firmware for analysis and convenience)
WELL, well, well,.....see what we got here.
Lot of fun stuff. Looks like we have some one new in the scene or it just might be some of the actual dev's that just try to keep on the safe side which is nothing wrong imho. His name is Hitodama, and just the last few hours he Gitted the Repo ps4dev.
But let's keep focus on the technical. Shall we talk about a bit here and may shall I explain to you some stuff of the one or other release? Sure I shall, I already can hear you scream.
#include "ps4.h"
int sock;
#define printf(format, ...)\
do {\
char buffer[512];\
int size = sprintf(buffer, format, ##__VA_ARGS__);\
sceNetSend(sock, buffer, size, 0);\
} while(0)
int _main(void) {
initKernel();
initLibc();
initNetwork();
initJIT();
struct sockaddr_in server;
server.sin_len = sizeof(server);
server.sin_family = AF_INET;
server.sin_addr.s_addr = IP(192, 168, 0, 4);
server.sin_port = sceNetHtons(9023);
memset(server.sin_zero, 0, sizeof(server.sin_zero));
sock = sceNetSocket("debug", AF_INET, SOCK_STREAM, 0);
sceNetConnect(sock, (struct sockaddr *)&server, sizeof(server));
void *executableAddress = NULL;
void *writableAddress = NULL;
void *dataAddress = NULL;
allocateJIT(PAGE_SIZE, &executableAddress, &writableAddress);
dataAddress = malloc(PAGE_SIZE);
printf("Executable address: %p\n", executableAddress);
printf("Writable address: %p\n", writableAddress);
printf("Data address: %p\n", dataAddress);
sceNetSocketClose(sock);
// writableAddress and executableAddress are 2 different virtual mappings, with different protections, but which point to the same physical memory
//unsigned char ret[] = { 0xc3 };
unsigned char loop[] = { 0xeb, 0xfe };
memcpy(writableAddress, loop, sizeof(loop));
((void (*)())executableAddress)();
return 0;
...will do the magic here. What this is and what it can do ? That is the part of the WebKit exploit where you can run your own executeables and where previous was sayed "If you can allocate some RAM, you will be able to run your own apps". Something like PS4-FTP as example. How does that work ? The WebKit Engine have pre-defined a so called JIT Array which is most the time used by Developers for Debugging Applications. (JIT == Just In Time [Compilation]). I won't go on and explain detailed the JIT Compilation now but if you're interested, you can read some more here: https://en.wikipedia.org/wiki/Just-in-time_compilation
The "PAGE_SIZE" is not really of interest for the user here so I skip that...
The "executableAddress" is the space or Array in RAM where our Code, that is executed, will be loaded to.
The "writeableAddress" -"- -"- -"- -"- -"- -"- where variables are stored, which are not allowed to be executed. Even if some executeable code is placed there it won't run. You can also call or split this writeableAddress into Stack and/or Heap.
Quite a nice base to write some small apps and may do some fun stuff. (depends on how much RAM we can allocate and on what you want to do)
MUCH, MUCH MORE