lompaket
commented
4 weeks ago great work!
Closed iMrDJAi closed 3 weeks ago
lompaket
commented
4 weeks ago great work!
Cardoso17
commented
4 weeks ago Thank you!! Can you do 8.03 please?
TheOfficialFloW
commented
4 weeks ago Has this been tested?
iMrDJAi
commented
4 weeks ago @TheOfficialFloW I screwed up something. Still looking...
pppoe0: lcp TO(ack-sent) rst_counter = 10
pppoe0: ipcp TO(ack-sent) rst_counter = 10
sppp:sppp_cp_input:2117: TERM_REQ received. proto(lcp) state(opened)
pppoe0: lcp TO(stopping) rst_counter = 0
pppoe0: lcp TO(req-sent) rst_counter = 10
Fatal trap 12: page fault while in kernel mode
nickcat325
commented
4 weeks ago 8.50 jailbreak finally? If you can jailbreak the 8.XX firmwares, it should be possible to update the fw to 9.00, basically using the jailbreak as a stepping stone.
iMrDJAi
commented
4 weeks ago Funny how it was the very last one. Testing now...
fabianlanza
commented
4 weeks ago Funny how it was the very last one. Testing now...
Were you able to test it?
iMrDJAi
commented
4 weeks ago @fabianlanza Nah, looking for testers. I'd appreciate if you do.
fabianlanza
commented
4 weeks ago @fabianlanza Nah, looking for testers. I'd appreciate if you do.
@iMrDJAi Let me see If I have a friend
fabianlanza
commented
4 weeks ago @fabianlanza Nah, looking for testers. I'd appreciate if you do.
@iMrDJAi Let me see If I have a friend
@iMrDJAi had no luck finding someone :(
AmineSimcos
commented
4 weeks ago can you do 11.50 please?
fffoo
commented
4 weeks ago can you do 11.50 please?
Nah wtf, go fuck yourself. You updated, you gotta wait a year or 2
GVO72
commented
4 weeks ago @fabianlanza Nah, looking for testers. I'd appreciate if you do.
@iMrDJAi Let me see If I have a friend
@iMrDJAi had no luck finding someone :(
I have an 8.03, I can test on that when available.
TheOneEyedGrimReaper
commented
4 weeks ago @fabianlanza Nah, looking for testers. I'd appreciate if you do.
You can count me in. I have a 8.xx slim console too with broken bd. I gonna check what 8.xx fw this console has when i arrive home.
se2crid
commented
4 weeks ago can you do 11.50 please?
to be rude but you can leave
Skwalker416
commented
4 weeks ago This code has offset issues. They will be fixed soon.
Will not pass "waiting for stage1 to resume" And takes alot of tries for the code execution yo be triggered
iMrDJAi
commented
4 weeks ago So yeah, I checked every single offset more than once, I verified all gadgets, and they all seem correct. There is no reason why this shouldn't work, unless...
There is one single possibility left. I noticed that FIRST_GADGET offset was from the .data section of the kernel. This could be the reason since .text is where executable code lives.
iMrDJAi
commented
4 weeks ago PPPwned! 🎉
rafaelflromao
commented
4 weeks ago PPPwned! 🎉
Was it tested?
iMrDJAi
commented
4 weeks ago @rafaelflromao Zecoxao just tested it for me.
Still need testers on other 8.xx FWs, probably they have the same offsets.
Cardoso17
commented
4 weeks ago I didn't find the first 8 offsets, if someone can help - FW 8.03
iMrDJAi
commented
4 weeks ago @Cardoso17 You can reach me out on PS5 R&D Discord and I'll will help you figuring it out.
Well, now we know that 8.50 offsets don't cover 8.0x.
loskutov
commented
3 weeks ago @Cardoso17:
PPPOE_SOFTC_LIST = 0xffffffff84422370
KERNEL_MAP = 0xffffffff83d243e0
SETIDT = 0xffffffff82249dd0
KMEM_ALLOC = 0xffffffff8221b3f0
KMEM_ALLOC_PATCH1 = 0xffffffff8221b4bc
KMEM_ALLOC_PATCH2 = 0xffffffff8221b4c4
MEMCPY = 0xffffffff8245e1c0
MOV_CR0_RSI_UD2_MOV_EAX_1_RET = 0xffffffff82660609
zecoxao
commented
3 weeks ago 8.00
800k.txt:0xffffffff82c72e66 : push rbp ; jmp qword ptr [rsi] 800k.txt:0xffffffff823b3311 : pop rbx ; pop r14 ; pop rbp ; jmp qword ptr [rsi + 0x10] 800k.txt:0xffffffff8293bb06 : lea rsp, [rsi + 0x20] ; repz ret 800k.txt:0xffffffff826aeada : add rsp, 0x28 ; pop rbp ; ret 800k.txt:0xffffffff8267b46f : add rsp, 0xb0 ; pop rbp ; ret 800k.txt:0xffffffff82200431 : ret 800k.txt:0xffffffff82652d81 : pop rdi ; ret 800k.txt:0xffffffff82212728 : pop rsi ; ret 800k.txt:0xffffffff82482342 : pop rdx ; ret 800k.txt:0xffffffff82233677 : pop rcx ; ret 800k.txt:0xffffffff82293727 : pop r8 ; pop rbp ; ret 800k.txt:0xffffffff8279b42f : pop r12 ; ret 800k.txt:0xffffffff8223711d : pop rax ; ret 800k.txt:0xffffffff822008df : pop rbp ; ret 800k.txt:0xffffffff82bb35ba : push rsp ; pop rsi ; ret 800k.txt:0xffffffff82529060 : mov rdi, qword ptr [rdi] ; pop rbp ; jmp rax 800k.txt:0xffffffff82b7124e : mov byte ptr [rcx], al ; ret 800k.txt:0xffffffff8232e9ac : mov rdi, rbx ; call r12 800k.txt:0xffffffff8232e7e7 : mov rdi, r14 ; call r12 800k.txt:0xffffffff823d049e : mov rsi, rbx ; call rax 800k.txt:0xffffffff825dc638 : mov r14, rax ; call r8 800k.txt:0xffffffff82cb305a : add rdi, rcx ; ret 800k.txt:0xffffffff8266f467 : sub rsi, rdx ; mov rax, rsi ; pop rbp ; ret 800k.txt:0xffffffff82b82393 : jmp r14
iMrDJAi
commented
3 weeks ago No one on 8.51 8.52 to test?
zecoxao
commented
3 weeks ago No one on 8.51 to test?
8.52 exists, 8.51 does not (afaict)
iMrDJAi
commented
3 weeks ago @TheOfficialFloW I guess at this point you may merge this PR. We can always add alias to 8.52 later.
Cardoso17
commented
3 weeks ago @iMrDJAi What's your name in discord?
Cardoso17
commented
3 weeks ago Someone can create stage1 and stage2 for 8.03?
iMrDJAi
commented
3 weeks ago @Cardoso17 Test these https://github.com/TheOfficialFloW/PPPwn/pull/47
Cardoso17
commented
3 weeks ago @iMrDJAi finally tested and worked perfectly!! Awaiting now for no bd update
Thank you!
This one is for those who are stuck on FW 8.50 and cannot update due to broken BD! (Nice move Sony 🤦♂️)
I need testers on other 8.xx firmware versions to see what else could these offsets support.