[Request] PS3MAPI userland payload injection.

aldostools / webMAN-MOD

Extended services for PS3 console (web server, ftp server, netiso, ntfs, ps3mapi, etc.)

https://aldostools.github.io/webMAN-MOD/

GNU General Public License v3.0

1.29k stars 176 forks source link

[Request] PS3MAPI userland payload injection. #857

Open jordywastaken opened 1 year ago

jordywastaken commented 1 year ago

Hi, it would be nice if there was a way to inject a payload into a specified process via the ps3mapi webUI, the needed code in order to do that can be found in TheRouLetteBoi's vsh menu, here: https://github.com/TheRouletteBoi/RouLetteVshMenu/blob/main/src/Games/GamePatching.cpp#L249

Also, here is the reason why it would be nice to have this feature available for developers: https://github.com/TheRouletteBoi/ingame_payloads#why-use-a-payload-instead-of-sprx

aldostools commented 1 year ago

Thank you for the feature suggestion. The feature doesn't seem too difficult to implement in the web GUI for PS3MAPI. Indeed some of the required functions & variables needed to implement it already exist in ps3mapi.h

aldostools commented 1 year ago

@jordywastaken if you have the chance please test the feature. I don't have any userland payload for test Test build: webftp_server.sprx

The new ps3mapi command can be accessed from /home.ps3mapi or directly through /payload.ps3mapi

jordywastaken commented 1 year ago

Tested a little bit, a thing to note is the allocated executable address, it is required for the payload to work properly so it would be nice to show it upon loading the payload: https://github.com/TheRouletteBoi/ingame_payloads/blob/main/gtav-sce-make/src/linker.x#L4

Unfortunately without the base address i wasn't able to determine if the payload started correctly since it is needed in order to use game functions like printf and sys_ppu_thread_create.

Also, i'm not an expert in payloads so i might be missing a few details 😅

aldostools commented 1 year ago

@jordywastaken Thank you for your feedback.

ps3mapi webGUI now returns payload executable memory address

Please try this new test build: webftp_server.sprx

jordywastaken commented 1 year ago

Not sure if the load button works, upon pressing it nothing happens, nothing is displayed, no errors, nothing.

I do have a built payload.bin in /dev_hdd0/ :

aldostools commented 1 year ago

@jordywastaken Thank you for your valuable feedback.

I have added more detailed error messages in this commit c7f092347caf75c78231b17ef8db6447c62f125c

You can try this new test build: webftp_server.sprx

xTheDevilRazedMe commented 7 months ago

Been looking into this for a while now & even tried it myself. Outside of roulette there is 0 public research on this, the only thing that is public is the PSHome debug payload.

There needs to be some tutorials or more public research on creating custom payloads for games