Request: C source code

[maxton]

Would it be possible to make the C sources available so we can modify and re-compile the ROP chains?

[sleirsgoevy]

Yes, I will upload the source in the next few days. The issue here is that it needs to be compiled on a FreeBSD 9 system to use the right headers, and setting up the toolchain on that is not a breeze. So I will upload it as soon as building on Linux is possible.

[maxton]

Awesome, thank you!

[eduardo1954]

Early versions of the toolchain have bsd headers v.02

Specterdev said

[StartForKiller]

Maybe you can undefine and redefine the bad headers

[eduardo1954]

https://github.com/OpenOrbis/OpenOrbis-PS4-Toolchain/releases/tag/v0.2

[StartForKiller]

The c source code will help to solve the stability issues

[sleirsgoevy]

Note: built-from-source files differ from the bundled ones for some reason. Haven't tested them yet as I don't have access to PS4 right now. If somebody confirms that it works I'll close this.

[StartForKiller]

I will test it now

[StartForKiller]

Okay, at least for me isn't working, always says reboot you ps4

[StartForKiller]

It seems that it don't execute all the write_mem, i check it with some prints

[sleirsgoevy]

That is very strange. write_mem is implemented directly in JS, so it shouldn't break.

[StartForKiller]

Yeah, i know, but i tested it and it isn't working

[sleirsgoevy]

Seems that the linux build can't win the race for some reason. FIXED

[StartForKiller]

I tried again and it's the same

[sleirsgoevy]

Will probably try to reproduce exactly this when I get my hands on WSL. At least the build process now works properly for me.

[BillaBong1KP]

the problem you have with compiled ROP code is mainly two things for one, you have a lot of memory pressure and noise with how much more stuff is going on the scheduler is doing more work which will introduce noise in your race the other thing is it's likely it'll produce more complex / longer chains than hand-written ones will, more instructions = more execution time = more potential to lose the race

Said By : SPECTER DEV

[StartForKiller]

Yeah, that's true. The main thing here it's the payload compiled doesn't work like others compiled.

[BillaBong1KP]

So the problem is MIRA or other payload ?

[StartForKiller]

The jailbreak, if you read the write_mem isn't executed

[BillaBong1KP]

How they will fix it ? Damm sure something is wrong with compiling the the source to rop thats why it is not executed.

[StartForKiller]

At least I'm sure that hosted version on my pc works, so it's not my server

[StartForKiller]

Maybe it's a wsl problem

[BillaBong1KP]

Yeah

[StartForKiller]

Interesting

[StartForKiller]

some changes from source

[BillaBong1KP]

Hope this make the exploit stable 🤟🏻

[sleirsgoevy]

the problem you have with compiled ROP code is mainly two things for one, you have a lot of memory pressure and noise with how much more stuff is going on the scheduler is doing more work which will introduce noise in your race the other thing is it's likely it'll produce more complex / longer chains than hand-written ones will, more instructions = more execution time = more potential to lose the race

Said By : SPECTER DEV

That is not the problem. Failing a race could potentially result in a hangup, but not in a kernel panic. EDIT: apart from the main race, the two heap sprays in leak_kevent_pktopts are also timing-sensitive, and they tend to fail with some small chance

[BillaBong1KP]

Hope you could fix this soon ASAP 👍

[sleirsgoevy]

I forgot to mention that an issue was fixed in ps4-rop-8cc (loaded into src/8cc as a submodule), so you may need to run git pull there to make sure that you have that patch.

[mtnjustme]

I forgot to mention that an issue was fixed in ps4-rop-8cc (loaded into src/8cc as a submodule), so you may need to run git pull there to make sure that you have that patch.

some say that the new changes make it laggy, though it might be mira, up for your consideration and testings

[mtnjustme]

also i'd suggest looking at darkmodder's work, he added 3 alerts in the jailbreak js, sounds silly but many claim it works better. watch this : http://prntscr.com/tlhx9w

[BillaBong1KP]

For 8/10 people its crashing while running the jailbreak process or after completing .

[mtnjustme]

eople its crashing while running the jailbreak proce

still worth exploring in my opinion...

[StartForKiller]

I forgot to mention that an issue was fixed in ps4-rop-8cc (loaded into src/8cc as a submodule), so you may need to run git pull there to make sure that you have that patch.

Yeah, i know, i tried both

[StartForKiller]

I've tested to build it with arch linux. The only change i'm seeing:

Seems that sometimes adds innecesary moves

[gotwig]

did you try to "fix" those moves?

[StartForKiller]

Nope, i think it's a problem related with wsl2, i need to try again with ubuntu