This is a full chain exploit for PS4 firmware 6.72. Basically this is TheFlow's POC together with PS4-specific kROP & kernel patches. Mira is used as a HEN payload.
To build from source, clone this repository recursively, and run these commands:
cd src
make
You will get a fresh copy of the binary build in src/build/
.
Dependencies: python3
, gcc
, ROPgadget
. Note: Mira is not being built from source
miraldr.c
loads 65536 bytes at address stored in JS variable mira_blob
into RWX memory and jumps to it. At this point only the minimal patches (amd64_syscall, mmap, mprotect, kexec) are applied (i.e. the process is still "sandboxed"). Normally mira_blob
contains MiraLoader.
mira_blob_2_len
bytes at mira_blob_2
are sent to 127.0.0.1:9021
in a background thread. If mira_blob
contains MiraLoader this will be run in the same way but with the full patchset applied & already jailbroken.