API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Sep 15th, 2016
415
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.26 KB | None | 0 0
raw download clone embed print report
  1.  
  2. #include <stdlib.h>
  3. #include <stdio.h>
  4. #include <string.h>
  5. #include <stdint.h>
  6. #include <inttypes.h>
  7.  
  8.  
  9. #include <machine/_types.h>
  10. #include <unistd.h>
  11. #include <errno.h>
  12. #include <assert.h>
  13. #include "kmain.h"
  14.  
  15. #include <arpa/inet.h>
  16. #include <netinet/in.h>
  17.  
  18. #include <signal.h>
  19.  
  20. #include <machine/cpufunc.h>
  21.  
  22. #include <sys/_stdint.h>
  23. #include <sys/sysent.h>
  24. #include <sys/_types.h>
  25. #include <sys/syscall.h>
  26. #include <sys/socket.h>
  27. #include <sys/mman.h>
  28. #include <sys/sysctl.h>
  29. #include <sys/ptrace.h>
  30. #include <sys/errno.h>
  31. #include <sys/proc.h>
  32. #include <sys/param.h>
  33. #include <sys/types.h>
  34. #include <sys/user.h>
  35. #include <sys/mutex.h>
  36. #include <sys/lock.h>
  37. #include <sys/sysproto.h>
  38. #include <sys/uio.h>
  39. #include <sys/wait.h>
  40. #include <machine/reg.h>
  41.  
  42. #include <ps4/standard_io.h>
  43. #include <ps4/kernel.h>
  44. #include <ps4/register.h>
  45. #include <ps4/socket.h>
  46. #include <ps4/stream.h>
  47. #include <ps4/type.h>
  48.  
  49. #include <sce/kernel.h>
  50.  
  51.  
  52. #define IP(a, b, c, d) (((a) << 0) + ((b) << 8) + ((c) << 16) + ((d) << 24))
  53. #define TCP_NODELAY 1
  54.  
  55.  
  56.  
  57. int main(int argc, char **argv)
  58. {
  59. void *sceSblACMgrIsVideoplayerProcess;
  60. //char *sceSblRCMgrIsAllowDisablingAslr;
  61. char *mem;
  62. char *mem2;
  63.  
  64. int64_t ret;
  65. int r;
  66. //char *dump;
  67.  
  68. printf("uid: %zu\n", getuid());
  69. ps4KernelCall(ps4KernelPrivilegeEscalate);
  70. //ps4KernelCall(ps4KernelDebugEnable); //causing uid 1 and crash
  71. printf("uid: %zu\n", getuid());
  72.  
  73. sceSblACMgrIsVideoplayerProcess = (void *)ps4KernelCall(ps4KernelDlSym, "sceSblACMgrIsVideoplayerProcess");
  74. //sceSblRcMgrIsAllowDisablingAslr = (void *)ps4KernelCall(ps4KernelDlSym, "sceSblRcMgrIsAllowDisablingAslr");
  75.  
  76. mem = malloc(64);
  77. memset(mem, 0x90, 64);
  78. strcpy(mem, "Hello World!");
  79.  
  80. printf("mem: %p: %s\n", mem, mem);
  81. ps4StandardIoPrintHexDump(mem, 48);
  82. r = ps4KernelExecute((void *)kmain1, mem, &ret, NULL);
  83. printf("mem: %p: %s\n", mem, mem);
  84. ps4StandardIoPrintHexDump(mem, 48);
  85. printf("[K1] r: %i, ret: %"PRIxPTR"\n", r, ret);
  86.  
  87. ps4KernelCall(ps4KernelMemoryCopy, sceSblACMgrIsVideoplayerProcess, mem, 32);
  88. ps4StandardIoPrintHexDump(mem, 48);
  89.  
  90. r = ps4KernelExecute((void *)kmain2, mem, &ret, NULL);
  91. printf("[K2] r: %i, ret: %"PRIxPTR"\n", r, ret);
  92.  
  93. ps4KernelCall(ps4KernelMemoryCopy, sceSblACMgrIsVideoplayerProcess, mem, 32);
  94. ps4StandardIoPrintHexDump(mem, 48);
  95.  
  96. r = ps4KernelExecute((void *)kmain3, mem, &ret, NULL);
  97. printf("[K3] r: %i, ret: %"PRIxPTR"\n", r, ret);
  98.  
  99. ps4KernelCall(ps4KernelMemoryCopy, sceSblACMgrIsVideoplayerProcess, mem, 32);
  100. ps4StandardIoPrintHexDump(mem, 48);
  101.  
  102. /* Create socket for TCP-Dump */
  103.  
  104. struct sockaddr_in server;
  105.  
  106. server.sin_len = sizeof(server);
  107. server.sin_family = AF_INET;
  108. server.sin_addr.s_addr = IP(192, 168, 1, 65);
  109. server.sin_port = htons(9023);
  110. memset(server.sin_zero, 0, sizeof(server.sin_zero));
  111. int sock = socket(AF_INET, SOCK_STREAM, 0);
  112. connect(sock, (struct sockaddr *)&server, sizeof(server));
  113.  
  114. int flag = 1;
  115. setsockopt(sock, IPPROTO_TCP, TCP_NODELAY, (char *)&flag, sizeof(int));
  116.  
  117. /* Dump E^2prom with banks and blocks :) */
  118.  
  119. int64_t (*icc_nvs_read) (uint64_t bank_id,uint64_t block_id,uint64_t offset,uint64_t size,uint8_t *data_ptr) = (void *) 0xFFFFFFFF82639CD0;
  120.  
  121. uint8_t buffed[0x10];
  122. int bank;
  123. int block;
  124. int h = 0;
  125. int u;
  126.  
  127. printf(" [+] Enter the bank id you wish to dump with:");
  128. scanf("%d",&bank);
  129. printf(" [+] Enter the block id you wish to dump with:");
  130. scanf("%d",&block);
  131.  
  132. if(block == 0){
  133. u == 0x3000;
  134. }
  135. else if(block == 1){
  136. u = 0x1000;
  137. }
  138. else if(block == 2){
  139. u = 0x800;
  140. }
  141. else if(block == 3){
  142. u = 0x800;
  143. }
  144. else if(block == 4){
  145. u = 0x3000;
  146. }
  147. else if(block > 4 || block < 0){
  148. printf("invalid block id, try using 0-4\n");
  149. }
  150. if(bank > 1 || bank < 0){
  151. printf("invalid bank id, try using 0-1\n");
  152. }
  153. else if(bank <= 1 && bank >= 0 && block <= 4 && block >= 0){
  154. printf(" [+] Dumping via icc_nvs_read with bank id:%d and block id:%d\n", bank, block);
  155. for(h=0;h<u;h=h+0x10){
  156. int64_t retz = ps4KernelCall(icc_nvs_read,bank, block, h, 0x10, buffed);
  157. if(retz == -1)perror("icc_nvs_read");
  158. else if (retz == 0){
  159. send(sock,buffed,0x10,0);
  160. }
  161. }
  162. }
  163.  
  164. /* Close sockets and free the mapped memory */
  165. close(sock);
  166. free(mem);
  167.  
  168.  
  169. return EXIT_SUCCESS;
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!