Advertisement
Guest User

PS4 try_sys_randomized_path_leak

a guest
Jun 3rd, 2019
2,917
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. // <6.00 bug (not exploitable) found by TheFloW, JS adaptation by CelesteBlue only useful for when we find an actual vulnerable syscall
  2.     var try_sys_randomized_path_leak = function() {
  3.         var mem = p.malloc(0x1000000); // allocate buffer
  4.         alert(p.hexdump(mem, 0x500)); // display zeroed buffer
  5.        
  6.         var len_pointer = p.malloc(0x08); // allocate length
  7.         p.write8(len_pointer, new int64(0, 2147483648)); // write length: 0x8000000000000000
  8.         alert(p.hexdump(len_pointer, 8)); // display length
  9.        
  10.         alert(p.syscall("sys_randomized_path", 0, mem, len_pointer)); // trigger bug
  11.         alert(p.hexdump(mem, 0x500)); // display buffer, should have been modified if success
  12.     };
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement