ofc work. i patched disable_aslr on my host too. zerofo.gitee.io/x4bLaz305
Have u tried already zerofo host? Does it work flawlessly?
ofc work. i patched disable_aslr on my host too. zerofo.gitee.io/x4bLaz305
Have u tried already zerofo host? Does it work flawlessly?
yes goldhen patched dlsym , but you must patched it before goldhen, that is why u need inject mira-loader frist and using mira loader to exec goldhen, because mira loader patched dlsym.Thats excactly what I thought too, dlsym is patched by goldhen (and by mira if you use that insted) so it is not needed in the kernel exploit.
I also had some strange behaviour testing the pull request version. It seemed to work ok just using his files but when I tried to implement it into the prb menu the kernel exploit it kept saying jailbreak failed.
I looked into the problem and it seemd that the kernel exploit was returing main_ret 91 instead of main_ret 0.
Everthing still appeard to work correctly but no idea why that was happening.
In the end I've just used sleirsgoevy's offical release in the prb 672 update and all is good.
GoldHen patched dlsym.but u need dlsym to load goldhen.The pull request to me makes no sense, because dlsym is patched by GoldHen, also tried once this supposedly fix and console once didn't turn off properly it remained forever on the black screen with white light on waiting to shut down, sleirsgoevy has no issue, is perfect now.
Don't leave 6.72 you will regret, is equal to 5.05 now
Zerofo,GoldHen patched dlsym.but u need dlsym to load goldhen.
netcat.c or miraldr.c already was a loader for kex.
i think loadering a mira loader to exec hen makes no sense
i should push it in the same pull request.Zerofo,
Thanks for these replies, is the first time we can chat directly with a developer, so for your fixes to work properly it also needs the updated netcat.js to successfully patch the kernel, I have tried your jb.js but without your netcat.js.
So your method avoids using mira to load payloads, all are directly to the kernel, which results in faster loads.
Yes disabling ASLR makes the exploit more efficient since all stacks gonna be static.
So a question how do you find the correct gadgets needed to maintain the rop chain going? I have seen it, mostly is just machine code.i should push it in the same pull request.
https://github.com/sleirsgoevy/ps4jb2/blob/133432918766ea2040336f89c77a2ec3c3546733/netcat.c
https://github.com/sleirsgoevy/ps4jb2/blob/133432918766ea2040336f89c77a2ec3c3546733/netcat.js
but the disable ASLR patch version has not push yet.
i just add dlsym pathch using asm into krop.rop and recompiled the project to regenerate a new jb.js.So a question how do you find the correct gadgets needed to maintain the rop chain going? I have seen it, mostly is just machine code.
yes.So zerofo for your mods to work properly we always need the new jb.js and netcat.js all the rest is the same.
Regarding your host, sorry if I made a mistake to recognize the language, I belive is in Chinese, most people here don't understand it.
yes.
u can using new jb.js and new netcat.js(from the pull request. ) to loading goldhen(need window.mira_blob_len )
And loading mira-loader(need window.mira_blob_len) to exec other payload
( because, it cant loading other payload directly, maybe still missing some patch for them.)
ok , but i am very poor at English , it may take some timeIs there a possbility of an only English version of your host
en-version should work on https://zerofo.gitee.io/en now.Is there a possbility of an only English version of your host
Are you sure that is the link? My browser cannot load the link. zerofo.github.io/en does not work too.en-version should work on https://zerofo.gitee.io/en now
you mean cant access it or the js doesnt work?Are you sure that is the link? My browser cannot load the link. zerofo.github.io/en does not work too.
This looks better at least people will understand the menus hehe thanks zerofoyou mean cant access it or the js doesnt work?
Most prob not your fault dude, but , you've kinda hijacked the thread about PRB/Leefuls menu...en-version should work on https://zerofo.gitee.io/en now
It’s still in Beta so no release till it’s finishedwhere can i get the source of you're jailbreak ? i need to run it locally !!! thanks