yes.
u can using new jb.js and new netcat.js(from the pull request. ) to loading goldhen(need window.mira_blob_len )
And loading mira-loader(need window.mira_blob_len) to exec other payload
( because, it cant loading other payload directly, maybe still missing some patch for them.)
i just add dlsym pathch using asm into krop.rop and recompiled the project to regenerate a new jb.js.
i dont need to find the gadgets. there has the source code(just modify the c code and asm code),
u can recompile too.
i should push it in the same pull request.
https://github.com/sleirsgoevy/ps4jb2/blob/133432918766ea2040336f89c77a2ec3c3546733/netcat.c
https://github.com/sleirsgoevy/ps4jb2/blob/133432918766ea2040336f89c77a2ec3c3546733/netcat.js
but the disable ASLR patch version has not push yet.
in the jb...
GoldHen patched dlsym.but u need dlsym to load goldhen.
netcat.c or miraldr.c already was a loader for kex.
i think loadering a mira loader to exec hen makes no sense
yes goldhen patched dlsym , but you must patched it before goldhen, that is why u need inject mira-loader frist and using mira loader to exec goldhen, because mira loader patched dlsym.
if i patch the dlsym in kex then i no need to injecrt mira loader.
@Leeful
the same issue...with the black pcb version.... on the newest uf2 firmware or the oldest sxos version.
just use the old version uf2(like v133 can make rcm x86 sleep. ), i rebuild one for sxos payload.
because the hekate payload sometime can't boot into sxos on the v133).
And double click...