Hacking exfathax.h - no error fix

mrdude

mrdude

Developer
OP
Developer
Level 19
Joined
Dec 11, 2015
Messages
3,071
Trophies
1
Age
56
XP
8,227
After what seems like about a million attempts, I have finally fixed the file system error message for those running chips that can send a usb image....

Replace the included exfathax.h included in the attachment for what you have in your arduino sketches and change your onread function to this:

Code: 
static int32_t onRead(uint32_t lba, uint32_t offset, void * buffer, uint32_t bufsize) {
  if (lba > 130) {
    lba = 130;
  }
  memcpy(buffer, exfathax[lba] + offset, bufsize);
  return bufsize;
}

That will fix the file system errors when sending the exfat usb image as this mod has a small 512byte fat image added to it, which the ps4 will not error out with. This should give a faster and more stable hack.

Enjoy!
 

Attachments

  • Image fix.rar
    785 bytes · Views: 134
Last edited by mrdude,
  • Like
Reactions: PS4User, ukunilus, Donnie-Burger and 3 others
M

marek256

Active Member
Newcomer
Level 4
Joined
Jan 10, 2019
Messages
42
Trophies
0
Age
38
XP
401
Country
Slovakia
mrdude said:
After what seems like about a million attempts, I have finally fixed the file system error message for those running chips that can send a usb image....

Replace the included exfathax.h included in the attachment for what you have in your arduino sketches and change your onread function to this:

Code: 
static int32_t onRead(uint32_t lba, uint32_t offset, void * buffer, uint32_t bufsize) {
  if (lba > 130) {
    lba = 130;
  }
  memcpy(buffer, exfathax[lba] + offset, bufsize);
  return bufsize;
}

That will fix the file system errors when sending the exfat usb image as this mod has a small 512byte fat image added to it, which the ps4 will not error out with. This should give a faster and more stable hack.

Enjoy!
Click to expand...
Awesome, happy that you have compiled it for us, regular users. Thanks a million! :-)
 
  • Like
Reactions: mrdude
M

marek256

Active Member
Newcomer
Level 4
Joined
Jan 10, 2019
Messages
42
Trophies
0
Age
38
XP
401
Country
Slovakia
Hello, an update, so I tried to compile bin with your exfat and it works like a charm!
No error popup. I set time for 3500 ms and everything works very well.
Thank you for your hard and great work!
 
  • Like
Reactions: peteruk and mrdude
mrdude

mrdude

Developer
OP
Developer
Level 19
Joined
Dec 11, 2015
Messages
3,071
Trophies
1
Age
56
XP
8,227
marek256 said:
Hello, an update, so I tried to compile bin with your exfat and it works like a charm!
No error popup. I set time for 3500 ms and everything works very well.
Thank you for your hard and great work!
Click to expand...
Actually the sketch you are using, the usb timeout is broken and is always set at 12000 no matter what time you set it to, I fixed this is my own sketch which I will be putting on github soon, as it's more advanced and does more stuff. I'll post a link when I am done. It will be completed this week as I just need to add something to the config page and then I will be finished. Once you try my one, you won't want to use the current one that's available and most likely what you are using :-).
 
  • Like
Reactions: Leeful and peteruk
M

marek256

Active Member
Newcomer
Level 4
Joined
Jan 10, 2019
Messages
42
Trophies
0
Age
38
XP
401
Country
Slovakia
mrdude said:
Actually the sketch you are using, the usb timeout is broken and is always set at 12000 no matter what time you set it to, I fixed this is my own sketch which I will be putting on github soon, as it's more advanced and does more stuff. I'll post a link when I am done. It will be completed this week as I just need to add something to the config page and then I will be finished. Once you try my one, you won't want to use the current one that's available and most likely what you are using :-).
Click to expand...
Very good, I am really opened to try it. Did not know that the time set is broken :-) Can you please consider to throw out the temperature settings and also some setting where we can on or off auto goldhen without reflashing? I am not sure if you are skilled but also FTP would be nice for changing goldhen.h for example. Anyways if you will start github, please share it with me, I will gladly try it. Thanks for everything
 
mrdude

mrdude

Developer
OP
Developer
Level 19
Joined
Dec 11, 2015
Messages
3,071
Trophies
1
Age
56
XP
8,227
marek256 said:
Very good, I am really opened to try it. Did not know that the time set is broken :-) Can you please consider to throw out the temperature settings and also some setting where we can on or off auto goldhen without reflashing? I am not sure if you are skilled but also FTP would be nice for changing goldhen.h for example. Anyways if you will start github, please share it with me, I will gladly try it. Thanks for everything
Click to expand...
I've already removed the fan stuff and some other uneeded crap, but in my sketch you don't need to change goldhen.h as you can upload your own bin files and then change what you want to autoboot in the config page. I'll let you know the github page when I'm done.

rXigBrA.png
 
  • Like
Reactions: peteruk
M

marek256

Active Member
Newcomer
Level 4
Joined
Jan 10, 2019
Messages
42
Trophies
0
Age
38
XP
401
Country
Slovakia
mrdude said:
I've already removed the fan stuff and some other uneeded crap, but in my sketch you don't need to change goldhen.h as you can upload your own bin files and then change what you want to autoboot in the config page. I'll let you know the github page when I'm done.

rXigBrA.png
Click to expand...
Man, this looks pretty promising! I really can not wait to try it out. You have my admiration and respect
 
eemcmCL

eemcmCL

Well-Known Member
Newcomer
Level 3
Joined
Sep 28, 2022
Messages
67
Trophies
0
Age
35
Location
Chile
XP
266
Country
Chile
Just today the purchase of 2 S2 mini boards arrived and one is already working with Stooged.

With this, what would be the difference with the stooged method? (sorry for the question, I'm new to this chip system)

I just have to download the attached file and replace it in the server folder?

"Replace the included exfathax.h included in the attachment for what you have in your arduino sketches and change your onread function to this"

This part, I don't understand, is it done directly from the Arduino ide?

EDIT: Now I'm loading the s2 mini with the exfathax.h and the modified code...
 
Last edited by eemcmCL,
mrdude

mrdude

Developer
OP
Developer
Level 19
Joined
Dec 11, 2015
Messages
3,071
Trophies
1
Age
56
XP
8,227
eemcmCL said:
Just today the purchase of 2 S2 mini boards arrived and one is already working with Stooged.

With this, what would be the difference with the stooged method? (sorry for the question, I'm new to this chip system)

I just have to download the attached file and replace it in the server folder?

"Replace the included exfathax.h included in the attachment for what you have in your arduino sketches and change your onread function to this"

This part, I don't understand, is it done directly from the Arduino ide?
Click to expand...
Get rid of that version you downloaded and just use this instead. Everything is already set up. if you already flashed your chip, erase it first though because your spiffs partition will have cached files in it that are not compatible with this version.

Also @

marek256

You can use this as well, and just upload payloads with the filemanger in the web browser, then goto config page and change to what you want. The latest goldhen is embedded so you can put different versions in spiffs and then swap between them if you want. Also make sure to press the format tab on your first use to clear the cached files.
 

Attachments

  • ESP32_Server_900u-hex.zip
    456.3 KB · Views: 77
  • Like
Reactions: ukunilus, peteruk and eemcmCL
eemcmCL

eemcmCL

Well-Known Member
Newcomer
Level 3
Joined
Sep 28, 2022
Messages
67
Trophies
0
Age
35
Location
Chile
XP
266
Country
Chile
mrdude said:
Get rid of that version you downloaded and just use this instead. Everything is already set up. if you already flashed your chip, erase it first though because your spiffs partition will have cached files in it that are not compatible with this version.

Also @

marek256

You can use this as well, and just upload payloads with the filemanger in the web browser, then goto config page and change to what you want. The latest goldhen is embedded so you can put different versions in spiffs and then swap between them if you want. Also make sure to press the format tab on your first use to clear the cached files.
Click to expand...
Thanks for the reply!! Before reading it, I flashed everything back to the s2 mini replacing the exfathax and code and it worked!!

Now I have a question, how do I format the card?
 
mrdude

mrdude

Developer
OP
Developer
Level 19
Joined
Dec 11, 2015
Messages
3,071
Trophies
1
Age
56
XP
8,227
eemcmCL said:
Thanks for the reply!! Before reading it, I flashed everything back to the s2 mini replacing the exfathax and code and it worked!!

Now I have a question, how do I format the card?
Click to expand...
What card?

If you mean the spiffs partiton and you flashed this sketch you connect the the chip via a web browser and then click on the "format" tab, or if you can't access the web interface get a wire and short pin 16 to ground for about a second. Or in Arduino interface, in the box that's highlighted blue - change that to enabled.

ZqgjWAf.png
 
Last edited by mrdude,
  • Like
Reactions: eemcmCL
mrdude

mrdude

Developer
OP
Developer
Level 19
Joined
Dec 11, 2015
Messages
3,071
Trophies
1
Age
56
XP
8,227
@marek256

I made a differnt exit page once the payload is sent, I've not coded it into the sketch yet but what do you think of this one? (just click on exit.html to test with your web broswer).
 

Attachments

  • Alt-exit.zip
    19.5 KB · Views: 63
M

marek256

Active Member
Newcomer
Level 4
Joined
Jan 10, 2019
Messages
42
Trophies
0
Age
38
XP
401
Country
Slovakia
H
mrdude said:
@marek256

I made a differnt exit page once the payload is sent, I've not coded it into the sketch yet but what do you think of this one? (just click on exit.html to test with your web broswer).
Click to expand...
Hello mrdude, honestly? I would avoid that. IMHO everybody will just be bored to wait until the text will come off. I believe you are trying to make it exceptional, but sometimes less is better. The only thing I would suggest is to put GoldHEN logo somewhere on the loading page, everybody is getting there for GoldHEN. And maybe I would change the starting text to something like "PS4 is exploiting"
 
  • Like
Reactions: Leeful and mrdude
mrdude

mrdude

Developer
OP
Developer
Level 19
Joined
Dec 11, 2015
Messages
3,071
Trophies
1
Age
56
XP
8,227
marek256 said:
H

Hello mrdude, honestly? I would avoid that. IMHO everybody will just be bored to wait until the text will come off. I believe you are trying to make it exceptional, but sometimes less is better. The only thing I would suggest is to put GoldHEN logo somewhere on the loading page, everybody is getting there for GoldHEN. And maybe I would change the starting text to something like "PS4 is exploiting"
Click to expand...
If you flash the image you'll already see something like that.
 
eemcmCL

eemcmCL

Well-Known Member
Newcomer
Level 3
Joined
Sep 28, 2022
Messages
67
Trophies
0
Age
35
Location
Chile
XP
266
Country
Chile
I like that with this, the led on the board is activated.

How can I add that function with another sketch?

If I have a wemos s2 mini v1.0.0 board on arduino ide do I have to choose ESP32S2 DEV Module or Lolin S2 Mini?
 
Last edited by eemcmCL,
M

marek256

Active Member
Newcomer
Level 4
Joined
Jan 10, 2019
Messages
42
Trophies
0
Age
38
XP
401
Country
Slovakia
Hello, so I had finally a time to try it out.
A couple notes.
1) It seems that it works only on mini ESP32S2, others seems that does not work, shows an error.
2) I would suggest to use simpler IP, like 1.1.1.1 or something better to remember
3) Time set works awesome, it is lightning fast with 3500ms
4) I just suggested to change the line from trying to exploit to exploiting, it sounds more brave and trustworthy :D
 
mrdude

mrdude

Developer
OP
Developer
Level 19
Joined
Dec 11, 2015
Messages
3,071
Trophies
1
Age
56
XP
8,227
marek256 said:
Hello, so I had finally a time to try it out.
A couple notes.
1) It seems that it works only on mini ESP32S2, others seems that does not work, shows an error.
2) I would suggest to use simpler IP, like 1.1.1.1 or something better to remember
3) Time set works awesome, it is lightning fast with 3500ms
4) I just suggested to change the line from trying to exploit to exploiting, it sounds more brave and trustworthy :D
Click to expand...
1: It's only for ESP32 S2, other chips use different code because the commands in the ESP32 S2 libraries are different from ESP32.

2: My home network is on 192.168.0.x, so if I switch to wifi mode instead of access mode I can connect without also needing to change the IP address. I think most peoples routers have IP address range 192.168.0.x or 192.168.1.x. Plus if you look on your PS4 Settings/Network/View Connection Status/Default Gateway - it tells you the address, so you don't need to remember anything.

3: Sometimes you will probably get a "failed to trigger"type message because you are not giving the chip long enough to work - it's set at 12 seconds because after many tries that is what works best for me. Still you have the option to change it and you can do that straight from your PS4 web browser if you have any issues. (192.168.0.31/config.html)

4: Semantics...but you have the sketch so you can type whatever message you want in there. Still I suppose I could add a section in the config page to change that to whatever you want.

Apart from these "personal" changes, did you find any actual errors in the code that you think would be better.
 
Last edited by mrdude,
  • Like
Reactions: peteruk
eemcmCL

eemcmCL

Well-Known Member
Newcomer
Level 3
Joined
Sep 28, 2022
Messages
67
Trophies
0
Age
35
Location
Chile
XP
266
Country
Chile
Yesterday I was doing tests and commented the following:

1. the exploit works quite well, but in my case (personal opinion), I didn't like the black color of the page and the text, I prefer the blue with white letters and the default text.

2. I have a wemos s2 mini v1.0.0 and in Arduino ide when I select as a lolin s2 mini board, it doesn't work, the program flashes the contents of the sketch and when I restart the board, in my computer it appears as a removable disk (without memory) and when trying to do JB from the console doesn't work, I know it stays loading exfathax and nothing happens. instead, if I select ESP32S2 Dev mode, everything works fine and the computer doesn't recognize the board as removable storage.

4.how can i disable the inthen and leave it on server as autohen and i load the bin?

5. Between the tests I did yesterday, I find that using the stooged + hexfathax sketch fixed with the modified code, the exploit always loads in 30 seconds (between opening the browser and goldhen loading.), compared to your sketch which takes between 36-44 seconds.

6. I am learning this new world of Arduino, so I ask you again, if you would be so kind, tell me how to implement the function of the integrated led of the board in a sketch of mine? reviewing the sketch, I saw the lines to activate the LED, but I don't know how to implement it in my sketch😔

in the future, I would like to see some option to modify the colors of the page and the texts.
 
Last edited by eemcmCL,
mrdude

mrdude

Developer
OP
Developer
Level 19
Joined
Dec 11, 2015
Messages
3,071
Trophies
1
Age
56
XP
8,227
eemcmCL said:
Yesterday I was doing tests and commented the following:

1. the exploit works quite well, but in my case (personal opinion), I didn't like the black color of the page and the text, I prefer the blue with white letters and the default text.

2. I have a wemos s2 mini v1.0.0 and in Arduino ide when I select as a lolin s2 mini board, it doesn't work, the program flashes the contents of the sketch and when I restart the board, in my computer it appears as a removable disk (without memory) and when trying to do JB from the console doesn't work, I know it stays loading exfathax and nothing happens. instead, if I select ESP32S2 Dev mode, everything works fine and the computer doesn't recognize the board as removable storage.

4.how can i disable the inthen and leave it on server as autohen and i load the bin?

5. Between the tests I did yesterday, I find that using the stooged + hexfathax sketch fixed with the modified code, the exploit always loads in 30 seconds (between opening the browser and goldhen loading.), compared to your sketch which takes between 36-44 seconds.

6. I am learning this new world of Arduino, so I ask you again, if you would be so kind, tell me how to implement the function of the integrated led of the board in a sketch of mine? reviewing the sketch, I saw the lines to activate the LED, but I don't know how to implement it in my sketch😔

in the future, I would like to see some option to modify the colors of the page and the texts.
Click to expand...
1: Personal prefernces change from person to person.
2: This sketch is made for lolin/wemos s2 mini, you need to change it for your own type of board.
4: You're asking about a different sketch - the one I posted doesn't "inthen" in it.
5: Depends- each boot time is different depending on how succesful the exploit worked.
6: I can't help you to be a better programmer, this is something you need to learn yourself.

Page colours won't change, the page colours are hard coded and stored in cache + the sketch that's running. You need to manually edit these yourself and before you program your chip.
 
  • Like
Reactions: peteruk and Leeful
Leeful

Leeful

GBAtemp Member
Developer
Level 17
Joined
Sep 4, 2015
Messages
1,903
Trophies
1
XP
7,068
Country
United Kingdom
@mrdude Congrats on the 9.00 work you have been doing on the esp32 s2. I havent tried it out yet but it is looking very promising.

In my 9.00 web hosts I have started using a "return new Promise" that gets resolved when a addEventListner 'click' is detected for the manual insertion of the USB stage.
I've been trying to find a way to auto detect if a USB drive has been inserted using javascript and I came across this but unfortunatly it is not compatable with the PS4 browser. (or at least I could not get it to work)

https://developer.mozilla.org/en-US/docs/Web/API/WebUSB_API
https://developer.mozilla.org/en-US/docs/Web/API/USBConnectionEvent

Is there a similar function for the ESP that can physically detect when a USB drive is mounted?
If so this could be useful in eliminating the timing variable from when the code tells the ESP to mount a usb drive to the actual time of when it has done it.

I havent used the ESP32 S2 in a while but when I did I had it set ups as a network device rather than an access point but I found that during testing every time the timing of the USB mounting was slightly different. Could be a few hundred milliseconds or sometimes a couple of seconds.

If we could set the wait time for the kernel exploit to trigger when the ESP has detected that the USB has been mounted rather than a set time from when the enableUSB has been requested it might work a little better.

I dont know if any of this will be of any help but I thought I'd mention it just in case.:)
 
  • Love
  • Like
Reactions: mrdude and peteruk

Site & Scene News

Go to forum More news

Popular threads in this forum

PS4 Testkit Error Code CE-30008-1 While launching Games Help

Can I get banned for using remote play on a hacked ps4?

Gaming Homebrew  Could someone explain how to decrypt a save file (PS4) . I am on 9.00

Ps4 phat HDD not detected

Hacking  ps4 firmware 7.0 no bd how to use the exploit???

My DS4 does not blink orange when plugged into my laptop.

Homebrew game  Amazing trainers for Assassins Creed Valhalla and WWE 2k23.. Check out the videos!

Need a config for Simpsons Road Rage on PS2-FPKG

General chit-chat
Help Users
  • No one is chatting at the moment.
    Xdqwerty @ Xdqwerty: good night