1. lilalex

    lilalex GBAtemp Advanced Fan
    Member

    Joined:
    Jul 27, 2020
    Messages:
    559
    Country:
    Macedonia, The Former Yugoslav Republic of
    how do you mean it fails? like crashes or it just freezes?
     
    Leeful likes this.
  2. godreborn

    godreborn GBAtemp Legend
    Member

    Joined:
    Oct 10, 2009
    Messages:
    16,834
    Country:
    United States
    I think he once said that it crashes based on another post.
     
    Leeful and lilalex like this.
  3. Leeful

    Leeful GBAtemp Member
    Developer

    Joined:
    Sep 4, 2015
    Messages:
    1,549
    Country:
    United Kingdom
    It either shuts off (KP) when entering rest mode for the second time after the flashing orange LED sequence or it resumes to black screen then KP.
    The odd thing is that it resumes and you can play games the first time you use it but it fails if you try and use it again.
     
    Last edited by Leeful, Jan 12, 2021
    susi91, lilalex and godreborn like this.
  4. godreborn

    godreborn GBAtemp Legend
    Member

    Joined:
    Oct 10, 2009
    Messages:
    16,834
    Country:
    United States
    I think people who are new with 7.02 are finding out just what a pita the ps4 exploits can be, especially if you do more than just play games with them.
     
    Leeful likes this.
  5. Leeful

    Leeful GBAtemp Member
    Developer

    Joined:
    Sep 4, 2015
    Messages:
    1,549
    Country:
    United Kingdom
    exactly. Its fine if you just want to run the exploit and play a game but if you want to do anything else like run payloads after it has been exploited it is a nightmare.
     
    susi91 and godreborn like this.
  6. godreborn

    godreborn GBAtemp Legend
    Member

    Joined:
    Oct 10, 2009
    Messages:
    16,834
    Country:
    United States
    when you dump themes, you have to redo the ftp payload after checking each theme, based on my experience, so there's a good chance of a black screen or the system not turning on with the controller after shutting it off. luckily, it never kp's with the ftp payload, but it kinda does later on since you've deployed so many payloads, which I think makes a kp or black screen more likely.
     
    Leeful likes this.
  7. ploggy

    ploggy WAKA! WAKA!
    Member

    Joined:
    Aug 29, 2007
    Messages:
    3,754
    Country:
    United Kingdom
    theflow0's 2nd hackerone bounty has been disclosed :)


    https://hackerone.com/reports/943231

     
    Last edited by ploggy, Jan 12, 2021
    Allen-R, 1controller, susi91 and 8 others like this.
  8. MUDD_BR

    MUDD_BR GBAtemp Advanced Fan
    Member

    Joined:
    Nov 17, 2008
    Messages:
    662
    Country:
    Brazil
    Thank you, sir!
     
    ploggy likes this.
  9. KiiWii

    OP KiiWii Reporter
    Reviewer

    Joined:
    Nov 17, 2008
    Messages:
    12,106
    Country:
    United Kingdom
  10. godreborn

    godreborn GBAtemp Legend
    Member

    Joined:
    Oct 10, 2009
    Messages:
    16,834
    Country:
    United States
    I mentioned that in another thread, cuz I heard the kernel exploit was patched on 8.00, but the webkit one works 'til at least 7.51. @lilalex it could be your day.
     
  11. ploggy

    ploggy WAKA! WAKA!
    Member

    Joined:
    Aug 29, 2007
    Messages:
    3,754
    Country:
    United Kingdom
    here's hoping :)
     
  12. godreborn

    godreborn GBAtemp Legend
    Member

    Joined:
    Oct 10, 2009
    Messages:
    16,834
    Country:
    United States
    @KiiWii , I have a friend who can't get final fantasy vii remake to work with bp on 5.05. it keeps asking him to update to 6.50. I gave him my bp, which works no issue for me, but it still does it. I'm thinking he might have an update downloaded, but I dunno. any ideas?
     
    KiiWii likes this.
  13. KiiWii

    OP KiiWii Reporter
    Reviewer

    Joined:
    Nov 17, 2008
    Messages:
    12,106
    Country:
    United Kingdom
    Does he have the DNS for AlAzif entered and removed any pending update file with update disabler?
     
    godreborn likes this.
  14. godreborn

    godreborn GBAtemp Legend
    Member

    Joined:
    Oct 10, 2009
    Messages:
    16,834
    Country:
    United States
    something may be wrong with his base game, because iirc, a non-bp game will just error, not force an install of an update.

    — Posts automatically merged - Please don't double post! —

    I'm not sure. I think he posted in your thread. that's when I tried to help him. he said he saw the loading screen, then it tried to force him to update. I haven't played final fantasy vii, but I know I can get to the title screen and dlc works, no issues.

    — Posts automatically merged - Please don't double post! —

    I don't think the app dumper dumps the firmware partition from a disc game afaik, so I'm thinking he downloaded an update. I was going to suggest he try marrying the bp, because the game I got it off of was not dumped by a team. I think duplex dumped the game, but I got mine from an individual. though, it should've err'd at the end of install if that were the case. he didn't mention that.

    — Posts automatically merged - Please don't double post! —

    the bp I sent him was just the necessary files from 1.00 with the app version increased by one so that it would install as a patch.
     
    KiiWii likes this.
  15. lilalex

    lilalex GBAtemp Advanced Fan
    Member

    Joined:
    Jul 27, 2020
    Messages:
    559
    Country:
    Macedonia, The Former Yugoslav Republic of
    i saw the video from modded warfare and can you give me the link of the thread?

    — Posts automatically merged - Please don't double post! —

    but is there gonna be a link for the jailbreak?
     
  16. KiiWii

    OP KiiWii Reporter
    Reviewer

    Joined:
    Nov 17, 2008
    Messages:
    12,106
    Country:
    United Kingdom
    peteruk, phonemonkey and RY0M43CH1Z3N like this.
  17. KiiWii

    OP KiiWii Reporter
    Reviewer

    Joined:
    Nov 17, 2008
    Messages:
    12,106
    Country:
    United Kingdom
    Mira offsets:

    Code:
    [LIST=1]
    [*]// This is an open source non-commercial project. Dear PVS-Studio, please check it.
    [*]// PVS-Studio Static Code Analyzer for C, C++, C#, and Java: http://www.viva64.com
    [*]
    
    [*]#include <Boot/Patches.hpp>
    [*]
    
    [*]/*
    [*]    Please, please, please!
    [*]    Keep patches consistent with the used patch style for readability.
    [*]*/
    [*]void Mira::Boot::Patches::install_prerunPatches_755()
    [*]{
    [*]#if MIRA_PLATFORM == MIRA_PLATFORM_ORBIS_BSD_755
    [*]    // NOTE: Only apply patches that the loader requires to run, the rest of them should go into Mira's ELF
    [*]    // You must assign the kernel base pointer before anything is done
    [*]    if (!gKernelBase)
    [*]        return;
    [*]
    
    [*]    // Use "kmem" for all patches
    [*]    uint8_t *kmem;
    [*]
    
    [*]    // Enable UART
    [*]    kmem = (uint8_t *)&gKernelBase[0x01564910];
    [*]    kmem[0] = 0x00;
    [*]
    
    [*]    // Patch sys_dynlib_dlsym: Allow from anywhere
    [*]    kmem = (uint8_t *)&gKernelBase[0x004523C4];
    [*]    kmem[0] = 0xE9;
    [*]    kmem[1] = 0xC8;
    [*]    kmem[2] = 0x01;
    [*]    kmem[3] = 0x00;
    [*]    kmem[4] = 0x00;
    [*]
    
    [*]    kmem = (uint8_t *)&gKernelBase[0x00029A30];
    [*]    kmem[0] = 0x31;
    [*]    kmem[1] = 0xC0;
    [*]    kmem[2] = 0xC3;
    [*]
    
    [*]    // Patch sys_mmap: Allow RWX (read-write-execute) mapping
    [*]    kmem = (uint8_t *)&gKernelBase[0x000DB17D];
    [*]    kmem[0] = 0x37;
    [*]    kmem[3] = 0x37;
    [*]
    
    [*]    // Patch setuid: Don't run kernel exploit more than once/privilege escalation
    [*]    kmem = (uint8_t *)&gKernelBase[0x0037A320];
    [*]    kmem[0] = 0xB8;
    [*]    kmem[1] = 0x00;
    [*]    kmem[2] = 0x00;
    [*]    kmem[3] = 0x00;
    [*]    kmem[4] = 0x00;
    [*]
    
    [*]    // Enable RWX (kmem_alloc) mapping
    [*]    kmem = (uint8_t *)&gKernelBase[0x001754AC];
    [*]    kmem[0] = 0x07;
    [*]
    
    [*]    kmem = (uint8_t *)&gKernelBase[0x001754B4];
    [*]    kmem[0] = 0x07;
    [*]
    
    [*]    // Patch copyin/copyout: Allow userland + kernel addresses in both params
    [*]    // copyin
    [*]    kmem = (uint8_t *)&gKernelBase[0x0028FA47];
    [*]    kmem[0] = 0x90;
    [*]    kmem[1] = 0x90;
    [*]
    
    [*]    kmem = (uint8_t *)&gKernelBase[0x0028FA53];
    [*]    kmem[0] = 0x90;
    [*]    kmem[1] = 0x90;
    [*]    kmem[2] = 0x90;
    [*]
    
    [*]    // copyout
    [*]    kmem = (uint8_t *)&gKernelBase[0x0028F952];
    [*]    kmem[0] = 0x90;
    [*]    kmem[1] = 0x90;
    [*]
    
    [*]    kmem = (uint8_t *)&gKernelBase[0x0028F95E];
    [*]    kmem[0] = 0x90;
    [*]    kmem[1] = 0x90;
    [*]    kmem[2] = 0x90;
    [*]
    
    [*]    // Patch copyinstr
    [*]    kmem = (uint8_t *)&gKernelBase[0x0028FEF3];
    [*]    kmem[0] = 0x90;
    [*]    kmem[1] = 0x90;
    [*]
    
    [*]    kmem = (uint8_t *)&gKernelBase[0x0028FEFF];
    [*]    kmem[0] = 0x90;
    [*]    kmem[1] = 0x90;
    [*]    kmem[2] = 0x90;
    [*]
    
    [*]    // Patch memcpy stack
    [*]    kmem = (uint8_t *)&gKernelBase[0x0028F80D];
    [*]    kmem[0] = 0xEB;
    [*]
    
    [*]    // Patch mprotect: Allow RWX (mprotect) mapping
    [*]    kmem = (uint8_t *)&gKernelBase[0x003014C8];
    [*]    kmem[0] = 0x90;
    [*]    kmem[1] = 0x90;
    [*]    kmem[2] = 0x90;
    [*]    kmem[3] = 0x90;
    [*]    kmem[4] = 0x90;
    [*]    kmem[5] = 0x90;
    [*]
    
    [*]#endif
    [*]}
    [/LIST]
    
     
    1controller likes this.
  18. lilalex

    lilalex GBAtemp Advanced Fan
    Member

    Joined:
    Jul 27, 2020
    Messages:
    559
    Country:
    Macedonia, The Former Yugoslav Republic of
    7.55 & 8.00 ? what is that ?
     
  19. KiiWii

    OP KiiWii Reporter
    Reviewer

    Joined:
    Nov 17, 2008
    Messages:
    12,106
    Country:
    United Kingdom
    As described: payloads ported to these firmwares ready for kex, based on dumped kernel offsets.
     
  20. KiiWii

    OP KiiWii Reporter
    Reviewer

    Joined:
    Nov 17, 2008
    Messages:
    12,106
    Country:
    United Kingdom
    Let’s not forget that this may only be PART of the kernel exploit chain.

    Yes we have a 7.5x (>7.51 unconfirmed) Webkit, and part of this kernel exploit, but it may not be the entire chain we need yet.

    As ever: do not update. 5.05/6.72/7.02 users can still expect backports IF it eventually happens.
     
Draft saved Draft deleted
Loading...

Hide similar threads Similar threads with keywords - Exploit, [AIO], Guide