Toggle sidebar

Hacking Docker PPPwn

  • Thread starter Thread starter Davi5Alexander
  • Start date Start date
  • Views Views 8,284
  • Replies Replies 7
  • Likes Likes 2
Davi5Alexander

Davi5Alexander

Member
Newcomer
Level 4
Joined
Apr 29, 2015
Messages
20
Reaction score
26
Trophies
0
XP
497
Country
United States
PPPwn in Docker

https://github.com/Davi5Alexander/docker_pppwn

This repository contains Docker files to run PPPwn, developed by TheOfficialFloW, easily using an Alpine image. It's ideal for running on a Raspberry Pi with a dedicated USB to Ethernet port for the PS4. PPPwn is a kernel remote code execution exploit for PlayStation 4 up to FW 11.00. It's a proof-of-concept exploit for CVE-2006-4304 that was responsibly reported to PlayStation. I was inspired by PI-Pwn.

Requirements

- Docker installed on your system.
- Ethernet cable.
- USB with GoldHen (only for the first time).

Usage

1. Copy the `Dockerfile.pppwn` and `docker-compose.yml` files.
2. Edit `docker-compose.yml` and change the values of INTERFACE and FIRMWAREVERSION.
3. Run `docker-compose up -d`.
4. Turn on the PS4.

On your PS4 (first time):

1. Insert the USB with `goldhen.bin` into the PS4.
2. Go to Settings and then to Network.
3. Select Set Up Internet Connection and choose Use a LAN Cable.
4. Choose Custom Setup and select PPPoE for IP Address Settings.
5. Enter anything for PPPoE User ID and PPPoE Password.
6. Choose Automatic for DNS Settings and MTU Settings.
7. Choose Do Not Use for Proxy Server.
 
  • Like
Reactions: Djakku and Bumblecito
I'm not fully up-to-speed on how the PPPwn exploit works but... If my PS4 is connected via Ethernet to a network switch (which is thereby connected to the docker host), will this just continually try to connect to my PS4 to run the exploit (after the one-time setup of course)?

Edit:
From looking at the script it seems this requires a direct connection from the exploit host using a crossover cable (no network switches...)
 
Last edited by jmjohnson85,
  • Like
Reactions: Bumblecito and Davi5Alexander
Davi5Alexander said:
PPPwn in Docker

https://github.com/Davi5Alexander/docker_pppwn

This repository contains Docker files to run PPPwn, developed by TheOfficialFloW, easily using an Alpine image. It's ideal for running on a Raspberry Pi with a dedicated USB to Ethernet port for the PS4. PPPwn is a kernel remote code execution exploit for PlayStation 4 up to FW 11.00. It's a proof-of-concept exploit for CVE-2006-4304 that was responsibly reported to PlayStation. I was inspired by PI-Pwn.

Requirements

- Docker installed on your system.
- Ethernet cable.
- USB with GoldHen (only for the first time).

Usage

1. Copy the `Dockerfile.pppwn` and `docker-compose.yml` files.
2. Edit `docker-compose.yml` and change the values of INTERFACE and FIRMWAREVERSION.
3. Run `docker-compose up -d`.
4. Turn on the PS4.

On your PS4 (first time):

1. Insert the USB with `goldhen.bin` into the PS4.
2. Go to Settings and then to Network.
3. Select Set Up Internet Connection and choose Use a LAN Cable.
4. Choose Custom Setup and select PPPoE for IP Address Settings.
5. Enter anything for PPPoE User ID and PPPoE Password.
6. Choose Automatic for DNS Settings and MTU Settings.
7. Choose Do Not Use for Proxy Server.
Click to expand...

I'm about to trying this over local network in a synology nas

Edit: Well It didn't work.

Trying now connected to nas lan1 (it has lan0 and lan1) but it's got stuck on stage1: memory corruption
Tried to ruebuild it but it's cached and i'am unable to make a clean install.

1715496003695.png

Post automatically merged:

Ok, it's working now.

You have to create a folder inside the docker directory and name it docker_pppwn-main
Inside that directory now you have to copy the stages folder with all its files (900 in my case).
You would have something like docker > docker_pppwn-main > stages
1715497791117.png

1715497812537.png

1715497461984.png
 
Last edited by Bumblecito,
Bumblecito said:
I'm about to trying this over local network in a synology nas

Edit: Well It didn't work.

Trying now connected to nas lan1 (it has lan0 and lan1) but it's got stuck on stage1: memory corruption
Tried to ruebuild it but it's cached and i'am unable to make a clean install.

View attachment 436689
Post automatically merged:

Ok, it's working now.

You have to create a folder inside the docker directory and name it docker_pppwn-main
Inside that directory now you have to copy the stages folder with all its files (900 in my case).
You would have something like docker > docker_pppwn-main > stages
View attachment 436694
View attachment 436696
View attachment 436691
Click to expand...
Sorry, I didn't do a test without my custom volume. I already fixed it. You can rebuild the image using docker compose build --no-cache
 
Last edited by Davi5Alexander,
  • Like
Reactions: Bumblecito
Davi5Alexander said:
PPPwn in Docker

https://github.com/Davi5Alexander/docker_pppwn

This repository contains Docker files to run PPPwn, developed by TheOfficialFloW, easily using an Alpine image. It's ideal for running on a Raspberry Pi with a dedicated USB to Ethernet port for the PS4. PPPwn is a kernel remote code execution exploit for PlayStation 4 up to FW 11.00. It's a proof-of-concept exploit for CVE-2006-4304 that was responsibly reported to PlayStation. I was inspired by PI-Pwn.

Requirements

- Docker installed on your system.
- Ethernet cable.
- USB with GoldHen (only for the first time).

Usage

1. Copy the `Dockerfile.pppwn` and `docker-compose.yml` files.
2. Edit `docker-compose.yml` and change the values of INTERFACE and FIRMWAREVERSION.
3. Run `docker-compose up -d`.
4. Turn on the PS4.

On your PS4 (first time):

1. Insert the USB with `goldhen.bin` into the PS4.
2. Go to Settings and then to Network.
3. Select Set Up Internet Connection and choose Use a LAN Cable.
4. Choose Custom Setup and select PPPoE for IP Address Settings.
5. Enter anything for PPPoE User ID and PPPoE Password.
6. Choose Automatic for DNS Settings and MTU Settings.
7. Choose Do Not Use for Proxy Server.
Click to expand...
Amazing idea and excellent work! Thanks for sharing!
 
  • Like
Reactions: Davi5Alexander
What is PPPwn, and how can it be used to run a kernel remote code execution exploit on a PlayStation 4 up to firmware version 11.00 using Docker and an Alpine image?
 

Site & Scene News

Go to forum More news

Popular threads in this forum

Homebrew  ioQuake3-PS4

Ps4 Mod help

Looking for PS4 Trophy Timestamp Editor (Manual Input like PS3TrophyIsGood)

Hacking  how do I download games on a jailbroken ps4

sysmodule location for shadps4

Hacking Translation  List of PS4 English Fan Translations

Transfer profile from ps4 9.0 to ps4 13.50

Hardware  doide value D21 ps4 fat power supply?