Prb 5.05 / 6.72 / 9.00 Exploit Menu Essentials + Leeful Offline PS4 Trainer (beta test)

  • Thread starter Prb
  • Start date
  • Views 55,715
  • Replies 419
  • Likes 46

zerofo

Member
Newcomer
Joined
Dec 14, 2020
Messages
12
Trophies
0
Age
29
XP
128
Country
China
Thats excactly what I thought too, dlsym is patched by goldhen (and by mira if you use that insted) so it is not needed in the kernel exploit.
I also had some strange behaviour testing the pull request version. It seemed to work ok just using his files but when I tried to implement it into the prb menu the kernel exploit it kept saying jailbreak failed.
I looked into the problem and it seemd that the kernel exploit was returing main_ret 91 instead of main_ret 0.
Everthing still appeard to work correctly but no idea why that was happening.

In the end I've just used sleirsgoevy's offical release in the prb 672 update and all is good.:)
yes goldhen patched dlsym , but you must patched it before goldhen, that is why u need inject mira-loader frist and using mira loader to exec goldhen, because mira loader patched dlsym.
if i patch the dlsym in kex then i no need to injecrt mira loader.
@Leeful
 
Last edited by zerofo,
  • Like
Reactions: Leeful and r5xscn

zerofo

Member
Newcomer
Joined
Dec 14, 2020
Messages
12
Trophies
0
Age
29
XP
128
Country
China
The pull request to me makes no sense, because dlsym is patched by GoldHen, also tried once this supposedly fix and console once didn't turn off properly it remained forever on the black screen with white light on waiting to shut down, sleirsgoevy has no issue, is perfect now.

Don't leave 6.72 you will regret, is equal to 5.05 now

GoldHen patched dlsym.but u need dlsym to load goldhen.

netcat.c or miraldr.c already was a loader for kex.
i think loadering a mira loader to exec hen makes no sense
 

viggen66

Well-Known Member
Member
Joined
Nov 5, 2019
Messages
180
Trophies
0
Age
41
XP
488
Country
Spain
GoldHen patched dlsym.but u need dlsym to load goldhen.

netcat.c or miraldr.c already was a loader for kex.
i think loadering a mira loader to exec hen makes no sense
Zerofo,

Thanks for these replies, is the first time we can chat directly with a developer, so for your fixes to work properly it also needs the updated netcat.js to successfully patch the kernel, I have tried your jb.js but without your netcat.js.

So your method avoids using mira to load payloads, all are directly to the kernel, which results in faster loads.

Yes disabling ASLR makes the exploit more efficient since all stacks gonna be static.
 
Last edited by viggen66,

zerofo

Member
Newcomer
Joined
Dec 14, 2020
Messages
12
Trophies
0
Age
29
XP
128
Country
China
Zerofo,

Thanks for these replies, is the first time we can chat directly with a developer, so for your fixes to work properly it also needs the updated netcat.js to successfully patch the kernel, I have tried your jb.js but without your netcat.js.

So your method avoids using mira to load payloads, all are directly to the kernel, which results in faster loads.

Yes disabling ASLR makes the exploit more efficient since all stacks gonna be static.
i should push it in the same pull request.
https://github.com/sleirsgoevy/ps4jb2/blob/133432918766ea2040336f89c77a2ec3c3546733/netcat.c
https://github.com/sleirsgoevy/ps4jb2/blob/133432918766ea2040336f89c77a2ec3c3546733/netcat.js


but the disable ASLR patch version has not push yet.


in the jb part..
I merged jb.c and netcat.c from the source code into one file. in my hosting version.(not pull request version)
it can only load jb.js . No need to load twice jb.js and netcat.js with many duplicate functions
 
Last edited by zerofo,
  • Like
Reactions: Leeful

viggen66

Well-Known Member
Member
Joined
Nov 5, 2019
Messages
180
Trophies
0
Age
41
XP
488
Country
Spain

zerofo

Member
Newcomer
Joined
Dec 14, 2020
Messages
12
Trophies
0
Age
29
XP
128
Country
China
So a question how do you find the correct gadgets needed to maintain the rop chain going? I have seen it, mostly is just machine code.
i just add dlsym pathch using asm into krop.rop and recompiled the project to regenerate a new jb.js.

i dont need to find the gadgets. there has the source code(just modify the c code and asm code),

u can recompile too.
 
Last edited by zerofo,

viggen66

Well-Known Member
Member
Joined
Nov 5, 2019
Messages
180
Trophies
0
Age
41
XP
488
Country
Spain
So zerofo for your mods to work properly we always need the new jb.js and netcat.js all the rest is the same.

Regarding your host, sorry if I made a mistake to recognize the language, I belive is in Chinese, most people here don't understand it.
 

zerofo

Member
Newcomer
Joined
Dec 14, 2020
Messages
12
Trophies
0
Age
29
XP
128
Country
China
So zerofo for your mods to work properly we always need the new jb.js and netcat.js all the rest is the same.

Regarding your host, sorry if I made a mistake to recognize the language, I belive is in Chinese, most people here don't understand it.
yes.

u can using new jb.js and new netcat.js(from the pull request. ) to loading goldhen(need window.mira_blob_len )

And loading mira-loader(need window.mira_blob_len) to exec other payload
( because, it cant loading other payload directly, maybe still missing some patch for them.)
 

viggen66

Well-Known Member
Member
Joined
Nov 5, 2019
Messages
180
Trophies
0
Age
41
XP
488
Country
Spain
yes.

u can using new jb.js and new netcat.js(from the pull request. ) to loading goldhen(need window.mira_blob_len )

And loading mira-loader(need window.mira_blob_len) to exec other payload
( because, it cant loading other payload directly, maybe still missing some patch for them.)

Is there a possbility of an only English version of your host
 
  • Like
Reactions: Ashish999

r5xscn

Well-Known Member
Member
Joined
Apr 8, 2014
Messages
301
Trophies
0
Location
On earth, somewhere
XP
1,689
Country
Antarctica
I tried Prb's host, sleirsgoevy's host from github (dl as zip and run on a local web server), and zerofo's host from github (dl as zip and run on a local web server).

Here is my experience.
For Prb's host:
1. I just let it cache the menu and stop it for the trainer because I do not need it.
2. 1st try, wait a few seconds before running the exploit, run the exploit, then load golden 1.1. Runs ok no kp.
3. 2nd try, power off, power on, go to browser without waiting, run the exploit then goldhen 1.1. KP in game right away.
4. 3rd try, power off, power on, wait a few seconds before going to the browser, run the exploit, wait 1 to 2 seconds, load goldhen 1.1. no kp stable and still running ok (at the moment of writing this comment).

For sleirsgoevy's host from github:
1. Caching stopped at 53% for some reason.
2. When I clicked JB+HEN, it just said not enough system memory. It seems the kernel exploit is not loaded.

For zerofo's host from github:
1. Caching completed 100%.
2. When I clicked JB+HEN, it just said not enough system memory. It seems the kernel exploit is not loaded.

IMO the new host update for 6.72 seems to have no difference than Leeful v10 with hen that I had installed before. I just need to wait a few seconds before opening the browser to avoid kp.

I am not sure what I did wrong with sleirsgoevy's and zerofo's hosts. Can someone explain to me how to properly use them?

Thanks.

Edit: typo.
 
Last edited by r5xscn,

zerofo

Member
Newcomer
Joined
Dec 14, 2020
Messages
12
Trophies
0
Age
29
XP
128
Country
China
Are you sure that is the link? My browser cannot load the link. zerofo.github.io/en does not work too.
you mean cant access it or the js doesnt work?
 

Attachments

  • 1642847731131.png
    1642847731131.png
    658.5 KB · Views: 22
  • Like
Reactions: viggen66
General chit-chat
Help Users
  • No one is chatting at the moment.
    AliceCE @ AliceCE: optiplicks