mirror
/
bd-jb
mirror of https://github.com/TheOfficialFloW/bd-jb
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Reduce JIT allocation size to 1MB.

master
Andy Nguyen 1 year ago
parent
304686cfc0
commit
3314b0e7bc
2 changed files with 9 additions and 6 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 5
      com/bdjb/Exploit.java
  2. 10
      com/bdjb/JIT.java

5
com/bdjb/Exploit.java
Unescape View File

@ -79,8 +79,11 @@ class Exploit implements Runnable { @@ -79,8 +79,11 @@ class Exploit implements Runnable {
socket.close();
Screen.println("[*] Executing payload...");
Screen.println("[*] Mapping payload...");
long payload = jit.mapPayload("/OS/HDD/download0/mnt_ada/payload.bin", 0x4000);
Screen.println("[+] payload: " + Long.toHexString(payload));
Screen.println("[*] Executing payload...");
int ret = (int) api.call(payload, api.dlsym(API.LIBKERNEL_MODULE_HANDLE, "sceKernelDlsym"));
Screen.println("[+] Result: " + ret);
} catch (Exception e) {

10
com/bdjb/JIT.java
Unescape View File

@ -149,12 +149,12 @@ public final class JIT { @@ -149,12 +149,12 @@ public final class JIT {
throw new IllegalArgumentException("Invalid data section offset.");
}
// TODO: Currently we just use maximum size so that the address is predictable.
long size = MAX_CODE_SIZE;
// TODO: Currently we hardcode the size so that the address is predictable.
long size = 1 * 1024 * 1024;
// long size = file.length() + 0x88 + ALIGNMENT - 1;
// if (size >= MAX_CODE_SIZE) {
// throw new IllegalArgumentException("Payload is too big.");
// }
if (size >= MAX_CODE_SIZE) {
throw new IllegalArgumentException("Payload is too big.");
}
// Allocate JIT memory.
long name = api.malloc(4);

Write Preview
Loading…
Cancel
Save