mirror/bd-jb
1
0
Fork 0
mirror of https://github.com/TheOfficialFloW/bd-jb synced 2024-12-22 14:38:50 -05:00
Code Issues Projects Releases Wiki Activity

Reduce JIT allocation size to 1MB.

Browse Source
This commit is contained in:
Andy Nguyen 2021-10-27 21:12:07 +02:00
parent 304686cfc0
commit 3314b0e7bc
2 changed files with 9 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
com/bdjb/Exploit.java
View File

@ -79,8 +79,11 @@ class Exploit implements Runnable {
socket.close(); socket.close();
Screen.println("[*] Executing payload..."); Screen.println("[*] Mapping payload...");
long payload = jit.mapPayload("/OS/HDD/download0/mnt_ada/payload.bin", 0x4000); long payload = jit.mapPayload("/OS/HDD/download0/mnt_ada/payload.bin", 0x4000);
Screen.println("[+] payload: " + Long.toHexString(payload));
Screen.println("[*] Executing payload...");
int ret = (int) api.call(payload, api.dlsym(API.LIBKERNEL_MODULE_HANDLE, "sceKernelDlsym")); int ret = (int) api.call(payload, api.dlsym(API.LIBKERNEL_MODULE_HANDLE, "sceKernelDlsym"));
Screen.println("[+] Result: " + ret); Screen.println("[+] Result: " + ret);
} catch (Exception e) { } catch (Exception e) {

10
com/bdjb/JIT.java
View File

@ -149,12 +149,12 @@ public final class JIT {
throw new IllegalArgumentException("Invalid data section offset."); throw new IllegalArgumentException("Invalid data section offset.");
} }
// TODO: Currently we just use maximum size so that the address is predictable. // TODO: Currently we hardcode the size so that the address is predictable.
long size = MAX_CODE_SIZE; long size = 1 * 1024 * 1024;
// long size = file.length() + 0x88 + ALIGNMENT - 1; // long size = file.length() + 0x88 + ALIGNMENT - 1;
// if (size >= MAX_CODE_SIZE) { if (size >= MAX_CODE_SIZE) {
// throw new IllegalArgumentException("Payload is too big."); throw new IllegalArgumentException("Payload is too big.");
// } }
// Allocate JIT memory. // Allocate JIT memory.
long name = api.malloc(4); long name = api.malloc(4);