|
|
|
|
@ -10,6 +10,7 @@ package com.bdjb;
@@ -10,6 +10,7 @@ package com.bdjb;
|
|
|
|
|
import java.io.FileOutputStream; |
|
|
|
|
import java.io.InputStream; |
|
|
|
|
import java.io.OutputStream; |
|
|
|
|
import java.net.InetAddress; |
|
|
|
|
import java.net.Socket; |
|
|
|
|
import java.net.ServerSocket; |
|
|
|
|
|
|
|
|
|
@ -54,7 +55,10 @@ class Exploit implements Runnable {
@@ -54,7 +55,10 @@ class Exploit implements Runnable {
|
|
|
|
|
Screen.println("[*] Enabling JIT..."); |
|
|
|
|
JIT jit = JIT.getInstance(); |
|
|
|
|
|
|
|
|
|
Screen.println("[*] Waiting for payload..."); |
|
|
|
|
Screen.println( |
|
|
|
|
"[*] Listening for payload on " |
|
|
|
|
+ InetAddress.getLocalHost().getHostAddress() |
|
|
|
|
+ ":1337..."); |
|
|
|
|
|
|
|
|
|
ServerSocket serverSocket = new ServerSocket(1337); |
|
|
|
|
Socket socket = serverSocket.accept(); |
|
|
|
|
@ -76,10 +80,9 @@ class Exploit implements Runnable {
@@ -76,10 +80,9 @@ class Exploit implements Runnable {
|
|
|
|
|
socket.close(); |
|
|
|
|
|
|
|
|
|
Screen.println("[*] Executing payload..."); |
|
|
|
|
long sceKernelDlsym = api.dlsym(API.LIBKERNEL_MODULE_HANDLE, "sceKernelDlsym"); |
|
|
|
|
long payload = jit.mapPayload("/OS/HDD/download0/mnt_ada/payload.bin"); |
|
|
|
|
int ret = (int) api.call(payload, sceKernelDlsym); |
|
|
|
|
Screen.println("[+] Result: " + Integer.toHexString(ret)); |
|
|
|
|
int ret = (int) api.call(payload, api.dlsym(API.LIBKERNEL_MODULE_HANDLE, "sceKernelDlsym")); |
|
|
|
|
Screen.println("[+] Result: " + ret); |
|
|
|
|
} catch (Exception e) { |
|
|
|
|
Screen.println("[-] Error: " + e.getCause()); |
|
|
|
|
} |
|
|
|
|
|
Andy Nguyen
1 year ago