mirror of
https://github.com/ChendoChap/pOOBs4
synced 2024-11-15 21:45:04 -05:00
Add some clarification on usage (#1)
* Update README.md * Update README.md
This commit is contained in:
parent
ac6de328b4
commit
0f97232d25
13
README.md
13
README.md
@ -13,11 +13,22 @@ The following patches are applied to the kernel:
|
|||||||
5) Allow unprivileged users to call `setuid(0)` successfully. Works as a status check, doubles as a privilege escalation.
|
5) Allow unprivileged users to call `setuid(0)` successfully. Works as a status check, doubles as a privilege escalation.
|
||||||
6) (`sys_dynlib_load_prx`) patch
|
6) (`sys_dynlib_load_prx`) patch
|
||||||
7) Disable delayed panics from sysVeri
|
7) Disable delayed panics from sysVeri
|
||||||
|
|
||||||
|
## Short how-to
|
||||||
|
This exploit is unlike previous ones where they were based purely in software. Triggering the vulnerability requires plugging in a specially formatted USB device at just the right time. In the repository you'll find a .img file. You can write this .img to a USB using something like Win32DiskImager.
|
||||||
|
|
||||||
|
![](https://i.imgur.com/qpiVQGo.png)
|
||||||
|
|
||||||
|
When running the exploit on the PS4, wait until it reaches an alert with "Insert USB now. do not close the dialog until notification pops, remove usb after closing it.". As the dialog states, insert the USB, and wait until the "disk format not supported" notification appears, then close out of the alert with "OK".
|
||||||
|
|
||||||
|
It may take a minute for the exploit to run, and the spinning animation on the page might freeze - this is fine, let it continue until an error shows or it succeeds and displays "Awaiting payload".
|
||||||
|
|
||||||
## Notes
|
## Notes
|
||||||
- You need to insert the USB when the alert pops up, then let it sit there for a bit until the ps4 storage notifications shows up.
|
- You need to insert the USB when the alert pops up, then let it sit there for a bit until the ps4 storage notifications shows up.
|
||||||
- Unplug the USB before a (re)boot cycle or you'll risk corrupting the kernel heap at boot.
|
- Unplug the USB before a (re)boot cycle or you'll risk corrupting the kernel heap at boot.
|
||||||
- The browser might tempt you into closing the page prematurely, don't.
|
- The browser might tempt you into closing the page prematurely, don't.
|
||||||
- The loading circle might freeze while the webkit exploit is triggering, this means nothing.
|
- The loading circle might freeze while the webkit exploit is triggering, this means nothing.
|
||||||
|
- This bug works on certain PS5 firmwares, however there's no known strategy for exploiting it at the moment. Using this bug against the PS5 blind wouldn't be advised.
|
||||||
|
|
||||||
## Contributors
|
## Contributors
|
||||||
|
|
||||||
@ -27,4 +38,4 @@ The following patches are applied to the kernel:
|
|||||||
|
|
||||||
## Special Thanks
|
## Special Thanks
|
||||||
- [Andy Nguyen](https://twitter.com/theflow0)
|
- [Andy Nguyen](https://twitter.com/theflow0)
|
||||||
- [sleirsgoevy](https://twitter.com/sleirsgoevy) - [9.00 Webkit exploit](https://gist.github.com/sleirsgoevy/6beca32893909095f4bba1ce29167992)
|
- [sleirsgoevy](https://twitter.com/sleirsgoevy) - [9.00 Webkit exploit](https://gist.github.com/sleirsgoevy/6beca32893909095f4bba1ce29167992)
|
||||||
|
Loading…
Reference in New Issue
Block a user