You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently, this is only a partial support in the hope that together we can complete it.
I have commented everything that is missing with a todo next to it.
There is still 82 todos as of writing this excluding PS5 case.
There is still 31 todos as of writing this execluding PS5 case.
PS4 V1150:m_wrapper = 0x58 (8 bytes after m_clients at 0x50). Rest of V1150 offsets look correct.
PS5 exploit:sizeof = 0xc0, m_wrapper = 0x68, m_status = 0x7a (not 0xc8/0x70/0x8a). FeatureSettings changed from raw struct to Vector between WK-800 and WK-1200, shifting everything by 8 bytes.
ROP gadgets: Byte patterns — POP R10: 41 5A C3, POP R11: 41 5B C3, PUSH RAX;PUSH RBP: 50 55 C3. Find them with ROPgadget --binary libSceNKWebKit.sprx. Shortcut: measure delta between known gadgets on nearby FW, apply to missing ones.
PS4 V1150:m_wrapper = 0x58 (8 bytes after m_clients at 0x50). Rest of V1150 offsets look correct.
PS5 exploit:sizeof = 0xc0, m_wrapper = 0x68, m_status = 0x7a (not 0xc8/0x70/0x8a). FeatureSettings changed from raw struct to Vector between WK-800 and WK-1200, shifting everything by 8 bytes.
ROP gadgets: Byte patterns — POP R10: 41 5A C3, POP R11: 41 5B C3, PUSH RAX;PUSH RBP: 50 55 C3. Find them with ROPgadget --binary libSceNKWebKit.sprx. Shortcut: measure delta between known gadgets on nearby FW, apply to missing ones.
I know those from 11.50 are wrong, eitherway ufm42 has them so making a commit for that is kinda useless
you can pr and i can merge
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Currently, this is only a partial support in the hope that together we can complete it.
I have commented everything that is missing with a
todonext to it.There is still 82todos as of writing this excluding PS5 case.There is still 31
todos as of writing this execluding PS5 case.What's missing: