WebKit ROP Chain Tutorials [Creation/Editing/Debugging] - PS3 Development

[Strong]

ErikPshat если указать неправильный размер, файл будет передан, но его размер будет таким как его написали, тоесть если написали 10190 будет 10190, а если написали 10140 будет 10140 хотя реальный размер 10190.

И конечно игра не запустится т.к. если размер указан неверно то переданный LIC.EDAT будет поврежден.

 

[myname_is_myname]

if u dont want to use miniServer , just go here : codingformations.altervista . org just hosts latest version of exploit

 

[ErikPshat]

ErikPshat если указать неправильный размер, файл будет передан, но его размер будет таким как его написали, тоесть если написали 10190 будет 10190, а если написали 10140 будет 10140 хотя реальный размер 10190.

Yes, I also think that the file is transmitted with the size that you specified. If you specify a smaller size, then the file is sent in a truncated form. And if you specify a larger size, then the file probably gets extra zeros, or does not achieve it.

I asked to check this, that is, to transfer the file with intentionally large specified size, then make a dump, extract all the resources from the dump and check in the hex, how the file was transferred, with what size and what was added to it in the end.
Have you verified this?

 

[Strong]

ErikPshat указал размер файла больше реального, файл передался с таким размером какой указал, посмотрел в хексе забит в конце нулями.

 

[SurvivalInstinct]

You guys are rock. Thank you for this

 

[sandungas]

указал размер файла больше реального, файл передался с таким размером какой указал, посмотрел в хексе забит в конце нулями.

Please write in english in the forum, the other people wants to read your messages too

 

[ErikPshat]

if u dont want to use miniServer , just go here : codingformations.altervista . org just hosts latest version of exploit

Yes, the person checked and assures that the file is transmitted with the specified size. Even if the size is specified more than the file itself has, then the file in the end is zeroed. And it does not matter if you specified a decimal in the form 65936 or in hexadecimal 0x10190, and you do not need to specify zeros from the front. The browser perfectly distinguishes and converts the decimal input from hexadecimal and correctly converts it. Therefore, those who are not entirely familiar with hex values can freely enter decimal digits, that is, without specifying '0x', as belonging to a hexadecimal value. I hope you understand what I mean. And here is a screenshot of the confirmation of how the file is passed when you specify a larger value, where the file reaches zeros at the end.

 

[humanshield85]

Hello
I wanna ask
Is the file writer limited to only one file because you can't sent two files one after the other via ROP chains ,or is it just because there is no way to specify two files (I mean on the exploit page tutorial page) ? (Excuse my ignorance here the only way I know how to copy files is through an inputStream,outputStream and a buffer xD all this ROP is like Chinese to me )
Just to know the limitations that's all I might have some ideas for folder copy and batch copy
Ty

Edit :
Just a side note ,just wanted to say that I made the French translation and you gave credit to someone else ,not blaming or complaining just wanted to remind you that's all and again thank you for all the hard work

 

[esc0rtd3w]

watch the videos

i appreciate the translation

hmmm...ill fix the credits lol

EDIT: this is why he is in credits

EDIT #2: repo updated

 

[humanshield85]

watch the videos

i appreciate the translation

hmmm...ill fix the credits lol

EDIT: this is why he is in credits

EDIT #2: repo updated

fair enough ,I will watch intensively been waiting for a new upload :p
and thank you for the repo update and the hard work

 

[esc0rtd3w]

hopefully in the next day or two i can get one done

 

[SurvivalInstinct]

Which buttons restricted for super slim NOR models for example which one is flash write button in xploit page so i will be stay away that button/buttons

 

[superhoe13]

Dudes, after my last message, i read and tried all yours advices, i did several tests on my cech 4004A. FINALLY WORKKKKKK!!!!!!!!!!!!! ( tested on call of duty iii , i will try many others, but i think i cant speak here about xD ). The trick is set the EXACTLY size of LIC.EDAT . Tested on newer ps3xploit 0.1.6 Thanks for all your work, i love you guys, i really love you.

8001003E or 80010006 are both about wrong size of LIC.EDAT

 

[junaid]

When will we be able write in the directory?

 

[esc0rtd3w]

Which buttons restricted for super slim NOR models for example which one is flash write button in xploit page so i will be stay away that button/buttons

Using the Official Releases for Dumpers and NOR/NAND Writers, the Superslim IS NOT COMPATIBLE WITH WRITERS and only dumpers.

for the WebKit ROP Tutorial files, ALL models are compatible. there are no restrictions on model, there is also no DIRECT FLASH WRITE support, only mounting with write protection on/off that could lead to an FW reinstall if bad files are used or bad copying takes place.

again, USE AT YOUR OWN RISK!!

When will we be able write in the directory?

when you or someone else finds a way to do it before we do!

 

[bguerville]

When will we be able write in the directory?

It's likely it will not happen as long homebrew execution isn't obtained, which for the moment still means exploiting the lv2 kernel.
The standard c library & sys_fs syscalls do not allow copying a whole folder tree without coding a recursive looping mechanism to deal with each folder/file entry including validation checks. Far too complex to recreate in ROP without spending a huge amount of time putting it together & even then...
It means that in practice the only way to do this in ROP would be to find a gadget that contains such a loop in vsh or in a module. But it may not even exist...

 

[wasif ullah]

tested on 3ka model firmware 4.80 everything else works ok read write test fails

 

[hexcsl]

Hi, guys.
Can you add the sys_fs_readdir chain? I understand that probably for CFW and DEX it is not so important, but for OFW to look at the file listing there is no other possibility (except backup).

P.S. Many thanks for the excellent work done! We are looking forward to new news and releases

 

[esc0rtd3w]

@hexcsl this is already in the Read/Write Directory Test chain.

if you look at the source, it already does a sys_fs_opendir and sys_fs_readdir from source directory and gets handle. the chain is broken because after open and read, there is no mechanism yet to write into destination.

as stated before, an export or sub is needed in VSH or another module to accomplish this in a realistic and timely fashion using ROP techniques! ....or wait for homebrew

 

[happydance]

With the recent development on Ps3Xploit and saying it can do PS3 Backups, but requires a Game Update. Just wondering if we could backup our own retail game disc to a USB device using PETT?