WebKit ROP Chain Tutorials [Creation/Editing/Debugging] - PS3 Development

You can make a pdb and a blank file the size a pkg on the ps3 to use the bdu to download pkgs from a server.
I thought maybe that could be helpful for moving large pkgs from a computer using rop. I'm thinking if they wanted to someone could even make a tool to do this for all of the files in a folder.
 
Youtube-v3.03-[NPEB01229]-NoPSN.pkg

0x5D668
Original: 4B FF FE DD
Modified: 60 00 00 00

0HlF9qn.png



EDIT: I posted this on the wrong thread lol
 
Last edited:
esc0rtd3w said:
well, a MOVE is just a COPY+DELETE_SOURCE_FILE

there is no chain to do so yet, but could be easily added
Click to expand...

Thanks.

And why I can not copy download_list.xml, which is located in /dev_flash/vsh/resource/explore/xmb/download_list.xml and files d0.pdb, d1.pdb by the path dev_hdd0 / vsh / task / 00000002 /. They are copied to dev_usb000, but the file size is 0 bytes. Mounting dev_flash as dev_blind I did.
 
Yasich217 said:
Thanks.

And why I can not copy download_list.xml, which is located in /dev_flash/vsh/resource/explore/xmb/download_list.xml and files d0.pdb, d1.pdb by the path dev_hdd0 / vsh / task / 00000002 /. They are copied to dev_usb000, but the file size is 0 bytes. Mounting dev_flash as dev_blind I did.
Click to expand...

you need to set the right size
 
yes the Get Filesize Chain will report correct size for source

run new rw file chain and input that size and paths, should work
 
esc0rtd3w said:
yes the Get Filesize Chain will report correct size for source

run new rw file chain and input that size and paths, should work
Click to expand...

Does not work.
Does not work only with USB devices.
When moving file to hdd0, everything is fine and the file size is correct.
But when moving file to an external drive, the file size is 0 bytes and it has attributes - hidden, archive, read only.

You can send me the files that are in the folder /dev_hdd0/vsh/task/00000002/ ?

I need them to study the background download of packages on the official firmware version.

I also learned that if you decrypt ssl, https traffic when connecting to psn, then you make not modify these files (d0.dbd). Because if on the Sony site in the account to put some kind of game to download, then the console will receive these data when it is connected and create the task for downloading. And if you replace the Sony response for the console, you can put any file on the download without modifying the firmware files. And only change the response of the server.
 
And it seems to me that the latest version does not find offsets and does not allow executing the chain.
I downloaded from your repository with the latest changes.
 
@Yasich217 To add something to the background downloads you only need 1 pdb file and a file the same size and name as the fie your downloading. I've not messed with trying to write any rop for it. If I ever get time I'd like to play around with it more.
 
pink1 said:
@Yasich217 To add something to the background downloads you only need 1 pdb file and a file the same size and name as the fie your downloading. I've not messed with trying to write any rop for it. If I ever get time I'd like to play around with it more.
Click to expand...

I will review the psn server responses to replace the response and specify my data to download the file.
 
Yasich217 said:
I will review the psn server responses to replace the response and specify my data to download the file.
Click to expand...

That might be interesting research, but I'm not sure if that method is much use for users on OFW, as we can redirect to our own pkgs now by using XML code like this:
Code: 
<View id="download_package_main">
 <Attributes>
 <Table key="download_package">
 <Pair key="info"><String>net_package_install</String></Pair>
 <Pair key="pkg_src"><String>http://www.path_to_pkg_here.pkg</String></Pair>
 <Pair key="pkg_src_qa"><String>http://www.path_to_pkg_here.pkg</String></Pair>
 <Pair key="content_name"><String>pkg_install_pc</String></Pair>
 <Pair key="content_id"><String>UP0100-CONTENTID_00-0000000000000000</String></Pair>
 <Pair key="prod_pict_path"><String>/dev_flash/vsh/resource/explore/icon/fah-xmb.png</String></Pair>
 </Table>
 </Attributes>
 <Items>
 <Item class="type:x-xmb/xmlnpsignup" key="download_package" attr="download_package"/>
 </Items>
 </View>

The fact that the pdb method requires a blank file, the same size as the file you want to download, makes it a little bit hard to use in a practical way. The only advantage to exploiting the pdb method would be that it enables background download
 
DeViL303 said:
That might be interesting research, but I'm not sure if that method is much use for users on OFW, as we can redirect to our own pkgs now by using XML code like this:
Code: 
<View id="download_package_main">
 <Attributes>
 <Table key="download_package">
 <Pair key="info"><String>net_package_install</String></Pair>
 <Pair key="pkg_src"><String>http://www.path_to_pkg_here.pkg</String></Pair>
 <Pair key="pkg_src_qa"><String>http://www.path_to_pkg_here.pkg</String></Pair>
 <Pair key="content_name"><String>pkg_install_pc</String></Pair>
 <Pair key="content_id"><String>UP0100-CONTENTID_00-0000000000000000</String></Pair>
 <Pair key="prod_pict_path"><String>/dev_flash/vsh/resource/explore/icon/fah-xmb.png</String></Pair>
 </Table>
 </Attributes>
 <Items>
 <Item class="type:x-xmb/xmlnpsignup" key="download_package" attr="download_package"/>
 </Items>
 </View>

The fact that the pdb method requires a blank file, the same size as the file you want to download, makes it a little bit hard to use in a practical way. The only advantage to exploiting the pdb method would be that it enables background download
Click to expand...

Thank you. I am already familiar with this method.
This is the problem that there is no background downloads. I want to realize it.
 
You must log in or register to reply here.

Similar threads

Back
Top