Jump to content


  • Contenido

  • Ingreso

  • Última visita

Reputación comunidad

0 Neutral

Acerca de Dekuwa

  • Cumpleaños 24 Noviembre

Visitantes recientes al perfil

El bloque de visitantes reciente está desactivado y no se está mostrando a otros usuarios.

  1. Dekuwa


    Version 1.0b

    1 descarga

    Aplicación para Windows que nos permite desencriptar el contenido de los archivos NUS.
  2. Dekuwa


    Version 0.2

    1 descarga

    region free loader for 3DS/3DSXL/2DS on firmware versions 4.0 to 9.5.0-22 this also allows you to bypass mandatory gamecard firmware updates loads games from other regions and runs them in YOUR language if possible ! How to use Download Launcher.dat from the repo (or compile it yourself). Copy Launcher.dat to the root of your SD card Insert the game you want to run into your 3DS and power it up Open the "Download Play" application Hit the home menu button, but do not exit the Download Play application (keep it running in the background) Open the Web Browser applet Go to Gateway's exploit page (not linking directly to it here because not a fan of their whole piracy thing they've got going) Wait a few seconds; screen should turn black and after a bit your game should boot up ! FAQ Does this work on the latest firmware version ? Yes, 9.4 is supported. Does this let me run homebrew and/or roms ? No, it just lets you run legit physical games from other regions. Do I need to connect to the internet every time I want to use this ? Yes. Do I need a flashcart/game/hardware for this ? No. Will this work on my New 3DS ? No, at the moment this only works on 3DS, 3DS XL and 2DS models. Will it ever work on the New 3DS ? Maybe. I don't plan on working on it, like, ever, but the code is out there now so... Will this break or brick my 3DS ? No. There's virtually 0 chance of that happening, all this runs is run of the mill usermode code, nothing dangerous. Nothing unusual is written to your NAND, nothing permanent is done. With that in mind, use at your own risk, I won't take responsibility if something weird does happen. Do you take donations ? No, I do not. How does it work ? See below. Technical stuff Basically we use GW's entrypoint to get ROP (not code execution, either userland or kernel) under spider (that's what the browser applet is called). From there, we use the GPU DMA vuln to take over the download play application (this is done by overwriting the GSP interrupt handler funcptr table). The download play application has access to the ns:s service (spider does not), and we use that service to launch our out-of-region game. Credits All original ROP and code on this repo written by smea ns:s region free booting trick found by yellows8 Neatly packaged spider exploit by Gateway Bond697, sm, yifanlu for working on the GW payload so I wouldn't have to. Myria for helping with testing. sbJFn5r for porting the ROP to 4.x firmware versions by Smea.
  3. Dekuwa


    Version 0.3.4

    1 descarga

    A native homebrew platform for PS Vita. The tools that will be released through the next couple of weeks will allow developers (not in contract with Sony) to develop and test games, apps, and more on the PS Vita. These unofficial software can run on any PS Vita handheld device without approval by Sony. These tools cannot enable pirated or backup games to run (I’m not just saying this… the exploits used does not have enough privilege to enable such tasks). Rejuvenate requires PlayStation Mobile Development Assistant to be installed on your Vita! Sony will remove this from PSN soon, so if you wish to ever run homebrew apps on your PS Vita, you must download this app now! Rejuvenate is composed of three main tools which together provides a platform for developers to write Vita homebrew. UVLoader allows executables to be loaded on the PS Vita. The original version was written three years ago for firmware version 1.80. Since then, Sony has taken the source code and made loading code much, much, harder. However, there is no barrier that cannot be bypassed! The latest version includes support for SCE ELF relocations, NID poison antidote, and more. It can run homebrews on Vitas up to firmware 3.51 (at time of writing) VitaDefiler is a RPC (remote procedure call) system for Vita userland. Main features includes live peek/poke of userspace memory, execution of arbitrary ARM code, and a scripting interface for quickly running tasks. Originally developed for finding exploits, this tool can also be used by homebrew developers to test and debug their apps. VitaDefiler also serves as the ASLR (address-space-layout-randomization, a technique used by Sony to discourage exploitation) bypass for UVLoader. PSM+ is what I call the method I found to bypass the two kill-switches Sony placed into PSM to prevent this very scenario. First, app-keys which are issued by Sony to developers to sign PSM content are required for the exploit to run. These keys usually expire every three months, and Sony can refuse to issue them later. This can be bypassed. Second, every day, PSM phones home to see if it is revoked. If Sony decides to kill the Dev Assistant (and they will), it will refuse to run even if you have it installed. This can also be bypassed. These tools, along with the open SDK (currently in development) will allow for developers to write Vita homebrew. The demonstration video above shows UVLoader running as a VitaDefiler script (which supplies information for ASLR bypass). The spinning-cube demo was coded up by me, linked together by hand (as the open SDK is currently incomplete), and launched with UVLoader. It is running natively with direct access to the GPU API calls (not within the PSM sandbox). Limitations So what’s the catch? The good news is you don’t have to buy any obscure or expensive game (everything is free!). The bad news is that launching homebrews is not as simple as copying some files over. Hopefully, most of these limitations can be bypassed in a later release, but at this point, the following side effects will apply USB connection is required each time you wish to launch a homebrew. The exploit requires a PC to run, so this is unfortunately a requirement. This also means that the VitaTV is not supported. Windows PC is required. Blame Sony for never porting PSM tools to other operating systems. Network is required once each day you decide to run homebrew. This is because PSM has to phone home every day. Although we have a means of bypassing the revoke, we currently cannot bypass the phone-home. Firmware 3.00+ recommended. Although technically the exploit works on 1.69+, the latest version of the tools have only been tested (and will only support) 3.00+. If there is enough interest, I can port it to lower firmware versions, but it will be very low priority. FAQ I don’t want to bother with [insert limitation from above], should I still download PSM Developer Assistant? Yes, if you ever want to run homebrew at some point. PSM DevAssistant is the only application on the PS Vita that has the required permissions to run arbitrary code in memory. WebKit exploits does not allow for this. Any game exploit does not allow for this. Any system application exploit does not allow for this. PSM DevAssistant is the only application allowed to execute code other than the kernel (operating system), which nobody is even close to hacking. In other words, expect at least a dozen more exploits of PSM DevAssistant (each of which may require less hassle to use) before someone finds a kernel exploit. Can I run backups/ISOs/copied games for Vita? For PSP? For PSOne? No. Stop acting all high any mighty with your anti-piracy stance. Inability to decrypt/dump/execute official software and games is not something I decided to include by choice (however, I am glad it’s there). The exploits that are used physically does not give permissions for this. Sony did a really good job with security in depth, no application has more privileges than necessary. PSM DevAssistant would never be used officially to decrypt, dump, or execute signed games so it cannot do so even when exploited. What kind of homebrews will we see? Is it any better than PSP homebrew? This depends on how many developers are willing to invest time in writing homebrew for the Vita. I’m as hopeful as you are. In terms of pure statistics, the PSP-3000 has 64MB of shared memory, 333MHz CPU, and 166MHz GPU. The Vita has 512MB of main memory and 128MB of dedicated video RAM. It has four cores of CPU running at around ~1GHz and four cores of GPU running at around ~200MHz. In addition, the Vita also has the entire PSP hardware inside its silicon. The exploit used also allow for developers to use dynamic-recompilation features for speeding up emulators. Can I install Android, custom themes, cheats, or plugins? No, this exploit does not give kernel or bootloader level of access. It cannot access the filesystem (unsandboxed), modify system files, or access other process’ memory.
  4. Dekuwa


    Version 2.9 alpha

    1 descarga

    ninjhax 2.9 alpha is a piece of software that allows you to run unsigned code on your 3DS. In practice, this means being able to run homebrew applications such as games, tools and emulators! Additionally, ninjhax 2.0 allows you to run many out-of-region gamecards, as well as use custom themes on your console. What's pretty awesome is that this runs on firmware version 11.6, the latest one. Please note that this is a beta and therefore there are bugs that are still being ironed out. Mainly, this build of ninjhax 2.0 does not support sleep mode, so do not close your system while running homebrew or you will be forced to reboot it. Closing your system while running an out-of-region game is totally ok though. What do I need to use ninjhax ? You need exactly three things to run unsigned code on your console : A 3DS, 3DS XL or 2DS console with a firmware version between 9.0.0-X and 11.6.0-X. X can be any number. An SD card compatible with your 3DS (the one it comes with will of course do). A copy of the game CUBIC NINJA, either from retail or eShop (retail is available in US, EU and JPN; eshop was JPN-only) . How do I run ninjhax ? Go to the get ninjhax section of this page and enter your console's firmware version. Submit the form; you should get your very own ninjhax QR code. Download the homebrew starter kit and extract it at the root of your SD card. Alternatively, you may choose to only download The Homebrew Launcher menu executable and place it at the root of your SD card. No matter what, after this step, you should have a file named boot.3dsx placed at the root of your SD card. Make sure your 3DS's wifi connection is enabled and connected to the internet (this is important!). Start CUBIC NINJA on your console, choose "Create", then "QR code", and finally "Scan QR code". Scan the QR Code. This step might take a couple tries; make sure you fill up as much of your 3DS's screen with the QR code. If scanning the QR code returns to menu with an error, try a few more times. Follow the on screen instructions. You may choose not to install the exploit to your gamecard's savedata, though doing so is not recommended. OPTIONAL - once the ninjhax is installed to your gamecard, just go back to the "QR code" menu and it'll run automatically! OPTIONAL - you can now run homebrew apps on your 3DS! Simply drag and drop application folders into the "3ds/" directory that was created on your SD card by ninjhax.
  5. Dekuwa

    The Homebrew Launcher 3DS Starter


    1 descarga

    Homebrew is what we call unofficial software made by amateur developers for closed systems such as the 3DS. This includes both games and applications, and in practice getting homebrew on your 3DS means you'll be able to : Play out-of-region games you own. Make your own themes to use in home menu. Play homebrew games & apps Preparing your SD card In order for homebrew to run on your system, you will need to place a few files on your SD card : boot.3dsx : this file should be placed at the root of your SD card. It's what ninjhax/ironhax/tubehax will run first ! Usually, this is the Homebrew Launcher. 3ds/ : this folder will contain all the homebrew applications you want to install to your system. You can either place 3DSX files directly inside of that folder, or create an individual folder for each application you install. To make things easier, we put together the homebrew starter kit; you can just download it and extract it at the root of your SD card. Alternatively, you may choose to only download The Homebrew Launcher menu executable and place it at the root of your SD card. No matter what, you should have a file named boot.3dsx placed at the root of your SD card.
  6. Dekuwa



    1 descarga

    A multiplatform Game Boy emulator written in C; currently available for: Windows, OS X, Linux based OSes, Nintendo DS, Nintendo 3DS, Nintendo GameCube, Sony PSP, and Sony PS4. Progress CPU: All instructions are implemented, GPU: Can display tile maps, and sprites. Palette swapping is not implemented yet, so some colours may be displayed incorrectly. Memory: Support for 32KB ROMs, without mappers, only (Tetris and Dr. Mario), Input: Supported, Sound: None, Games: Tetris is most likely the only playable game, The DS version does not run full speed, and the Linux port does not yet support input. Building Just run make on the directory to build all binaries. You can also run make windows for just Windows, make ds for just DS, make gamecube for just GameCube, make 3ds for just 3DS, make linux for just Linux, make psp for just PSP, or make ps4 for just PS4. Building the Windows version requires LDFS, and has been tested with MinGW, using another compiler may require some tweaking. Building the DS version requires devkitARM and libnds, from devkitPro. Building the GameCube version requires devkitPPC and libogc, from devkitPro. Building the 3DS version requires devkitARM and ctrulib from devkitPro. Building the Linux version requires X11, and the OpenGL development files. It has been tested with Ubuntu. Building the PSP version requires the Minimalist PSP SDK. Building the PS4 version requires PS4-SDK. Building and running the OS X version requires XQuartz. Usage For Windows, OS X, and Linux, pass the ROM you would like to run as the first argument. You can do this by either dragging the ROM onto Cinoop, or starting it from the command line: cinoop tetris.gb To view the full debug log, you will need to redirect stdout to a file, like so: cinoop tetris.gb 1>debug.txt For PS4, the ROM is read from a USB flash drive as a raw image. Use Win32 Disk Imager or dd to write it for example. For other versions, the ROM name is hard coded as tetris.gb. Windows Controls B: Z A: X Start: Enter Select: Backspace DPad: Arrow keys Debug: Space Reset (not finished yet): * Quit: Escape DS Controls B: B A: A Start: Start Select: Select DPad: DPad GameCube Controls B: B A: A Start: Start Select: Z DPad: DPad 3DS Controls B: B A: A Start: Start Select: Select DPad: DPad or Circle Pad Linux Controls (not supported) OS X Controls (not supported) PSP Controls B: Square A: Cross Start: Start Select: Select DPad: DPad PS4 Controls Use a DS as a wireless controller
  7. Dekuwa


    Version 1.1.3

    1 descarga

    Uwizard is an all-in-one Wii U PC program. Instructions: To import a system key, open the settings tab, and enter the key in the text box, or click "Import" and select a .bin or.txt file that contains the key. The open a WUD (Wii U disc image), open the WUD Manager tab, then click "Open Wii U Game Backup", then select your WUD file. Uwizard will automatically download covers from http://www.gametdb.com/WiiU/List You may also extract the contents of the game using Crediar's DiscU by clicking the "Extract Game Files" button. To do this, you must enter the disc title key. Because of legal reasons, the keys are not included with Uwizard, but SHA-1 hashes are included for most games to help verify your keys. To download a title from NUS, open the NUS Downloader U tab, then either type in the 16-character title ID, or choose a title from the list. The title version is optional. You may also decrypt and extract the contents of the title using Crediar's CDecrypt by checking the "Decrypt Contents" check box. Use the "Add Title" button to add the currently entered title ID and version to the list. Use the "Delete Title" button to delete the selected item from the list. Use the "Clear List" button to remove all titles from the list. This includes titles that came pre-entered with Uwizard. To decode a BFSTM Wii U sound stream to a WAV audio file, open the BFSTM Decoder tab, then click "Convert a BFSTM to a WAV", then select the input BFSTM and the output WAV. You may also display all BFSTM and WAV files within a folder in the list on the left by clicking "Select Folder". In the settings tab, the "Check for Updates" button makes updating to the latest game list and Uwizard versions easy. ChangeLog: v1.1.3 German language added. Spanish language added. Minor bug fixes. v1.1.2 BFWAV decoder added. MP3 compiler added. v1.1.1 SZS and SARC archive management added. BFSTM multi-select and optional channel separation added. Command line interface added. More NUS titles added to the easy-access list. Multiple languages added. Minor bug fixes. v1.1.0 NUS Downloader U added. BFSTM decoder added. List selection of Wii U games added. Minor bug fixes. v1.0.1 Option to hide keys added. Minor bug fixes. v1.0.0 Program Creation Credits: Mr. Mysterio - Programmer of Uwizard Crediar - Programmer of DiscU and CDecrypt MasterF0x - Distributor of BFSTM Decoder GameTDB - Game Covers VinsCool, capito27, Phanteon, send0r - Translation
  8. Dekuwa

    Loadiine GX2

    Version vd46e455

    1 descarga

    Loadiine is a WiiU homebrew. It launches WiiU game backups from SD card. Its Graphical User Interface is based on the WiiU GX2 graphics engine. Credits Dimok Cyan Maschell n1ghty dibas The anonymous graphics dude (he knows who is ment) and several more contributers
  9. Dekuwa


    Version 4.0

    1 descarga

    RPX/RPL and File Replacement Tool. - 1......Requirements - 2......How to Use - 3......Preparing the SD Card /******************************************************************************/ /* Requirements */ /******************************************************************************/ Wii U FW 5.3.2 SD(HC) Card Super Smash Bros for Wii U (Disc or EShop version) - optional but may be needed for some games /******************************************************************************/ /* How to Use */ /******************************************************************************/ - 1. Setup your SD Card (see below) - 2. In the Internet Browser, launch the included kernel exploit (www/kexploit) (You need a modified kernel exploit that sets 0xA0000000 virtual memory range to 0x10000000 physical memory address) - 3. Relaunch the Internet Browser - 4. Insert your SD Card into the Wii U, if it's not already done. - 5. Launch loadiine (www/loadiine) - Press A to install loadiine or - Press X to install loadiine with server enabled (use it for debug purpose, the server must be running before pressing X). - 6. The loadiine menu should open. Now, Select your App/Game using the D-Pad. - Press A to use Smash Bros mode and launch directly the disk - Note : auto-launch does not work for everyone, launch manually Smash Bros instead - Note : if you are using Smash Bros EShop version, press Y instead, it returns to Home Menu, then launch Smash Bros. or - Press X to use Mii Maker mode (Smash Bros disk is not needed) - The game should start - 7. Enjoy - Note: When exiting the Game/Application, you must relaunch the Mii Maker and select the game again. If you don't, launching Super Smash Bros will result in a crash. /******************************************************************************/ /* Preparing the SD Card / How to add a Game or Application */ /******************************************************************************/ Note: You may add multiple Games/Applications, but ALL STEPS are REQUIRED ------------------------------------------------------------------------------- Setting Up RPX/RPL and Data Files 1. Create a folder named "wiiu" in the root of the SD Card. - ex : SDCARD/wiiu 2. In "wiiu", create another folder named "games" - ex : SDCARD/wiiu/games 3. In "games", create a new folder with the name of your app - ex : SDCARD/wiiu/games/MyApplication/ 4. Copy the "code" folder of your app/game inside your application folder (with rpx, rpl and xml files) - ex : SDCARD/wiiu/games/MyApplicatin/code/my_application.rpx - ex : SDCARD/wiiu/games/MyApplicatin/code/my_application_library.rpl - ex : SDCARD/wiiu/games/MyApplicatin/code/app.xml - ex : SDCARD/wiiu/games/MyApplicatin/code/cos.xml - note : if you don't have the xml files, loadiine will try to use default values instead 5. Copy the "content" folder of your app/game inside your application folder - ex : SDCARD/wiiu/games/MyApplication/content/... - ex : H:/MyApplication/vol/content/data.bin -> SDCARD/wiiu/games/MyApplication/content/data.bin - ex : H:/MyApplication/vol/content/datab/datab.bin -> SDCARD/wiiu/games/MyApplication/content/datab/datab.bin Note : Do not rename RPX and RPL files ------------------------------------------------------------------------------- Summary Your file structure should look like this if the above information was used : - SDCARD/wiiu/games/MyApplication/code/my_application.rpx - SDCARD/wiiu/games/MyApplication/code/*.rpl [only if application contains .rpl files] - SDCARD/wiiu/games/MyApplication/code/app.xml - SDCARD/wiiu/games/MyApplication/code/cos.xml - SDCARD/wiiu/games/MyApplication/content/[content files/folders] /******************************************************************************/ /* Limitations : */ /******************************************************************************/ - The total size of each RPX and RPL files must be less than 65.7 MB (tested up to 47.3 MB) - Don't go in the wiiu settings it breaks everything /******************************************************************************/ /* Notes : */ /******************************************************************************/ - If you have problems with saves, try delete your Smash Bros saves. /******************************************************************************/ /* Special thanks : */ /******************************************************************************/ - To everyone involved in libwiiu and webkit/kernel exploit ! - To the testers ! Feel free to modify and improve this software. Golden45. Dimok.
  10. Dekuwa


    Version 3.0

    1 descarga

    An exploit toolkit for the Nintendo Switch. Installation Install the latest version of node from nodejs.org Clone this repository Run npm install Usage Ensure port 53, 80, and 8100 are open on the computer running PegaSwitch. Start PegaSwitch with sudo node start.js If on 1.0.0 or you are using the Fake News entrypoint, you will need to run sudo node start.js --webapplet instead. Configure your Switch DNS settings to point to the IP of your computer. Run a connection test to trigger the Captive Portal. (Likewise, going into an update page will do the same.) If on 1.0.0, use a JPN copy of Puyo Puyo Tetris to launch the webapplet instead. It should no longer be necessary to run usefulscripts/SetupNew.js, since PegaSwitch will now do it automatically. Documentation API documentation for SploitCore is automatically generated using jsdoc comments. You can find the latest version of documentation hosted here To view locally: npm run docs:serve then visit http://localhost:4001 To generate to docs folder: npm run docs:generate Troubleshooting DNS responds with incorrect IP address You can override the IP address that pegaswitch responds with by passing an --ip argument to the node start.jscommand. eg. sudo node start.js --ip Windows support Pegaswitch should function on Windows, albeit with the curses ui disabled. If --logfile is not specified, pegaswitch.log is used. You may open it with the text editor of your choice. ex: C:\pegaswitch\> node start.js --logfile log.txt If you encounter problems using pegaswitch on Windows, we suggest installing through WSL. License ISC. See attached LICENSE.md file.
  11. Dekuwa

    PS3 OFW 4.82 NAND/NOR Flash Writter

    Version 2.0

    1 descarga

    WARNING: USE ONLY THE PROVIDED flash_482.hex AS IS. DON'T PATCH IT OR MODIFY IT OR YOU WILL BRICK ***** Verify flash_482.hex file on a flash drive and in the selected USB slot! flash_482.hex MD5: d05be52f8d21700052fbd1fc0174acae DO NOT USE ON CFW (Custom Firmware) (Only Supports OFW) DO NOT USE ON PS3 Models 3xxx/4xxx (aka late Slim or Superslim models), you would brick those consoles. ON SLIM 2xxx Consoles, always use MinVerChck PUP to ensure that the minimum installable firmware version is < 3.60, if ever the minimum version is >3.56, using the flash writer would partially brick your console! USE ONLY ON 4.82 OFW IMPORTANT NOTES: It's essential not to flood the browser memory with junk before running the exploit. The reason for this is that due to ps3 javascript core memory usage limitations we are scanning several times a small range of browser memory (a few Mb) to find some essential data in RAM, if the memory is flooded due to previous browsing then the range to scan becomes much larger & the probabilities that our data is found in the smaller range decrease dramatically.. So in short, never use the browser or use a homepage you cancel before running the exploit! It is recommended to set your homepage temporarily to the exploit page you wish to use to ensure there is no memory flooding messing with the exploit initialization stage. Steps: For best results with flash writer, here are the recommended steps. Install OFW 4.82 twice on the console you wish to flash to avoid the potential corruption error during CFW installation. Open the browser & browse to the ps3xploit.com website, go to the page of the exploit you need. Set the current page as browser homepage. Don't launch the exploit initialization. Close the browser. Open the browser. The exploit page will load automatically. Choose your path option. Press the exploit initialization button & wait until initialization succeeds. If it fails, follow the refresh/reload instructions on screen. Trigger the exploit by pressing the patch button. On success, load the ps3xploit.com flash dumper, dump the flash memory & validate it with py checker tool. Do NOT restart the console if ever the validation tool gives you errors/warnings on both ros0 & ros1 or you risk to partially brick your console. Report your problem instead. When you are satisfied with the dump validation, restart your console & install a 4.82 CFW.
  12. Dekuwa

    Wii NAND Dumper

    Version v1

    1 descarga

    REQUERIMENTS: SD Gecko A way to load homebrew HOW TO USE: Insert the SD Gecko in Slot A. Insert a SD card with at least 512 MB of free space. Run the application and wait until it finishes. NOTES: The dumped NAND is encrypted. To decrypt it is needed the console's NAND key (do not ask me about how to get it). KUDOS: Greetings to #wiidev @ EFnet and ElOtroLado.net. by Waninkoko.
  13. Dekuwa

    PS3 4.xx NAND/NOR/EMMC Flash Dumper

    Version 2.0

    1 descarga

    Supports Full NOR Flash memory dumping on all models PS3 consoles using NOR. It's essential not to flood the browser memory with junk before running the exploit. The reason for this is that due to javascript core memory usage limitations we are scanning several times a small range of browser memory (a few Mb) to find some essential data in RAM, if the memory is flooded then the range to scan becomes much larger & the probabilities that our data is found in the smaller range decrease dramatically.... So in short, never use the browser or set a homepage you cancel before running the exploit! If you need to, set the homepage to 'blank', close the browser then reopen it to start the flash dumper Usage Tips: Try using a LAN connection or a solid WiFi connection during exploitation. A weak signal can cause problems. If the exploit takes more than 5 minutes to work, reload page, browser, or restart console and try again. If you are using a LAN connection and experience network issues, make sure all cables to router are in working order. Steps: Setup a small Web server on pc or smartphone. A custom miniweb application has been created by Aldo, and supplied to host files if you would like to use it. Don't come to us for explanations about how to run a http server though. Google it. Extract the files from release to your http server root folder. Put a FAT32 USB key in port closest to BD Drive (/dev_usb000). DOUBLE-CHECK your flash drive on XMB to make sure it shows up under Music, Photos, Videos, etc. Open the ps3 browser, press start & write the ip address of your server (and the port if not 80). Click on the button and wait for PS3 to power down. DO NOT STOP THE PROCESS ONCE STARTED!! Once PS3 has powered down, the NOR flash memory dump can be found on the USB device in a file named 'dump.hex'. Courtesy of: W (Javascript, Research & Testing) esc0rtd3w (Debugging, Research & Testing) bguerville (ROP Chaining/Javascript & Debugging) Habib (ROP Chaining & Debugging)
  14. Dekuwa

    PS4 4.05 Kernel Exploit


    1 descarga

    In this project you will find a full implementation of the "namedobj" kernel exploit for the PlayStation 4 on 4.05. It will allow you to run arbitrary code as kernel, to allow jailbreaking and kernel-level modifications to the system. This release however, *does not* contain any code related to defeating anti-piracy mechanisms or running homebrew. This exploit does include a loader that listens for payloads on port `9020` and will execute them upon receival. ## Patches Included The following patches are made by default in the kernel ROP chain: Disable kernel write protection Allow RWX (read-write-execute) memory mapping Dynamic Resolving (`sys_dynlib_dlsym`) allowed from any process Custom system call #11 (`kexec()`) to execute arbitrary code in kernel mode Allow unprivileged users to call `setuid(0)` successfully. Works as a status check, doubles as a privilege escalation. ## Notes This exploit is actually incredibly stable at around 95% in my tests. WebKit very rarely crashes and the same is true with kernel. I've built in a patch so the kernel exploit will only run once on the system. You can still make additional patches via payloads. A custom syscall is added (#11) to execute any RWX memory in kernel mode, this can be used to execute payloads that want to do fun things like jailbreaking and patching the kernel. An SDK is not provided in this release, however a barebones one to get started with may be released at a later date. I've released a sample payload [here](http://www.mediafire.com/file/n4boybw0e06h892/debug_settings.bin) that will make the necessary patches to access the debug menu of the system via settings, jailbreaks, and escapes the sandbox. ## Contributors I was not alone in this exploit's development, and would like to thank those who helped me along the way below.
  15. Dekuwa

    PS4 Firmware 4.05


    0 descargas

    Versión 4.05 del firmware oficial de PS4.