mega.nz/folder/5xcRTQ7…
Mira for 7.55.
mega.nz/file/MsMVDabb#…
JB 7.55 with patches by AlAzif and ChendoChap.
sleirsgoevy
123 posts
- I can confirm that this exploit indeed works on 7.55 without any changes. Still no Mira/HEN though.
- Webkit PoC for 9.00, achieves arbitrary read/write and addrof/fakeobj
- mega.nz/file/hwEHDQSL#… 7.50, expects payload on 9020/tcp. Applied patches: mmap, mprotect, syscall everywhere, kexec, delayed panics. Note: there is no Mira/HEN for 7.50 yet!
- Some valid 7.02 addresses: 0x200eb00d8 0x200f300d8 0x200fb00d8 0x2011100d8 The success rate is about 10% for the last one. Unfortunately the exploit then crashes in the critical section in leakJSC. Will now investigate how to fix it.
- P.S. No kernel exploit is out, DO NOT UPDATE
- mega.nz/file/NhkmXLLR#… Probably the last standalone update for 7.5x. Will set up a proper host soon.
- Got a working exploit for FreeBSD 9 using the new SOCK_RAW vulnerability. gist.github.com/sleirsgoevy/ff… asciinema.org/a/385584
- Partial reimplementation of BD-JB (without kernel part): github.com/sleirsgoevy/bd… ISO image: mega.nz/file/p99hHaYT#… Built with "PS3 BD-J DevKit": mega.nz/folder/A4IFGYg…
- To clarify: I am NOT dead, I am NOT in Ukraine, and I have NOT been recruited into the army. Everyone telling the opposite is a detractor.
- Another FreeBSD PoC, now utilizing TheFlow's hint. Does not do any zone drains, so should be more portable. Fun fact: it **seems** that the function tweeted by TheFlow does not need to be buggy. A patched one would also do its job.
- Fix for the crash in leakJSC(): after debug_log("[+] Got a relative read"); insert var tmp_spray = {}; for(var i = 0; i < 100000; i++) tmp_spray['Z'.repeat(8 * 2 * 8 - 5 - LENGTH_STRINGIMPL) + (''+i).padStart(5, '0')] = 0x1337;
- mega.nz/file/o5E3gRTJ#… BD-JB for PS5 with payload support (port 9019).
