-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathindex.html
433 lines (398 loc) · 16.8 KB
/
index.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
<html manifest="Cache.manifest">
<head>
<style>
html, body{
margin:auto;
font-family:sans-serif;
font-size:20px;
font-weight:lighter;
text-align: center;
color:#FFFFFF;
background-size:cover;
overflow: hidden;
}
.modal {
display: none; /* Hidden by default */
position: fixed; /* Stay in place */
z-index: 1; /* Sit on top */
padding-top: 100px; /* Location of the box */
left: 0;
top: 0;
width: 100%; /* Full width */
height: 100%; /* Full height */
overflow: auto; /* Enable scroll if needed */
background-color: rgb(0,0,0); /* Fallback color */
background-color: rgba(0,0,0,0.4); /* Black w/ opacity */
}
.content {
width:90%;
height:15%;
margin-left:3.5%;
background:rgba(0,0,0,0.5);
color:white;
margin-top:0%;
font-size:25px;
text-align:center;
border-radius:30px;
padding:20px;
line-height:12px;
position:absolute;bottom:0px;
}
.title {
font-size:40px;
margin:0;
padding:0;
box-sizing:border-box;
font-weight:bolder;
margin-bottom:10px;
}
.yellow {
color:yellow;
}
.hue {
color:yellow;
padding:10px;
border-radius:10px;
animation:hue 5s linear infinite;
-webkit-animation: hue 5s linear infinite;
box-shadow: 0px 0px 50px yellow;
color:white;
background:rgba(255,255,0,0.4);
}
.hue:hover{
color:yellow;
background:transparent;
}
@keyframes hue{
0%{
filter:hue-rotate(0deg);
-webkit-filter:hue-rotate(0deg);
}
10%{
box-shadow: 0px 1px 50px yellow;
}
20%{
box-shadow: 1px 1px 50px yellow;
}
30%{
box-shadow: 1px 0px 50px yellow;
}
40%{
box-shadow: 1px -1px 50px yellow;
}
50%{
box-shadow: 0px -1px 50px yellow;
}
60%{
box-shadow: -1px -1px 50px yellow;
}
70%{
box-shadow: -1px 0px 50px yellow;
}
80%{
box-shadow: -1px 1px 50px yellow;
}
90%{
box-shadow: 0px 1px 50px yellow;
}
100%{
filter:hue-rotate(360deg);
-webkit-filter:hue-rotate(360deg);
}
}
.text {
padding-bottom:50px;
}
.back {
font-size:25px;
margin-top:10px;
display:block;
line-height:55px;
width:20%;
text-decoration:none;
height:50px;
background:white;
color:black;
border-radius:15px;
}
.back:hover{
border:2px solid white;
background:transparent;
box-sizing:border-box;
color:white;
}
#psip {
text-align: center;
margin-left: 38%;
margin-right: auto;
width:15%;
display:flex;
position: absolute;
background: rgba(0, 0, 0, 0.500);
border-radius: 2em;
border: none;
padding: 0.8em;
color: #ffffff;
padding-left: 1.5em;
outline: none;
box-shadow: 0 4px 6px -5px hsl(0, 0%, 40%), inset 0px 4px 6px -5px hsl(0, 0%, 2%);
backdrop-filter: blur(5px);
}
/* Modal Content */
.modal-content {
font-family: BFARNAZ;
font-size: 18px;
position: relative;
background-color: #dddddd;
margin: auto;
padding: 0;
border: 1px solid #888;
width: 50%;
box-shadow: 0 4px 8px 0 rgba(0,0,0,0.2),0 6px 20px 0 rgba(0,0,0,0.19);
-webkit-animation-name: animatetop;
-webkit-animation-duration: 0.4s;
animation-name: animatetop;
animation-duration: 0.4s
}
button {
background:rgba(0,0,0,0.5);
box-shadow: 0 5px 20px 0 white;
border: 2px solid black;
border-radius: 10px;
width: 200px;
height: 43px;
text-align: center;
}
button:hover {
box-shadow: 0 5px 50px 0 white;
color: white;
border-radius: 10px;
background-color: #0F0F53;
}
hr {
padding:0;
margin:0;
opacity:0.7;
}
#progress {
font-weight:bold;
text-shadow: 4px 4px 4px black;
font-size:17px;
}
.pointer {cursor: pointer;}
h1 {
text-shadow: 0.1em 0.1em 0.2em black;
font-size: 25px;
text-align: center;
color: white;
}
.TextCaption{
display: block;
font-size: 20px;
color: #fff;
text-decoration: none;
}
a img {
display: inline-block; text-decoration: none;
}
a {
display: inline-block; text-decoration: none;
}
a:hover img, a:hover .TextCaption{
transform: scale(1.1)
}
</style>
<meta charset="utf-8">
<title>Karo Host Auto Exploit Light + New Webkit 9.00 fw</title>
<script>
if (window.applicationCache.status=='0'){window.location.replace("cache.html");}
</script>
<script src="int64.js"></script>
<script src="rop.js"></script>
<script src="kexploit.js" defer></script>
<script src="exploit.js" defer></script>
<script>
function load_poc(){
var req = new XMLHttpRequest();
req.responseType = "arraybuffer";
req.open('GET', PLfile);
req.send();
req.onreadystatechange = function () {
if (req.readyState == 4) {
PLD = req.response;
var payload_buffer = chain.syscall(477, 0, PLD.byteLength*4 , 7, 0x1002, -1, 0);
var pl = p.array_from_address(payload_buffer, PLD.byteLength*4);
var padding = new Uint8Array(4 - (req.response.byteLength % 4) % 4);
var tmp = new Uint8Array(req.response.byteLength + padding.byteLength);
tmp.set(new Uint8Array(req.response), 0);
tmp.set(padding, req.response.byteLength);
var shellcode = new Uint32Array(tmp.buffer);
pl.set(shellcode,0);
var pthread = p.malloc(0x10);
chain.call(libKernelBase.add32(OFFSET_lk_pthread_create), pthread, 0x0, payload_buffer, 0);
allset();
}
};
}
function jbdone() {
document.getElementById("input").remove();
window.progress.innerHTML="Jailbreak Done";
all.style.display = "block";
}
function allset() {
window.progress.innerHTML= LoadedMSG
}
function Binset() {
window.progress.innerHTML="Payload Loaded. Send payloads to port 9020";
alert("Payload Loaded. Send payloads to port 9020");
}
function Mset() {
window.progress.innerHTML="Payload Loaded. Send payloads to port 9021";
alert("Payload Loaded. Send payloads to port 9021");
}
function goldhen212(){
progress.innerHTML="Goldhen 2.1.2 loading... please wait";
LoadedMSG="GoldHEN 2.1.2 Loaded";
PLfile = "goldhen_212_900.bin";
out_jb = "AllPL";
load_poc();
}
function goldhen23(){
progress.innerHTML="Goldhen 2.3 loading... please wait";
LoadedMSG="GoldHEN 2.3 Loaded";
PLfile = "goldhen_2.3_900.bin";
out_jb = "AllPL";
load_poc();
}
function goldhen24(){
progress.innerHTML="Goldhen V2.4b16.2 loading... please wait";
LoadedMSG="GoldHEN V2.4b16.2 Loaded";
PLfile = "goldhen_2.4_b16.2_900.bin";
out_jb = "AllPL";
load_poc();
}
function load_PS4Debug(){
progress.innerHTML="PS4Debug loading... please wait"; LoadedMSG="PS4Debug Loaded";
PLfile = "ps4debug.bin";
out_jb = "AllPL";
load_poc();
}
function load_App2USB(){
progress.innerHTML="app2usb loading... please wait"; LoadedMSG="app2usb Loaded";
PLfile = "app2usb.bin";
out_jb = "AllPL"; load_poc();
}
function load_DumperG(){
progress.innerHTML="Dumper Game loading... please wait"; LoadedMSG="Dumper Game Loaded";
PLfile = "DumperG.bin";
out_jb = "AllPL"; load_poc();
}
function load_DumperU(){
progress.innerHTML="Dumper Game Update loading... please wait"; LoadedMSG="Dumper Game Update Loaded";
PLfile = "DumperU.bin";
out_jb = "AllPL"; load_poc();
}
function load_DumperMGU(){
progress.innerHTML="Dumper Merged Games and Update loading... please wait"; LoadedMSG="Dumper Merged Games and Update Loaded";
PLfile = "DumperMGU.bin";
out_jb = "AllPL"; load_poc();
}
function load_DumperSGU(){
progress.innerHTML="Dumper Seperate Games and Update loading... please wait"; LoadedMSG="Dumper Seperate Games and Update Loaded";
PLfile = "DumperSGU.bin";
out_jb = "AllPL"; load_poc();
}
function load_DisableUpdates(){
progress.innerHTML="DisableUpdates loading... please wait"; LoadedMSG="DisableUpdates Loaded";
PLfile = "disableupdates.bin";
out_jb = "AllPL";
load_poc();
}
function load_EnableUpdates(){
progress.innerHTML="EnableUpdates loading... please wait"; LoadedMSG="EnableUpdates Loaded";
PLfile = "enableupdates.bin";
out_jb = "AllPL"; load_poc();
}
function load_Orbis(){
progress.innerHTML="Orbis-Toolbox loading... please wait"; LoadedMSG="Orbis-Toolbox Loaded";
PLfile = "Orbis-Toolbox-900.bin";
out_jb = "AllPL"; load_poc();
}
function load_WebRTE(){
progress.innerHTML="WebRTE loading... please wait"; LoadedMSG="WebRTE Loaded";
PLfile = "WebRTE.bin";
out_jb = "AllPL"; load_poc();
}
function Mloader(){
progress.innerHTML="Payload loading... please wait"; LoadedMSG="MiraLoader Loaded. Send payloads to port 9021";
PLfile = "MiraLoader.bin";
out_jb = "MLD";
load_poc();
}
function Bloader(){
progress.innerHTML="Payload loading... please wait";
var payload_buffer = chain.syscall(477, 0x0, 0x300000, 0x7, 0x1000, 0xFFFFFFFF, 0);
var payload_loader = p.malloc32(0x1000);
var BLDR = payload_loader.backing;
BLDR[0]=0x56415741;BLDR[1]=0x83485541;BLDR[2]=0x894818EC;BLDR[3]=0xC748243C;BLDR[4]=0x10082444;BLDR[5]=0x483C2302;BLDR[6]=0x102444C7;BLDR[7]=0x00000000;BLDR[8]=0x000002BF;BLDR[9]=0x0001BE00;BLDR[10]=0xD2310000;BLDR[11]=0x00009CE8;BLDR[12]=0xC7894100;BLDR[13]=0x8D48C789;BLDR[14]=0xBA082474;BLDR[15]=0x00000010;BLDR[16]=0x000095E8;BLDR[17]=0xFF894400;BLDR[18]=0x000001BE;BLDR[19]=0x0095E800;BLDR[20]=0x89440000;BLDR[21]=0x31F631FF;BLDR[22]=0x0062E8D2;BLDR[23]=0x89410000;BLDR[24]=0x2C8B4CC6;BLDR[25]=0x45C64124;BLDR[26]=0x05EBC300;BLDR[27]=0x01499848;BLDR[28]=0xF78944C5;BLDR[29]=0xBAEE894C;BLDR[30]=0x00001000;BLDR[31]=0x000025E8;BLDR[32]=0x7FC08500;BLDR[33]=0xFF8944E7;BLDR[34]=0x000026E8;BLDR[35]=0xF7894400;BLDR[36]=0x00001EE8;BLDR[37]=0x2414FF00;BLDR[38]=0x18C48348;BLDR[39]=0x5E415D41;BLDR[40]=0x31485F41;BLDR[41]=0xC748C3C0;BLDR[42]=0x000003C0;BLDR[43]=0xCA894900;BLDR[44]=0x48C3050F;BLDR[45]=0x0006C0C7;BLDR[46]=0x89490000;BLDR[47]=0xC3050FCA;BLDR[48]=0x1EC0C748;BLDR[49]=0x49000000;BLDR[50]=0x050FCA89;BLDR[51]=0xC0C748C3;BLDR[52]=0x00000061;BLDR[53]=0x0FCA8949;BLDR[54]=0xC748C305;BLDR[55]=0x000068C0;BLDR[56]=0xCA894900;BLDR[57]=0x48C3050F;BLDR[58]=0x006AC0C7;BLDR[59]=0x89490000;BLDR[60]=0xC3050FCA;
chain.syscall(74, payload_loader, 0x4000, (0x1 | 0x2 | 0x4));
var pthread = p.malloc(0x10); {
chain.fcall(window.syscalls[203], payload_buffer, 0x300000);
chain.fcall(libKernelBase.add32(OFFSET_lk_pthread_create), pthread, 0x0, payload_loader, payload_buffer);
}
chain.run();
Binset();
}
function load_ToDexE(){
progress.innerHTML="ToDEX Enabling... please wait"; LoadedMSG="ToDex Enabled";
PLfile = "todex-enable.bin";
out_jb = "AllPL"; load_poc();
}
function load_ToDexD(){
progress.innerHTML="ToDEX Disabling... please wait"; LoadedMSG="ToDex Disabled";
PLfile = "todex-disable.bin";
out_jb = "AllPL"; load_poc();
}
function load_copych(){
progress.innerHTML="Payload loading... please wait"; LoadedMSG="Payload Loaded";
PLfile = "CopyCH.bin";
out_jb = "AllPL"; load_poc();
}
</script>
</head>
<body style='background-color:#1A1920'>
<h1 style='text-shadow: 4px 4px 4px black;font-size:30px;text-align:center;text-shadow: 4px 4px 4px black;color:yellow;margin-top:1%;'>Karo Host Auto Exploit Light 9.00 fw</h1>
<h1 id=progress style='font-size:25px;text-align:center;text-shadow: 4px 4px 4px black;color:white;'>Jailbreaking... Wait</h1>
<br>
<div id=all style="text-align:center;display:none">
<button id="button-Payload" onMouseOver="progress.innerHTML='GoldHen v2.1.2 by SISTR0 for PS4 9.00 Fw'" onmouseout="progress.innerHTML='Status'" type="button" onclick="goldhen212()" style='font-size:24px;text-align:center;text-shadow: 4px 4px 4px black;width: 260px;height: 60px;color:#CEC52A' > GoldHen V2.1.2 </button>
<button id="button-Payload" onMouseOver="progress.innerHTML='GoldHen v2.3 by SISTR0 for PS4 9.00 Fw'" onmouseout="progress.innerHTML='Status'" type="button" onclick="goldhen23()" style='font-size:24px;text-align:center;text-shadow: 4px 4px 4px black;width: 260px;height: 60px;color:#CEC52A' > GoldHen V2.3 </button>
<button id="button-Payload" onMouseOver="progress.innerHTML='GoldHen v2.4b16.2 by SISTR0 for PS4 9.00 Fw'" onmouseout="progress.innerHTML='Status'" type="button" onclick="goldhen24()" style='font-size:24px;text-align:center;text-shadow: 4px 4px 4px black;width: 260px;height: 60px;color:#CEC52A' > GoldHen V2.4b16.2 </button>
<br><br>
<button id="button-Payload" onMouseOver="progress.innerHTML='WebRTE for PS4 9.00 fw'" onmouseout="progress.innerHTML='Status'" type="button" onclick="load_WebRTE()" style='font-size:23px;text-align:center;text-shadow: 4px 4px 4px black;background-color:blue;color:white' > WebRTE </button>
<button id="button-Payload" onMouseOver="progress.innerHTML='ps4debug for PS4 9.00 fw'" onmouseout="progress.innerHTML='Status'" type="button" onclick="load_PS4Debug()" style='font-size:23px;text-align:center;text-shadow: 4px 4px 4px black;background-color:green;color:white' > Ps4debug </button>
<button id="button-Payload" onMouseOver="progress.innerHTML='Orbis Toolbox Loader Alfa 1190 for PS4 9.00 fw'" onmouseout="progress.innerHTML='Status'" type="button" onclick="load_Orbis()" style='font-size:23px;text-align:center;text-shadow: 4px 4px 4px black;background-color:red;color:white' > Orbis Toolbox </button>
<br><br>
<button id="button-Payload" onMouseOver="progress.innerHTML='unlocks some debug features available on testkit'" onmouseout="progress.innerHTML='Status'" type="button" onclick="load_ToDexE()" style='font-size:20px;text-align:center;text-shadow: 4px 4px 4px black;color:white' > ToDex Enable </button>
<button id="button-Payload" onMouseOver="progress.innerHTML='Disable ToDEX'" onmouseout="progress.innerHTML='Status'" type="button" onclick="load_ToDexD()" style='font-size:20px;text-align:center;text-shadow: 4px 4px 4px black;color:white' > ToDex Disable </button>
<button id="button-Payload" onMouseOver="progress.innerHTML='Creates dummy files in the PS4 update folder'" onmouseout="progress.innerHTML='Status'" type="button" onclick="load_DisableUpdates()" style='font-size:23px;text-align:center;text-shadow: 4px 4px 4px black;color:white' >Disable Updates</button>
<button id="button-Payload" onMouseOver="progress.innerHTML='Removes the dummy files in the PS4 update folder'" onmouseout="progress.innerHTML='Status'" type="button" onclick="load_EnableUpdates()" style='font-size:23px;text-align:center;text-shadow: 4px 4px 4px black;color:white' > Enable Update </button>
<br><br>
<button id="button-Payload" onMouseOver="progress.innerHTML='Move installed games to an external USB drive'" onmouseout="progress.innerHTML='Status'" type="button" onclick="load_App2USB()" style='font-size:20px;text-align:center;text-shadow: 4px 4px 4px black;color:white' > App2USB </button>
<button id="button-Payload" onMouseOver="progress.innerHTML='Binloader Port 9020 for PS4 9.00 Fw'" onmouseout="progress.innerHTML='Status'" type="button" onclick="Bloader()" style='font-size:23px;text-align:center;text-shadow: 4px 4px 4px black;color:white' > BinLoader </button>
<button id="button-Payload" onMouseOver="progress.innerHTML='Mira loader Port 9021 for PS4 9.00 Fw'" onmouseout="progress.innerHTML='Status'" type="button" onclick="Mloader()" style='font-size:23px;text-align:center;text-shadow: 4px 4px 4px black;color:white' > MiraLoader </button>
<button id="button-Payload" onMouseOver="progress.innerHTML='Copy json and shn files from USB to PS4'" onmouseout="progress.innerHTML='Status'" type="button" onclick="load_copych()" style='font-size:23px;text-align:center;text-shadow: 4px 4px 4px black;color:white' > Cheat Copy </button>
<br><br>
<button id="button-Payload" onMouseOver="progress.innerHTML='Dump Games only to a USB drive by Leeful'" onmouseout="progress.innerHTML='Status'" type="button" onclick="load_DumperG()" style='font-size:23px;text-align:center;text-shadow: 4px 4px 4px black;color:white' > Dumper Game </button>
<button id="button-Payload" onMouseOver="progress.innerHTML='Dump Games Update only to a USB drive by Leeful'" onmouseout="progress.innerHTML='Status'" type="button" onclick="load_DumperU()" style='font-size:23px;text-align:center;text-shadow: 4px 4px 4px black;color:white' > Dumper Update </button>
<button id="button-Payload" onMouseOver="progress.innerHTML='Dump Merged Games and Update to a USB drive by Leeful'" onmouseout="progress.innerHTML='Status'" type="button" onclick="load_DumperMGU()" style='font-size:23px;text-align:center;text-shadow: 4px 4px 4px black;color:white' > Dumper MGU </button>
<button id="button-Payload" onMouseOver="progress.innerHTML='Dump Seperate Games and Update to a USB drive by Leeful'" onmouseout="progress.innerHTML='Status'" type="button" onclick="load_DumperSGU()" style='font-size:23px;text-align:center;text-shadow: 4px 4px 4px black;color:white' > Dumper SGU </button>
</div><br>
<div class="content" >
<div class="text" >
<br><span style="text-shadow: 4px 4px 4px black;" class="yellow" >Designed, Compiled by :</span > <span style="text-shadow: 4px 4px 4px black;" class="hue" >Karo Sharifi</span>
<br><br><br><br><span style="text-shadow: 4px 4px 4px black;" class="yellow" >Super Special Thanks To :</span > <a style="font-size:30px;text-align:center;text-shadow: 4px 4px 4px black;color:white;">Sleirsgoevy , Al Azif , ChendoChap , SiSTRo ,Specter ,Abc ,Znullptr ... </a>
</div>
</div>
</body>
</html>