More stable payload

xvortex · xvortex · commit 907275b3f954 · 2018-02-13T20:20:11.000+03:00
diff --git a/exploit/fix.js b/exploit/fix.js
diff --git a/exploit/index.html b/exploit/index.html
@@ -628,32 +628,12 @@
           // Launch thread
           var thread_id_ptr = malloc(0x08);
           var thread_name = malloc(0x100);
-          var exit_code_ptr = malloc(0x08);
 
           p.writeString(thread_name, "payload");
 
-          // run payload forever
-          for (;;)
-          {
-              var result = p.call(libkernel.add32(0x11570), thread_id_ptr, 0, code_addr, 0, thread_name);
-              print("scePthreadCreate: 0x" + result);
-              if (result == 0)
-              {
-                  var thread_id = p.read8(thread_id_ptr);
-                  print("thread: 0x" + thread_id);
-                  var result = p.call(libkernel.add32(0x11610), thread_id, exit_code_ptr);
-
-                  print("scePthreadJoin: 0x" + result);
-                  if (result == 0)
-                  {
-                      var exit_code = p.read8(exit_code_ptr);
-                      print("exit code: " + exit_code);
-                      print("=== Done ===");
-                      alert("Done");
-                      break;
-                  }
-              }
-          }
+          print("scePthreadCreate: 0x" + p.call(libkernel.add32(0x11570), thread_id_ptr, 0, code_addr, 0, thread_name));
+          print("thread: 0x" + p.read8(thread_id_ptr));
+          print("=== Done ===");
       }
       else
       {
diff --git a/exploit/payload.js b/exploit/payload.js
diff --git a/installer/include/debug.h b/installer/include/debug.h
@@ -1,6 +1,10 @@
 #ifndef DEBUG_H
 #define DEBUG_H
 
+#define PRIx64 "llx"
+#define PRIu64 "llu"
+#define PRId64 "lld"
+
 int sock;
 
 void initDebugSocket(void);
diff --git a/installer/include/defines.h b/installer/include/defines.h
@@ -1,7 +1,7 @@
 #ifndef __DEFINES
 #define __DEFINES
 
-#define VERSION "1.2"
+#define VERSION "1.3"
 
 //#define DEBUG_SOCKET
 
@@ -91,6 +91,7 @@ struct install_payload_args
 
 struct kernel_payload_args
 {
+  void* syscall_handler;
   uint64_t user_arg;
 };
 
diff --git a/installer/source/main.c b/installer/source/main.c
@@ -286,16 +286,9 @@ int kernel_payload(struct thread *td, struct kernel_payload_args* args)
 static inline void patch_update(void)
 {
   unlink(PS4_UPDATE_FULL_PATH);
-
-  DIR* directory = opendir(PS4_UPDATE_TEMP_PATH);
-
-  if(directory != NULL)
-  {
-    closedir(directory);
-    return;
-  }
-
   unlink(PS4_UPDATE_TEMP_PATH);
+
+  mkdir(PS4_UPDATE_FULL_PATH, 0777);
   mkdir(PS4_UPDATE_TEMP_PATH, 0777);
 }
 
@@ -305,6 +298,8 @@ int _main(struct thread *td) {
   initKernel();	
   initLibc();
 
+  sceKernelSleep(1);
+
 #ifdef DEBUG_SOCKET
   initNetwork();
   initDebugSocket();
@@ -327,6 +322,7 @@ int _main(struct thread *td) {
   struct payload_info payload_info;
   payload_info.buffer = payload_data;
   payload_info.size = payload_size;
+
   errno = 0;
 
   result = kexec(&install_payload, &payload_info);
