PS3 Exploitation Tutorial Template.pngInstruction for English-speaking users:
For Developers For this method, you need to make some preparations... Since here we transfer one file LIC.EDAT, and its size is almost always the same, then we immediately changed the default file size. That is, instead of 0x00000140 the size was changed to 0x00010190. - In the file js\api\defaults.js - in 2 places.
- In the file js\api\init.js - in 1 place.
- In the file js\api\syscalls.js - in 3 places.
- In the file index.html - in 1 place (0x140)
I know that you made a resize right in the browser, but it's more convenient for this method.
Then changed the file name directly in the path:
In the file js\api\ paths.js - change the path to the file from USB: - var path_usb_test_bin="/dev_usb000/PS3Xploit.bin";
- to
- var path_usb_test_bin="/dev_usb000/LIC.EDAT";
And in this place to HDD: - var path_hdd_test_bin="/dev_hdd0/PS3Xploit.bin";
- to
- var path_hdd_test_bin="/dev_hdd0/game/TitleID/LICDIR/LIC.EDAT";
And a little cosmetics, because. the textarea fields dance a little: - In the file css\gui.css - add some leveling:
textarea {
vertical-align: middle;
margin: 3px 5px 4px 0;
}
Preparation:- You can download a ready-made game from this topic or convert your own by the method from Step 1.
- It is assumed that you have already injected game into backup using the method from Step 2 and restored game on the console.
- That is, you have already passed both previous steps and are ready to proceed to this step 3...
Copy the license file LIC.EDAT to PS3 through a web-based exploit:- From the LICDIR game folder, copy the license file LIC.EDAT to the root of the FAT32 flash drive.
- Configure the connection to the PS3 from the PC (the DNS on the PS3 should be both the IP of the computer).
- Download and unzip the archive with the exploit:
- Launch the miniweb.exe HTTP server
- A similar console window will open and in the third line the mini-server will give you an IP-address:port in this form:
MiniWeb (build 300, built on Feb 28 2013)
(C)2005-2013 Written by Stanley Huang <stanleyhuangyc@gmail.com>
Host: 192.168.1.100:8000
Web root: C:\Users\YourName\Desktop\ps3xploit\htdocs
Max clients (per IP): 32 (16)
URL handlers: 2
Dir listing enabled
- Open the PS3 browser and enter the host (IP-address:port) that was obtained in the previous step (for example, 192.168.1.100:8000). Word Host: do not write!
- The exploit page opens. Clean the PS3 browser (cache, history, cookies). Make the explout page as Home Page, close brouser and re-open it.
- Insert the USB flash drive into the right port.
- Tick on your memory type: NOR or eMMC, depending on the model PS3.
- Now that we choose the ROP Chains: -> Read/Write File Test, at the bottom, the path is replaced by:
- Source: /dev_usb000/LIC.EDAT
- Destination: /dev_hdd0/game/TitleID/LICDIR/LIC.EDAT
- Change the path instead of the word TitleID -> the current TitleID of your game bootable folder, for example NPEB12345 (necessarily CAPITAL letters).
- Find out the size of LIC.EDAT (how to find the file size in Hex look here)
- Look at the size LIC.EDAT in hexadecimal and insert the new size into the File Size field and be sure to click Set New Size, even if the size did not change.
- Click on Initialize ROP Chain, you will have an Execute Chain button, click on it.
- Done! Launch the Game.
Последний раз редактировалось ErikPshat; 06.02.2018 в 22:14.
|