Aleksndr, у меня нет приставки пс4. В шапке я расписал метод открытия дебаг опций. Дальше пробуйте по аналогии. Мне не понятны Ваши претензии.
Patches Included- The following patches are made by default in the kernel ROP chain:
- Disable kernel write protection
- Allow RWX (read-write-execute) memory mapping
- Dynamic Resolving (sys_dynlib_dlsym) allowed from any process
- Custom system call #11 (kexec()) to execute arbitrary code in kernel mode
- Allow unprivileged users to call setuid(0) successfully. Works as a status check, doubles as a privilege escalation.
Notes- This exploit is actually incredibly stable at around 95% in my tests. WebKit very rarely crashes and the same is true with kernel.
- I've built in a patch so the kernel exploit will only run once on the system. You can still make additional patches via payloads.
- A custom syscall is added (#11) to execute any RWX memory in kernel mode, this can be used to execute payloads that want to do fun things like jailbreaking and patching the kernel.
- An *** is not provided in this release, however a barebones one to get started with may be released at a later date.
- I've released a sample payload here that will make the necessary patches to access the debug menu of the system via settings, jailbreaks, and escapes the sandbox.