Skip to content

Commit

Permalink
v2
Browse files Browse the repository at this point in the history
  • Loading branch information
@stooged
stooged committed Jun 1, 2018
1 parent 9fef797 commit 36b44ba
Show file tree
Hide file tree
Showing 9 changed files with 116 additions and 23 deletions.
11 changes: 6 additions & 5 deletions Makefile → DB_SG_Backup/Makefile
View file
Original file line number Diff line number Diff line change
@@ -1,18 +1,15 @@
LIBPS4 := $(PS4SDK)/libPS4

TEXT := 0x926200000
DATA := 0x926300000

CC := gcc
AS := gcc
OBJCOPY := objcopy
ODIR := build
SDIR := source
IDIRS := -I$(LIBPS4)/include -I. -Iinclude
LDIRS := -L$(LIBPS4) -L. -Llib
CFLAGS := $(IDIRS) -O2 -std=gnu11 -fno-builtin -nostartfiles -nostdlib -Wall -masm=intel -march=btver2 -mtune=btver2 -m64 -mabi=sysv -mcmodel=large
CFLAGS := $(IDIRS) -Os -std=gnu11 -ffunction-sections -fdata-sections -fno-builtin -nostartfiles -nostdlib -Wall -masm=intel -march=btver2 -mtune=btver2 -m64 -mabi=sysv -mcmodel=small -fpie
SFLAGS := -nostartfiles -nostdlib -masm=intel -march=btver2 -mtune=btver2 -m64 -mabi=sysv -mcmodel=large
LFLAGS := $(LDIRS) -Xlinker -T $(LIBPS4)/linker.x -Wl,--build-id=none -Ttext=$(TEXT) -Tdata=$(DATA)
LFLAGS := $(LDIRS) -Xlinker -T $(LIBPS4)/linker.x -Wl,--build-id=none
CFILES := $(wildcard $(SDIR)/*.c)
SFILES := $(wildcard $(SDIR)/*.s)
OBJS := $(patsubst $(SDIR)/%.c, $(ODIR)/%.o, $(CFILES)) $(patsubst $(SDIR)/%.s, $(ODIR)/%.o, $(SFILES))
Expand All @@ -39,3 +36,7 @@ $(ODIR):

clean:
rm -f $(TARGET) $(ODIR)/*.o




0 include/patch.h → DB_SG_Backup/include/patch.h
View file
File renamed without changes.
63 changes: 45 additions & 18 deletions source/main.c → DB_SG_Backup/source/main.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -128,6 +128,7 @@ int _main(struct thread *td) {
{
copyFile("/system_data/priv/mms/app.db", "/system_data/priv/mms/app.db_backup");
copyFile("/system_data/priv/mms/addcont.db", "/system_data/priv/mms/addcont.db_backup");
copyFile("/system_data/priv/mms/av_content_bg.db", "/system_data/priv/mms/av_content_bg.db_backup");
systemMessage("Internal backup complete.\nThis was only a database backup use a usb drive for full backup.");
nthread_run = 0;
return 0;
Expand All @@ -140,15 +141,28 @@ int _main(struct thread *td) {
mkdir("/mnt/usb1/DB_Dackup/", 0777);
copyFile("/system_data/priv/mms/app.db", "/mnt/usb1/DB_Dackup/app.db");
copyFile("/system_data/priv/mms/addcont.db", "/mnt/usb1/DB_Dackup/addcont.db");
mkdir("/mnt/usb1/GameSaves/", 0777);
mkdir("/mnt/usb1/GameSaves/system_data/", 0777);
mkdir("/mnt/usb1/GameSaves/system_data/savedata", 0777);
mkdir("/mnt/usb1/GameSaves/user/", 0777);
mkdir("/mnt/usb1/GameSaves/user/home/", 0777);
sprintf(notify_buf, "Copying: Game Saves\nPlease wait.");
copyDir("/system_data/savedata","/mnt/usb1/GameSaves/system_data/savedata");
sprintf(notify_buf, "Copying: User data\nPlease wait.");
copyDir("/user/home", "/mnt/usb1/GameSaves/user/home");
copyFile("/system_data/priv/mms/av_content_bg.db", "/mnt/usb1/DB_Dackup/av_content_bg.db");
mkdir("/mnt/usb1/UserData/", 0777);
mkdir("/mnt/usb1/UserData/system_data/", 0777);
mkdir("/mnt/usb1/UserData/system_data/savedata", 0777);
mkdir("/mnt/usb1/UserData/system_data/priv", 0777);
mkdir("/mnt/usb1/UserData/system_data/priv/home", 0777);
mkdir("/mnt/usb1/UserData/system_data/priv/license", 0777);
mkdir("/mnt/usb1/UserData/system_data/priv/activation", 0777);
mkdir("/mnt/usb1/UserData/user/", 0777);
mkdir("/mnt/usb1/UserData/user/home/", 0777);
mkdir("/mnt/usb1/UserData/user/trophy", 0777);
mkdir("/mnt/usb1/UserData/user/license", 0777);
mkdir("/mnt/usb1/UserData/user/settings", 0777);
sprintf(notify_buf, "Copying: User Data\nPlease wait.");
copyDir("/system_data/savedata","/mnt/usb1/UserData/system_data/savedata");
copyDir("/user/home", "/mnt/usb1/UserData/user/home");
copyDir("/user/trophy", "/mnt/usb1/UserData/user/trophy");
copyDir("/user/license", "/mnt/usb1/UserData/user/license");
copyDir("/user/settings", "/mnt/usb1/UserData/user/settings");
copyDir("/system_data/priv/home","/mnt/usb1/UserData/system_data/priv/home");
copyDir("/system_data/priv/license","/mnt/usb1/UserData/system_data/priv/license");
copyDir("/system_data/priv/activation","/mnt/usb1/UserData/system_data/priv/activation");
notify_buf[0] = '\0';
nthread_run = 0;
systemMessage("USB Backup Complete.");
Expand All @@ -163,15 +177,28 @@ int _main(struct thread *td) {
mkdir("/mnt/usb0/DB_Dackup/", 0777);
copyFile("/system_data/priv/mms/app.db", "/mnt/usb0/DB_Dackup/app.db");
copyFile("/system_data/priv/mms/addcont.db", "/mnt/usb0/DB_Dackup/addcont.db");
mkdir("/mnt/usb0/GameSaves/", 0777);
mkdir("/mnt/usb0/GameSaves/system_data/", 0777);
mkdir("/mnt/usb0/GameSaves/system_data/savedata", 0777);
mkdir("/mnt/usb0/GameSaves/user/", 0777);
mkdir("/mnt/usb0/GameSaves/user/home/", 0777);
sprintf(notify_buf, "Copying: Game Saves\nPlease wait.");
copyDir("/system_data/savedata","/mnt/usb0/GameSaves/system_data/savedata");
sprintf(notify_buf, "Copying: User data\nPlease wait.");
copyDir("/user/home", "/mnt/usb0/GameSaves/user/home");
copyFile("/system_data/priv/mms/av_content_bg.db", "/mnt/usb0/DB_Dackup/av_content_bg.db");
mkdir("/mnt/usb0/UserData/", 0777);
mkdir("/mnt/usb0/UserData/system_data/", 0777);
mkdir("/mnt/usb0/UserData/system_data/savedata", 0777);
mkdir("/mnt/usb0/UserData/system_data/priv", 0777);
mkdir("/mnt/usb0/UserData/system_data/priv/home", 0777);
mkdir("/mnt/usb0/UserData/system_data/priv/license", 0777);
mkdir("/mnt/usb0/UserData/system_data/priv/activation", 0777);
mkdir("/mnt/usb0/UserData/user/", 0777);
mkdir("/mnt/usb0/UserData/user/home/", 0777);
mkdir("/mnt/usb0/UserData/user/trophy", 0777);
mkdir("/mnt/usb0/UserData/user/license", 0777);
mkdir("/mnt/usb0/UserData/user/settings", 0777);
sprintf(notify_buf, "Copying: User Data\nPlease wait.");
copyDir("/system_data/savedata","/mnt/usb0/UserData/system_data/savedata");
copyDir("/user/home", "/mnt/usb0/UserData/user/home");
copyDir("/user/trophy", "/mnt/usb0/UserData/user/trophy");
copyDir("/user/license", "/mnt/usb0/UserData/user/license");
copyDir("/user/settings", "/mnt/usb0/UserData/user/settings");
copyDir("/system_data/priv/home","/mnt/usb0/UserData/system_data/priv/home");
copyDir("/system_data/priv/license","/mnt/usb0/UserData/system_data/priv/license");
copyDir("/system_data/priv/activation","/mnt/usb0/UserData/system_data/priv/activation");
notify_buf[0] = '\0';
nthread_run = 0;
systemMessage("USB Backup Complete.");
Expand Down
0 source/patch.c → DB_SG_Backup/source/patch.c
View file
File renamed without changes.
14 changes: 14 additions & 0 deletions build.sh
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
#!/bin/bash
set -e
pushd tool
make
popd
pushd DB_SG_Backup
make
popd
rm -f bin/DB_SG_Backup.bin
cp DB_SG_Backup/DB_SG_Backup.bin bin/DB_SG_Backup.bin
tool/bin2js bin/DB_SG_Backup.bin > html_payload/payload.js
sed "s/###/$(cat html_payload/payload.js)/" exploit.template > html_payload/DB_SG_Backup.html
rm -f DB_SG_Backup/DB_SG_Backup.bin
rm -f html_payload/payload.js
10 changes: 10 additions & 0 deletions clean.sh
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
#!/bin/bash
pushd tool
make clean
popd
pushd DB_SG_Backup
make clean
popd
rm -f html_payload/DB_SG_Backup.html
rm -f bin/DB_SG_Backup.bin

1 change: 1 addition & 0 deletions exploit.template
View file

Large diffs are not rendered by default.

10 changes: 10 additions & 0 deletions tool/Makefile
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
all: bin2js

bin2js: bin2js.c
gcc -o bin2js bin2js.c

.PHONY: clean

clean:
rm bin2js

30 changes: 30 additions & 0 deletions tool/bin2js.c
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
#include <stdio.h>
#include <stdlib.h>
#include <stdint.h>
#include <string.h>
#include <assert.h>

int main(int argc, char** argv)
{
assert(argc == 2);
char* fn = argv[1];
FILE* f = fopen(fn, "r");
fseek(f, 0, SEEK_END);
int l = ftell(f);
int ll = (l + 3) / 4;
fseek(f, 0, SEEK_SET);
char *b = malloc(ll * 4);
memset(b, 0, ll * 4);
fread(b, l, 1, f);
fclose(f);
uint32_t *u = (uint32_t *)b;
printf("var payload=[");
for (int i = 0; i < ll; i++)
{
printf("%u", *u++);
if (i < (ll - 1)) printf(",");
}
printf("];\n");
free(b);
}

0 comments on commit 36b44ba

Please sign in to comment.