Skip to content
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
bdj-sdk/samples/ps5-elf-loader/
Go to file
bdj-sdk/samples/ps5-elf-loader/

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
. .
payloads
 
 
src/org/homebrew
 
 
.gitignore
 
 
Makefile
 
 
README.md
 
 

README.md

PS5 ELF Loader

This is a BD-J Xlet that starts a socket server on port 9020, that reads and executes ELF files transerved over TCP. The Xlet relies on a privilege escalation vulnerability discovered by theflow, which was later reproduced for the PS4 by sleirsgoevy. To escape the Java sandbox, the Xlet uses that vulnerability to disable the security manager using a technique discovered by sleirsgoevy. Once we are out of the sandbox, we can start a socket server that implements an ELF loader. To launch ELF files remotely, you may use netcat:

john@localhost:~/bdj-sdk/samples/ps5-elf-loader$ make -C payloads
john@localhost:~/bdj-sdk/samples/ps5-elf-loader$ nc -q0 ps5 9020 < payloads/getpid.elf