Improve function of sending custom payloads

- Add option to manually send payload to GoldHen binloader port 9090 - Add some explanations - Logging stuff
rareranger · Jan 13, 2022 · 95fcfc9 · 95fcfc9
1 parent 69d603e
commit 95fcfc9
Show file tree

Hide file tree

Showing 4 changed files with 214 additions and 8 deletions.
diff --git a/app/src/main/java/org/ktech/ps4jailbreak/MainActivity.kt b/app/src/main/java/org/ktech/ps4jailbreak/MainActivity.kt
@@ -16,6 +16,9 @@ import android.view.View
 import android.widget.*
 import androidx.appcompat.app.AppCompatActivity
 import com.google.android.material.floatingactionbutton.FloatingActionButton
+import kotlinx.coroutines.GlobalScope
+import kotlinx.coroutines.launch
+import java.net.Socket
 import java.util.*
 import kotlin.collections.ArrayList
 import kotlin.system.exitProcess
@@ -35,6 +38,8 @@ class MainActivity : AppCompatActivity(), AdapterView.OnItemSelectedListener {
 
     lateinit var items: ArrayList<String>
 
+    var customPayload: Uri? = null
+
     val ADD_CUSTOM_PAYLOAD_STRING: String = "Add custom payload..."
 
     val takeFlags: Int = Intent.FLAG_GRANT_READ_URI_PERMISSION or
@@ -58,9 +63,15 @@ class MainActivity : AppCompatActivity(), AdapterView.OnItemSelectedListener {
         updateSpinnerItems()
 
         findViewById<Spinner>(R.id.spnrPayload).onItemSelectedListener = this
+        findViewById<Spinner>(R.id.spnrManualPayload).onItemSelectedListener = this
 
         //Initialize the NanoHTTPD server custom class passing the context so we can access resources in the assets folder
         server = NanoServer(this)
+        server.lastPS4 = sharedPreferences.getString("lastPS4", null)
+
+        if (server.lastPS4 != null) {
+            findViewById<TextView>(R.id.txtVwPS4IP).text = "PS4 Last IP Address: ${server.lastPS4}"
+        }
 
         log("Logging enabled...")
 
@@ -88,27 +99,37 @@ class MainActivity : AppCompatActivity(), AdapterView.OnItemSelectedListener {
             findViewById<TextView>(R.id.txtVWStatus).text = "Visit \"http://$serverIP:8080/\" in PS4 browser"
         }
 
+        findViewById<Button>(R.id.btnSendPayload).setOnClickListener {
+            if (customPayload != null) {
+                sendPayload(customPayload!!)
+            } else {
+                showToast("Add and choose a payload to send!")
+            }
+        }
     }
 
     private fun updateSpinnerItems() {
         items = ArrayList()
+        val items2: ArrayList<String> = ArrayList()
+
         items.add("GoldHen 2.0")
         for (pl in payloads) {
             val uri = Uri.parse(pl)
             val fname = uri.path.toString().substringAfterLast("/")
             items.add(fname)
+            items2.add(fname)
         }
 
         items.add(ADD_CUSTOM_PAYLOAD_STRING)
+        items2.add(ADD_CUSTOM_PAYLOAD_STRING)
         //Create adapter from items list
         val spinnerAdapter = ArrayAdapter<String>(this, android.R.layout.simple_list_item_1, items)
+        val spinnerAdapter2 = ArrayAdapter<String>(this, android.R.layout.simple_list_item_1, items2)
         //Use created adapter on the spinner
         findViewById<Spinner>(R.id.spnrPayload).adapter = spinnerAdapter
+        findViewById<Spinner>(R.id.spnrManualPayload).adapter = spinnerAdapter2
     }
 
-    // Request code for selecting a PDF document.
-
-
     fun openFile(pickerInitialUri: Uri) {
         val intent = Intent(Intent.ACTION_OPEN_DOCUMENT).apply {
             addCategory(Intent.CATEGORY_OPENABLE)
@@ -155,30 +176,79 @@ class MainActivity : AppCompatActivity(), AdapterView.OnItemSelectedListener {
         // parent.getItemAtPosition(pos)
         val item = parent.getItemAtPosition(pos).toString()
 
+        //Log.d("LOG", parent.toString())
+
         if (item == ADD_CUSTOM_PAYLOAD_STRING) {
             openFile(Uri.parse("/"))
-        } else {
+        } else if (parent == findViewById<Spinner>(R.id.spnrPayload)) {
             if (pos == 0) {
                 server.load_payload("", null)
             } else {
                 val uri = Uri.parse(payloads.elementAtOrNull(pos - 1).toString())
                 val fname = uri.path.toString().substringAfterLast("/")
                 val stream = contentResolver.openInputStream(uri)
+                log(fname)
                 server.load_payload(fname, stream!!)
             }
+        } else {
+            customPayload = Uri.parse(payloads.elementAtOrNull(pos).toString())
+        }
+    }
+
+    private fun sendPayload(payloadUri: Uri) {
+
+        if (server.lastPS4 == null) {
+            showToast("NO PS4 Client in memory")
+            log("!!!")
+            log("NO PS4 Client in memory")
+            log("!!!")
+            log("Please load the exploit using this app at least once so the PS4 IP Address can be saved.")
+            log("!!!")
+            return
+        }
+
+        GlobalScope.launch {
+            val fname = payloadUri.path.toString().substringAfterLast("/")
+            log("Sending $fname payload to PS4 with IP ${server.lastPS4} on port 9090...")
+            var outSock: Socket? = null
+            try {
+                outSock = Socket(server.lastPS4, 9090)
+            } catch (e: java.net.ConnectException) {
+                if (e.message?.contains("ECONNREFUSED") == true) {
+                    log("Failed to connect to port 9090 on PS4. Make sure you have binloader enabled in GoldHen settings.")
+                } else if (e.message?.contains("ENETUNREACH") == true) {
+                    log("Failed to connect to PS4. Make sure WiFi is enabled and you are on the same WiFi network as the PS4.")
+                } else {
+                    Log.e("NET", e.message.toString())
+                }
+                return@launch
+            } catch (e: java.net.NoRouteToHostException) {
+                log("Last stored IP address is invalid or the PS4 is not connected to WiFi")
+                log("To refresh IP address load the exploit again from the app and connect to it on the PS4")
+                return@launch
+            }
+            val outStream = outSock.getOutputStream()
+            val stream = contentResolver.openInputStream(payloadUri)
+            outStream.write(stream?.readBytes())
+            outStream.flush()
+            outStream.close()
+            outSock.close()
         }
     }
 
     override fun onNothingSelected(parent: AdapterView<*>) {
         // Another interface callback
     }
 
-
     private fun log(message: String) {
         runOnUiThread{
             val logTextView = findViewById<TextView>(R.id.txtVwLog)
             logTextView.append(message)
             logTextView.append("\n")
+
+            if (server.lastPS4 != null) {
+                findViewById<TextView>(R.id.txtVwPS4IP).text = "PS4 Last IP Address: ${server.lastPS4}"
+            }
         }
     }
 
@@ -200,6 +270,11 @@ class MainActivity : AppCompatActivity(), AdapterView.OnItemSelectedListener {
 
     private  fun updatePreferences() {
         val editor = sharedPreferences.edit()
+
+        if (server.lastPS4 != null) {
+            editor.putString("lastPS4", server.lastPS4)
+        }
+
         editor.putStringSet("payloads", payloads)
         editor.commit()
     }

diff --git a/app/src/main/res/drawable/border.xml b/app/src/main/res/drawable/border.xml
@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="utf-8"?>
+<shape xmlns:android="http://schemas.android.com/apk/res/android"
+    android:shape="rectangle" >
+
+    <!-- View background color -->
+    <solid
+        android:color="@color/white" >
+    </solid>
+
+    <!-- View border color and width -->
+    <stroke
+        android:width="1dp"
+        android:color="@color/black" >
+    </stroke>
+
+    <!-- The radius makes the corners rounded -->
+    <corners
+        android:radius="2dp"   >
+    </corners>
+
+</shape>
diff --git a/app/src/main/res/layout/content_main.xml b/app/src/main/res/layout/content_main.xml
@@ -29,14 +29,119 @@
             android:layout_marginRight="10dp"
             android:text="Start Server"/>
 
-        <Spinner
-            android:id="@+id/spnrPayload"
+        <LinearLayout
             android:layout_width="match_parent"
             android:layout_height="wrap_content"
             android:layout_marginStart="10dp"
             android:layout_marginLeft="10dp"
             android:layout_marginEnd="10dp"
-            android:layout_marginRight="10dp"/>
+            android:layout_marginRight="10dp"
+            android:background="@drawable/border"
+            android:orientation="vertical">
+
+            <TextView
+                android:id="@+id/lblPayloadInfo"
+                android:layout_width="match_parent"
+                android:layout_height="wrap_content"
+                android:layout_margin="5dp"
+                android:gravity="center"
+                android:text="@string/payload_info"/>
+
+            <LinearLayout
+                android:layout_width="match_parent"
+                android:layout_height="wrap_content"
+                android:orientation="horizontal">
+
+                <TextView
+                    android:id="@+id/lblPayload"
+                    android:layout_width="wrap_content"
+                    android:layout_height="wrap_content"
+                    android:layout_marginStart="10dp"
+                    android:layout_marginLeft="10dp"
+                    android:layout_weight="1"
+                    android:gravity="center"
+                    android:text="PayLoad:"
+                    android:textColor="#000000"
+                    android:textSize="16sp"
+                    android:textStyle="bold" />
+
+                <Spinner
+                    android:id="@+id/spnrPayload"
+                    android:layout_width="280dp"
+                    android:layout_height="wrap_content"
+                    android:layout_marginStart="10dp"
+                    android:layout_marginLeft="10dp"
+                    android:layout_marginEnd="10dp"
+                    android:layout_marginRight="10dp" />
+            </LinearLayout>
+        </LinearLayout>
+
+        <LinearLayout
+            android:layout_width="match_parent"
+            android:layout_height="wrap_content"
+            android:layout_marginStart="10dp"
+            android:layout_marginLeft="10dp"
+            android:layout_marginTop="5dp"
+            android:layout_marginEnd="10dp"
+            android:layout_marginRight="10dp"
+            android:layout_marginBottom="5dp"
+            android:background="@drawable/border"
+            android:orientation="vertical">
+
+            <TextView
+                android:id="@+id/lblManualPayload"
+                android:layout_width="match_parent"
+                android:layout_height="wrap_content"
+                android:gravity="center"
+                android:text="@string/manual_payload_info" />
+
+            <LinearLayout
+                android:layout_width="match_parent"
+                android:layout_height="match_parent"
+                android:orientation="horizontal">
+
+                <TextView
+                    android:id="@+id/lblPayload2"
+                    android:layout_width="wrap_content"
+                    android:layout_height="wrap_content"
+                    android:layout_marginStart="10dp"
+                    android:layout_marginLeft="10dp"
+                    android:layout_weight="1"
+                    android:gravity="center"
+                    android:text="PayLoad:"
+                    android:textColor="#000000"
+                    android:textSize="16sp"
+                    android:textStyle="bold" />
+
+                <Spinner
+                    android:id="@+id/spnrManualPayload"
+                    android:layout_width="280dp"
+                    android:layout_height="wrap_content"
+                    android:layout_marginStart="10dp"
+                    android:layout_marginLeft="10dp"
+                    android:layout_marginEnd="10dp"
+                    android:layout_marginRight="10dp" />
+
+            </LinearLayout>
+
+            <Button
+                android:id="@+id/btnSendPayload"
+                android:layout_width="match_parent"
+                android:layout_height="wrap_content"
+                android:layout_marginStart="10dp"
+                android:layout_marginLeft="10dp"
+                android:layout_marginEnd="10dp"
+                android:layout_marginRight="10dp"
+                android:text="@string/send_payload"/>
+
+            <TextView
+                android:id="@+id/txtVwPS4IP"
+                android:layout_width="match_parent"
+                android:layout_height="wrap_content"
+                android:gravity="center"
+                android:text="PS4 Last IP Address:" />
+
+        </LinearLayout>
 
         <TextView
             android:id="@+id/txtVwLog"

diff --git a/app/src/main/res/values/strings.xml b/app/src/main/res/values/strings.xml
@@ -1,4 +1,9 @@
 <resources>
+    <string name="payload_info">The payload chosen below will be automatically loaded after the
+        exploit has finished working. \n \n Choose <b><u>Add custom payload...</u></b> from the list
+        to choose another one from your device.</string>
+    <string name="manual_payload_info">Choose a payload below and press send to it on port 9090</string>
+    <string name="send_payload">Send Payload to port 9090</string>
     <string name="app_name">PS4 JailBreak</string>
     <string name="action_settings">Settings</string>
     <!-- Strings used for fragments for navigation -->