MacOS Guide to hopefully help others #10
Comments
Doyle4
changed the title
|
I followed all the steps of yours. I have Macbook M1. @-MacBook-Air ~ % sudo /Users/kiaara/Desktop/PPPwn/pppwn --interface en0 --fw 1100 --stage1 “/Users/kiaara/Desktop/PPPwn/stage1.bin” --stage2 “/Users/kiaara/Desktop/PPPwn/stage2.bin” --auto-retry Here is file permission: I tried running sudo xattr -rd com.apple.quarantine for stage1 and stage2 but still same issue. |
|
"[-] Cannot open: “/Users/kiaara/Desktop/PPPwn/stage1.bin”" It can not find the path to the stage1.bin, make sure the path to the file is correct. I just realised you are also using an M Series mac, Im guessing you are using an adapter for ethernet. |
|
It's exactly in the same folder as pppwn file. you can see the path of pppwn file. |
|
@Doyle4 The relevant step should change to: Alternatively, you could directly install Wireshark and then follow the prompts to install ChmodBPF: https://www.wireshark.org/docs/wsug_html_chunked/ChBuildInstallOSXInstall.html |
|
System Preferences > Security and Privacy > Full disk access > drag pppwn into there. See if giving pppwn full disk access helps, your error is the stage file can't be located. |
|
@Dakshpro maybe you need to remove the I think what you use is |
I never spotted that, also good catch! |
|
@xfangfang Thanks for the WireShark tip! this has made the process much better, if it failed before ChmodBPF was installed, the retry would loop and the Mac would need resetting. I think WireShark/ChmodBPF is worth installing, will add to the guide im making for MacOS. |
Great.. this solution. worked. [+] STAGE 0: Initialization I am using ethernet adapter to USB-C with ethernet cable to PS4. Tried sharing internet but not working |
|
Reboot your Mac, Reboot PS4 On mac, Run the pppwn, enter password, once pressed enter after password, on the PS4 press "Test Connection". |
If you haven't already, Install WireShark and also install ChmodBPF.pkg, where it says Ethernet, it should say en0, if it doesn't, take note of what it says and change en0 from the command line needed to run pppwn and replace with the name WireShark shows next to Ethernet. |
Not working. Ps4 fails to obtain IP. |
|
This is what WireShark shows for me and shows Ethernet as en0. |
|
I have to get sleep as its now almost 7:30am here, any issues I'll get back to you asap. |
|
@Dakshpro if you are using USB adapter, then it cannot be en0, check wireshark and find something like: “USB 10/100 LAN: en*” if you are using a mac mini, then en0 would be the one in the mac mini back, no idea for macbook. or just simply try from en1 to en20 |
This is what I have. Which one should I use?
I have Macbook Air M1 which has 2 usb C port. I have used one port out of it.
|
|
@Dakshpro You can turn on the PS4 and see which curve suddenly shows up (meaning data has been received) that's the one you want. Otherwise something wrong must happened. |
|
It's great and all, thanks for the instructions, but it would be very nice if someone could make a more streamlined solution for macOS, I mean GUI like PPPwnGo etc for Win, without needing to download and install supplementing utils. |
It finally showed en5. Thanks for the hint. |
Make sure you are using the set for your Firmware, so if you are on 11.00 you need the 11.00 Stage files and renamed to exactly the same as what the Terminal code is looking for. EDIT: Spotted you said it was en5... Looking at your screen grab, its either en3 or en4 as thats your Ethernet adapter. |
It will happen, no point just yet as there a few issues and harder to resolve with not many users using Mac. |
Using exactly the right stage1 and stage2 files for v11.0 |
|
Its difficult as I have no access to an M Series Mac, I only own Intel. |
|
for finding correct port you can do this 1.Press and hold Option |
I found the correct port but the issue is, process fails exactly at "scanning for corrupted object". |
|
i am also a m1 mac user i am. running it through VMware fusion ubuntu i have got a pre compiled file which you have run through docker i got it from someone, now i just open the terminal and run it is working for me max it took is 2 attempts |
|
@Akshayraiker11 $ pppwn list
[+] PPPwn++ - PlayStation 4 PPPoE RCE by theflow
[+] interfaces:
en0 Ethernet
en6 USB 10/100 LAN
en4 Ethernet Adapter (en4)
en5 Ethernet Adapter (en5)
en10 USB 10/100/1000 LAN
bridge0 Thunderbolt Bridge
en1 Wi-Fi
en2 Thunderbolt 1
en3 Thunderbolt 2@Dakshpro |
|
can someone over here make a complete guild m series mac user to run it properly even youtube doesnt have a single video on it @xfangfang @Doyle4 |
|
@s3vo wrong stage1.bin |
I have used the precompiled bin from Pi repo, as I had problems compiling my own, I am on 9,00 FW, just testing UPDATE: tried stage1 from here : and the result is the same: [+] STAGE 2: KASLR defeat [*] Defeating KASLR... [+] STAGE 3: Remote code execution |
|
Hi everyone, I'm on an intel macbook pro and this is what I get Chris@ChristophersMBP ~ % sudo /Users/Chris/Desktop/PPPwn/pppwn/pppwn —interface en5 --fw 1100 --stage1 “/Users/Chris/Desktop/PPPwn/pppwn/Stage1.bin” --stage2 “/Users/Chris/Desktop/PPPwn/pppwn/Stage2.bin” OPTIONS |
I think you need a space between stage2"/Users |
|
@bajinmuu2 maybe you need to remove the ” around stage.bin path ? I think what you use is ”, is not a " |
Hi thank you for replying. I've tried " (copy and pasted from this thread) as well as removing it completely. I still get the same result |
|
@bajinmuu2 the interface option is wrong, there should be two ”-” |
Updated, thanks. Also added your reply about quotations not needed, I needed them in my command so I left it in, but let other know to remove if getting the error thanks. |
He does indeed. |
Looking at your path, it shows PPPwn/pppwn/pppwn Folder layout I used was a folder named PPPwn that had the pppwn exec inside along with Stage1 and Stage2 bin files. |
This worked! Thank you so much. I have a new issue though. At some point during the process, my USB lan adapter became unrecognized. When I check my network settings, it says Connected but no IP address assigned. I've tried renewing the DHCP and assigning an IP manually. When I started this whole process, I used Wireshark and was able to identify the adapter as en05, but now when I go into Wireshark the adapter is gone. Is it somehow related to SIP? EDIT: I totally forgot I had a second MBP in the house which worked flawlessly. It turns out when I updated my MBP to the latest OS, it stopped recognizing the usb lan adapter which is really stupid on MAC. Thank you everyone for the help! |
|
Is there a way to pass the internet connection from the Mac to the PS4 like the way it can be done on the Raspberry Pi? The network speed on the Pi 3 is garbage and was hoping going through my Mac would be much faster. |
System Settings > General > Sharing > Internet Sharing > (i) You click on "i" and set which connection you share (Wi-Fi f.e.) with which devices (PS4 connected to Ethernet f.e.) |
I tried that before posting as it didn't work. The PS4 wasn't getting an IP address. |
This comment was marked as off-topic.
This comment was marked as off-topic.
No, I left it on PPPoE like you do on the Raspberry Pi. If I have to keep switching between PPPoE and regular, I guess I'll have to put up with the Raspberry Pi's slow network speed since you don't have to keep messing with the PS4's Network settings. |
This comment was marked as off-topic.
This comment was marked as off-topic.
I takes several minutes for me to change the settings as I use a DNS to block connections to Sony and the PS4 makes me have to re-enter the DNS address when I change settings. It's not easy. |
In the "PPPoE mode" (ready for JB or JBroken) the console connected to Mac won't be able to get any update anyway. When JBroken with enabled internet connection (switched from PPPoE to Easy setup) it won't be able to update firmware too (GoldHEN block) and if you won't run games it won't try to update them. I don't use any DNS blocks. |
|
I have implemented a simple network access function, which has only been tested on the macOS/Windows. Since someone needs it, I will send it out first and welcome anyone to improve the code. https://github.com/xfangfang/PPPwn_cpp/tree/gateway At present, the function is very simple. I am not sure if it can be used stably for a long time. https://github.com/xfangfang/PPPwn_cpp/actions/runs/9335327384 Usage: pppwn network --interface en0 --interface-net en1 |
I don't want the console to be able to connect to Sony's servers period. The console will try to update games when I go to play them and I don't want that. Plus I don't want the console to send any information such as errors and such to Sony. It is more than not wanting the console to download a firmware update. The PS4 sends all sorts of data back to Sony. |
Sorry, don't quite get it. So if I exchange --interface with --interface-net when I jailbreak, the console will have internet access after jailbreak without any additional actions? Currently, after JB I just change LAN (PPPoE) internet connection to LAN (Easy) in the PS4 internet settings to get internet access (Wi-Fi on Mac shared for Ethernet port), and change it back to PPPoE before I turn off the console so that it would be ready for JB next time. |
|
You run the normal command to JB the console.
Then after it's done and you are back the command prompt you run:
--interface is the connection to the PS4 and --interface-net is Mac's connection to the internet. No need to go to Sharing in System Settings to share internet connection. EDIT: While this now does get my PS4 online without having to switch between PPPoE and Custom Ethernet, it seems, at least for now, FTP doesn't work which was the only reason I wanted to use something other than the rPI for JB and Internet. |
I can confirm that, it doesn't seem to work for FTP. |
|
I have a PS4 firmware 11.00 model CUH-1001A, trying to jailbreak ona Hackintosh; basically a MacOS that crashes my PS4 on every attempt to jailbreak at Stage 1 [+] STAGE 1: Memory corruption |
|
sorry to bother you I have a PS4 slim and everything works well until it ends stage 1 where my PS4 crashes. Maybe the latest corrections made for all PS4 models would make mien work. where can i download stage1.bin and stage2.bin files (im a newbie and I dont seem to find them anywhere...). thank you very much |
|
Only stage 2 has been updated, and this is up to date. If you can, paste your log. |
Thank you, I've been able to solve it by myself. If anyone is interested about what I did, it was simply: 1- Download the first release of pppwn c++ from this link: https://github.com/xfangfang/PPPwn_cpp/releases/tag/1.0.0. Somehow, the latest version makes my ps4 kernel panic all the time. But with this version it runs smooth almost always. 2- Use the stage1.bin and stage2.bin from here: https://github.com/0x1iii1ii/PPPwn-Luckfox Using those files I've been able to inject the payload close to 50 times with only 2 or 3 times of "freezing" during the process. So very happy and relieved :) |
Mac user here, took me a little bit to figure out what was needed etc, and also changing a few things got it working.
https://github.com/xfangfang/PPPwn_cpp?tab=readme-ov-file
Scroll down until you see ‘Nightly Builds’ and press on the Nightly Link
Download the required version for your machine, I used x86_64-macos-none as I use a Intel MacBook Pro.
Create a folder named PPPwn, place downloaded pppwn folder inside.
You also need Stage1.bin and Stage2.bin, I used the files from the RaspberryPi PPPwn.
Link: https://github.com/stooged/PI-Pwn
There are two sets of Stage Files, one for 9.00 (Stage1_900 & Stage2_900)
and a set for 11.00 (Stage1_1100 & Stage2_11.00)
Use the set for your firmware. Rename them Stage1.bin and Stage2.bin and put them in the PPPwn folder with pppwn, You should now have 3 files in PPPwn - pppwn/Stage1.bin/Stage2.bin
Make sure you have goldhen.bin on the root of a USB stick and is inserted into the PS4, goldhen.bin is included in the RaspberryPi PPPwn download. USB Stick should be formatted to either Fat32 or Exfat, make sure if formatting the USB stick, change the partition to Windows and not GUID which is default on a Mac or the the PS4 wont detect the USB stick.
On the PS4, goto Settings - Network - Setup Internet Connection - Use a LAN Cable - Custom - PPPoE, create any user name and password, all other settings set to Automatic.
Run sudo xattr -rd com.apple.quarantine <drag pppwn here, DO NOT DRAG PPPwn folder> press enter, enter password, press enter again. This sort of worked for me, to get around it I had to use Sudo in the Terminal code, so Im making the guide based on my experience and what’s working for me. Try without Sudo, if you get permission denied, Sudo is needed at start of Terminal Code to give permission.
You also must have **SIP enabled**, if unsure, google how to check, make sure its enabled, if not, follow a guide how to re-enable it, if unsure how to disable it, you most likely have it enabled.
If using Little Snitch ot any other network monitoring service, either Allow all connections or disable the program blocking network connection or the exploit will not work.
Install Wireshark and then follow the prompts to install ChmodBPF: Link: https://www.wireshark.org/docs/wsug_html_chunked/ChBuildInstallOSXInstall.html
This will give bpf root access.
To run the exploit for 11.00, copy the following to Terminal:
sudo <Drag pppwn here - NOT THE FOLDER> --interface en0 --fw 1100 --stage1 “Drag Stage1.bin here” --stage2 “Drag Stage2.bin here” --auto-retry
Press enter, enter password, press Enter, Select ‘Test Connection’ on PS4.
Make sure you are using Stage1 and Stage2 for 11.00
Example:
sudo /Volumes/1TB/PS4/PPPwn/pppwn --interface en0 --fw 1100 --stage1 "/Volumes/1TB/PS4/PPPwn/stage1.bin" --stage2 "/Volumes/1TB/PS4/PPPwn/stage2.bin" --auto-retry
To run the exploit for 9.00, copy the following to Terminal:
sudo <Drag pppwn here - NOT THE FOLDER> --interface en0 --fw 900 --stage1 “Drag Stage1.bin here” --stage2 “Drag Stage2.bin here” --auto-retry
Press enter, enter password, press Enter, Select ‘Test Connection’ on PS4.
Make sure you are using Stage1 and Stage2 for 9.00
Example:
sudo /Volumes/1TB/PS4/PPPwn/pppwn --interface en0 --fw 900 --stage1 "/Volumes/1TB/PS4/PPPwn/stage1.bin" --stage2 "/Volumes/1TB/PS4/PPPwn/stage2.bin" --auto-retry
Other Notes:
If using a Ethernet Adapter you will need to change interface en0 to interface enX - Replace X with number Ethernet Adapter is using, to check use WireShark.
Update 14/5/24: Removed Alternative for ChmodBPF, ChmodBPF is much easier.
Update 28/5/24: "bin not found" issue? @serista "Works great on Mac Mini M1 and my PS4 12xx fat model. Tried it 3 times and it worked after 2nd attempt each time judging by the Terminal output.
You actually don't need to "Test internet connection". You just run the command on Mac, and then start your PS4 and wait.
Also the quotes around the bin files in the instruction aren't needed. They will only lead to the "...bin not found" message and the command won't work."
The text was updated successfully, but these errors were encountered: