Tp link 1043nd libc++abi: terminating due to uncaught exception of type std::__1::system_error: thread constructor failed: #61
Comments
|
run 92608 |
|
Hi all, I am running pppwn on a very old router, La Fonera+ from 2007. 16 MB of RAM, 8 MB of flash and a MIPS processor. I got the aforementioned error as soon as I reach Stage 1. ChatGPT suggests it may be related to hardware limitations. So my question is, which are the absolutely minimum system requirements to run this software? May uninstall unused services relieve some RAM and processor workload and make it work? I can provide more context if necessary. Thank you and regards. PS: the complete error says "libc++abi: terminating due to uncaught exception of type std::__1::system_error: thread constructor failed: Resource temporarily unavailable Aborted" PS: I'll try this later: And let you all know the results. PS: No, it does not work either. |
|
https://nightly.link/xfangfang/PPPwn_cpp/workflows/ci.yaml/main?status=completed run with -rs -bs 10240 |
Hmmm now it seems to work a little further:
But I get several kernel panics at the "Waiting for LCP configure reject..." point, I'll keep trying. |
@Greengoblin007 if this works (a little further) then the above should work, because they are the same build. I doubt if you really used the -rs option.
|
Logs:
CPU pinning: 5 seconds approx. Also I cannot install OpenWRT's latest version as my router only supports 10.03.1 (aka Backfire). Now I don't get so many kernel panicks, but I am stuck at the same point as before: Waiting for LCP configure reject... I know this xploit is more stable in 11.00 firmware, but for testing purposes I am testing it on 10.71 as it is the firmware I have in my PS4 right now. Thank you and regards! |
|
@3po3po I don't have any ideas, maybe you can only debug it yourself. Without a real device, it's difficult for me to infer where the problem may be. Perhaps you can also try the release version: https://github.com/xfangfang/PPPwn_cpp/releases/tag/1.0.0 |
|
Definitely Ram Issue for "normal operations" tested is 64mb RAM |
|
There is always a choice of DD-WRT but you have to mount USB memory stick for storage and don't go with version older than 40000 point is that it should have Linux Kernel 2.6.54 at least, but please be aware with those "new" version there is always chance that you cant go back to old firmware's ,that especially is true with old gear !!! Have good luck! |
|
TEST results processor : 1 1st run 1:20 sucess 2nd run 2:20 sucess kernel panic on power off delayed 3rd run abort after 7 min 4th run 3:30 succes 5th run after 3min process termination 6th run after 2min process termination 7th run 1:30 success 8th run 5min success 9th run 3min success 10th run 1:15 success No direct KP only 1 delayed from 10 in row 64mb system memory Open WRT (23.05) |
|
These 2 that i called termination happen just at this execution point [] Sending malicious LCP configure request... I noticed the same for 64mb and 128 mb so that one look promising for research |
Thank you for providing details, but I don't fully understand the details of cracking. I just translated the code from Python to C++ for running on lower end devices. There may indeed be issues with the current cracking method, even with the original Python version. |
It trow an error on stage 1
system type : Atheros AR9132 rev 2
machine : TP-Link TL-WR1043ND v1
processor : 0
cpu model : MIPS 24Kc V7.4
BogoMIPS : 265.42
wait instruction : yes
microsecond timers : yes
tlb_entries : 16
extra interrupt vector : yes
hardware watchpoint : yes, count: 4, address/irw mask: [0x0ffc, 0x0ffc, 0x0ffb, 0x0ffb]
isa : mips1 mips2 mips32r1 mips32r2
ASEs implemented : mips16
Options implemented : tlb 4kex 4k_cache prefetch mcheck ejtag llsc dc_aliases perf_cntr_intr_bit nan_legacy nan_2008 perf
shadow register sets : 1
kscratch registers : 0
package : 0
core : 0
VCED exceptions : not available
VCEI exceptions : not available
root@OpenWrt:~# ./pppwn --interface br-lan --fw 1100 --stage1 "/root/stage1_1100
.bin" --stage2 "/root/stage2_1100.bin" --auto-retry
[+] PPPwn++ - PlayStation 4 PPPoE RCE by theflow
[+] args: interface=br-lan fw=1100 stage1=/root/stage1_1100.bin stage2=/root/stage2_1100.bin timeout=0 wait-after-pin=1 groom-delay=4 auto-retry=on no-wait-padi=off real_sleep=off
[+] STAGE 0: Initialization
[] Waiting for PADI...
[] Waiting for PADI...
[+] pppoe_softc: 0xffff976e174cd400
[+] Target MAC: 2c:cc:44:70:4c:6f
[+] Source MAC: 07:d4:4c:17:6e:97
[+] AC cookie length: 4e0
[] Sending PADO...
[] Waiting for PADR...
[] Sending PADS...
[] Sending LCP configure request...
[] Waiting for LCP configure ACK...
[] Waiting for LCP configure request...
[] Sending LCP configure ACK...
[] Sending IPCP configure request...
[] Waiting for IPCP configure ACK...
[] Waiting for IPCP configure request...
[] Sending IPCP configure NAK...
[] Waiting for IPCP configure request...
[] Sending IPCP configure ACK...
[] Waiting for interface to be ready...
[+] Target IPv6: fe80::2ecc:44ff:fe70:4c6f
[+] Heap grooming...done
[+] STAGE 1: Memory corruption
libc++abi: terminating due to uncaught exception of type std::__1::system_error: thread constructor failed: Resource temporarily unavailable
The text was updated successfully, but these errors were encountered: