Register
Upgrade now! Click here to upgrade.
WeLeaks Consoles Playstation Playstation 4 v PS4 3.55 Updated and More Extensive Gadget List Code from Dragood2

PS4 3.55 Updated and More Extensive Gadget List Code from Dragood2
Snow
Offline

Rookie User
*
Posts:
34

Threads:
27

Likes:
14

Joined:
Oct 2016

Reputation:
0

Credits: 117
1 Year Of Service
#1
10-09-2016, 10:39 PM (This post was last modified: 10-09-2016, 10:40 PM by Snow.)
PS4 3.55 Updated and More Extensive Gadget List

Code:
gadgetMap = {
 'PlayStation 4 3.55': {
   'xchg rax, rsp; dec dword ptr [rax - 0x77]': new gadget(VTABLE, -0x18a353f),
   'pop rcx; pop rcx': new gadget(VTABLE, -0x5e970c),
   'add dword ptr [rax - 0x77], ecx': new gadget(VTABLE, -0x18c3d40),
   'mov qword ptr [rdi], rax': new gadget(VTABLE, -0x2372c99),
   'syscall': new gadget(VTABLE, -0x3dc1a6),
   'mov rax, qword ptr [rax]': new gadget(VTABLE, -0x238e98d),
 
// 1.76 gadgets updated with 3.55 locations
   'pop rbp': new gadget(WEBKIT2, 0x2177),
   'pop rax': new gadget(WEBKIT2, 0x1c6ab),
   'pop rcx': new gadget([WEBKIT2, 0x3ca71b),
   'pop rdx': new gadget(WEBKIT2, 0x1afa),
   'pop rsi': new gadget(WEBKIT2, 0xb9ebb),
   'pop rdi': new gadget(WEBKIT2, 0x113991),
   'pop r8': new gadget(WEBKIT2, 0x1c6aa),
   'pop r9': new gadget(WEBKIT2, 0xee0a8f),
   'pop rsp': new gadget(WEBKIT2, 0x376850),

   'mov r10, rcx; syscall': new gadget(LIBKERNEL, 0x4b7),
   'mov [rax+0x1e8], rdx': new gadget(LIBKERNEL, 0x2032),

//  'mov [rax+0x60], rdi': new gadget([0x48, 0x89, 0x78, 0x60], WEBKIT2, 0x2b7274),-----------------------------------------missing
//   mov qword [rax+0x60], rdi ; ret ; -------------------------------------------------------------------------------------missing

   'mov [rax+0x8], rsi': new gadget(WEBKIT2, 0x5af574),
//  'mov [rax+0xc0], rcx': new gadget([0x48, 0x89, 0x88, 0xc0, 0x00, 0x00, 0x00], WEBKIT2, 0x369e6d), ----------------------- missing
   'mov [rax], rcx': new gadget(WEBKIT2, 0x1129eee),
//  'mov [rax], rdx': new gadget([0x48, 0x89, 0x10], WEBKIT2, 0x3579c0), ------------------------------------missing
   'mov [rax], rsi': new gadget(WEBKIT2, 0x3d7a87),

   'mov [rax], dh': new gadget( WEBKIT2, 0x215ca8),

   'mov [rcx], rax': new gadget(WEBKIT2, 0x225814),
   'mov [rcx], rdx': new gadget(WEBKIT2, 0xbde080),

   'mov [rdx], rcx': new gadget(WEBKIT2, 0x40c889),
   'mov [rdx], rsi': new gadget(WEBKIT2, 0xf64a0f),

   'mov [rsi+0x18], rax': new gadget(WEBKIT2, 0x681f7),
   'mov [rsi+0x8], r8': new gadget(WEBKIT2, 0x25b67a),
   'mov [rsi], rcx': new gadget(WEBKIT2, 0x12390),

   'mov [rdi], rax': new gadget(WEBKIT2, 0x11fc37),
//  'mov [rdi+0x88], rax': new gadget([0x48, 0x89, 0x87, 0x88, 0x00, 0x00, 0x00], WEBKIT2, 0x1c0e03),------------------ missing
//  'mov [rdi+0xa0], rcx': new gadget([0x48, 0x89, 0x8f, 0xa0, 0x00, 0x00, 0x00], WEBKIT2, 0xb6b5),---------------------missing
   'mov [rdi+0x80], rdx': new gadget(WEBKIT2, 0x1153d24),
   'mov [rdi+0x80], rsi': new gadget(WEBKIT2, 0x3dc290),
//  'mov [rdi+0x20], r8': new gadget([0x4c, 0x89, 0x47, 0x20], 12, 0x40415),--------------------------------------------missing
   'mov [rdi+0x20], rdx': new gadget(WEBKIT2, 0xb610b),

//  'mov [r10], rdi': new gadget([0x49, 0x89, 0x3a], 16, 0x1ba44), -----------------------------------------------------missing
//  'mov [r10], rdx': new gadget([0x49, 0x89, 0x12], 16, 0x1b79b), -----------------------------------------------------missing
//  'mov [r10], rsi': new gadget([0x49, 0x89, 0x32], 16, 0x1b8cd), -----------------------------------------------------missing

   'mov rdi, [rdi+0x48]': new gadget(LIBC, 0x8e982),
   'mov rsi, rax; jmp rcx': new gadget(WEBKIT2, 0x1ac260),

//  'mov rax, [rax+0x830]': new gadget([0x48, 0x8b, 0x80, 0x30, 0x08, 0x00, 0x00], 19, 0x1957),-------------------------missing
   'mov rax, [rdi]': new gadget(WEBKIT2, 0xa0450),
   'mov rax, [rdi+0x18]': new gadget(WEBKIT2, 0x131000),
//  'mov rax, [r10]': new gadget([0x49, 0x8b, 0x02], 16, 0xd93d),-------------------------------------------------------missing
//  'mov rax, [r11]': new gadget([0x49, 0x8b, 0x03], 16, 0xd936),-------------------------------------------------------missing

   'mov rdx, [rdi+0x8]': new gadget(LIBC, 0x6973),

   'mov rax, rdi': new gadget(LIBC, 0x9480),
   'mov rax, rsi': new gadget(LIBC, 0xc3b4),
   'mov rax, r8': new gadget(LIBC, 0x70738),

   'mov rdx, rdi': new gadget(LIBC, 0x8a7f),

   'add ah, byte [rax]': new gadget(WEBKIT2, 0xf36798),
   'add edi, dword [rcx]': new gadget(WEBKIT2, 0xfcbffd),

   'call rax': new gadget(LIBKERNEL, 0x72),
   'call rbx': new gadget(LIBC, 0x9c50),
   'call rcx': new gadget(LIBC, 0x2f05),
   'call rdx': new gadget(LIBC, 0x9d5c9),
   'call rsi': new gadget(LIBC, 0x9d7d),

   'jmp rax': new gadget(LIBC, 0x92),
   'jmp rbx': new gadget(LIBC, 0x222f5),
   'jmp rcx': new gadget(LIBC, 0xb7cc),
   'jmp rdx': new gadget(LIBC, 0xb81c),

   'ret': new gadget(WEBKIT2, 0x1d0f),
 },
Have any questions? Feel free to PM me! / Knowledge is Power
Find
Reply
Red
Offline

Painting the town Red
*
Posts:
0

Threads:
0

Likes:
442

Joined:
Sep 2016

Reputation:
103

Credits: 2,577
Elite PosterCredits IGraphics ExpertTop Daily PosterAxeMaster PosterSlyGrammar NaziCredits IILegend PosterGoldDiamondEmeraldLikedYouTubeKnightCredit WhoreHoarderSelfie LeakerAdvertiserLoungeHelperReferrerHalloween 2016Reputation King
1 Year Of Service
#2
10-09-2016, 11:18 PM
(10-09-2016, 10:39 PM)Snow Wrote:
PS4 3.55 Updated and More Extensive Gadget List

Code:
gadgetMap = {
 'PlayStation 4 3.55': {
   'xchg rax, rsp; dec dword ptr [rax - 0x77]': new gadget(VTABLE, -0x18a353f),
   'pop rcx; pop rcx': new gadget(VTABLE, -0x5e970c),
   'add dword ptr [rax - 0x77], ecx': new gadget(VTABLE, -0x18c3d40),
   'mov qword ptr [rdi], rax': new gadget(VTABLE, -0x2372c99),
   'syscall': new gadget(VTABLE, -0x3dc1a6),
   'mov rax, qword ptr [rax]': new gadget(VTABLE, -0x238e98d),
 
// 1.76 gadgets updated with 3.55 locations
   'pop rbp': new gadget(WEBKIT2, 0x2177),
   'pop rax': new gadget(WEBKIT2, 0x1c6ab),
   'pop rcx': new gadget([WEBKIT2, 0x3ca71b),
   'pop rdx': new gadget(WEBKIT2, 0x1afa),
   'pop rsi': new gadget(WEBKIT2, 0xb9ebb),
   'pop rdi': new gadget(WEBKIT2, 0x113991),
   'pop r8': new gadget(WEBKIT2, 0x1c6aa),
   'pop r9': new gadget(WEBKIT2, 0xee0a8f),
   'pop rsp': new gadget(WEBKIT2, 0x376850),

   'mov r10, rcx; syscall': new gadget(LIBKERNEL, 0x4b7),
   'mov [rax+0x1e8], rdx': new gadget(LIBKERNEL, 0x2032),

//  'mov [rax+0x60], rdi': new gadget([0x48, 0x89, 0x78, 0x60], WEBKIT2, 0x2b7274),-----------------------------------------missing
//   mov qword [rax+0x60], rdi ; ret ; -------------------------------------------------------------------------------------missing

   'mov [rax+0x8], rsi': new gadget(WEBKIT2, 0x5af574),
//  'mov [rax+0xc0], rcx': new gadget([0x48, 0x89, 0x88, 0xc0, 0x00, 0x00, 0x00], WEBKIT2, 0x369e6d), ----------------------- missing
   'mov [rax], rcx': new gadget(WEBKIT2, 0x1129eee),
//  'mov [rax], rdx': new gadget([0x48, 0x89, 0x10], WEBKIT2, 0x3579c0), ------------------------------------missing
   'mov [rax], rsi': new gadget(WEBKIT2, 0x3d7a87),

   'mov [rax], dh': new gadget( WEBKIT2, 0x215ca8),

   'mov [rcx], rax': new gadget(WEBKIT2, 0x225814),
   'mov [rcx], rdx': new gadget(WEBKIT2, 0xbde080),

   'mov [rdx], rcx': new gadget(WEBKIT2, 0x40c889),
   'mov [rdx], rsi': new gadget(WEBKIT2, 0xf64a0f),

   'mov [rsi+0x18], rax': new gadget(WEBKIT2, 0x681f7),
   'mov [rsi+0x8], r8': new gadget(WEBKIT2, 0x25b67a),
   'mov [rsi], rcx': new gadget(WEBKIT2, 0x12390),

   'mov [rdi], rax': new gadget(WEBKIT2, 0x11fc37),
//  'mov [rdi+0x88], rax': new gadget([0x48, 0x89, 0x87, 0x88, 0x00, 0x00, 0x00], WEBKIT2, 0x1c0e03),------------------ missing
//  'mov [rdi+0xa0], rcx': new gadget([0x48, 0x89, 0x8f, 0xa0, 0x00, 0x00, 0x00], WEBKIT2, 0xb6b5),---------------------missing
   'mov [rdi+0x80], rdx': new gadget(WEBKIT2, 0x1153d24),
   'mov [rdi+0x80], rsi': new gadget(WEBKIT2, 0x3dc290),
//  'mov [rdi+0x20], r8': new gadget([0x4c, 0x89, 0x47, 0x20], 12, 0x40415),--------------------------------------------missing
   'mov [rdi+0x20], rdx': new gadget(WEBKIT2, 0xb610b),

//  'mov [r10], rdi': new gadget([0x49, 0x89, 0x3a], 16, 0x1ba44), -----------------------------------------------------missing
//  'mov [r10], rdx': new gadget([0x49, 0x89, 0x12], 16, 0x1b79b), -----------------------------------------------------missing
//  'mov [r10], rsi': new gadget([0x49, 0x89, 0x32], 16, 0x1b8cd), -----------------------------------------------------missing

   'mov rdi, [rdi+0x48]': new gadget(LIBC, 0x8e982),
   'mov rsi, rax; jmp rcx': new gadget(WEBKIT2, 0x1ac260),

//  'mov rax, [rax+0x830]': new gadget([0x48, 0x8b, 0x80, 0x30, 0x08, 0x00, 0x00], 19, 0x1957),-------------------------missing
   'mov rax, [rdi]': new gadget(WEBKIT2, 0xa0450),
   'mov rax, [rdi+0x18]': new gadget(WEBKIT2, 0x131000),
//  'mov rax, [r10]': new gadget([0x49, 0x8b, 0x02], 16, 0xd93d),-------------------------------------------------------missing
//  'mov rax, [r11]': new gadget([0x49, 0x8b, 0x03], 16, 0xd936),-------------------------------------------------------missing

   'mov rdx, [rdi+0x8]': new gadget(LIBC, 0x6973),

   'mov rax, rdi': new gadget(LIBC, 0x9480),
   'mov rax, rsi': new gadget(LIBC, 0xc3b4),
   'mov rax, r8': new gadget(LIBC, 0x70738),

   'mov rdx, rdi': new gadget(LIBC, 0x8a7f),

   'add ah, byte [rax]': new gadget(WEBKIT2, 0xf36798),
   'add edi, dword [rcx]': new gadget(WEBKIT2, 0xfcbffd),

   'call rax': new gadget(LIBKERNEL, 0x72),
   'call rbx': new gadget(LIBC, 0x9c50),
   'call rcx': new gadget(LIBC, 0x2f05),
   'call rdx': new gadget(LIBC, 0x9d5c9),
   'call rsi': new gadget(LIBC, 0x9d7d),

   'jmp rax': new gadget(LIBC, 0x92),
   'jmp rbx': new gadget(LIBC, 0x222f5),
   'jmp rcx': new gadget(LIBC, 0xb7cc),
   'jmp rdx': new gadget(LIBC, 0xb81c),

   'ret': new gadget(WEBKIT2, 0x1d0f),
 },

Thanks for sharing this code man, I appreciate it! Heart
Are you a guest to this site? Click the image below and sign up today!
[Image: FTYbRmR.gif]
Find
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)

About Us

AC-WEB is a growing community that suits everyone. Participate in discussions, share your resources, tools & software, learn to code, showcase your artwork, earn credits to unlock downloads and much more. Join today, we won't disappoint you.


If you want to contact us, you can use our contact form.
Alternatively, you can message an Administrator.

Navigation
Rules
Help Docs
Staff
Support Section
Contact Form
Extras
Upgrade
Credits
Awards
Groups
Stats
Your Account
Your Account
Your Awards
Change Avatar
Edit Signature
Upgrade Account
© All Rights Reserved AC-WEB.
Powered By SecurityTeam ‐ Theme by SecurityTeam VPN