fail0veerflow team make freebsd hack ps4

The fail0verflow team features an old bug in the FreeBSD system discovered in 2020 by a computer genius whose name is not known, finding it in just 15 minutes.

Following this discovery, a C++ code was developed to improve the reliability of exploits, as the PlayStation 5 kernel had introduced random memory functions.

To work on the bug, you need to configure a virtual machine (VM) with FreeBSD 11.0. The VM image can be downloaded from an online archive, and SSH must be enabled on the VM by adding a user and editing the configuration file to start the SSH service.

To rebuild the kernel with debugging support, you need to work directly on the VM, as FreeBSD’s 11.0 version is not compatible with non-FreeBSD systems.

The kernel is retread by removing the DDB option and adding the GDB option in the configuration. After compiling and installing the kernel, the machine is restarted and the kernel debugging file is extracted to be used with GDB.

The next step is to set up GDB to debug the kernel. The FreeBSD kernel source code is cloned and GDB is recompiled with support for FreeBSD.

Once this is done, you can start the kernel debugging by connecting to the virtual machine, using custom options for GDB to make the debugging process more efficient and manageable.

Below are all the steps described in the repository:

  • Configuration of virtual machine (VM):
    • Get the image of the VM:
    • Enable SSH: In VM, add a user with the command adduser, then add sshd_enable="YES"to the file /etc/rc.confand start SSH with the command /etc/rc.d/sshd start. .
  • Reconstruction of the kernel with debugging:
    • Compile on the VM, as the FreeBSD build system is not compatible with non-FreeBSD systems (compatibility has been added with FreeBSD 12/13 versions, but here serves version 11).
    • Consult with a consultation withthe official guideor proceed as follows:
      • Move to the kernel directory:
        cd /usr/src/sys/amd64/conf
      • Copy the GENERIC configuration:
        cp GENERIC /root/CONFIG
      • Create a symbolic link:
        ln -s /root/CONFIG
      • Editing the file CONFIGto remove the option DDBand add the option GDB. .
  • Compiling and installation:
    • Fill in the kernel with:
      cd /src/srcmake buildkernel KERNCONF=CONFIG
    • Install the kernel:
      make installkernel KERNCONF=CONFIG
    • Restart the VM.
    • Copy the debug file kernel.debugda da da da /usr/obj/usr/src/sys/CONFIG/off the VM to use with GDB.
  • Configuration of GDB:
    • Get the kernel source code for navigation and for GDB:
      git clone -b releng/11.0
    • Compile GDB with FreeBSD support:
      • Download the latest version of GDB by:
        and decompress the archive.
      • Create a build directory and sign in:
        mkdir build && cd build
      • Setting up GDB :
        ../configure --disable-binutils --disable-ld --disable-gold --disable-gas --disable-sim --disable-gprof --target=x86_64-unknown-freebsd
      • Fill out GDB:
        make -j64
  • Improvement of GDB:
  • File .gdbinitfor the FreeBSD kernel:
    • Configure the file.gdbinitfor the kernel:
      • Set the replacement path:
        set substitute-path /usr/src /home/shawn/freebsd
      • Set the style of disassembly:
        set disassembly-flavor intel
      • Specify the kernel debugging file:
        file kernel.debug
      • Connecting GDB to the VM:
        target remote /tmp/fbsd11
  • Interop with WSL:
  • Script to start GDB:
    • Create a shell script to launch GDB flexibly:
- !/bin/sh
gdb --data-directory/home/shawn/gdb-10.1/build/gdb/data-directory

The start of GDB :

  • In the VM, run the command to start the kernel debugging:
    sysctl debug.kdb.enter=1

Download: Source code ps5-umtxdbg


Leave a Comment

Email của bạn sẽ không được hiển thị công khai. Các trường bắt buộc được đánh dấu *

    Giỏ game
    Giỏ game trốngTrở lại trang
    Scroll to Top