Exemple #1
0
        public static void Main(string[] args)
        {
            int scriptIndex = 0;
            bool enablegui = true;
            string package = null;

            foreach (string arg in args)
            {
                switch (arg)
                {
                    case "-nodisp":
                        ++scriptIndex;
                        enablegui = false;
                        break;

                    case "-install":
                        scriptIndex += 2;
                        package = args[0];
                        exitAfterInstall = true;
                        break;
                }
            }

            #if !USE_UNITY
            if (args.Length < 1)
            {
                Console.Error.WriteLine("usage: VitaDefiler.exe package [-nodisp] [script args]\n    package is path to PSM package\n    nodisp starts client without logging to screen\n    script is the script to run\n    args are arguments for the script");
                return;
            }

            if (string.IsNullOrEmpty(package))
            {
                package = args[0];
                ++scriptIndex;
            }
            #endif

            if (!string.IsNullOrEmpty(package) && !File.Exists(package))
            {
                Console.Error.WriteLine("cannot find package file");
                return;
            }

            #if USE_APP_KEY
            if (!File.Exists(args[1]))
            {
                Console.Error.WriteLine("cannot find key file");
                return;
            }
            #endif

            #if !USE_ANDROID
            if (Environment.OSVersion.VersionString.Contains("Microsoft Windows"))
            {
                // kill PSM
                Process[] potential = Process.GetProcesses();
                foreach (Process process in potential)
                {
                    if (process.ProcessName.StartsWith("PsmDevice") || process.ProcessName.StartsWith("PsmDeviceUnity"))
                    {
                        Console.WriteLine("Killing PsmDevice process {0}", process.Id);
                        process.Kill();
                    }
                }
            }

            // set environment variables
            Environment.SetEnvironmentVariable("SCE_PSM_SDK", Path.Combine(Environment.CurrentDirectory, "support/psm"));
            #endif

            // initialize the modules
            List<IModule> mods = new List<IModule>();
            Scripting scripting = null;
            foreach (Type t in Mods)
            {
                if (typeof(IModule).IsAssignableFrom(t))
                {
                    IModule mod = (IModule)Activator.CreateInstance(t);
                    if (t == typeof(Scripting))
                    {
                        scripting = mod as Scripting;
                    }
                    mods.Add(mod);
                }
            }

            // set up usb
            Exploit exploit;
            string host;
            int port;

            #if USE_UNITY
                ExploitFinder.CreateFromWireless(package, out exploit, out host, out port);
            #else
                ExploitFinder.CreateFromUSB(package, out exploit, out host, out port);
            #endif

            #if !NO_EXPLOIT
            uint images_hash_ptr;
            uint[] funcs = new uint[5];
            uint logline_func;
            uint libkernel_anchor;
            Console.Error.WriteLine("Defeating ASLR...");
            exploit.DefeatASLR(out images_hash_ptr, out funcs[0], out funcs[1], out funcs[2], out funcs[3], out funcs[4], out libkernel_anchor);
            // exploit vita

            Console.Error.WriteLine("Escalating privileges...");
            exploit.EscalatePrivilege(images_hash_ptr);
            #endif

            #if USE_UNITY
            exploit.ResumeVM(); // The network listener is already listening in Unity.
            #else
            exploit.StartNetworkListener();
            Console.Error.WriteLine("Vita exploited.");
            #endif

            //Thread tt = new Thread(() =>
            //{
            //});
                //tt.Start();

            // set up network
            Network net = new Network();
            if (net.Connect(host, port))
            {
                Console.Error.WriteLine("Connected to Vita network");
            }
            else
            {
                Console.Error.WriteLine("Failed to create net listener. Exiting.");
                exploit.Disconnect();
                return;
            }

            byte[] resp;

            // enable gui
            if (enablegui)
            {
                Console.Error.WriteLine("Enabling display output");
                net.RunCommand(Command.EnableGUI, out resp);
            }

            #if !NO_EXPLOIT
            // pass in function pointers
            if (net.RunCommand(Command.SetFuncPtrs, funcs, out resp) == Command.Error)
            {
                Console.Error.WriteLine("ERROR setting function pointers!");
            }
            #endif

            // set up RPC context
            Device dev = new Device(exploit, net);

            #if !NO_EXPLOIT
            // get logger
            net.RunCommand(Command.GetLogger, out resp);
            logline_func = BitConverter.ToUInt32(resp, 0);

            // pass in ASLR bypass as local variables for scripting use
            dev.CreateLocal("pss_code_mem_alloc", funcs[0]);
            dev.CreateLocal("pss_code_mem_free", funcs[1]);
            dev.CreateLocal("pss_code_mem_unlock", funcs[2]);
            dev.CreateLocal("pss_code_mem_lock", funcs[3]);
            dev.CreateLocal("pss_code_mem_flush_icache", funcs[4]);
            dev.CreateLocal("logline", logline_func);
            dev.CreateLocal("libkernel_anchor", libkernel_anchor);
            #endif

            // run script if needed
            if (args.Length > scriptIndex)
            {
                string script = args[scriptIndex];
                string[] scriptargs = new string[args.Length - scriptIndex - 1];
                Array.Copy(args, scriptIndex + 1, scriptargs, 0, args.Length - scriptIndex - 1);

                scripting.ParseScript(dev, script, scriptargs);
            }

            // wait for commands
            Console.Error.WriteLine("Ready for commands. Type 'help' for a listing.");
            StringReader reader = null;
            string line = null;
            while (true)
            {
                if (dev.Script != null)
                {
                    Console.Error.WriteLine("Running script...");
                    reader = new StringReader(dev.Script);
                    dev.Script = null;
                }
                if (reader != null)
                {
                    line = reader.ReadLine();
            #if DEBUG
                    Console.WriteLine("> {0}", line);
            #endif
                }
                else
                {
                    Console.Write("> ");
                    line = Console.ReadLine();
                }
                if (String.IsNullOrEmpty(line))
                {
                    if (reader == null)
                    {
                        Console.Error.WriteLine("Enter a command, or 'help' for a list of commands.");
                    }
                    else
                    {
                        reader = null;
                    }
                }
                else if (line == "exit")
                {
                    net.RunCommand(Command.Exit);
                    break;
                }
                else
                {
                    string[] entry = line.Trim().Split(new char[]{' '}, 2);
                    bool handled = false;
                    string[] entryargs = entry.Length > 1 ? entry[1].Split(' ') : new string[] { };
                    int start = -1;
                    int idx = 0;
                    for (int i = 0; i < entryargs.Length; i++)
                    {
                        if (start > -1)
                        {
                            if (entryargs[i].EndsWith("\""))
                            {
                                entryargs[start] = entryargs[start] + ' ' + entryargs[i].Substring(0, entryargs[i].Length - 1);
                                start = -1;
                            }
                            else
                            {
                                entryargs[start] = entryargs[start] + ' ' + entryargs[i];
                            }
                        }
                        else if (entryargs[i].StartsWith("\""))
                        {
                            start = idx++;
                            if (entryargs[i].EndsWith("\""))
                            {
                                entryargs[start] = entryargs[i].Substring(1, entryargs[i].Length - 2);
                                start = -1;
                            }
                            else
                            {
                                entryargs[start] = entryargs[i].Substring(1);
                            }
                        }
                        else
                        {
                            entryargs[idx++] = entryargs[i];
                        }
                    }
                    Array.Resize<string>(ref entryargs, idx);
                    foreach (IModule mod in mods)
                    {
                        if (handled = mod.Run(dev, entry[0], entryargs))
                        {
            #if DEBUG
                            Console.Error.WriteLine("Command handled by {0}", mod.GetType());
            #endif
                            break;
                        }
                    }

                    if (!handled)
                    {
                        Console.Error.WriteLine("Invalid arguments or command '{0}'", entry[0]);
                    }
                }
            }

            // cleanup
            exploit.Disconnect();
        }
Exemple #2
0
        public static Variable ToVariable(this string self, Device vita)
        {
            Variable v = Variable.Null;
            string[] parts = self.Split(new char[] { '+', '-' }, 2);
            long offset = 0;
            if (parts.Length > 1)
            {
                offset = parts[1].ToInteger();
                if (self.Contains("-"))
                {
                    offset = -offset;
                }
                self = parts[0];
            }
            if (!string.IsNullOrEmpty(self))
            {
                switch (self[0])
                {
                    case '$':
                        {
                            int idx;
                            if (Int32.TryParse(self.Substring(1), out idx) && vita.Vars.Count > idx)
                            {
                                v = vita.Vars[idx];
                                v.Data = (uint)(v.Data + offset);
                                v.Size = (uint)(v.Size - offset);
                            }
                            break;
                        }
                    case '%':
                        {
                            v = new Variable();
                            v.Size = 0;
                            v.IsCode = false;
                            if (self.Length > 1 && self[1] == '#')
                            {
                                v.Data = vita.LastReturn;
                            }
                            else if (vita.Locals.ContainsKey(self.Substring(1)))
                            {
                                v.Data = vita.Locals[self.Substring(1)];
                            }
                            else
                            {
                                Console.Error.WriteLine("Invalid variable {0}", self.Substring(1));
                            }
                            v.Data = (uint)(v.Data + offset);
                            break;
                        }
                    default:
                        {
                            v = new Variable();
                            v.Data = self.ToInteger();
                            v.Size = 0;
                            break;
                        }

                }
            }
            #if DEBUG
            Console.Error.WriteLine("Parsed '{0}' to '0x{1:X}' with size {2}", self, v.Data, v.Size);
            #endif
            return v;
        }