final

PPPwn/install.sh

@@ -100,7 +100,7 @@ done
 echo -e ''
 echo -e '\033[37m1 ) C++ V1 support old IPv6 Only (Fastest speed)\033[0m'
 echo -e '\033[37m2 ) C++ from stooged complied\033[0m'
-echo -e '\033[37m3 ) C++ Lastest from xfangfang (Default)\033[0m'
+echo -e '\033[37m3 ) C++ Latest from xfangfang (Default)\033[0m'
 echo -e '\033[37m4 ) C++ from nn9dev (1.2b1) added spray, corrupt and pin number\033[0m'
 while true; do
 read -p "$(printf '\r\n\033[37mPlease enter your choice for C++ method (cursed PS4 should select 2 or 3\r\n\r\n\033[37m(1|2|3|4)?: \033[0m')" cppchoice
@@ -115,7 +115,7 @@ echo -e '\r\n\033[33mC++ from stooged complied is being used\033[0m'
 break;;
 [3]* )
 CPPM="3"
-echo -e '\r\n\033[32mC++ Lastest from xfangfang is being used\033[0m'
+echo -e '\r\n\033[32mC++ Latest from xfangfang is being used\033[0m'
 break;;
 [4]* )
 CPPM="4"
@@ -404,10 +404,6 @@ SPRAY_NUM="'$SPRAYNO'"
 CORRUPT_NUM="'$CORRUPTNO'"
 PIN_NUM="'$PINNO'"' | sudo tee /boot/firmware/PPPwn/pconfig.sh
 
-HSTN="pppwn"
-CHSTN=$(hostname | cut -f1 -d' ')
-sudo sed -i "s^$CHSTN^$HSTN^g" /etc/hosts
-sudo sed -i "s^$CHSTN^$HSTN^g" /etc/hostname
 sudo sed -i "/^dns=.*/d" /etc/NetworkManager/NetworkManager.conf
 sudo sed -i "/^rc-manager=.*/d" /etc/NetworkManager/NetworkManager.conf
 sudo sed -i "2i dns=none" /etc/NetworkManager/NetworkManager.conf
@@ -437,6 +433,10 @@ Environment=NODE_ENV=production
 [Install]
 WantedBy=multi-user.target' | sudo tee /etc/systemd/system/pipwn.service
 sudo rm /boot/firmware/PPPwn/PPPwn.tar
+sudo rm /boot/firmware/PPPwn/*.php
+sudo rm /boot/firmware/PPPwn/pppoe.sh
+sudo rm /boot/firmware/PPPwn/run_web.sh
+sudo rm -rf /boot/firmware/PPPwn/payloads/
 sudo chmod u+rwx /etc/systemd/system/pipwn.service
 sudo systemctl enable pipwn
 sudo systemctl start pipwn

PPPwn/install_web.sh

@@ -146,7 +146,7 @@ done
 echo -e ''
 echo -e '\033[37m1 ) C++ V1 support old IPv6 Only (Fastest speed)\033[0m'
 echo -e '\033[37m2 ) C++ from stooged complied\033[0m'
-echo -e '\033[37m3 ) C++ Lastest from xfangfang (Default)\033[0m'
+echo -e '\033[37m3 ) C++ Latest from xfangfang (Default)\033[0m'
 echo -e '\033[37m4 ) C++ from nn9dev (1.2b1) added spray, corrupt and pin number\033[0m'
 while true; do
 read -p "$(printf '\r\n\033[37mPlease enter your choice for C++ method (cursed PS4 should select 2 or 3\r\n\r\n\033[37m(1|2|3|4)?: \033[0m')" cppchoice
@@ -161,7 +161,7 @@ echo -e '\r\n\033[33mC++ from stooged complied is being used\033[0m'
 break;;
 [3]* )
 CPPM="3"
-echo -e '\r\n\033[32mC++ Lastest from xfangfang is being used\033[0m'
+echo -e '\r\n\033[32mC++ Latest from xfangfang is being used\033[0m'
 break;;
 [4]* )
 CPPM="4"
@@ -336,10 +336,6 @@ esac
 done
 fi
 
-HSTN="pppwn"
-CHSTN=$(hostname | cut -f1 -d' ')
-sudo sed -i "s^$CHSTN^$HSTN^g" /etc/hosts
-sudo sed -i "s^$CHSTN^$HSTN^g" /etc/hostname
 sudo sed -i "/^dns=.*/d" /etc/NetworkManager/NetworkManager.conf
 sudo sed -i "/^rc-manager=.*/d" /etc/NetworkManager/NetworkManager.conf
 sudo sed -i "2i dns=none" /etc/NetworkManager/NetworkManager.conf
@@ -444,6 +440,7 @@ Environment=NODE_ENV=production
 [Install]
 WantedBy=multi-user.target' | sudo tee /etc/systemd/system/pipwn.service
 sudo rm /boot/firmware/PPPwn/PPPwn.tar
+sudo rm /boot/firmware/PPPwn/run.sh
 sudo chmod u+rwx /etc/systemd/system/pipwn.service
 sudo systemctl enable pipwn
 sudo systemctl start pipwn

README.MD

@@ -7,24 +7,24 @@ Test on PS4 Slim FW 10.50.
 - Sunvell T95m S905 2gb/8gb TV Box.
 - AIS Playbox v2 S912 2gb/16gb TV Box (not root).
 
-It can use with raspberry pi, armbian devices and some linux system.
+It can use with raspberry pi, armbian devices, TV Box and some linux system.
 
 For normal version : no need to install additional software, no root required.
 
 For web server version : need pppoe, nginx, php-fpm 8.1 up (8.2 recommend) and nmap, it requires to connect to internet for installation the package, use my pre-built image make it easier.
 
 The image should no graphic interfaces, CLi, current, default, minimal (at least bookworm or jammy).
 
-What is benifit between normal and web server? (my opinion)
+What is benifit between normal and web server version? (my opinion)
 
 | Pi-Pwn-Offline | Normal | Web Server |
 | --- | --- | --- |
 | Installation | easy | required internet |
-| How fast | faster | slower around 10-15 seconds |
+| How fast | faster | slower around 15-20 seconds |
 | PPPwn success rate | better | lower |
 | Kernel panic | lower | higher |
 | Change config | pc | ps4 browser or pc |
-| Payloads loader | Payload Guest | local web page or Payload Guest |
+| Payloads loader | Payload Guest | BinLoader or Payload Guest |
 | GoldHEN detection | no | yes |
 
 ---------------------------------------------------------------------------------------
@@ -60,7 +60,7 @@ No need to place any file onto the root of a usb drive.
 
 ## How to install :
 
-At PC, Insert SDCARD, create /firmware/PPPwn/ (new raspbian distro /PPPwn/) folder then copy all files from /PPPwn/ to your /PPPwn/ folder.
+At PC, Insert SDCARD, create /firmware/PPPwn/ (new raspbian distro /PPPwn/) folder then copy all the files from /PPPwn/ to your SDCARD /PPPwn/ folder.
 
 When boot the device, ssh and installs in terminal with this command :
 
@@ -90,33 +90,33 @@ On your PS4:
 - Enter anything for `PPPoE User ID` and `PPPoE Password`
 - Choose `Automatic` for `DNS Settings` and `MTU Settings`
 - Choose `Do Not Use` for `Proxy Server`
-- You can access web page features at `192.168.2.1` on your PS4 browser when it's not in the pppwn process.
+- You can access web page features at `192.168.2.1` on your PS4 browser when it's not in the pwn process.
 
 Normally the pwn process will success on first or second attempt.
 
 ---------------------------------------------------------------------------------------
 
 ## Ready to use pre-build-image.
 
-Very easy to setup. Write image, change config.sh, pconfig.sh then test your pwn.
+Very easy to setup. Write image, change config.sh, pconfig.sh then test your pppwn.
 
-Lastest update : 30/08/2024
+Latest update : 30/08/2024
 
-| Offline image | distro | SDCARD | Download |
+| Normal offline image | distro | SDCARD | Download |
 | --- | --- | --- | --- |
-| Raspberry pi | buster (php7.3), up to pi4| 4GB or above | [download](https://github.com/joe97tab/PI-Pwn-Offline/releases/download/1.0-final/aml-s9xx-pppwn-offline-v1-bookworm-final.7z) |
+| Raspberry pi | buster (php7.3), up to pi4| 4GB or above | [download](https://github.com/joe97tab/PI-Pwn-Offline/releases/download/1.0-final/rpi-pppwn-offline-v2-buster-final.7z) |
 | Armbian amlogic | bookworm, s912 may not work | 4GB or above | [download](https://github.com/joe97tab/PI-Pwn-Offline/releases/download/1.0-final/aml-s9xx-pppwn-offline-v1-bookworm-final.7z) |
 | Armbian amlogic | jammy, s905x3 may not work | 2GB or above | [download](https://github.com/joe97tab/PI-Pwn-Offline/releases/download/1.0-final/aml-s9xx-pppwn-offline-v2-jammy-final.7z) |
 
-Lastest update : 30/08/2024
+Latest update : 30/10/2024
 
-| Offline web server image | distro | SDCARD | Download |
+| Web server offline image | distro | SDCARD | Download |
 | --- | --- | --- | --- |
-| Raspberry pi | bookworm (php8.2), up to pi5| 4GB or above | [download](https://github.com/joe97tab/PI-Pwn-Offline/releases/download/2.0-beta/rpi-pppwn-offline-bookworm-web-server.7z) |
-| Armbian amlogic | bookworm (php8.2), s912 may not work | 4GB or above | [download](https://github.com/joe97tab/PI-Pwn-Offline/releases/download/2.0-beta/aml-s9xx-pppwn-offline-bookworm-web-server.7z) |
-| Armbian amlogic | jammy (php8.1), s905x3 may not work | 2GB or above | [download](https://github.com/joe97tab/PI-Pwn-Offline/releases/download/2.0-beta/aml-s9xx-pppwn-offline-jammy-web-server.7z) |
+| Raspberry pi | bookworm (php8.2), up to pi5| 4GB or above | [download](https://github.com/joe97tab/PI-Pwn-Offline/releases/download/2.0-final/rpi-pppwn-offline-bookworm-web-server-final.7z) |
+| Armbian amlogic | bookworm (php8.2), s912 may not work | 4GB or above | [download](https://github.com/joe97tab/PI-Pwn-Offline/releases/download/2.0-final/aml-s9xx-pppwn-offline-bookworm-web-server-final.7z) |
+| Armbian amlogic | jammy (php8.1), s905x3 may not work | 2GB or above | [download](https://github.com/joe97tab/PI-Pwn-Offline/releases/download/2.0-final/aml-s9xx-pppwn-offline-jammy-web-server-final.7z) |
 
-If you see "Ready for console connection" it means your device ready for pppwn, please update the lastest script in the section `How to update`.
+If you see `Ready for console connection` it means your device ready for pppwn, please update the latest script in the section `How to update`.
 
 ---------------------------------------------------------------------------------------
 
@@ -126,11 +126,11 @@ If you see "Ready for console connection" it means your device ready for pppwn,
 
 - Web server version
 
-Copy and replace files `/update/run_web.sh` and `/PPPwn/PPPwn.tar` to your /PPPwn/ folder.
+Copy and replace the files `/update/run_web.sh` and `/PPPwn/PPPwn.tar` to your /PPPwn/ folder.
 
 - Normal version
 
-Copy and replace files `/update/run.sh` and `/PPPwn/PPPwn.tar` to your /PPPwn/ folder.
+Copy and replace the files `/update/run.sh` and `/PPPwn/PPPwn.tar` to your /PPPwn/ folder.
 
 - Power your device, it will auto update and reconfig from previous setup then continue pwn PS4 (no need to reboot).
 - If GoldHEN avialable it will auto switch from HEN to GoldHEN.
@@ -150,54 +150,54 @@ You can manual update GoldHEN if new firmware avialable.
 
 ## config.sh, pconfig.sh
 
-Config file location : SDCARD/firmware/PPPwn/ (new rasbian distro SDCARD/PPPwn)
+Config file location : SDCARD/firmware/PPPwn/ (new rasbian distro SDCARD/PPPwn/)
 
 | config.sh | Description |
 | --- | --- |
-| CPPMETHOD="3" | 1 = v1 Old IPv6 Only (fastest speed), 2 = stooged binary, 3 = lastest xfangfang binary, 4 = nn9dev binary |
+| CPPMETHOD="3" | 1 = v1 Old IPv6 Only (fastest speed), 2 = stooged binary, 3 = latest xfangfang binary, 4 = nn9dev binary |
 | INTERFACE="eth0" | eth0, eth1, end0, etc |
 | FIRMWAREVERSION="10.71" | your current firmware |
 | USBETHERNET=false | set to true if using external usb ethernet |
 | STAGE2METHOD="goldhen" | goldhen, hen, bestpig (10.50 Only) and flow |
 | SOURCEIPV6="2" | 1 = Old IPv6, 2 = New IPv6, 3 = Custom IPv6|
 | CUSTOMIPV6="" | Custom IPv6 in xxxx:xxxx:xxxx:xxxx format, SOURCEIPV6="3" |
-| DETECTMODE="2" | 1 = Disable, 2 = PS4 Power on, 3 = GoldHEN, 4 = Both |
+| DETECTMODE="2" | 1 = Disable, 2 = PS4 Power on, 3 = GoldHEN, 4 = Both Detection |
 | For web server version | - |
 | PPPOECONN=true | only way to enable it if you accidently disabled in ps4 browser, set to false will enable auto shutdown and auto pwn |
 | PWNAUTORUN=true | set to false if you want manually pwn with ps4 web browser |
 | TIMEOUT="5m" | a timeout in minutes to restart pppwn if the exploit hangs mid process |
 | PPDBG=false | enables debug output from pppwn so you can see the result after exploited |
 
-`DETECTMODE` 2 = Wait PS4 ready for pwn, useful when the device uses separate power, 3 = GoldHEN detection (Web server version only), useful for rest mode but required addition time (7-10 seconds) to check.
+`PPDBG` should set to false, it will cause slow down on the pppwn process if enable it.
 
-`PPDBG` should set to false, it will cause slow down on pwn process if enable it.
+`DETECTMODE` 2 = Wait PS4 ready for pwn, useful when the device uses separate power, 3 = GoldHEN detection (Web server version only), useful for rest mode but required addition time (15-20 seconds) to check.
 
-`STAGE2METHOD` If no stage2 avialable it will use TheOfficialFloW.
+`STAGE2METHOD` If no stage2 avialable it will use the TheOfficialFloW.
 
 | STAGE2METHOD | Description |
 | --- | --- |
 | goldhen | use goldhen, put goldhen.bin to root of usb drive |
 | hen | use vtx-hen, put payload.bin to root of usb drive |
 | bestpig | use hen by BestPig, FW 10.50 Only |
-| flow | anything not in the above list will use TheOfficialFloW |
+| flow | anything not in the above list will use the TheOfficialFloW |
 
-`CUSTOMIPV6` it will used New IPv6 address if no value, incorrect format may cause ps4 shutdown. Custom ipv6 address may add effect ps4 shutdown and start problem or cure it.
+`CUSTOMIPV6` it will used new ipv6 address if no value, incorrect format may cause ps4 shutdown. Custom ipv6 address may add effect the ps4 shutdown and start problem or cure it, change to old or new ipv6 if encounter the problem.
 
 | SOURCEIPV6 | Description |
 | --- | --- |
 | 1 | Old IPv6 = fe80::4141:4141:4141:4141 |
 | 2 | New IPv6 = fe80::9f9f:41ff:9f9f:41ff |
 | 3 | Custom IPv6 = fe80::xxxx:xxxx:xxxx:xxxx |
 
-`CPPMETHOD` If incorrect cpp setup it will use lastest xfangfang binary.
+`CPPMETHOD` If incorrect cpp setup it will use the latest xfangfang binary.
 
 Stooged binary (CPPMETHOD="2") had intregrated stage1, stage2 and hen-vtx into the binary, for hen-vtx, no need to place payload.bin onto the root of a usb drive.
 
 Nn9dev binary (CPPMETHOD="4") added new feature it added spray number, corrupt number and pin number.
 
 | CPPMETHOD | 1 | 2 | 3 | 4 |
 | --- | --- | --- | --- | --- |
-| Binary | v1.0.0 xfangfang | stooged | lastest xfangfang | nn9dev |
+| Binary | v1.0.0 xfangfang | stooged | latest xfangfang | nn9dev |
 | Old IPv6 | o | o | o | o |
 | New IPv6 | x | o | o | o |
 | Custom IPv6 | x | o | x | o |
@@ -228,10 +228,10 @@ See [xfangfang](https://github.com/xfangfang/PPPwn_cpp), [nn9dev](https://github
 
 ## Payloads
 
-There are 2 methods to loading payloads, Payload Guest app or ps4 browser (online host or offline web server).
+There are 2 methods to loading payloads, Payload Guest app or GoldHEN BinLoader by using offline ps4 browser (online host if connect to internet).
 
 - [Payload Guest](https://github.com/Al-Azif/ps4-payload-guest/releases), put [payloads](https://github.com/TheWizWikii/All-PS4-Payloads) that match your FW in USB/payloads/ or PS4HDD/data/payloads/.
-- Offline web server, put any payloads *.bin or *.elf that work with your firmware in foloder /payloads/. The providing payloads were All FW Payloads from Scene-Collective built by @EchoStretch.
+- Offline web server version, put any payloads *.bin or *.elf that work with your firmware in foloder /payloads/. The providing payloads were All FW Payloads from Scene-Collective built by @EchoStretch. You nedd to turn on `Binloader` in GoldHEN settings.
 
 ---------------------------------------------------------------------------------------
 
@@ -268,12 +268,17 @@ There are 2 methods to loading payloads, Payload Guest app or ps4 browser (onlin
 - If it worked your ps4 may not cursed then change `CPPMETHOD` to "1".
 - Then set `STAGE2METHOD` to GoldHEN or HEN depend on your firmware version.
 - HEN is enough if you only run homebrew or fpkg game, no need to using GoldHEN, firmware lower the better.
-- no-wait-padi, can reduces pwn time but may miss captured package.
-- Change PPPoE username and password to one letter may improve the pwn success rate.
-- When pwn the console don't touch anything it will increase the success rate.
+- no-wait-padi, can reduces pppwn time but may miss captured package.
+- Change PPPoE username and password to one letter may improve the pppwn success rate.
+- When pwn the console don't touch anything it will increase the success rate and reduces random shutdown.
 - `Cannot connect to network: (NW-31274-7).` It means the program try to injection, sometime the exploit fails or the PS4 crashes.
 - `LAN cable not connected.` It means the program will try next attempt, if pwn success it turns off Ethernet interface and shutdown the device (if not using web server).
 - `CPPMETHOD="4"` My PS4 (not cursed) worked great when set Corrupt Number="10" (Decimal=16).
+- Turn off the internet, close app or game before shutdown may improve kernel panic and shutdown not power on problem.
+- Disable Rest Mode Support, FTP and BinLoader server in GoldHEN settings if you don't used it.
+- If enable GoldHEN detection and disable web server, after pppwn process is sucess please wait `LAN cable not connected.` prints on PS4 screen or else next detection may fails.
+- If strange behavior occured such as IP changed to 0.0.0.0 please wait the device to reboot and try to begin the process again.
+- Sometime when pppwn is sucess it is an error CE-36329-3, it happens to me as well.
 
 ---------------------------------------------------------------------------------------
 

tuning/config.sh

@@ -5,7 +5,7 @@ FIRMWAREVERSION="11.00"
 USBETHERNET=false
 STAGE2METHOD="flow"
 SOURCEIPV6="2"
-CUSTOMIPV6=""
+CUSTOMIPV6="9f9f:41ff:9f9f:41ff"
 DETECTMODE="2"
 PPPOECONN=true
 PWNAUTORUN=false

update/run.sh

@@ -30,7 +30,10 @@ sudo rm -rf /boot/firmware/PPPwn/
 sudo tar -xf /boot/firmware/update/PPPwn.tar -C /boot/firmware/
 sudo chmod 777 /boot/firmware/PPPwn/*.*
 sudo rm -rf /boot/firmware/update/
+if [ -f /boot/firmware/misc/run.sh ]; then
 sudo cp /boot/firmware/PPPwn/run.sh /boot/firmware/misc/runx.sh
+fi
+sudo rm /boot/firmware/PPPwn/run_web.sh
 
 HSTN="pppwn"
 CHSTN=$(hostname | cut -f1 -d' ')

update/run_web.sh

@@ -35,7 +35,10 @@ sudo rm -rf /boot/firmware/PPPwn/
 sudo tar -xf /boot/firmware/update/PPPwn.tar -C /boot/firmware/
 sudo chmod 777 /boot/firmware/PPPwn/*.*
 sudo rm -rf /boot/firmware/update/
+if [ -f /boot/firmware/misc/run_web.sh ]; then
 sudo cp /boot/firmware/PPPwn/run_web.sh /boot/firmware/misc/run_webx.sh
+fi
+sudo rm /boot/firmware/PPPwn/run.sh
 
 echo 'auth
 lcp-echo-failure 3