This is a full chain exploit for PS4 firmware 6.72. Basically this is TheFlow's POC together with PS4-specific kROP & kernel patches. Mira is used as a HEN payload.
Building from source
To build from source, clone this repository recursively, and run these commands:
cd src make
You will get a fresh copy of the binary build in
ROPgadget. Note: Mira is not being built from
Adding your own payloads
miraldr.c loads 65536 bytes at address stored in JS
mira_blob into RWX memory and jumps to it. At
this point only the minimal patches (amd64_syscall, mmap, mprotect,
kexec) are applied (i.e. the process is still "sandboxed").
mira_blob contains MiraLoader.
mira_blob_2_len bytes at
are sent to
127.0.0.1:9021 in a background thread. If
mira_blob contains MiraLoader this will be run in the
same way but with the full patchset applied & already