Jump to content
c0d3m4st4

[Released] ESP8266 Xploit Host v2.1 By @c0d3m4st4 - PS4

Recommended Posts

Posted (edited)

ESP8266 Xploit Host v2.0b By @c0d3m4st4

View File

 

 

 

ESP8266_Xploit_Host_2.1.png

 

 

Download

 

ESP8266XploitHost v1.0

 

ESP8266XploitHost 2.0b2

 

ESP8266XploitHost 2.1

 

Donations

 

If you enjoy my work consider donating for future updates or testing new boards. You can do it here:

 

https://ko-fi.com/E1E0BN94

 

Thanks in advance :)

 

What's new

 

-04/05/2018-

 

ESP8266XploitHost 2.1

 

  • Added xvortex HEN v1 for those having problems with latest version (after lots of testing, seems FAT consoles do not work well with v2).
  • Added preliminary SD card support (4.55 only). Not yet finished and i'll be busy until the end of the month, so only there for those who decided to add the SD card module, can test it. To test it, just copy the “options.txt” file included to the root of the SD card. It will just show a test menu, don't expect anything fancy, only there so you can test your module is correctly connected. For instructions to add an SD module, refer to section “Adding an SD module” in this manual. If you didn't add the SD module, don't worry, all basic functionality will be kept in flash, so SD module won't be mandatory.

 

-20/04/2018-

 

ESP8266XploitHost 2.0b2

 

  • Fixed 4.05 scroll issue with R1/L1 and reorganized menu.
  • Replaced Enable VR with HEN+VR in 4.05
  • Fixed stupid mistake with 4.05 xvortex payloads.
  • Updated HEN+VR to v2 in 4.55

 

-15/04/2018-

 

ESP8266XploitHost 2.0b1

 

  • Added Holy Grail payload after many requests. Lots of not enough memory errors, but some say they don't get the issues they have with xvortex HEN. Moved all HEN payloads launchers to the first position of the list.
  • On PS4, you can use R1 and L1 to scroll thru the menu, no need to use the analog stick to navigate to the arrows (this works only in the “user guide”, as the PS4 browser already uses every button, so it will go crazy.
  • Updated list of “tricks” thay may help to avoid the issues with xvortex in the “Known issues” section in the manual.
  • Added PS3 exploits from www.ps3xploit.com . Please refer to the site to check if your console is supported. Tested all the HAN process on a 4.82 OFW slim console, and works great. I didn't play with the flash dumping or writing options (be careful with the flash writing options as NOT every console is supported). Refer to the site for the needed files to place on the USB drive for installation. Delete cache an cookies in the PS3 browser for better results. Connect to the ESP8266XploitHost access point, then open the browser. If you didn't touch default settings, you will be redirected to the host automatically, if you changed the start page, you may need to enter host IP address (13.37.13.37) to access the menu.
  • Added Nintendo Switch exploit to install HB launcher. Please refer to https://switchbrew.github.io/nx-hbl/ for isntallation guide. Works on 3.0 only, so it is mostly untested... i'm on 2.0 and everything works as expected. I got until the “unable to pwn sdb” error, which is normal as it only works on 3.0, so it should work well, please report any error. To launch the installer just connect to the ESP8266XploitHost access point, and you will get redirected to the installer.
  • Also added automatic redirection to the correct exploit pages. No more firmware selector on PS4, if you conenct with a PS3, the PS3 menu will be shown, if you connect with a Swith, you will get erdirected to the HB launcher installer, and finally if you conenct with a PC or smartphone, you will get redirected to the tools menu (tools menu is for PS4 only, credits and info, you can still upload any file tho).

 

-11/04/2018-

 

ESP8266XploitHost 1.0 (no more beta status): optimized template (loads in ~2 secs), updated stooged's payloads, scrolling exploits menu (lots of space now to add more stuff), added a new option to set a custom exploit to be launched from the “Custom” menu placeholder, updated manuals.

 

-08/04/2018-

 

First public release (ESP8266XploitHost 1.0b4)

 

Notes

 

I upgraded to 4.55, so support for 4.05 is over (same on PiXploitHost). I'll keep it in the menu for now, but there won't be any updates to it (i doubt there will be any payload updates for 4.05 too).

You can contact me on twitter @c0d3m4st4 for bug reports. I won't bother replying to questions like, what is the password for the AP and stuff like that. Read the manuals!

 

 

Support

 

English support

 

You can contact me at twitter (@c0d3m4st4) or playstationhax.xyz. Won't reply to questions already answered in the manual.

https://playstationhax.xyz/forums/topic/4550-released-esp8266-xploit-host-v10-by-c0d3m4st4-ps4/


Soporte en Español

 

Puedes contactar conmigo en elotrolado.net. No respondo a cosas que estén en el manual.

https://www.elotrolado.net/hilo_esp8266xploithost-servidor-de-exploits-en-un-esp8266-nodemcu-y-similares_2280455

 

Flashing the image

 

Use NodeMCU PyFlasher-3.0 to flash the included bin image. You can download PyFlasher here:

 

https://github.com/marcelstoer/nodemcu-pyflasher/releases

 

For nodeMCU use these settings:

 

- Serial port: whatever it's assigned to the board
- Firmware: "c0d3m4st4_ESP8266XploitHost_v1_final.bin" file
- Baud rate: 115200
- Flash mode: DIO (for clone NodeMCU. Use Google if you have a different board)
- Erase flash: yes, wipe it as we are flashing a full 4M image!

 

 

Features

 

  • SoftAP with DHCP ("ESP8266XploitHost", password "ps4xploit").
  • Web server (13.37.13.37)
  • DNS server
  • FTP server on port 21 (user "ps4xploit", password "ps4xploit")
  • Autoupdate (upload new binary, restart ESP8266 and it will update and delete the update file automatically. SPIFFS partition is untouched)
  • Direct boot (choose any HEN payload to boot directly after opening the guide or browsing to 13.37.13.37 without needing to choose anything in the menu)
  • Options menu for PC/smartphone where you can upload files, set direct boot option, format SPIFFS partition, send binary payloads, set your own exploit to be launched from main menu, see device info, and some more stuff that will probably come in the future). You can find it at 13.37.13.37/tools (access from your phone after connecting to the ESP8266XploitHost access point).
  • Allows easy WiFi configuration in the console.
  • Gzip support (doesn't make such a big difference in loading times, but it saves space in flash tho).
  • Support for 4.05 and 4.55 (4.05 won't be updated tho.. i moved on to 4.55)

 

FTP

 

FTP server listening on port 21 (user "ps4xploit", password "ps4xploit")

 

Filezilla settings for the site manager.

- In general tab: port 21, protocol FTP, and encryption, only use plain FTP (insecure)
- In transfer settings tab: passive mode, and limit number of simulataneous conenctions to 1

 

You can also use AndFTP for Android devices, it works great.

 

Don't forget to connect to the ESP8266XploitHost AP before you can use the FTP, as it will be in a different network!

 

Tools menu

I included a small tools menu to be used from a PC/smartphone web browser. You need to connect to the ESP8266XploitHost AP, then browse to “13.37.13.37/tools” and you will see this:

 

toolsmenu.png

 

Upload file

Use it to upload single files, like FW updates (for the ESP8266) or binary payloads to be used with the payload sender. You can use FTP too tho, however i find it useful for myself, so i decided to include it.

 

fileuploader.png

 

Send binary payload

Use this tool to send payloads not available in .js format or not added to the ESP8266XploitHost. It will list all available bin files in the ESP8266 flash. Choose the file you want to send and the PS4 IP (this is tricky, if you conenct your PS4 and your smartphone at the same time). IPs are assigned in order, starting from 13.37.13.136, so if you connect the PS4 first, it will have that IP. You don't need to connect your smartphone to the ESP8266 at all unless you did it to upload the bnary payload, and kept it connected. If only the PS4 is connected, only that IP will be listed in the connected stations list.

 

payloadsender.png

 

Direct boot HEN

Set a HEN payload to boot directly without having to choose anything in the ESP8266XploitHost menu. Only HTML files with “hen” in their name will be listed.

 

directboot.png

 

Reset direct boot settings

Delete Direct boot HEN settings. It will ask for confirmation.

 

Set custom exploit menu

Sets a custom exploit to be launched from the “Custom” placeholder in main hostmenu (the skull icon). You need to upload all needed files first (HTML + JS), and make sure references to external JS files in the HTML are correct.

 

customexploit.png

 

Format SPIFFS

Formats the data partition. It will ask for confirmation. You will lose everything and will need to reupload the files using the FTP. You will need to use it also if the flash gets corrupted somehow (it happened! You wil know it cause it won't load web pages and it you use FTP you will notice missing or duplicates files... still a mistery how that happened. Maybe a bug in my code while adding new features in earlier development stages?).

 

Device info

Shows several parameters about your ESP8266 device. If you have issues and not a NodeMCU board, contact me with a picture or link to your exact board and a screenshot of this information.

 

deviceinfo.png


How to use it

You can plug it to any of the PS4 USB ports. LED (on nodeMCU only probably) will remain lit until a station (the PS4, cellphone, PC or whatever you want to use as a client for this) is conencted to the access point. After that, it will blink only on file transfers.

 

I don't have any other board, so i can't check where the built-inLED is on those. Consider donating if you want support for other boards.

In the PS4 network settings, use WiFi, easy settings. Wait for the available network list, and choose “ESP8266XploitHost”, enter “ps4xploit”  (without the quotes) when prompted for a password.

 

Test connection, and you are done. Yes, it will pass the network test, and save the new settings.

 

After that, open the user guide, and have fun. You can also use it from the PS4 web browser. Just open 13.37.13.37

 

Known issues

Some games do not work properly.

 

No issues have been reported. Non working games were due to a problem with the PS4 browser possibily caching older versions of the gzipped files being sent. Browsing to 13.37.13.37 with the PS4 browser and deleting cookies and site data, solves that. This should solve the issue for those who tried my previous releases. This will happen with every other host around, only some people don't give a shit about testing before releasing.

If you still have a non working game after deleting site data from the browser, you can also try to send the binary payload (i included xvortex HEN bin file for 4.55) from the payload sender tool after loading Specter in the host menu in the PS4.

 

xvortex dumper doesn't show notifications

 

While it is the last version and the exact same payload in bin and js format, it won't show notifications when launched from the web menu. It will work as expected using the binary payload sender (i also included latest version if the bin file, so it will show up in the payloads list in the binary palyload sender tool).

 

Customization / Templates

If you distribute my image with your own template give the proper credit. Templates are nothing without the ESP8266 code that handles your files.

 

Not many hints here, as i suppose if you are into HTML templates, you know what you are doing and not simply copying and pasting code from others.

 

With FTP access is very easy to upload your own UI to the host.

 

Some rules to make it fast:

 

  • File system doesn't support folders, keep your external references to files in the root folder. Max file name lenght is 31 chars.
  • Minimize references to external resources (CSS, JS, images). Embed them all in index.html when possible.
  • Reduce image size. SVG are the best for this, but converting a JPG to SVG is stupid. Think about that! Nonsense! Use inline images for the fastest loading times!
  • Main page must be index.html or it won't work.
  • When listing FTP content, everything starting with “455_” and “405_” are exploits files. Do not delete them unless you plan to upload your own, and keep the references correct in the index.html file.
  • After you are done with the template, gzip all your files. They will work in their original format, but if you want to minimize transfer times, use gzip. The ESP8266 will set correct headers for each file.
  • You can't customize the tools menu. It's generated by the ESP8266.
  • Ideally, you should only distribute your template files, and not the full image. With FTP access anyone can now upload and replace those files without having to reflash a full image.

 

If you make some cool and optimized template, let me know and will link to your files from this post.

 

 

Adding a SD card module

 

Follow this schematic to add the module. Don't forget VDD in SD card to 3V in nodeMCU and VSS to GND.

 

 

sd-card-pinout.png

 

 

 

Credits

Thanks to all the beta testers, exploits devs and the huge EP8266 community.

 

Exploits and payloads included in the ESP8266XploitHost, comes untouched from the following devs repos:

 

  • xvortex (https://github.com/xvortex)
  • Stooged (https://github.com/stooged)
  • Specter (https://github.com/Cryptogenic)
  • m0rph3us1987 (Holy Grail)
  • PS3Xploit Team (W, esc0rtd3w, bguerville, Habib)
  • PegaSwitch Team
  • ReSwitched Team

 

Also big thanks to qwertyoruiopz and flatz for making this possible.

 

If you want to use my ESP8266 image to distribute your own hosts, give proper credit. Modifying some HTML template is not creating a fully hosted exploits server. Your templates are not magically served to the clients. There is a lot of code and time you can't see, you only see a HTML template created in 10 minutes.

 


 

 

Edited by c0d3m4st4
v2.1 released!

Share this post


Link to post
Share on other sites

Hello! :) Damn, i thought i was registered here already, but seems i wasn't... more a reader than a poster in non spanish forums i guess... not much spare time :(

 

Thanks for posting it here tho :)

 

Just a clarification. The linked tutorial is in Spanish only. There is an English manual included already In the download link with the same contents. Will include both in final 1.0 release, this beta 4 seems to be working well, so it is almost final. I will add a couple of things for next 1.0 final version tho.

 

Feel free to report any bugs and submit your comments.

 

Enjoy it! :)

Share this post


Link to post
Share on other sites

ESP8266XploitHost 1.0 (final, no more betas) ready.

 

Check first post for news and download link. Enjoy it :)

Share this post


Link to post
Share on other sites

v2.0b released!

 

Post updated!

Share this post


Link to post
Share on other sites

ESP8266XploitHost 2.0b2 released!

 

Mainly a bug fix reelase for 4.05

Share this post


Link to post
Share on other sites

I just flashed this to my ESP, it works like a charm. Thanks!

Does it automatically detect what firmware the console is on? I only see the 4.05 payloads when browsing?

Share this post


Link to post
Share on other sites
4 minutes ago, ConsoleHax said:

I just flashed this to my ESP, it works like a charm. Thanks!

Does it automatically detect what firmware the console is on? I only see the 4.05 payloads when browsing?

 

Yeah, will take you directly to your FW payloads, i fixed a little bug for next version (it will show an error if your firmware is not supported.. yeah, it happened, some people on 4.7X tried it and got a 404 error xDD I never thought about that possibility, so i didn't add much error handling)

Share this post


Link to post
Share on other sites

That's a nice feature. Yeah, people will try anything useless...

I must say I would really love to make a UI Mod for your fantastic and well build project.

Share this post


Link to post
Share on other sites
3 minutes ago, ConsoleHax said:

That's a nice feature. Yeah, people will try anything useless...

I must say I would really love to make a UI Mod for your fantastic and well build project.

 

feel free to play around with the code.... see the FTP and Customization sections.

 

ps4_455_index.html.gz and ps4_405_index.html.gz are the index files for PS4 exploits (don't remember PS3 one right now, but should be ps3_index, no index for Switch, as you get redirected to the installer directly, nothing to choose). Unzip those and  you will see the rest of the references to external files needed. Everything is gzipped, if you want to test your modifications on the console, make sure you delete older files in the ESP and upload the new ones (can be gzipped or not for testing, if a gzipped copy is found, that's the one the ESP code will send to the console, so don't keep both). PS3 html code is totally different and had to use crappy CSS tricks, PS3 browser is crap (also no gzip support for PS3).

 

There will be some changes for next version with SD card support tho, in case you want to wait for that (you can test meanwhile, there won't be big changes in the html/css code, just some extra stuff). Still thinking what to do, so SD card is not mandatory, i'm not going to push people to buy a breakout board or anything, so it will be just used for extra stuff not fitting in the ESP as it is right now.

Share this post


Link to post
Share on other sites

Then add in firmware and support for SSD1306 OLED display

Share this post


Link to post
Share on other sites
On 4/29/2018 at 7:54 AM, Spider1973 said:

Then add in firmware and support for SSD1306 OLED display

 

Add in firmware ?? Please, explain yourself

 

OLED display ? What for ? Useless IMHO

Share this post


Link to post
Share on other sites

ESP8266XploitHost 2.1

 

Manual in first post updated with news and download link.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×