Add ReiNX (with SigPatches)

This commit is contained in:
Lord_Friky 2018-07-22 22:31:48 -05:00
parent dcf923eb86
commit 62bebf61fa
14 changed files with 35 additions and 17 deletions

View File

@ -22,10 +22,10 @@ function setPageLanguage(lang) {
else if (lang === "pl-PL")
langObj = plPL;
else if (lang === "zh-CN")
langObj = zhCN;
else if (lang === "zh-TW")
langObj = zhTW;
@ -54,6 +54,7 @@ function setPageLanguage(lang) {
document.getElementById("optionCTCaerHekate").innerHTML = langObj.optionCTCaerHekate;
document.getElementById("optionFusee").innerHTML = langObj.optionFusee;
document.getElementById("optionSXOS").innerHTML = langObj.optionSXOS;
document.getElementById("optionReiNX").innerHTML = langObj.optionReiNX;
document.getElementById("optionUpload").innerHTML = langObj.optionUpload;
document.getElementById("h4GetByteArray").innerHTML = langObj.h4GetByteArray;
document.getElementById("h3Log").innerHTML = langObj.h3Log;

View File

@ -17,6 +17,7 @@ let deDE = {
"optionCTCaerHekate" :"CTCaer's Hekate Mod v3.2 (Alle Firmwares)",
"optionFusee" :"(Re)Switched Test Payload (fusee)",
"optionSXOS" :"SX OS (Alle Firmwares)",
"optionReiNX" :"ReiNX (With SigPatches)",
"optionUpload" :"Eigenes Payload hochladen",
"h3Log" :"Protokoll:",
"h4GetByteArray" :"Erhalte das Payload Byte-Array (nicht senden)",

View File

@ -17,6 +17,7 @@ let enUS = {
"optionCTCaerHekate" :"CTCaer's Hekate Mod v3.2 (All Firmwares)",
"optionFusee" :"(Re)Switched test payload (fusee)",
"optionSXOS" :"SX OS (All Firmwares)",
"optionReiNX" :"ReiNX (With SigPatches)",
"optionUpload" :"Upload Payload",
"h3Log" :"Log:",
"h4GetByteArray" :"Get payload byte array (don't sploit)",

View File

@ -17,6 +17,7 @@ let esMX = {
"optionCTCaerHekate" :"Mod de Hekate de CTCaer v3.2 (Todos los Firmwares)",
"optionFusee" :"Payload de prueba de (Re)Switched (fusee)",
"optionSXOS" :"SX OS (Todos los Firmwares)",
"optionReiNX" :"ReiNX (With SigPatches)",
"optionUpload" :"Subir Payload",
"h3Log" :"Log:",
"h4GetByteArray" :"Obtener matriz de bytes del payload (sin exploit)",

View File

@ -17,6 +17,7 @@ let frFR = {
"optionCTCaerHekate" :"CTCaer's Hekate Mod v3.2 (All Firmwares)",
"optionFusee" :"(Re)Switched test payload (fusee)",
"optionSXOS" :"SX OS (All Firmwares)",
"optionReiNX" :"ReiNX (With SigPatches)",
"optionUpload" :"Upload Payload",
"h3Log" :"Log:",
"h4GetByteArray" :"Get payload byte array (don't sploit)",

View File

@ -17,6 +17,7 @@ let itIT = {
"optionCTCaerHekate" :"CTCaer's Hekate Mod v3.2 (All Firmwares)",
"optionFusee" :"(Re)Switched payload di test (fusee)",
"optionSXOS" :"SX OS (All Firmwares)",
"optionReiNX" :"ReiNX (With SigPatches)",
"optionUpload" :"Carica payload",
"h3Log" :"Log:",
"h4GetByteArray" :"Ottieni byte array del payload (no exploit)",

View File

@ -18,6 +18,7 @@ let plPL = {
"optionCTCaerHekate" :"CTCaer's Hekate Mod v3.2 (All Firmwares)",
"optionFusee" :"(Re)Switched testowy payload (fusee)",
"optionSXOS" :"SX OS (All Firmwares)",
"optionReiNX" :"ReiNX (With SigPatches)",
"optionUpload" :"Załaduj payload",
"h3Log" :"Log:",
"h4GetByteArray" :"Uzyskaj ciąg bajtów payloadu (nie uruchamiaj)",

View File

@ -17,6 +17,7 @@ let ptBR = {
"optionCTCaerHekate" :"CTCaer's Hekate Mod v3.2 (All Firmwares)",
"optionFusee" :"Payload de teste (Re)Switched (fusee)",
"optionSXOS" :"SX OS (All Firmwares)",
"optionReiNX" :"ReiNX (With SigPatches)",
"optionUpload" :"Carregar Payload",
"h3Log" :"Log:",
"h4GetByteArray" :"Recuperar array de bytes do payload (favor não exploitar)",

View File

@ -17,6 +17,7 @@ let ruRU = {
"optionCTCaerHekate" :"CTCaer's Hekate Mod v3.2 (All Firmwares)",
"optionFusee" :"Тестовый пейлоад от (Re)Switched",
"optionSXOS" :"SX OS (All Firmwares)",
"optionReiNX" :"ReiNX (With SigPatches)",
"optionUpload" :"Загрузить свой пейлоад",
"h3Log" :"Log:",
"h4GetByteArray" :"Получить побайтовый вывод листинга пейлоада в лог (без отправки на консоль)",

View File

@ -17,7 +17,8 @@ let zhCN = {
"h4SelectPayload" :"选择 Payload:",
"optionCTCaerHekate" :"CTCaer's Hekate Mod v3.0 (全版本)",
"optionFusee" :"(Re)Switched test payload (fusee)",
"optionSXOS" :"SX OS (全版本)",
"optionSXOS" :"SX OS (全版本)",
"optionReiNX" :"ReiNX (With SigPatches)",
"optionUpload" :"上传 Payload",
"h4GetByteArray" :"获取Payload byte array (无Sploit)",
"goButton" :"传递 Payload!",

View File

@ -17,7 +17,8 @@ let zhTW = {
"h4SelectPayload" :"選擇 Payload:",
"optionCTCaerHekate" :"CTCaer's Hekate Mod v3.0 (全版本)",
"optionFusee" :"(Re)Switched test payload (fusee)",
"optionSXOS" :"SX OS (全版本)",
"optionSXOS" :"SX OS (全版本)",
"optionReiNX" :"ReiNX (With SigPatches)",
"optionUpload" :"上傳Payload",
"h4GetByteArray" :"獲取Payload byte array (無Sploit)",
"goButton" :"傳遞Payload!",

View File

@ -112,6 +112,7 @@
<option value="CTCaer_Hekate" id="optionCTCaerHekate" >CTCaer's Hekate Mod v3.0 (All Firmwares)</option>
<option value="fusee" id="optionFusee" >(Re)Switched test payload (fusee)</option>
<option value="sx os" id="optionSXOS" >SX OS (All Firmwares)</option>
<option value="ReiNX" id="optionReiNX" >ReiNX (With SigPatches)</option>
<option value="uploaded" id="optionUpload" >Upload payload</option>
</select>
</div>

28
main.js
View File

@ -1,9 +1,9 @@
const intermezzo = new Uint8Array([
0x44, 0x00, 0x9F, 0xE5, 0x01, 0x11, 0xA0, 0xE3, 0x40, 0x20, 0x9F, 0xE5, 0x00, 0x20, 0x42, 0xE0,
0x08, 0x00, 0x00, 0xEB, 0x01, 0x01, 0xA0, 0xE3, 0x10, 0xFF, 0x2F, 0xE1, 0x00, 0x00, 0xA0, 0xE1,
0x2C, 0x00, 0x9F, 0xE5, 0x2C, 0x10, 0x9F, 0xE5, 0x02, 0x28, 0xA0, 0xE3, 0x01, 0x00, 0x00, 0xEB,
0x20, 0x00, 0x9F, 0xE5, 0x10, 0xFF, 0x2F, 0xE1, 0x04, 0x30, 0x90, 0xE4, 0x04, 0x30, 0x81, 0xE4,
0x04, 0x20, 0x52, 0xE2, 0xFB, 0xFF, 0xFF, 0x1A, 0x1E, 0xFF, 0x2F, 0xE1, 0x20, 0xF0, 0x01, 0x40,
0x44, 0x00, 0x9F, 0xE5, 0x01, 0x11, 0xA0, 0xE3, 0x40, 0x20, 0x9F, 0xE5, 0x00, 0x20, 0x42, 0xE0,
0x08, 0x00, 0x00, 0xEB, 0x01, 0x01, 0xA0, 0xE3, 0x10, 0xFF, 0x2F, 0xE1, 0x00, 0x00, 0xA0, 0xE1,
0x2C, 0x00, 0x9F, 0xE5, 0x2C, 0x10, 0x9F, 0xE5, 0x02, 0x28, 0xA0, 0xE3, 0x01, 0x00, 0x00, 0xEB,
0x20, 0x00, 0x9F, 0xE5, 0x10, 0xFF, 0x2F, 0xE1, 0x04, 0x30, 0x90, 0xE4, 0x04, 0x30, 0x81, 0xE4,
0x04, 0x20, 0x52, 0xE2, 0xFB, 0xFF, 0xFF, 0x1A, 0x1E, 0xFF, 0x2F, 0xE1, 0x20, 0xF0, 0x01, 0x40,
0x5C, 0xF0, 0x01, 0x40, 0x00, 0x00, 0x02, 0x40, 0x00, 0x00, 0x01, 0x40
]);
@ -17,7 +17,7 @@ const PAYLOAD_LOAD_BLOCK = 0x40020000;
function createRCMPayload(intermezzo, payload) {
const rcmLength = 0x30298;
const intermezzoAddressRepeatCount = (INTERMEZZO_LOCATION - RCM_PAYLOAD_ADDRESS) / 4;
const rcmPayloadSize = Math.ceil((0x2A8 + (0x4 * intermezzoAddressRepeatCount) + 0x1000 + payload.byteLength) / 0x1000) * 0x1000;
@ -114,9 +114,9 @@ async function launchPayload(payload) {
logOutput("Switching to higher buffer...");
await device.transferOut(1, new ArrayBuffer(0x1000));
}
logOutput("Trigging vulnerability...");
const vulnerabilityLength = 0x7000;
const vulnerabilityLength = 0x7000;
const smash = await device.controlTransferIn({
requestType: 'standard',
recipient: 'interface',
@ -132,7 +132,7 @@ document.getElementById("goButton").addEventListener("click", async () => {
clearLog();
var debugCheckbox = document.getElementById("shouldDebug");
const payloadType = document.getElementById("payloadSelect").value;
if(!debugCheckbox.checked) {
logOutput("Requesting access to device...");
@ -151,9 +151,13 @@ document.getElementById("goButton").addEventListener("click", async () => {
} else if (payloadType === "fusee") {
payload = fusee;
} else if (payloadType === "sx os") {
payload = sx;
} else if (payloadType === "ReiNX") {
payload = ReiNX;
} else if (payloadType === "uploaded") {
const file = document.getElementById("payloadUpload").files[0];
if (!file) {
@ -162,7 +166,7 @@ document.getElementById("goButton").addEventListener("click", async () => {
}
logOutput("Using uploaded payload \"" + file.name + "\"");
payload = new Uint8Array(await readFileAsArrayBuffer(file));
} else {
logOutput("<span style='color:red'>You're trying to load a payload type that doesn't exist.</span>");
return;
@ -198,7 +202,7 @@ function onSelectChange() {
function openInfo() {
if(document.getElementById("infodiv").innerHTML != "") {
document.getElementById("infodiv").innerHTML = "";
}
}
}

File diff suppressed because one or more lines are too long