Hacking Docker PPPwn

[Davi5Alexander]

PPPwn in Docker

https://github.com/Davi5Alexander/docker_pppwn

This repository contains Docker files to run PPPwn, developed by TheOfficialFloW, easily using an Alpine image. It's ideal for running on a Raspberry Pi with a dedicated USB to Ethernet port for the PS4. PPPwn is a kernel remote code execution exploit for PlayStation 4 up to FW 11.00. It's a proof-of-concept exploit for CVE-2006-4304 that was responsibly reported to PlayStation. I was inspired by PI-Pwn.

Requirements

- Docker installed on your system.
- Ethernet cable.
- USB with GoldHen (only for the first time).

Usage

1. Copy the `Dockerfile.pppwn` and `docker-compose.yml` files.
2. Edit `docker-compose.yml` and change the values of INTERFACE and FIRMWAREVERSION.
3. Run `docker-compose up -d`.
4. Turn on the PS4.

On your PS4 (first time):

1. Insert the USB with `goldhen.bin` into the PS4.
2. Go to Settings and then to Network.
3. Select Set Up Internet Connection and choose Use a LAN Cable.
4. Choose Custom Setup and select PPPoE for IP Address Settings.
5. Enter anything for PPPoE User ID and PPPoE Password.
6. Choose Automatic for DNS Settings and MTU Settings.
7. Choose Do Not Use for Proxy Server.

 

[jmjohnson85]

I'm not fully up-to-speed on how the PPPwn exploit works but... If my PS4 is connected via Ethernet to a network switch (which is thereby connected to the docker host), will this just continually try to connect to my PS4 to run the exploit (after the one-time setup of course)?

Edit:
From looking at the script it seems this requires a direct connection from the exploit host using a crossover cable (no network switches...)

 

[Bumblecito]

PPPwn in Docker

https://github.com/Davi5Alexander/docker_pppwn

This repository contains Docker files to run PPPwn, developed by TheOfficialFloW, easily using an Alpine image. It's ideal for running on a Raspberry Pi with a dedicated USB to Ethernet port for the PS4. PPPwn is a kernel remote code execution exploit for PlayStation 4 up to FW 11.00. It's a proof-of-concept exploit for CVE-2006-4304 that was responsibly reported to PlayStation. I was inspired by PI-Pwn.

Requirements

- Docker installed on your system.
- Ethernet cable.
- USB with GoldHen (only for the first time).

Usage

1. Copy the `Dockerfile.pppwn` and `docker-compose.yml` files.
2. Edit `docker-compose.yml` and change the values of INTERFACE and FIRMWAREVERSION.
3. Run `docker-compose up -d`.
4. Turn on the PS4.

On your PS4 (first time):

1. Insert the USB with `goldhen.bin` into the PS4.
2. Go to Settings and then to Network.
3. Select Set Up Internet Connection and choose Use a LAN Cable.
4. Choose Custom Setup and select PPPoE for IP Address Settings.
5. Enter anything for PPPoE User ID and PPPoE Password.
6. Choose Automatic for DNS Settings and MTU Settings.
7. Choose Do Not Use for Proxy Server.

I'm about to trying this over local network in a synology nas

Edit: Well It didn't work.

Trying now connected to nas lan1 (it has lan0 and lan1) but it's got stuck on stage1: memory corruption
Tried to ruebuild it but it's cached and i'am unable to make a clean install.

Post automatically merged: May 12, 2024

Ok, it's working now.

You have to create a folder inside the docker directory and name it docker_pppwn-main
Inside that directory now you have to copy the stages folder with all its files (900 in my case).
You would have something like docker > docker_pppwn-main > stages

 

[Davi5Alexander]

I'm about to trying this over local network in a synology nas

Edit: Well It didn't work.

Trying now connected to nas lan1 (it has lan0 and lan1) but it's got stuck on stage1: memory corruption
Tried to ruebuild it but it's cached and i'am unable to make a clean install.

View attachment 436689

Post automatically merged: May 12, 2024

Ok, it's working now.

You have to create a folder inside the docker directory and name it docker_pppwn-main
Inside that directory now you have to copy the stages folder with all its files (900 in my case).
You would have something like docker > docker_pppwn-main > stages
View attachment 436694
View attachment 436696
View attachment 436691

Sorry, I didn't do a test without my custom volume. I already fixed it. You can rebuild the image using docker compose build --no-cache

 

[Bumblecito]

Sorry, I didn't do a test without my custom volume. I already fixed it. You can rebuild the image using docker compose build --no-cache

Thank you very much, i will give it a try. Great job!

 

[boagamer]

I was inspired by PI-Pwn.

Would be better if you used the latest https://github.com/stooged/PI-Pwn,
it has an option to use C++ and PPPOE bridging, meaning internet is usable without unplugging.
No idea if it works through docker but would be great if it does!

 

[garbaj]

PPPwn in Docker

https://github.com/Davi5Alexander/docker_pppwn

This repository contains Docker files to run PPPwn, developed by TheOfficialFloW, easily using an Alpine image. It's ideal for running on a Raspberry Pi with a dedicated USB to Ethernet port for the PS4. PPPwn is a kernel remote code execution exploit for PlayStation 4 up to FW 11.00. It's a proof-of-concept exploit for CVE-2006-4304 that was responsibly reported to PlayStation. I was inspired by PI-Pwn.

Requirements

- Docker installed on your system.
- Ethernet cable.
- USB with GoldHen (only for the first time).

Usage

1. Copy the `Dockerfile.pppwn` and `docker-compose.yml` files.
2. Edit `docker-compose.yml` and change the values of INTERFACE and FIRMWAREVERSION.
3. Run `docker-compose up -d`.
4. Turn on the PS4.

On your PS4 (first time):

1. Insert the USB with `goldhen.bin` into the PS4.
2. Go to Settings and then to Network.
3. Select Set Up Internet Connection and choose Use a LAN Cable.
4. Choose Custom Setup and select PPPoE for IP Address Settings.
5. Enter anything for PPPoE User ID and PPPoE Password.
6. Choose Automatic for DNS Settings and MTU Settings.
7. Choose Do Not Use for Proxy Server.

Amazing idea and excellent work! Thanks for sharing!