PPPwn_cpp
PPPwn_cpp copied to clipboard
xfangfang
MacOS Guide to hopefully help others
Mac user here, took me a little bit to figure out what was needed etc, and also changing a few things got it working.
https://github.com/xfangfang/PPPwn_cpp?tab=readme-ov-file
Scroll down until you see ‘Nightly Builds’ and press on the Nightly Link
Download the required version for your machine, I used x86_64-macos-none as I use a Intel MacBook Pro.
Create a folder named PPPwn, place downloaded pppwn folder inside.
You also need Stage1.bin and Stage2.bin, I used the files from the RaspberryPi PPPwn. Link: https://github.com/stooged/PI-Pwn
There are two sets of Stage Files, one for 9.00 (Stage1_900 & Stage2_900) and a set for 11.00 (Stage1_1100 & Stage2_11.00) Use the set for your firmware. Rename them Stage1.bin and Stage2.bin and put them in the PPPwn folder with pppwn, You should now have 3 files in PPPwn - pppwn/Stage1.bin/Stage2.bin
Make sure you have goldhen.bin on the root of a USB stick and is inserted into the PS4, goldhen.bin is included in the RaspberryPi PPPwn download. USB Stick should be formatted to either Fat32 or Exfat, make sure if formatting the USB stick, change the partition to Windows and not GUID which is default on a Mac or the the PS4 wont detect the USB stick.
On the PS4, goto Settings - Network - Setup Internet Connection - Use a LAN Cable - Custom - PPPoE, create any user name and password, all other settings set to Automatic.
Run sudo xattr -rd com.apple.quarantine <drag pppwn here, DO NOT DRAG PPPwn folder> press enter, enter password, press enter again. This sort of worked for me, to get around it I had to use Sudo in the Terminal code, so Im making the guide based on my experience and what’s working for me. Try without Sudo, if you get permission denied, Sudo is needed at start of Terminal Code to give permission.
You also must have **SIP enabled**, if unsure, google how to check, make sure its enabled, if not, follow a guide how to re-enable it, if unsure how to disable it, you most likely have it enabled. If using Little Snitch ot any other network monitoring service, either Allow all connections or disable the program blocking network connection or the exploit will not work.
Install Wireshark and then follow the prompts to install ChmodBPF: Link: https://www.wireshark.org/docs/wsug_html_chunked/ChBuildInstallOSXInstall.html This will give bpf root access.
To run the exploit for 11.00, copy the following to Terminal: sudo <Drag pppwn here - NOT THE FOLDER> --interface en0 --fw 1100 --stage1 “Drag Stage1.bin here” --stage2 “Drag Stage2.bin here” --auto-retry Press enter, enter password, press Enter, Select ‘Test Connection’ on PS4. Make sure you are using Stage1 and Stage2 for 11.00
Example: sudo /Volumes/1TB/PS4/PPPwn/pppwn --interface en0 --fw 1100 --stage1 "/Volumes/1TB/PS4/PPPwn/stage1.bin" --stage2 "/Volumes/1TB/PS4/PPPwn/stage2.bin" --auto-retry
To run the exploit for 9.00, copy the following to Terminal: sudo <Drag pppwn here - NOT THE FOLDER> --interface en0 --fw 900 --stage1 “Drag Stage1.bin here” --stage2 “Drag Stage2.bin here” --auto-retry Press enter, enter password, press Enter, Select ‘Test Connection’ on PS4. Make sure you are using Stage1 and Stage2 for 9.00
Example: sudo /Volumes/1TB/PS4/PPPwn/pppwn --interface en0 --fw 900 --stage1 "/Volumes/1TB/PS4/PPPwn/stage1.bin" --stage2 "/Volumes/1TB/PS4/PPPwn/stage2.bin" --auto-retry
Other Notes: If using a Ethernet Adapter you will need to change interface en0 to interface enX - Replace X with number Ethernet Adapter is using, to check use WireShark.
Update 14/5/24: Removed Alternative for ChmodBPF, ChmodBPF is much easier.
Update 28/5/24: "bin not found" issue? @serista "Works great on Mac Mini M1 and my PS4 12xx fat model. Tried it 3 times and it worked after 2nd attempt each time judging by the Terminal output.
You actually don't need to "Test internet connection". You just run the command on Mac, and then start your PS4 and wait.
Also the quotes around the bin files in the instruction aren't needed. They will only lead to the "...bin not found" message and the command won't work."
I followed all the steps of yours. I have Macbook M1. I downloaded my pppwn accordingly (aarch64-macos-none.zip) from nightly builds. I downloaded stage1 and stage2 files from https://github.com/stooged/PI-Pwn. I am getting error
@-MacBook-Air ~ % sudo /Users/kiaara/Desktop/PPPwn/pppwn --interface en0 --fw 1100 --stage1 “/Users/kiaara/Desktop/PPPwn/stage1.bin” --stage2 “/Users/kiaara/Desktop/PPPwn/stage2.bin” --auto-retry [+] PPPwn++ - PlayStation 4 PPPoE RCE by theflow [+] args: interface=en0 fw=1100 stage1=“/Users/kiaara/Desktop/PPPwn/stage1.bin” stage2=“/Users/*****/Desktop/PPPwn/stage2.bin” auto-retry=on [-] Cannot open: “/Users/kiaara/Desktop/PPPwn/stage1.bin”
Here is file permission: -rwxr-xr-x@ 1 kiaara staff 898456 May 12 18:20 pppwn -rw-rw-rw- 1 kiaara staff 500 May 12 03:08 stage1.bin -rw-rw-rw- 1 kiaara staff 2603 May 12 03:08 stage2.bin
I tried running sudo xattr -rd com.apple.quarantine for stage1 and stage2 but still same issue. Any idea?
"[-] Cannot open: “/Users/kiaara/Desktop/PPPwn/stage1.bin”"
It can not find the path to the stage1.bin, make sure the path to the file is correct.
I just realised you are also using an M Series mac, Im guessing you are using an adapter for ethernet. It could be --interface en0 needs changing, im not 100%, i'll see what I can find.
It's exactly in the same folder as pppwn file. you can see the path of pppwn file. I guess it is something related to permissions. I tried doing chmod 755 also but same issue.
@Doyle4 Just find a new intel mac and test from beginning. By default, it indeed lacks bpf permissions. Good catch !
The relevant step should change to: Install ChmodBPF. More information can be found at: https://formulae.brew.sh/cask/wireshark-chmodbpf
Alternatively, you could directly install Wireshark and then follow the prompts to install ChmodBPF: https://www.wireshark.org/docs/wsug_html_chunked/ChBuildInstallOSXInstall.html
System Preferences > Security and Privacy > Full disk access > drag pppwn into there.
See if giving pppwn full disk access helps, your error is the stage file can't be located.
@Dakshpro maybe you need to remove the ” around stage.bin path ?
I think what you use is ”, is not a "
@Dakshpro maybe you need to remove the
”around stage.bin path ?I think what you use is
”, is not a"
I never spotted that, also good catch!
@xfangfang Thanks for the WireShark tip! this has made the process much better, if it failed before ChmodBPF was installed, the retry would loop and the Mac would need resetting. I made the process fail and on 2nd retry it worked fine, thank you.
I think WireShark/ChmodBPF is worth installing, will add to the guide im making for MacOS.
@Dakshpro maybe you need to remove the
”around stage.bin path ?I think what you use is
”, is not a"
Great.. this solution. worked. But it's stuck at sudo /Users/kiaara/Desktop/PPPwn/pppwn --interface en0 --fw 1100 --stage1 "/Users/kiaara/Desktop/PPPwn/stage1.bin" --stage2 "/Users/kiaara/Desktop/PPPwn/stage2.bin" --auto-retry Password: [+] PPPwn++ - PlayStation 4 PPPoE RCE by theflow [+] args: interface=en0 fw=1100 stage1=/Users/kiaara/Desktop/PPPwn/stage1.bin stage2=/Users/kiaara/Desktop/PPPwn/stage2.bin auto-retry=on
[+] STAGE 0: Initialization [*] Waiting for PADI...
I am using ethernet adapter to USB-C with ethernet cable to PS4. Tried sharing internet but not working
Reboot your Mac, Reboot PS4 Once rebooted, On the PS4 go to Settings, Network, Create LAN, Custom - PPPoE, Enter any username and password, use Automatic for the rest. Don't press "Test Network" yet.
On mac, Run the pppwn, enter password, once pressed enter after password, on the PS4 press "Test Connection".
@Dakshpro maybe you need to remove the
”around stage.bin path ? I think what you use is”, is not a"Great.. this solution. worked. But it's stuck at sudo /Users/kiaara/Desktop/PPPwn/pppwn --interface en0 --fw 1100 --stage1 "/Users/kiaara/Desktop/PPPwn/stage1.bin" --stage2 "/Users/kiaara/Desktop/PPPwn/stage2.bin" --auto-retry Password: [+] PPPwn++ - PlayStation 4 PPPoE RCE by theflow [+] args: interface=en0 fw=1100 stage1=/Users/kiaara/Desktop/PPPwn/stage1.bin stage2=/Users/kiaara/Desktop/PPPwn/stage2.bin auto-retry=on
[+] STAGE 0: Initialization [*] Waiting for PADI...
I am using ethernet adapter to USB-C with ethernet cable to PS4. Tried sharing internet but not working
If you haven't already, Install WireShark and also install ChmodBPF.pkg, where it says Ethernet, it should say en0, if it doesn't, take note of what it says and change en0 from the command line needed to run pppwn and replace with the name WireShark shows next to Ethernet.
Reboot your Mac, Reboot PS4 Once rebooted, On the PS4 go to Settings, Network, Create LAN, Custom - PPPoE, Enter any username and password, use Automatic for the rest. Don't press "Test Network" yet.
On mac, Run the pppwn, enter password, once pressed enter after password, on the PS4 press "Test Connection".
Not working. Ps4 fails to obtain IP.
I have to get sleep as its now almost 7:30am here, any issues I'll get back to you asap. I dont own a M Series Mac, but my Macbook Pro 2017 also needs an adapter for Ethernet, when im awake I'll have a test using an adapter and see how it is for myself.
@Dakshpro if you are using USB adapter, then it cannot be en0, check wireshark and find something like: “USB 10/100 LAN: en*”
if you are using a mac mini, then en0 would be the one in the mac mini back, no idea for macbook.
or just simply try from en1 to en20
@Dakshpro You can turn on the PS4 and see which curve suddenly shows up (meaning data has been received) that's the one you want. Otherwise something wrong must happened.
It's great and all, thanks for the instructions, but it would be very nice if someone could make a more streamlined solution for macOS, I mean GUI like PPPwnGo etc for Win, without needing to download and install supplementing utils.
@Dakshpro You can turn on the PS4 and see which curve suddenly shows up (meaning data has been received) that's the one you want. Otherwise something wrong must happened.
It finally showed en5. Thanks for the hint. It's working now. But it always fails at "scanning for corrupted object". I took stage1.bin and stage2.bin from mentioned sources (https://github.com/stooged/PI-Pwn). Also tried changing these with https://github.com/PSGO/PPPwnGo and https://github.com/PSGO/PPPwn-Lite but still same issue. I have PS4 Pro.
@Dakshpro You can turn on the PS4 and see which curve suddenly shows up (meaning data has been received) that's the one you want. Otherwise something wrong must happened.
It finally showed en5. Thanks for the hint. It's working now. But it always fails at "scanning for corrupted object". I took stage1.bin and stage2.bin from mentioned sources (https://github.com/stooged/PI-Pwn). Also tried changing these with https://github.com/PSGO/PPPwnGo and https://github.com/PSGO/PPPwn-Lite but still same issue. I have PS4 Pro.
Make sure you are using the set for your Firmware, so if you are on 11.00 you need the 11.00 Stage files and renamed to exactly the same as what the Terminal code is looking for.
EDIT: Spotted you said it was en5... Looking at your screen grab, its either en3 or en4 as thats your Ethernet adapter. Try with en3, if fails, try with en4.
It's great and all, thanks for the instructions, but it would be very nice if someone could make a more streamlined solution for macOS, I mean GUI like PPPwnGo etc for Win, without needing to download and install supplementing utils.
It will happen, no point just yet as there a few issues and harder to resolve with not many users using Mac. Once all bugs etc have been cleared one will most likely be made.
@Dakshpro You can turn on the PS4 and see which curve suddenly shows up (meaning data has been received) that's the one you want. Otherwise something wrong must happened.
It finally showed en5. Thanks for the hint. It's working now. But it always fails at "scanning for corrupted object". I took stage1.bin and stage2.bin from mentioned sources (https://github.com/stooged/PI-Pwn). Also tried changing these with https://github.com/PSGO/PPPwnGo and https://github.com/PSGO/PPPwn-Lite but still same issue. I have PS4 Pro.
Make sure you are using the set for your Firmware, so if you are on 11.00 you need the 11.00 Stage files and renamed to exactly the same as what the Terminal code is looking for.
EDIT: Spotted you said it was en5... Looking at your screen grab, its either en3 or en4 as thats your Ethernet adapter. Try with en3, if fails, try with en4.
Using exactly the right stage1 and stage2 files for v11.0 but still the issue. Screenshot it old. It properly shows en5 now and PS4 also obtains IP.
Its difficult as I have no access to an M Series Mac, I only own Intel. Hopefully someone can help who has a M series.
for finding correct port you can do this
1.Press and hold Option 2.Select the Apple menu 3.Select System Information 4.Select Network 5.Select Network Interface (Ethernet or Wi-Fi) 6.Find BSD Device Name under the details section(for eg ethernet en5, wifi en0)
for finding correct port you can do one thing hold option on keyboard while holding option click on the apple logo on top left select system information , scroll down to network it will show your device name and the BSD Device Name is your active post
I found the correct port but the issue is, process fails exactly at "scanning for corrupted object".
i am also a m1 mac user i am. running it through VMware fusion ubuntu i have got a pre compiled file which you have run through docker i got it from someone, now i just open the terminal and run it is working for me max it took is 2 attempts
@Akshayraiker11
Just update the code, the command pppwn list will list the interface information.
$ pppwn list
[+] PPPwn++ - PlayStation 4 PPPoE RCE by theflow
[+] interfaces:
en0 Ethernet
en6 USB 10/100 LAN
en4 Ethernet Adapter (en4)
en5 Ethernet Adapter (en5)
en10 USB 10/100/1000 LAN
bridge0 Thunderbolt Bridge
en1 Wi-Fi
en2 Thunderbolt 1
en3 Thunderbolt 2
@Dakshpro If your system version is at or below 11.0, I can only recommend repeated attempts (reboot the ps4). Just bad luck : )
can someone over here make a complete guild m series mac user to run it properly even youtube doesnt have a single video on it @xfangfang @Doyle4
can someone over here make a complete guild m series mac user to run it properly even youtube doesnt have a single video on it @xfangfang @Doyle4
I would if I had access to a M series Mac, without one I can't give advice, my guide is basic Mac and for mainly Intel Macs as thats all I have at hand.
@Dakshpro try with latest PPPwnPi files, https://github.com/stooged/PI-Pwn Its been worked on in the last few hours.