From 8edae846550a1ac6ac4ca72ffd134558aac4b2a9 Mon Sep 17 00:00:00 2001
From: Kameleon <77245601+kmeps4@users.noreply.github.com>
Date: Tue, 20 Feb 2024 03:30:05 -0600
Subject: [PATCH] Rollback to my original firmware detection

---
 config.mjs  | 58 ++++++++++++++++++++-------------
 exploit.mjs | 93 ++++++++++++++++++++++++++++++-----------------------
 2 files changed, 87 insertions(+), 64 deletions(-)

diff --git a/config.mjs b/config.mjs
index 1977925..1fe0abf 100644
--- a/config.mjs
+++ b/config.mjs
@@ -57,32 +57,44 @@ export function set_target(value) {
     target = value;
 }
 
-function DetectFirmwareVersion() { //function by kameleon :)
-if (navigator.userAgent.includes('PlayStation 4')) {
+function DetectFirmwareVersion() //function by kameleon :)
+{
     var UA = navigator.userAgent.substring(navigator.userAgent.indexOf('5.0 (') + 19, navigator.userAgent.indexOf(') Apple')).replace("PlayStation 4/","");
-    if (["6.00", "6.02", "6.10", "6.20"].includes(UA)) {
+    
+    if (UA == "6.00" || UA == "6.02" || UA == "6.10" || UA == "6.20")
+    {
         return ps4_6_00;
-    } else if (["6.50", "6.70", "6.71", "6.72"].includes(UA)) {
-	return  ps4_6_50;
-    } else if (["7.01", "7.02", "7.50", "7.51", "7.55", "8.00", "8.01", "8.03"].includes(UA)) {
-	return ps4_8_03;
-    } else {
-        var UA = navigator.userAgent.substring(navigator.userAgent.indexOf('5.0 (') + 18, navigator.userAgent.indexOf(') Apple')).replace("PlayStation 4/","");
-        if (["8.50", "8.51"].includes(UA)) {
-	return ps4_8_03;
-        } else {
-        var UA = navigator.userAgent.substring(navigator.userAgent.indexOf('5.0 (') + 18, navigator.userAgent.indexOf(') Apple')).replace("PlayStation 4/","");
-        if (["9.00", "9.03", "9.04", "9.50", "9.51", "9.60"].includes(UA)) {
-	return  ps4_9_00;
-        }
-      }
     }
-} else if (navigator.userAgent.includes('PlayStation 5')) {
-    var UA = navigator.userAgent.substring(navigator.userAgent.indexOf('5.0 (') + 32, navigator.userAgent.indexOf(') Apple')).replace("PlayStation 5/","");
-    if (["1.00", "1.01", "1.02", "1.05", "1.12", "1.14", "2.00", "2.10", "2.20", "2.25", "2.26", "2.30", "2.50", "2.70", "3.00", "3.10", "3.20", "3.21", "4.00", "4.02", "4.03", "4.50", "4.51", "5.00", "5.02", "5.10", "5.50"].includes(UA)) { 
-	return ps5_5_00;
+
+    if (UA == "6.50" || UA == "6.70" || UA == "6.71" || UA == "6.72")
+    {
+        return ps4_6_50;
     }
-  }
+
+    if (UA == "7.01" || UA == "7.02" || UA == "7.50" || UA == "7.51" || UA == "7.55" || UA == "8.00" || UA == "8.01" || UA == "8.03" || UA == "8.50" || UA == "8.51")
+    {
+        return ps4_8_03;
+    }
+    
+    //on 9.00 Fw detection changed to laystation instead of regular Playstation
+    UA = navigator.userAgent.substring(navigator.userAgent.indexOf('5.0 (') + 19, navigator.userAgent.indexOf(') Apple')).replace("layStation 4/","");
+
+
+    if (UA == "9.00" || UA == "9.03" || UA == "9.04" || UA == "9.50" ||  UA == "9.51" || UA == "9.60")
+    {
+        return ps4_9_00;
+    }
+
+    //get user agent for PS5 (taken from PS5 Specter Exploit Host)
+    const supportedFirmwares = ["1.00","1.01","1.02","1.05","1.12","1.14","2.00","2.10","2.20","2.25","2.26","2.30","2.50","2.70","3.00","3.10","3.20","3.21","4.00", "4.02", "4.03", "4.50", "4.51","5.00","5.02","5.10","5.50"];
+    const fw_idx = navigator.userAgent.indexOf('PlayStation; PlayStation 5/') + 27;
+    const fw_str = navigator.userAgent.substring(fw_idx, fw_idx + 4);
+
+    if (supportedFirmwares.includes(fw_str)) 
+    {
+        return ps5_5_00;
+    }
+
 }
 
-export let target = DetectFirmwareVersion();
+export let target = DetectFirmwareVersion();
\ No newline at end of file
diff --git a/exploit.mjs b/exploit.mjs
index 989a424..1993551 100644
--- a/exploit.mjs
+++ b/exploit.mjs
@@ -676,52 +676,63 @@ async function get_ready() {
 }
 
 //load per firmware Rop Test function by kameleon..
-function ExecRopByFw() 
+function ExecRopByFw()
 {
     var UA = navigator.userAgent.substring(navigator.userAgent.indexOf('5.0 (') + 19, navigator.userAgent.indexOf(') Apple')).replace("PlayStation 4/","");
     
-    if (navigator.userAgent.includes('PlayStation 4')) 
+    if (UA == "6.00" || UA == "6.02" || UA == "6.10" || UA == "6.20")
     {
-        if (["6.00", "6.02", "6.10", "6.20"].includes(UA)) 
-        {
-            alert("No ROP implemented");
-        } 
-        else if (["6.50", "6.70", "6.71", "6.72"].includes(UA)) 
-        {
-            alert("No ROP implemented");
-        } 
-        else if (["7.01", "7.02", "7.50", "7.51", "7.55"].includes(UA)) 
-        {
-            import('./send.mjs');
-        } 
-        else if (["8.00", "8.01", "8.03"].includes(UA)) 
-        {
-            import('./rop/800.mjs');
-        } 
-
-        else if (["8.50", "8.51"].includes(UA)) 
-        {
-            import('./rop/850.mjs');
-        } 
-        
-        // For PS4 9.00 to 9.60
-        var UA = navigator.userAgent.substring(navigator.userAgent.indexOf('5.0 (') + 18, navigator.userAgent.indexOf(') Apple')).replace("PlayStation 4/","");
-        
-        if (["9.00", "9.03", "9.04"].includes(UA))
-        {
-            import('./rop/900.mjs');
-        }
-        else if (["9.50", "9.51", "9.60"].includes(UA))
-        {
-            import('./rop/950.mjs');
-        } 
-        
-    } else if (navigator.userAgent.includes('PlayStation 5')) {
-        var UA = navigator.userAgent.substring(navigator.userAgent.indexOf('5.0 (') + 32, navigator.userAgent.indexOf(') Apple')).replace("PlayStation 5/","");
-        if (["1.00", "1.01", "1.02", "1.05", "1.12", "1.14", "2.00", "2.10", "2.20", "2.25", "2.26", "2.30", "2.50", "2.70", "3.00", "3.10", "3.20", "3.21", "4.00", "4.02", "4.03", "4.50", "4.51", "5.00", "5.02", "5.10", "5.50"].includes(UA)) { 
-            alert("No ROP implemented");
-        }
+        alert("No ROP implemented");
     }
+
+    if (UA == "6.50" || UA == "6.70" || UA == "6.71" || UA == "6.72")
+    {
+        alert("No ROP implemented");
+    }
+
+    if (UA == "7.01" || UA == "7.02" || UA == "7.50" || UA == "7.51" || UA == "7.55")
+    {
+        import('./send.mjs');
+    }
+
+    if (UA == "8.00" || UA == "8.01")
+    {
+        alert("No ROP implemented");
+    }
+
+    if (UA == "8.03")
+    {
+        import('./rop/800.mjs');
+    }
+
+    if (UA == "8.50" ||  UA == "8.51")
+    {
+        import('./rop/850.mjs');
+    }
+    
+    //on 9.00 Fw detection changed to laystation insead of regular Playstation
+    UA = navigator.userAgent.substring(navigator.userAgent.indexOf('5.0 (') + 19, navigator.userAgent.indexOf(') Apple')).replace("layStation 4/","");
+
+    if (UA == "9.00" || UA == "9.03" || UA == "9.04")
+    {
+        import('./rop/900.mjs');
+    }
+
+    if (UA == "9.50" || UA == "9.51" || UA == "9.60")
+    {
+        import('./rop/950.mjs');
+    }
+
+    //get user agent for PS5 (taken from PS5 Specter Exploit Host)
+    const supportedFirmwares = ["1.00","1.01","1.02","1.05","1.12","1.14","2.00","2.10","2.20","2.25","2.26","2.30","2.50","2.70","3.00","3.10","3.20","3.21","4.00", "4.02", "4.03", "4.50", "4.51","5.00","5.02","5.10","5.50"];
+    const fw_idx = navigator.userAgent.indexOf('PlayStation; PlayStation 5/') + 27;
+    const fw_str = navigator.userAgent.substring(fw_idx, fw_idx + 4);
+
+    if (supportedFirmwares.includes(fw_str)) 
+    {
+        alert("No ROP implemented");
+    }
+
 }
 
 async function run() {