Maybe need to adjust the time if you have ssd or something wich cause your system power up too soon , else with hdd it's ,tried on pro 11.00 .no fail , no crash

proof here:

https://www.mediafire.com/file/jo21oogi8gtfuoe/5902031530020049787.mp4/file

btw i'm MiralaTijera a old ps3 scener :-D

Dear MiralaTijera
i am new to github and don't know how to perform the operation you just did on that video uploaded the link here, Can you please help where is that boot.bat file and how can i do this on my ps4 pro ? waiting for your great response.

hi there! here you have a pack ready to use:

https://www.mediafire.com/file/n4513v2k99bok9p/MLT_PAYLOADER_ON_BOOT_WORKING_with_npcap.rar/file

it's included:

python latest version
scapy
PPPwn sistr0 with my mods
first install npcap exe i included in the root of the rar
so when you decompress it you will see the same boot.bat , just edit that file and on cmdline of windows "ipconfig /all" find your rj45 interface name and copy as is and replace the one i put by default on --interface="the name of your rj45 interface" and save it , run it and power on the console , and if you have the console preconfigured on PPPoE just wait ,you will see te PPPwn msg on press ps button step on powering on the console , remember you need your rj45 interface connected to your computer and ps4 directly without hubs or routers... enjoy ;-)

btw: @SiSTR0 at least u can say a explanation why you refuse the commit? , no one know's the console can be pwned at boot?

Hello @SiSTR0. Is It possible to execute the exploit on PS4 boot time? I mean, FreeBSD should has systemd right? Maybe you can modify the stage2 in such way that create a service that executes the goldhen.bin on boot and thus we don't have to execute the Network exploit anymore once the payload is stored in the HDD.

What do you think?

I have on (maybe stupid) question/confusion.

Tell me one little thing.. Why in the commit You call 2 times "payload.bin" into "PAYLOAD_EXT_PATH"

Let me explain. You commited this:
#define PAYLOAD_NAME "payload.bin" #define PAYLOAD_EXT_PATH "/mnt/usb0/payload.bin" PAYLOAD_NAME #define PAYLOAD_INT_PATH "/data/payloads/" PAYLOAD_NAME

So.... We're define "payload.bin" at the first into "PAYLOAD_NAME" ant this is acceptable.
But payload name has been implemented second time into "PAYLOAD_EXT_PATH"
Finally we get something like this "/mnt/usb0/payload.binpayload.bin"...

Maybe I'm not understanding something. But these are basics, not quantum physics
Can you explain this simple relationship to me, why you want to double-load "payload.bin"?

I assume it's a simple oversight. Unless it's supposed to be that way for some reason?

btw. This is not sarcasm but curiosity

this is a fork of exploit and I haven't any exploitable console for this exploit.
I am not exploit dev, so better PR the main repo so TheFlow can review better than me.
Thanks anyway

I have updated Stoogegs Pi PPPwn and see it now has config for delay, Im using an SSD in a Phat PS4 and PPPwn it takes around 4mins as it constantly fails.

Anyone have any recommended time delay settings at all? I see there is also a Buffer setting, sadly no clear instructions.

Thanks