Merge pull request #4 from SoftwareRat/LLA

Finally: pppwn_live with GoldHEN 2.4b18

Author: SoftwareRat

.github/workflows/ci.yaml

@@ -26,11 +26,11 @@ jobs:
         with:
           submodules: true
 
-      - name: Setup Alpine Linux for ${{ matrix.architecture }}
-        uses: jirutka/setup-alpine@v1
+      - name: Set up Alpine Linux environment
+        uses: jirutka/setup-alpine@v1.2.0
         with:
           arch: ${{ matrix.architecture }}
-          branch: edge
+          branch: latest-stable
           packages: |
             alpine-sdk
             alpine-conf
@@ -47,55 +47,78 @@ jobs:
             wget
             mtools
             dosfstools
+            7zip
+            curl
+            jq
           shell-name: alpine
 
       - name: Prepare PPPwn binaries
         shell: alpine --root {0}
         env:
           ARCH: ${{ matrix.architecture }}
         run: |
-          echo "ARCH is $ARCH"
+          set -e
+          echo "Preparing PPPwn binaries for ${ARCH}..."
           mkdir -p /tmp/pppwnlive
           cd /tmp/pppwnlive
-          wget https://github.com/xfangfang/PPPwn_cpp/releases/latest/download/${ARCH}-linux-musl.zip
+
+          # Download and extract binaries with retries
+          for attempt in {1..3}; do
+            wget https://github.com/xfangfang/PPPwn_cpp/releases/latest/download/${ARCH}-linux-musl.zip && break || sleep 5
+          done
           unzip -p ${ARCH}-linux-musl.zip | tar -xzOf - pppwn > pppwn && rm ${ARCH}-linux-musl.zip
+
           wget https://github.com/B-Dem/PPPwnUI/raw/main/PPPwn/goldhen/1100/stage1.bin
-          wget https://github.com/B-Dem/PPPwnUI/raw/main/PPPwn/goldhen/1100/stage2.bin
+          curl -L -o GoldHEN.7z $(curl -s https://api.github.com/repos/GoldHEN/GoldHEN/releases | jq -r '.[0].assets[0].browser_download_url')
+          7zz e GoldHEN.7z pppnw_stage2/stage2_v*.7z -r -aoa
+          7zz e stage2_v*.7z stage2_11.00.bin -r -aoa
+          mv stage2_11.00.bin stage2.bin
+          rm GoldHEN.7z stage2_v*.7z
           cd /tmp
           tar -czf pppwn.tar.gz pppwnlive/*
 
-      - name: Install required packages
+      - name: Install required packages and setup environment
         shell: alpine --root {0}
         env:
           ARCH: ${{ matrix.architecture }}
         run: |
+          set -e
+          echo "Installing required packages and setting up environment for ${ARCH}..."
           find /tmp -name "pppwn.tar.gz" -exec cp {} aports/scripts/pppwn.tar.gz \;
-          echo "permit nopass root" | tee -a /etc/doas.conf
+          echo "permit nopass root" > /etc/doas.conf
           abuild-keygen -i -a -n -q
-          apk update
+
+          echo "http://dl-2.alpinelinux.org/alpine/latest-stable/main" > /etc/apk/repositories
+          for i in {1..3}; do apk update && break || sleep 5; done
           mkdir -p ~/tmp ~/work/iso/${ARCH}
           export TMPDIR=~/tmp
           cp -rf custom/* aports/scripts/
           chmod +x aports/scripts/*
-          ln -s /usr/lib/libalpine.sh /lib/libalpine.sh
 
       - name: Build ISO
         shell: alpine --root {0}
         env:
           ARCH: ${{ matrix.architecture }}
         run: |
+          set -e
           echo "Building ISO for ${ARCH}..."
-          sh aports/scripts/mkimage.sh --tag edge --outdir ~/work/iso/${ARCH} --arch ${ARCH} --repository https://dl-cdn.alpinelinux.org/alpine/edge/main --profile pppwn
-          mv ~/work/iso/${ARCH}/alpine-pppwn-edge-${ARCH}.iso ~/work/iso/${ARCH}/pppwn-live-${ARCH}.iso
+          sh aports/scripts/mkimage.sh --tag stable --outdir ~/work/iso/${ARCH} --arch ${ARCH} --repository https://dl-cdn.alpinelinux.org/alpine/latest-stable/main --profile pppwn > /var/log/mkimage.log 2>&1 \
+          || (cat /var/log/mkimage.log || echo "No log found"; exit 1)
+          ISO_PATH=$(find ~/work/iso/${ARCH} -name "alpine-*.iso" -print -quit)
+          if [ -z "$ISO_PATH" ]; then
+            echo "ISO not found!"
+            exit 1
+          fi
+          mv "$ISO_PATH" ~/work/iso/${ARCH}/pppwn-live-${ARCH}.iso
 
       - name: Upload ISO artifact
         uses: actions/upload-artifact@v4
         with:
           name: pppwn-live-${{ matrix.architecture }}-iso
-          path: |
-            ~/work/iso/${{ matrix.architecture }}/*.iso
+          path: ~/work/iso/${{ matrix.architecture }}/*.iso
 
   create_release:
+    if: github.ref == 'refs/heads/main'
     needs: build_iso
     runs-on: ubuntu-latest
     steps:
@@ -107,6 +130,7 @@ jobs:
       - name: Calculate SHA256 hashes
         id: sha256
         run: |
+          echo "Calculating SHA256 checksums for each architecture..."
           SHA256_X86=$(sha256sum ./iso_images/pppwn-live-x86_64-iso/pppwn-live-x86_64.iso | awk '{print $1}')
           SHA256_AARCH64=$(sha256sum ./iso_images/pppwn-live-aarch64-iso/pppwn-live-aarch64.iso | awk '{print $1}')
           echo "sha256_x86=$SHA256_X86" >> $GITHUB_OUTPUT
@@ -121,12 +145,12 @@ jobs:
 
             Changelog:
               ${{ github.event.head_commit.message }}
-          
+
             SHA256 Checksums:
               - x86_64: `${{ steps.sha256.outputs.sha256_x86 }}`
               - aarch64: `${{ steps.sha256.outputs.sha256_aarch64 }}`
           files: |
             ./iso_images/pppwn-live-x86_64-iso/pppwn-live-x86_64.iso
             ./iso_images/pppwn-live-aarch64-iso/pppwn-live-aarch64.iso
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

README.md

@@ -1,5 +1,4 @@
 # PPPwnLive
-# ⚠️ [Work is already underway on a new ISO for GoldHEN v2.4b18](https://github.com/SoftwareRat/pppwn_live/issues/3)
 
 `pppwn_live` is a Linux live ISO based on Alpine Linux, designed to run [pppwn_cpp](https://github.com/xfangfang/PPPwn_cpp), a PS4 exploit, directly from the ISO on any PC. The system automatically shuts down after completing its tasks.
 

custom/genapkovl-pppwn.sh

@@ -4,39 +4,42 @@
 HOSTNAME="PPPwnLive"
 
 cleanup() {
-	rm -rf "$tmp"
+    rm -rf "$tmp"
 }
 
 makefile() {
-	OWNER="$1"
-	PERMS="$2"
-	FILENAME="$3"
-	cat > "$FILENAME"
-	chown "$OWNER" "$FILENAME"
-	chmod "$PERMS" "$FILENAME"
+    OWNER="$1"
+    PERMS="$2"
+    FILENAME="$3"
+    cat > "$FILENAME"
+    chown "$OWNER" "$FILENAME"
+    chmod "$PERMS" "$FILENAME"
 }
 
 rc_add() {
-	mkdir -p "$tmp"/etc/runlevels/"$2"
-	ln -sf /etc/init.d/"$1" "$tmp"/etc/runlevels/"$2"/"$1"
+    mkdir -p "$tmp"/etc/runlevels/"$2"
+    ln -sf /etc/init.d/"$1" "$tmp"/etc/runlevels/"$2"/"$1"
 }
 
 tmp="$(mktemp -d)"
 trap cleanup exit
 
+# Create base directories
 mkdir -p "$tmp"/etc
 mkdir -p "$tmp"/etc/init.d
 mkdir -p "$tmp"/etc/profile.d
 mkdir -p "$tmp"/etc/apk
 mkdir -p "$tmp"/root
 
-# WAR: Search for an aports/scripts/pppwn.tar.gz file in the home directory and copy it to "$tmp"/etc/
+# Copy PPPwn payload
 find ~ -path "*/aports/scripts/pppwn.tar.gz" -exec cp {} "$tmp"/etc/pppwn.tar.gz \;
 
+# Create hostname file
 makefile root:root 0644 "$tmp"/etc/hostname <<EOF
 $HOSTNAME
 EOF
 
+# Configure network interfaces
 mkdir -p "$tmp"/etc/network
 makefile root:root 0644 "$tmp"/etc/network/interfaces <<EOF
 auto lo
@@ -46,6 +49,7 @@ auto eth0
 iface eth0 inet dhcp
 EOF
 
+# Set up package list
 makefile root:root 0644 "$tmp"/etc/apk/world <<EOF
 alpine-base
 busybox
@@ -54,7 +58,7 @@ bash
 agetty
 EOF
 
-# Configure /etc/inittab for auto-login
+# Configure auto-login inittab
 mkdir -p "$tmp/etc"
 makefile root:root 0755 "$tmp"/etc/inittab <<EOF
 # /etc/inittab
@@ -71,6 +75,7 @@ tty2::respawn:/sbin/getty 38400 tty2
 ttyS0::respawn:/sbin/getty -L 0 ttyS0 vt100
 EOF
 
+# Create welcome banner
 makefile root:root 0644 "$tmp"/etc/profile.d/motd.sh <<EOF
 #!/bin/bash
 clear
@@ -87,6 +92,7 @@ echo -e "- \033[1;34mxfangfang\033[0m (\033[4mhttps://github.com/xfangfang/PPPwn
 echo -e "- \033[1;34mTheFloW\033[0m (\033[4mhttps://github.com/TheOfficialFloW/PPPwn\033[0m) for the original discovery and creation of PPPwn"
 EOF
 
+# Create setup script
 makefile root:root 0755 "$tmp"/etc/setup.sh <<EOF
 #!/bin/sh
 
@@ -116,12 +122,12 @@ else
 fi
 EOF
 
-# Use /root/.profile to automatically run /etc/setup.sh
+# Create profile for auto-execution
 makefile root:root 0644 "$tmp"/etc/.profile <<EOF
 /etc/setup.sh
 EOF
 
-# WAR: Create an OpenRC service to move the profile
+# Create profile mover service
 makefile root:root 0755 "$tmp"/etc/init.d/move-profile <<EOF
 #!/sbin/openrc-run
 
@@ -135,11 +141,11 @@ depend() {
 start() {
     ebegin "Moving /etc/.profile to /root/.profile"
     mv /etc/.profile /root/.profile 2>/dev/null
-    eend $?
+    eend \$?
 }
 EOF
 
-# Enable necessary services for networking
+# Enable necessary services
 rc_add devfs sysinit
 rc_add dmesg sysinit
 rc_add mdev sysinit
@@ -157,4 +163,6 @@ rc_add move-profile boot
 rc_add mount-ro shutdown
 rc_add killprocs shutdown
 rc_add savecache shutdown
-tar -c -C "$tmp" etc | gzip -9n > $HOSTNAME.apkovl.tar.gz
+
+# Create final archive
+tar -c -C "$tmp" etc | gzip -9n > $HOSTNAME.apkovl.tar.gz

custom/mkimg.pppwn.sh

@@ -1,33 +1,103 @@
 #!/bin/sh
 
+# Add this function to handle kernel module compression
+generate_modloop() {
+    local kernel_ver="$1"
+    local modloop="$2"
+
+    # Create a temporary directory for modules
+    mkdir -p /tmp/modloop
+
+    # Copy modules to the temporary directory
+    cp -a /lib/modules/${kernel_ver} /tmp/modloop/
+
+    # Compress modules using xz with maximum compression
+    cd /tmp/modloop
+    if ! tar -cJf "$modloop" lib/modules/${kernel_ver}; then
+        echo "Error: Failed to create modloop tarball"
+        ls -l /tmp/modloop
+        exit 1
+    fi
+
+    # Clean up
+    rm -rf /tmp/modloop
+}
+
 profile_pppwn() {
     profile_standard
     profile_abbrev="pppwn"
-    title="Extended"
-    desc="Contains only the minimal.
-        Designed to run the PPPwn jailbreak.
-        For the PlayStation 4"
-    kernel_cmdline="unionfs_size=512M console=tty0 console=ttyS0,115200"
-    boot_addons=""
+    kernel_cmdline="unionfs_size=128M console=tty0 console=ttyS0,115200 quiet loglevel=0 rd.systemd.show_status=auto nowatchdog rd.plymouth=0 plymouth.enable=0 mitigations=off nospectre_v2"
+    title="Nano"
+    desc="Hyper-minimal profile for PS4 PPPwn jailbreak
+          Absolute bare-metal footprint, optimized for single-purpose exploit"
     apks="alpine-base busybox openrc bash agetty"
+    boot_addons=""
+
     local _k _a
     for _k in $kernel_flavors; do
-        apks="$apks linux-$_k"
+        apks="$apks linux-$_k linux-firmware-none"
         for _a in $kernel_addons; do
-            apks="$apks $_a-$_k"
+            apks="$apks ${_a}-${_k}"
         done
     done
 
-    apks="$apks linux-firmware-none"
-
     case "$ARCH" in
     x86*|amd64)
-        boot_addons="amd-ucode intel-ucode"
-        initrd_ucode="/boot/amd-ucode.img /boot/intel-ucode.img"
+        boot_addons="intel-ucode amd-ucode"
+        initrd_ucode="/boot/intel-ucode.img /boot/amd-ucode.img"
         syslinux_serial="0 115200"
         apks="$apks syslinux"
+        kernel_cmdline="$kernel_cmdline idle=nomwait processor.max_cstate=1"
+        ;;
+    aarch64)
+        # Nothing (yet)
         ;;
     esac
 
     apkovl="aports/scripts/genapkovl-pppwn.sh"
-}
+    apks="$apks --no-cache"
+
+    post_build() {
+        rm -rf /usr/share/doc/* /usr/share/man/* /usr/share/info/*
+        find / -type f -name "*.a" -delete
+        find / -type f -name "*.la" -delete
+
+        local kernel_ver=$(ls /lib/modules | head -n1)
+        generate_modloop "$kernel_ver" "/boot/modloop-lts"
+    }
+}
+
+filter_packages() {
+    local keep_packages="
+        alpine-base
+        busybox
+        bash
+        linux-firmware-none
+        syslinux
+        openrc
+    "
+
+    for pkg in $(apk search | grep -E '^(alpine-base|busybox|bash|linux-|syslinux|openrc)'); do
+        if echo "$keep_packages" | grep -qw "${pkg%%=*}"; then
+            echo "$pkg"
+        fi
+    done
+}
+
+generate_minimal_initramfs() {
+    local kernel_version="$1"
+    mkdir -p /tmp/initramfs/{bin,dev,etc,lib,proc,sys}
+    cp /bin/busybox /tmp/initramfs/bin/
+    mknod -m 666 /tmp/initramfs/dev/null c 1 3
+    mknod -m 666 /tmp/initramfs/dev/zero c 1 5
+
+    cat > /tmp/initramfs/init << 'EOF'
+#!/bin/busybox sh
+mount -t proc none /proc
+mount -t sysfs none /sys
+exec /bin/sh
+EOF
+    chmod +x /tmp/initramfs/init
+    cd /tmp/initramfs
+    find . | cpio -H newc -o | gzip > "/boot/initramfs-${kernel_version}"
+}