[HN Gopher] Playstation confirms chain of 5 vulnerabilities on P... ___________________________________________________________________ Playstation confirms chain of 5 vulnerabilities on PS4/PS5 Author : guiambros Score : 204 points Date : 2022-06-19 13:56 UTC (9 hours ago) (HTM) web link (hackerone.com) (TXT) w3m dump (hackerone.com) | tgsovlerkhgsel wrote: | The disclosure timeline is interesting: | | - theflow0 submitted a report to PlayStation. Oct 25th (8 months | ago) | | - PlayStation rewarded theflow0 with a $20,000 bounty. Nov 12th | (7 months ago) | | - shoshin_cup PlayStation staff closed the report and changed the | status to Resolved. Apr 4th (3 months ago) | | - theflow0 requested to disclose this report. Apr 4th (3 months | ago) | | - sazerac HackerOne staff agreed to disclose this report. Jun | 10th (9 days ago) | | I generally refuse to participate in Bug bounty programs through | intermediaries like HackerOne, because they severely restrict and | delay your ability to disclose. After having been denied a bug | bounty for reporting a vulnerability directly, and often spent | frustrating amounts of time just trying to get a response even | from major companies, I've basically given up completely on bug | bounty programs, and will likely go for full disclosure in the | future (with a note to the corresponding security team for | awareness). | | For smaller issues, the bounties often don't even fairly | compensate the (usually significant) effort spent communicating | with the security team if you value your time at a competitive | hourly rate, and payment is hit or miss. Not worth giving up your | right to talk about the issues in exchange. | robocat wrote: | From a $ perspective, most bug bounty programs look rather | uneconomic to me, which I presume is by design. | | Bounty programs require a hacker to reveal their secret. That | cripples a hacker's negotiation strength, and the hacker cedes | nearly all control (as you point out). | | Are there any organisations which can authenticate a | vulnerability, without the hacker revealing the vulnerability | itself? | | Vulnerability authentication seems like a hard problem: | | * powerful adversaries will wish to "steal" the vulnerability | for themselves, | | * the hacker will want to remain anonymous, | | * the hacker needs to believe they will be safe and their | vulnerability will not be stolen, | | * legal, social, and financial incentives would be difficult to | align for such an organisation to even exist. In a "safe | jurisdiction" three-letter-agency and legal issues would | probably be prohibitive (can't aid extortion etcetera), and in | other looser jurisdictions there would be powerful dark threats | (far dominating over any legal issues). | | * in most markets authentication is handled by organisations | doing repeat transactions so that their incentive is to be | trustworthy. However in this market government or blackhat | organisations will want to create fronts or suborn | organisations. | | I guess on the dark markets there are authentication options | for black hats. Any links to discussions about that? | | Can vulnerability authentication be solved for white hats? | roastedpeacock wrote: | Not saying public bug-bounty programs such as this are perfect. | Those around a certain date in the past remember strongly when | the situation with public research was more precarious and Sony | attempting lawsuits, prosecutions and other utterly horrible | attempts at 'damage-control' with the PS3. In that light and | with the researcher being able to disclose his research after | public security-patch it does appear more amicable. | markx2 wrote: | The author of this post has some excellent history. They used an | exploit chain on the PS Vita. | | https://theofficialflow.github.io/2018/09/11/h-encore.html | | https://github.com/TheOfficialFloW/h-encore | aasasd wrote: | The guy also developed quite a bunch of useful low-level | software--he and Rinnegatamante basically carry the | homebrew/jailbreak community for Vita, at least lately. | | Meanwhile, his twitter says 'Security Engineer @ Google'. | | Bit weird that he didn't turn this into a jailbreak for PS5, | though. But perhaps I'm missing something about PS5's firmware | update scheme. | propter_hoc wrote: | 100%, TheFloW is a legend in the Vita community. Every time | Sony released a new firmware fixing one of his exploits, he | released another one, until Sony stopped updating the Vita. | bozhark wrote: | Why hasn't Sony offered to hire them? | | edit: or contract | bluedays wrote: | I need to stop updating my ps4 | incognitoes wrote: | [deleted] | highwaylights wrote: | Is this patched? Or is this essentially a 0-day now? | capableweb wrote: | Resolved April 4th 2022 (3 months ago). Probably patch went | live on the systems some days/weeks/month after that. | crtasm wrote: | For PS4, 9.50 released on 23rd March: | https://www.dualshockers.com/ps4-system-software- | update-9-50... | incognitoes wrote: | nodja wrote: | I don't think that $20k is too little. | | There's 2 types of people that will find these kinds of exploits. | Black hat hackers that do it for the money, and white hat hackers | that do it for themselves/openness. | | The black hat hacker would have to be paid handsomely so that he | could disclose his exploit. For these types of exploits I assume | they would do something like sell you a PS5 with dozens of games | included for $700, and tell you that you can load many more. That | means that he only needs to sell 101 hacked PS5s to make more | than the reward money, and he'll probably sell thousands of them | before a copycat copies him stealing his profits or Sony patches | the bug, which won't stop him completely since he'll probably | have a big stock of unpatched PS5s. | | The white hat hacker does it for fun or curiosity, a white hat | hacker is usually an advocate for open source and probably trying | to run linux on the thing is the main motivation for him to keep | going. After they find something they'll release it to the | public, usually with piracy enabling things off by default, but | since it's all open source the pirates will find a way to use it | anyway. | | Sony is doing the smart thing and targeting the white hacker, | they're the most likely to find these exploits anyway. If they | made the reward money high enough that it would disincentivize | the black hat hacker from commercializing his findings, it would | instead be an incentive for people to find exploits. Lets say | they pay $200k per exploit, they would no longer be paying these | types of bounties once a year, but every month. I'd argue that | paying millions a year to protect their system is valuable, but | the fact is that they can get away with much less, hence $20k is | just about the perfect amount of money for a bounty like this. | | tl;dr: If they paid more they'd basically be creating and funding | a market of exploit finders for little gain. | [deleted] | Szpadel wrote: | 5 vulnerabilities, this is the issue that I'm often see, nobody | wants to fix issue that isn't exploitable, so reporting all those | alone won't get them fixed for maybe even years, and then someone | figure out how to connect them and we get chains like this | mmastrac wrote: | Am I reading it right that this was a 20k bounty only? | [deleted] | thirtyfivecent wrote: | alar44 wrote: | meibo wrote: | $20k seems a bit low for a chain of 5 exploits that defeat the | entire security model on their flagship product, but what do I | know. | | Interesting to see that one of the most impactful exploits is in | an open source library. | Cyph0n wrote: | I'm not a security researcher, but this seems _extremely_ low. | highwaylights wrote: | It certainly seems like a strong disincentive to report the | next one, yes. | eli wrote: | And do what with it instead? | highwaylights wrote: | I'm quite certain there are groups in the world who would | have paid far north of $20k for the ability to copy | PS4/PS5 discs that don't need a modification or jailbreak | to play. | | I'm not saying that's what should have happened, but $20k | for something this severe is practically asking for that | to happen. | solveit wrote: | Just... not find it. It takes concentrated intentional | effort to find these. | rvz wrote: | It is very low for the target and also for that effort. I've | seen a small amount of effort bounties that reel in $100K+. | | If that was a chain of 5 vulnerabilities for say the iPhone | or Android, that would be worth over $1 million. | whoknew1122 wrote: | Because a similar iPhone or Android vulnerability would be | useful to state actors, APTs, and everything in between. | It'd be easy to weaponize and market. Hell, you could start | a career in the ethically dubious world of selling 0 days | to to governments. | | But what we got here is a way to pirate video games. | | Weaponizing this vulnerability means someone can play | bootleg video games. And to profit from bootlegging video | games, you'd have to create manufacturing and distribution | channels. Then you'd have to find people who want to buy | games. That's a lot of work, and when you inevitably get | caught you'll like face stiff fines (if not prison). | | Is this vulnerability worth more than $20k to Sony? Yes. Is | it worth more than $20k to the person who found the | vulnerability? Only if they can monetize it, which would | require breaking various and sundry laws. | Cyph0n wrote: | > Only if they can monetize it, which would require | breaking various and sundry laws. | | I mean, doesn't the same restriction apply to mobile | exploits? You'd be breaking some kind of law by selling | the exploit off, no? | | In my opinion, game piracy for latest gen consoles would | be very easily monetizable. The challenge is figuring out | how to make money without revealing your identity and/or | basing your operations out of a more piracy-tolerant | jurisdiction. Or you could sell the exploit off to | someone who is willing to deal with all of this. | pvg wrote: | Distributing pirated games for hacked consoles without | getting caught is not easy, as you point out yourself. | This also goes for whoever you're trying to sell the | exploit to it. I can't see any combination of these facts | that add up to 'very easily monetizable'. | Cyph0n wrote: | "Very easily monetizable" is referring to the fact that | you will easily find people who would pay to play the | latest titles (in the past: modchips, emulators, etc.). | | This is especially true with PS5 thanks to the ongoing | console shortage. | dontbenebby wrote: | > $20k seems a bit low for a chain of 5 exploits that defeat | the entire security model on their flagship product, but what | do I know. | | Especially when so many people work on sensitive work in their | homes due to COVID, huge chunks of the federal government are | having conversations next to hot mics as they do Tinder and the | like on their "personal" devices. | capableweb wrote: | Especially because of the last part: | | > With these vulnerabilities, it is possible to ship pirated | games on bluray discs. That is possible even without a kernel | exploit as we have JIT capabilities. | | So this person basically saved them from loosing tons of money | (if you accept these companies claim that pirating games | actually make them lose money in the first place) and they only | awarded them $20K. | | Good way to ensure others who find similar exploits to sell | them to highest bidder on darkmarkets instead as they'll be | able to get way more than that. | Mo3 wrote: | Believe it or not, some people are not in it for the money. | tester756 wrote: | 20K + prestige, he's gonna have strong cards at his next | $nicely_paying_company interview | | >Good way to ensure others who find similar exploits to sell | them to highest bidder on darkmarkets instead as they'll be | able to get way more than that. | | Sure, sell it for how much? twice? thrice? as much | | instead using it for your own branding, cv, to negotiate | salary which will pay you way more over years | ShroudedNight wrote: | I would expect its worth 10x to 100x 20k to the right group | of black-hats. | tester756 wrote: | What makes you think so? | [deleted] | 0xcde4c3db wrote: | I believe it's come out since the initial statement that the | "pirated games [...] without a kernel exploit" thing was | hypothetical, requiring someone to write a specialized | AMD64-to-AMD64 JIT compiler that transforms game programs | from using their native memory layouts to using that of the | exploited process. | buildbot wrote: | Man that just sounds cool though. Basically a a software | MMU in some ways. | 0xcde4c3db wrote: | It's more-or-less how QEMU system emulation works when | hardware virtualization isn't available (it's even called | "softmmu"). My understanding is that something similar | would need to be written/adapted with knowledge of PS5 | processes' memory layouts embedded into it. | cosmodisk wrote: | I had some considerations of getting into white hat hacking. | I'd have enough motivation to become somewhat proficient in a | few years,maybe even very good in a decade. But then I look | at the rewards for vulnerability discovery and I think what | the hell??? If I'd spend years honing my skills and someone | would offer me a few grand for something that could | potentially cost them millions,I don't think I'd manage not | to sell it for the highest bidder. This is like a gig economy | but for infosec. | wombat-man wrote: | Yeah, it would be super tempting. But law or lawyers might | find you if you're not careful | foepys wrote: | > for something that could potentially cost them millions | | You can be very sure that if a piracy case went to court, | Sony would claim to suffer billions in damages. | HideousKojima wrote: | Not sure on that, the Nintendo v Team Xecuter case ended | up with $10 million in damages for selling Switch piracy | mods/tools | | https://torrentfreak.com/gary-bowser-agrees-to- | pay-10-millio... | smoldesu wrote: | I despise Team Xecuter for a number of reasons, but these | two exploits aren't necessarily comparable. The | Playstation vuln in question would allow people to create | pirated Blu-Ray disks that work as-expected on vanilla | PS5 models. TX created a custom firmware that required | hardmodding your Switch to persist. Nintendo couldn't | really wring out TX without proving that their damages | went beyond just the owners of hacked Switch consoles, | which it certainly didn't. In Sony's case, they could | probably sue pretty hard if people started selling | pirated or counterfeit PS5 games, since _every PS5 owner_ | is effected. | | IANAL, but I think you have to keep the scope of the | damages in consideration. | flak48 wrote: | In an alternate universe, perhaps the fact that Sony | valued this exploit at just 20k would work against them | in a piracy case | sjtgraham wrote: | I expect to get downvoted to oblivion for this but | whatever. Your comment completely lacks morals. Selling | something to the highest bidder implies you have no | hesitation about selling exploits to criminals. | | You don't have to do research on any given platform. If you | don't like the terms of their bounty, find something else | to play with. If you are skilled enough to find something | like this you will have no problem finding very highly paid | jobs. | boopmaster wrote: | In this case, "Crime Pays Much Better" is a valid | criticism, relative to the award. It really shouldn't be | the case here. This is very much a "worst case scenario" | for Sony if publicly released. The award amount IMHO is | excessively paltry for the level of effort and the | relative impact that this could have caused their | business if not reported in an ethical way. An award | amount this low, is as other points out and the poster, | approaches levels of "deterrent to doing the right | thing." | Rotdhizon wrote: | This has always been a heated debate. IMO, the whole | concept of "ethical hacking" doesn't exist. The whole | concept of morals and ethics is nothing but smoke. It's | something someone made up one day to get people to not do | bad things and in the modern day companies use it to give | out terrible bounty rewards. | | If I find a high tier vuln and the company isn't giving | reasonable bounties, it's going straight onto Zerodium or | similar platforms and I won't lose a second of sleep over | it. | highwaylights wrote: | But the poster is explicitly saying that's why they have | _not_ done this? | polartx wrote: | >Your comment completely lacks morals | | Try not to regard things in such an all-or-nothing | perspective. At worst it indicates a psychological | disorder, at best--a high conflict personality. Either | way, it wont benefit you or the people that interact with | you. | | I also disagree that it 'completely' lacks morals. If OP | is being truthful, then he has a desire to work hard and | put in the time necessary to fulfill a virtuous (albeit | under-compensated) calling. | | However, OP is also cognizant of a hypothetical (albeit | realistic) temptation that will most likely confront him, | should he carry out these pursuits: ethical conflicts | which would force him to choose between large financial | gains (selling exploits to bad actors), or the less | lucrative (and often thankless) white hat approach of | reporting it in good faith, and expecting (but not | necessarily receiving) equal measures of good faith from | corporations (like Sony in this case). | | Having an awareness of one's own weaknesses or | susceptibilities to temptation isn't a weakness to be | admonished from atop a digital soap box. Instead, | recognize and reinforce OPs desire to do good--it costs | little more energy to encourage the good in people, | rather than shaming them for not having an unshakable | moral fortitude. Have a Happy Father's Day. | sjtgraham wrote: | I made no assessment of OP's morality, just the comment | itself. Please refrain from making clinical diagnoses in | HN comment threads. | cosmodisk wrote: | Why? He's right to the dot. | sjtgraham wrote: | Let's assume this is a good faith question: | | 1. OP isn't qualified to do so, neither are you for that | matter. | | 2. It stigmatizes mental illness. | | 3. It doesn't refute my point. It's not germane to the | point of being mean-spirited, contrary to HN guidelines. | polartx wrote: | Hey, I'm sorry and I'd genuinely feel bad if my comment | seemed like I was targeting you; I will re-read and look | for ways to communicate better. I wasn't being mean- | spirited, truly. | | I was just trying to convey my feelings about how we all | could do better to try and move the cursor of focus on | the the good intentions of peoples' struggles; People and | things are so rarely black and white. | | Your first comment sounds like you are a person of high | personal ethical standards. Since I don't know you beyond | this thread, I choose to believe that, (after all, why | not?). Perhaps you hold others to the similar standards, | standards that you've earned, and ideally others will | earn too. The world would be a better place if we all | held high, un-temptable, ethical standards. But holding | everyone to that expectation just isn't _realistic_ , but | that doesn't mean, we can't, in good faith, try and | encourage others to have that goal. | | I'm just trying to leave the door open to the idea that | those that have not made it there yet, will often respond | better to encouragement instead of admonishment. I | realize that this comment and my previous one will be | construed by many as admonishment--I don't mean it to be. | I admire you for your character and simultaneously relate | to the OPs self awareness. With each other's help, we can | all be better. | dgfitz wrote: | This is an excellent microcosm of everything that is | wrong with the internet. I 100% agree with the entirety | of your post. Had you not taken the time and effort to | make a well-thought-out comment like this, the narrative | would have been shaped from your parents post, possibly | influencing tens of thousands of people. | lttlrck wrote: | beckman466 wrote: | welcome to techno-feudalism. | tetris11 wrote: | If it was an ethical open source initiative that | ultimately benefits the world the one that was being | targeted, then yes I'd agree. But if it's a company | deeply entrenched in dark patterns, willingly destroys | small competition with anticompetitive practices, and | trample on basic user rights for triple dollar signs - | then, really, who cares? To what detriment to humanity | would there be if OP sold to the highest bidder? | tapoxi wrote: | What small competition have they destroyed? There's also | plenty of competitors in the gaming space with them. | thirtyfivecent wrote: | Sony are seeding their online community with toxicity. If | you have a PSN account look at the available avatars you | can use. | | 1 in 5 have different variations of devils horns on the | characters heads. 3 in 5 look like they've been cropped | from communist murals around my city. Almost all of the | characters look angry and criminal. | | Browse these avatars and in your mind compare them to | Nintendos. The vast majority of users are interacting | with each other and seeing these creepy avatars as | they're friends virtual faces. What effect is this having | on young kids? | sjtgraham wrote: | honkler wrote: | bbarnett wrote: | The parent was merely stating the payout is wrong, vs | other avenues. | | An example, if you find a bag of cash, typical finders | fee is 10%. Insurance companies, others, often offer | this. | | Meanwhile, Sony is kicking maybe .01% "cash saved" for | this vulnerability. | LadyCailin wrote: | Or perhaps Sony only considers piracy to cause about 200k | of damages in actual fact. | lupire wrote: | 200k in damages after recovering funds from lawsuits. | kvirani wrote: | Let's not let our morals get in the way of doing what's | right. | woodruffw wrote: | I won't downvote this, even though I disagree with many | of the particulars. | | One of note: the "criminals" in this context are, at | best, homebrew developers and users who'd like to unlock | the full potential of the hardware they bought. At worst, | they're "pirates" (the industry term, not mine) and game | cheats. Nobody likes a cheater in a video game, but I | don't know if I'd go as far as to make ethical | prescriptions about it. | | Sony feels comfortable paying a pittance for these | vulnerabilities because the market for them is relatively | soft. But that doesn't mean that the underlying asset | actually lacks value; it means that Sony has | _successfully criminalized_ applications of the asset, | artificially lowering their salability. | woodruffw wrote: | Replying, to avoid edit confusion: you're the CEO of a | financial services company that seems to employ reverse | engineering to figure out private banking APIs. In the | (not-very-distant) past, that was potentially criminal | under both DMCA and ECPA. | | Your position affords you a _unique_ opportunity to have | some perspective here. | sjtgraham wrote: | Thanks for noticing. I do have a unique perspective | indeed, and that is exactly the activity we engage in. It | was never criminal. Reverse engineering for | interoperability has always been permitted by law. | woodruffw wrote: | > Reverse engineering for interoperability has always | been permitted by law. | | It's not that straightforward (even if I wish it was). | | First, it requires a judge and jury who understand | "interoperability" to include "connecting to a server you | don't own and sending it payloads that it isn't | expecting." | | Second, it requires a lenient interpretation of EULAs | under the DMCA: the DMCA promotes otherwise legal reverse | engineering activities into illegal activities by | allowing companies to establish "acceptable use," which | can include prohibiting reverse engineering activities | that circumvent restrictions on copyrighted or other | controlled material. A bank may plausibly (in the eyes of | attorneys) claim that third-party uses of its APIs | compromise the bank's ability to comply with federal | regulations, since no law requires that compliance and | operation be integral operations. | bfdm wrote: | What? That is just clearly untrue, even though I agree it | ought to be the law. DMCA 1201 made _no_ exemptions to | circumvention of technical protection measures (for | research, interoperability, fair use etc). Assuming any | kind of security measure was employed here the | interpretations of violating that have been quite broad. | | ianal etc. | sjtgraham wrote: | Reverse engineering does not necessarily imply | circumvention of technical countermeasures, e.g. removal | of DRM. | | Reverse engineering would also be a copyright | infringement issue, which does have a carve out for | reverse engineering. | emsixteen wrote: | > downvoted to oblivion | | Wrong website. | j-krieger wrote: | You don't need ,,morals" when the topic is about billion | dollar companies who lowball you and nobody gets hurt if | you do sell the exploit on the black market | yieldcrv wrote: | The market is telling people what the price of a bug is, | as the legal monetization paths get more and more | numerous, alongside the illegal ones. | | Its literally _only_ the corporation beneficiaries of | having their own product fixed that are paying the wrong | amount. Inching up the payout amounts ever so slowly. | | Anything that makes those corporations pay out better is | also a moral outcome, and doing things that supports this | status quo lacks ethics as well. | | (We actually agree that selling to _some_ bidders, and | _some_ actions, lack ethics) | justapassenger wrote: | This isn't about selling guns to killers. Or bugs that | allow you to spy on political opponents. | | It's selling bugs in customer hardware that can used to | reduce control of the manufacturer of it and allow users | to run pirated stuff (and homebrew likely as a result). | It's totally in the best interest of the manufacturer to | always be the highest bidder. | | I don't have any moral issues with people selling those | issues on the black market, if manufacturer isn't | interested in rewarding researcher properly. | cosmodisk wrote: | You are right, my initial comment excluded morals | altogether. I did it to emphasize the low value | attribution to the vulnerability discovery. If I were to | actually face such dilemma, it would include much more | complex thought process, including morals. | | I understand that nobody has to do the research of any | sort but my point is that these skills and effort | involved are being commoditised very quickly and become | comparable to gig economy. Bounty programmes are very | very cheap to large corps, compared to the returns | involved. Building a substantial infosec division that | could match the crowdsourced model is way more expensive. | sjtgraham wrote: | A very thoughtful reply. Thank you. For the avoidance of | doubt, you clearly do not lack morals yourself :) | car_analogy wrote: | Sony TVs spy on what their viewers are watching, and | Playstations specifically are designed to prevent their | "owners" from using their property as they wish. And | let's not forget the rootkit Sony installed on buyers of | their music CDs, for which no Sony employee or executive | went to jail. | | That Sony is not the criminal here is a reflection of our | inadequate laws, not morals, and selling vulnerabilities | to them is just as bad. | notjoemama wrote: | I see it as a broken social contract, and this behavior | has kept me out of white hat too. While selling to the | highest bidder isn't what we collectively want to happen, | neither should we want large companies to fail rewarding | individuals for improving their systems, particularly | security. I don't want a landscape of pirated software, | but I can't apply moral judgement to someone who chooses | to sell the information elsewhere because the owner won't | offer in-kind value. It seems to me the first immoral | action is actually being made by the company. I wonder if | a proper way of addressing this is for individuals to | negotiate higher awards through a non-profit specializing | in legal and monetary law. | | But what hasn't worked and will continue to not work is | using social moral condemnation. I think we all find "you | wouldn't download a car" funny, right? Worse for this | situation is the context of the growing economic divide | worldwide in 2022. Under that lens I wouldn't be | surprised to see this happening more. The more | oligarchies show individuals that they don't care, why | should individuals show they care about the oligarchies? | HideousKojima wrote: | >Your comment completely lacks morals | | Nah, copyright is immoral, bypassing it is the morally | right thing to do. | duxup wrote: | Most white hat security researchers seem driven as much by | curiosity and just a general passion as rewards. | | When I worked with someone who was a point of contact for | outside security researchers it seemed for many were just | happy to get their name in the release notes. | | And I'm not sure if you're selling that you're a white hat | researcher anymore... | YetAnotherNick wrote: | > Good way to ensure others who find similar exploits to sell | them to highest bidder on darkmarkets instead as they'll be | able to get way more than that. | | This is illegal AFAIK. | ChoGGi wrote: | I wonder if you could use this if Sony sues you for copyright | infringement damages? | rvz wrote: | > Interesting to see that one of the most impactful exploits is | in an open source library. | | WebKit is infested with vulnerabilities and it is a hackers | paradise for exploitation. Probably the most exploited and | targeted software component out there. | keewee7 wrote: | Maybe paying more than $20k through the HackerOne platform | became a tax or regulation problem so they bank wired the rest. | woodruffw wrote: | This is pretty unlikely. If it's a regulation problem via | HackerOne it's probably also a regulation problem via a | direct wire. | pvg wrote: | _$20k seems a bit low_ | | What's the market for this exploit, though? Who is going to pay | never mind $20k but more or less anything for it? | kevingadd wrote: | Wide-scale game piracy can be very profitable in markets that | aren't well-served by the console operator. You're not gonna | make money selling pirate blurays in the US since you'll go | straight to prison, but I can imagine PS4 owners in second or | third-world countries buying a stack of pirated blurays for | 20% the cost of retail and local law enforcement not being | terribly interested in doing something about it. | pvg wrote: | _Wide-scale game piracy can be very profitable_ | | Possibly but who is going to pay you $20k to realize these | theoretical profits? They essentially mean un-networking | your console, never updating it, only using physical media, | likely losing your PSN account. There's a huge leap from | step 1. 'an exploit exists', step N 'lots of hacked | consoles and people buying pirated discs for them' and | whatever step 'PROFIT' appears in. A latent market for free | or cheap stuff is not the same thing as a market for this | exploit. | superjan wrote: | The title suggests more but if you read the entire post, | Vulnerability 2 and 4 are specific to PS4. Not exactly the | flagship product anymore. | [deleted] | sergiotapia wrote: | $20k for pirated ps4/ps5 games? Seems ridiculously low. | | When I lived in Bolivia I remember buying PS2 games in the market | for 10 Bs. ($2). I imagine few people in Bolivia can buy these | games. Same for other third world countries. | | I imagine the exploit author reported it for the clout and a | "good get" right? It's quite the feather in your cap. | yoda97 wrote: | I'm from a 3rd world country and can confirm, everyone is | keeping their ps4 in v9.00, A shop near me is selling dozens of | ps4 with +10 pre installed games, each for 280-300$. | lucb1e wrote: | It's also not like house owners reward people that tell them | about an open front door with the total value of their house's | contents. In Dutch we say "10% finder's wages" (10% | vindersloon) when someone returns an item they found, say a | smartphone. Sometimes you get nothing, sometimes you get 20%, | but nobody expects to get 100% (or even half) of the true value | of the item you are dutifully returning. | | That there is a huge market in less-wealthy countries for | pirated games is a well-known fact. What strikes me as a leap | is that there is some mastermind behind it all that has enough | savings (or other liquidity) to buy these exploits for whatever | you would consider the true value (if $20k is "ridiculously" | low), and then needs to earn all that money back by selling | game copies (presumably there is some hardware cost to burn | discs) to a population that is large but, indeed, poor. | ShroudedNight wrote: | If they already have the networks in place to sell stuff like | pirated movies, I don't see why they would balk at paying for | an exploit to sell pirated games. I could also see them using | an advance + royalty model to share the risk with the exploit | writer. | pvg wrote: | The movies play on unmodified players. This would be like | making it so the only thing your tv can play is stuff you | torrented. | akira2501 wrote: | No one is returning something to PlayStation, though. This is | independent intellectual property. Property, that if exposed, | runs the risk of destroying their entire ecosystem. | | And this possibly cuts well beyond simple piracy. PlayStation | enjoys exclusive control over who does and does not get to | publish on their platform. A mechanism that earns them | millions in licensing deals, to the extent that they can | happily lose money on the sale of the hardware itself. The | destruction of that mechanism seems akin to destruction of | their entire platform. | | This isn't a "we found your front door unlocked" situation. | This is a "we found a bomb attached to your spine, and we | know exactly how to dismantle it." | jamal-kumar wrote: | I know a guy who just goes hunting in latin america for old | copies of games which have become rare and he makes decent side | cash doing this | bozhark wrote: | This is the kind of person that would be hella fun to make a | mockumentary about. | | Like, make all the scenes in the US sepia filtered, then make | the Latin country's clear filtered kind of jokes. | the8472 wrote: | The question is how competitive is the market? Would he get | more money by auctioning it off? For something like smartphones | there are plenty of governments that would buy. But for a game | console? It's mostly commercial pirates and I guess those don't | have as much money sloshing around. | | Maybe one could make it an adversarial kickstarter kind of | thing. The public pools against sony, full disclosure vs. time- | delayed disclosure. | tlbsofware wrote: | Although 20k seems quite low, I think it is reasonable given the | rise of game subscriptions. | | Who would want to jailbreak and leave their ps5 offline to get 5$ | games that won't work once the station is updated. Where on the | flip side you could pay 5-15$ Monthly (not sure of PlayStation | Nows cost but that amount is for Xbox game pass) to have hundreds | of games at your disposal and never have to physically acquire a | new disk via black market to play a new game? | SV_BubbleTime wrote: | Is there a reason this wouldn't in theory allow a full | jailbreak and play of the $79 games? | | PlayStations' main unique feature are the narrative based | single player exclusives. So, if you were going to get a PS5 | and Xbox, it seems Xbox for multi and hacked PS5 for single | seems like an excellent combo - you know - if you were the type | of person that could justify that sort of thing. | 14 wrote: | Back in the day I faced the same consideration with Xbox 360. | I went with the reset glitch hack and was able to have | hundreds and hundreds of games all play from an HDD. | Eventually the hackers got servers running and you could also | play online with others. A fully jail broken ps5 would | definitely be appealing. | e4m2 wrote: | Author's presentation on the topic: | https://github.com/TheOfficialFloW/Presentations/blob/master... | (video not yet available) | | Public reimplementation: https://github.com/sleirsgoevy/bd-jb | (not a "full" jailbreak yet, the kernel part is missing) | | To clarify, this exploit only works up to firmware 9.04 on the | PS4 and up to 4.51 on the PS5. | muterad_murilax wrote: | Sony, not Playstation. | bsagdiyev wrote: | SIE is technically a different part of Sony and is analogous | with PlayStation at this point. | mshockwave wrote: | SIE is a subsidiary of Sony but they're quite different. Even | inside SIE the division that makes PlayStation is quite unique | compared to other (first-party) game studios. ___________________________________________________________________ (page generated 2022-06-19 23:00 UTC)