[HN Gopher] Playstation confirms chain of 5 vulnerabilities on P...
___________________________________________________________________
Playstation confirms chain of 5 vulnerabilities on PS4/PS5
Author : guiambros
Score : 204 points
Date : 2022-06-19 13:56 UTC (9 hours ago)
(HTM) web link (hackerone.com)
(TXT) w3m dump (hackerone.com)
| tgsovlerkhgsel wrote:
| The disclosure timeline is interesting:
|
| - theflow0 submitted a report to PlayStation. Oct 25th (8 months
| ago)
|
| - PlayStation rewarded theflow0 with a $20,000 bounty. Nov 12th
| (7 months ago)
|
| - shoshin_cup PlayStation staff closed the report and changed the
| status to Resolved. Apr 4th (3 months ago)
|
| - theflow0 requested to disclose this report. Apr 4th (3 months
| ago)
|
| - sazerac HackerOne staff agreed to disclose this report. Jun
| 10th (9 days ago)
|
| I generally refuse to participate in Bug bounty programs through
| intermediaries like HackerOne, because they severely restrict and
| delay your ability to disclose. After having been denied a bug
| bounty for reporting a vulnerability directly, and often spent
| frustrating amounts of time just trying to get a response even
| from major companies, I've basically given up completely on bug
| bounty programs, and will likely go for full disclosure in the
| future (with a note to the corresponding security team for
| awareness).
|
| For smaller issues, the bounties often don't even fairly
| compensate the (usually significant) effort spent communicating
| with the security team if you value your time at a competitive
| hourly rate, and payment is hit or miss. Not worth giving up your
| right to talk about the issues in exchange.
| robocat wrote:
| From a $ perspective, most bug bounty programs look rather
| uneconomic to me, which I presume is by design.
|
| Bounty programs require a hacker to reveal their secret. That
| cripples a hacker's negotiation strength, and the hacker cedes
| nearly all control (as you point out).
|
| Are there any organisations which can authenticate a
| vulnerability, without the hacker revealing the vulnerability
| itself?
|
| Vulnerability authentication seems like a hard problem:
|
| * powerful adversaries will wish to "steal" the vulnerability
| for themselves,
|
| * the hacker will want to remain anonymous,
|
| * the hacker needs to believe they will be safe and their
| vulnerability will not be stolen,
|
| * legal, social, and financial incentives would be difficult to
| align for such an organisation to even exist. In a "safe
| jurisdiction" three-letter-agency and legal issues would
| probably be prohibitive (can't aid extortion etcetera), and in
| other looser jurisdictions there would be powerful dark threats
| (far dominating over any legal issues).
|
| * in most markets authentication is handled by organisations
| doing repeat transactions so that their incentive is to be
| trustworthy. However in this market government or blackhat
| organisations will want to create fronts or suborn
| organisations.
|
| I guess on the dark markets there are authentication options
| for black hats. Any links to discussions about that?
|
| Can vulnerability authentication be solved for white hats?
| roastedpeacock wrote:
| Not saying public bug-bounty programs such as this are perfect.
| Those around a certain date in the past remember strongly when
| the situation with public research was more precarious and Sony
| attempting lawsuits, prosecutions and other utterly horrible
| attempts at 'damage-control' with the PS3. In that light and
| with the researcher being able to disclose his research after
| public security-patch it does appear more amicable.
| markx2 wrote:
| The author of this post has some excellent history. They used an
| exploit chain on the PS Vita.
|
| https://theofficialflow.github.io/2018/09/11/h-encore.html
|
| https://github.com/TheOfficialFloW/h-encore
| aasasd wrote:
| The guy also developed quite a bunch of useful low-level
| software--he and Rinnegatamante basically carry the
| homebrew/jailbreak community for Vita, at least lately.
|
| Meanwhile, his twitter says 'Security Engineer @ Google'.
|
| Bit weird that he didn't turn this into a jailbreak for PS5,
| though. But perhaps I'm missing something about PS5's firmware
| update scheme.
| propter_hoc wrote:
| 100%, TheFloW is a legend in the Vita community. Every time
| Sony released a new firmware fixing one of his exploits, he
| released another one, until Sony stopped updating the Vita.
| bozhark wrote:
| Why hasn't Sony offered to hire them?
|
| edit: or contract
| bluedays wrote:
| I need to stop updating my ps4
| incognitoes wrote:
| [deleted]
| highwaylights wrote:
| Is this patched? Or is this essentially a 0-day now?
| capableweb wrote:
| Resolved April 4th 2022 (3 months ago). Probably patch went
| live on the systems some days/weeks/month after that.
| crtasm wrote:
| For PS4, 9.50 released on 23rd March:
| https://www.dualshockers.com/ps4-system-software-
| update-9-50...
| incognitoes wrote:
| nodja wrote:
| I don't think that $20k is too little.
|
| There's 2 types of people that will find these kinds of exploits.
| Black hat hackers that do it for the money, and white hat hackers
| that do it for themselves/openness.
|
| The black hat hacker would have to be paid handsomely so that he
| could disclose his exploit. For these types of exploits I assume
| they would do something like sell you a PS5 with dozens of games
| included for $700, and tell you that you can load many more. That
| means that he only needs to sell 101 hacked PS5s to make more
| than the reward money, and he'll probably sell thousands of them
| before a copycat copies him stealing his profits or Sony patches
| the bug, which won't stop him completely since he'll probably
| have a big stock of unpatched PS5s.
|
| The white hat hacker does it for fun or curiosity, a white hat
| hacker is usually an advocate for open source and probably trying
| to run linux on the thing is the main motivation for him to keep
| going. After they find something they'll release it to the
| public, usually with piracy enabling things off by default, but
| since it's all open source the pirates will find a way to use it
| anyway.
|
| Sony is doing the smart thing and targeting the white hacker,
| they're the most likely to find these exploits anyway. If they
| made the reward money high enough that it would disincentivize
| the black hat hacker from commercializing his findings, it would
| instead be an incentive for people to find exploits. Lets say
| they pay $200k per exploit, they would no longer be paying these
| types of bounties once a year, but every month. I'd argue that
| paying millions a year to protect their system is valuable, but
| the fact is that they can get away with much less, hence $20k is
| just about the perfect amount of money for a bounty like this.
|
| tl;dr: If they paid more they'd basically be creating and funding
| a market of exploit finders for little gain.
| [deleted]
| Szpadel wrote:
| 5 vulnerabilities, this is the issue that I'm often see, nobody
| wants to fix issue that isn't exploitable, so reporting all those
| alone won't get them fixed for maybe even years, and then someone
| figure out how to connect them and we get chains like this
| mmastrac wrote:
| Am I reading it right that this was a 20k bounty only?
| [deleted]
| thirtyfivecent wrote:
| alar44 wrote:
| meibo wrote:
| $20k seems a bit low for a chain of 5 exploits that defeat the
| entire security model on their flagship product, but what do I
| know.
|
| Interesting to see that one of the most impactful exploits is in
| an open source library.
| Cyph0n wrote:
| I'm not a security researcher, but this seems _extremely_ low.
| highwaylights wrote:
| It certainly seems like a strong disincentive to report the
| next one, yes.
| eli wrote:
| And do what with it instead?
| highwaylights wrote:
| I'm quite certain there are groups in the world who would
| have paid far north of $20k for the ability to copy
| PS4/PS5 discs that don't need a modification or jailbreak
| to play.
|
| I'm not saying that's what should have happened, but $20k
| for something this severe is practically asking for that
| to happen.
| solveit wrote:
| Just... not find it. It takes concentrated intentional
| effort to find these.
| rvz wrote:
| It is very low for the target and also for that effort. I've
| seen a small amount of effort bounties that reel in $100K+.
|
| If that was a chain of 5 vulnerabilities for say the iPhone
| or Android, that would be worth over $1 million.
| whoknew1122 wrote:
| Because a similar iPhone or Android vulnerability would be
| useful to state actors, APTs, and everything in between.
| It'd be easy to weaponize and market. Hell, you could start
| a career in the ethically dubious world of selling 0 days
| to to governments.
|
| But what we got here is a way to pirate video games.
|
| Weaponizing this vulnerability means someone can play
| bootleg video games. And to profit from bootlegging video
| games, you'd have to create manufacturing and distribution
| channels. Then you'd have to find people who want to buy
| games. That's a lot of work, and when you inevitably get
| caught you'll like face stiff fines (if not prison).
|
| Is this vulnerability worth more than $20k to Sony? Yes. Is
| it worth more than $20k to the person who found the
| vulnerability? Only if they can monetize it, which would
| require breaking various and sundry laws.
| Cyph0n wrote:
| > Only if they can monetize it, which would require
| breaking various and sundry laws.
|
| I mean, doesn't the same restriction apply to mobile
| exploits? You'd be breaking some kind of law by selling
| the exploit off, no?
|
| In my opinion, game piracy for latest gen consoles would
| be very easily monetizable. The challenge is figuring out
| how to make money without revealing your identity and/or
| basing your operations out of a more piracy-tolerant
| jurisdiction. Or you could sell the exploit off to
| someone who is willing to deal with all of this.
| pvg wrote:
| Distributing pirated games for hacked consoles without
| getting caught is not easy, as you point out yourself.
| This also goes for whoever you're trying to sell the
| exploit to it. I can't see any combination of these facts
| that add up to 'very easily monetizable'.
| Cyph0n wrote:
| "Very easily monetizable" is referring to the fact that
| you will easily find people who would pay to play the
| latest titles (in the past: modchips, emulators, etc.).
|
| This is especially true with PS5 thanks to the ongoing
| console shortage.
| dontbenebby wrote:
| > $20k seems a bit low for a chain of 5 exploits that defeat
| the entire security model on their flagship product, but what
| do I know.
|
| Especially when so many people work on sensitive work in their
| homes due to COVID, huge chunks of the federal government are
| having conversations next to hot mics as they do Tinder and the
| like on their "personal" devices.
| capableweb wrote:
| Especially because of the last part:
|
| > With these vulnerabilities, it is possible to ship pirated
| games on bluray discs. That is possible even without a kernel
| exploit as we have JIT capabilities.
|
| So this person basically saved them from loosing tons of money
| (if you accept these companies claim that pirating games
| actually make them lose money in the first place) and they only
| awarded them $20K.
|
| Good way to ensure others who find similar exploits to sell
| them to highest bidder on darkmarkets instead as they'll be
| able to get way more than that.
| Mo3 wrote:
| Believe it or not, some people are not in it for the money.
| tester756 wrote:
| 20K + prestige, he's gonna have strong cards at his next
| $nicely_paying_company interview
|
| >Good way to ensure others who find similar exploits to sell
| them to highest bidder on darkmarkets instead as they'll be
| able to get way more than that.
|
| Sure, sell it for how much? twice? thrice? as much
|
| instead using it for your own branding, cv, to negotiate
| salary which will pay you way more over years
| ShroudedNight wrote:
| I would expect its worth 10x to 100x 20k to the right group
| of black-hats.
| tester756 wrote:
| What makes you think so?
| [deleted]
| 0xcde4c3db wrote:
| I believe it's come out since the initial statement that the
| "pirated games [...] without a kernel exploit" thing was
| hypothetical, requiring someone to write a specialized
| AMD64-to-AMD64 JIT compiler that transforms game programs
| from using their native memory layouts to using that of the
| exploited process.
| buildbot wrote:
| Man that just sounds cool though. Basically a a software
| MMU in some ways.
| 0xcde4c3db wrote:
| It's more-or-less how QEMU system emulation works when
| hardware virtualization isn't available (it's even called
| "softmmu"). My understanding is that something similar
| would need to be written/adapted with knowledge of PS5
| processes' memory layouts embedded into it.
| cosmodisk wrote:
| I had some considerations of getting into white hat hacking.
| I'd have enough motivation to become somewhat proficient in a
| few years,maybe even very good in a decade. But then I look
| at the rewards for vulnerability discovery and I think what
| the hell??? If I'd spend years honing my skills and someone
| would offer me a few grand for something that could
| potentially cost them millions,I don't think I'd manage not
| to sell it for the highest bidder. This is like a gig economy
| but for infosec.
| wombat-man wrote:
| Yeah, it would be super tempting. But law or lawyers might
| find you if you're not careful
| foepys wrote:
| > for something that could potentially cost them millions
|
| You can be very sure that if a piracy case went to court,
| Sony would claim to suffer billions in damages.
| HideousKojima wrote:
| Not sure on that, the Nintendo v Team Xecuter case ended
| up with $10 million in damages for selling Switch piracy
| mods/tools
|
| https://torrentfreak.com/gary-bowser-agrees-to-
| pay-10-millio...
| smoldesu wrote:
| I despise Team Xecuter for a number of reasons, but these
| two exploits aren't necessarily comparable. The
| Playstation vuln in question would allow people to create
| pirated Blu-Ray disks that work as-expected on vanilla
| PS5 models. TX created a custom firmware that required
| hardmodding your Switch to persist. Nintendo couldn't
| really wring out TX without proving that their damages
| went beyond just the owners of hacked Switch consoles,
| which it certainly didn't. In Sony's case, they could
| probably sue pretty hard if people started selling
| pirated or counterfeit PS5 games, since _every PS5 owner_
| is effected.
|
| IANAL, but I think you have to keep the scope of the
| damages in consideration.
| flak48 wrote:
| In an alternate universe, perhaps the fact that Sony
| valued this exploit at just 20k would work against them
| in a piracy case
| sjtgraham wrote:
| I expect to get downvoted to oblivion for this but
| whatever. Your comment completely lacks morals. Selling
| something to the highest bidder implies you have no
| hesitation about selling exploits to criminals.
|
| You don't have to do research on any given platform. If you
| don't like the terms of their bounty, find something else
| to play with. If you are skilled enough to find something
| like this you will have no problem finding very highly paid
| jobs.
| boopmaster wrote:
| In this case, "Crime Pays Much Better" is a valid
| criticism, relative to the award. It really shouldn't be
| the case here. This is very much a "worst case scenario"
| for Sony if publicly released. The award amount IMHO is
| excessively paltry for the level of effort and the
| relative impact that this could have caused their
| business if not reported in an ethical way. An award
| amount this low, is as other points out and the poster,
| approaches levels of "deterrent to doing the right
| thing."
| Rotdhizon wrote:
| This has always been a heated debate. IMO, the whole
| concept of "ethical hacking" doesn't exist. The whole
| concept of morals and ethics is nothing but smoke. It's
| something someone made up one day to get people to not do
| bad things and in the modern day companies use it to give
| out terrible bounty rewards.
|
| If I find a high tier vuln and the company isn't giving
| reasonable bounties, it's going straight onto Zerodium or
| similar platforms and I won't lose a second of sleep over
| it.
| highwaylights wrote:
| But the poster is explicitly saying that's why they have
| _not_ done this?
| polartx wrote:
| >Your comment completely lacks morals
|
| Try not to regard things in such an all-or-nothing
| perspective. At worst it indicates a psychological
| disorder, at best--a high conflict personality. Either
| way, it wont benefit you or the people that interact with
| you.
|
| I also disagree that it 'completely' lacks morals. If OP
| is being truthful, then he has a desire to work hard and
| put in the time necessary to fulfill a virtuous (albeit
| under-compensated) calling.
|
| However, OP is also cognizant of a hypothetical (albeit
| realistic) temptation that will most likely confront him,
| should he carry out these pursuits: ethical conflicts
| which would force him to choose between large financial
| gains (selling exploits to bad actors), or the less
| lucrative (and often thankless) white hat approach of
| reporting it in good faith, and expecting (but not
| necessarily receiving) equal measures of good faith from
| corporations (like Sony in this case).
|
| Having an awareness of one's own weaknesses or
| susceptibilities to temptation isn't a weakness to be
| admonished from atop a digital soap box. Instead,
| recognize and reinforce OPs desire to do good--it costs
| little more energy to encourage the good in people,
| rather than shaming them for not having an unshakable
| moral fortitude. Have a Happy Father's Day.
| sjtgraham wrote:
| I made no assessment of OP's morality, just the comment
| itself. Please refrain from making clinical diagnoses in
| HN comment threads.
| cosmodisk wrote:
| Why? He's right to the dot.
| sjtgraham wrote:
| Let's assume this is a good faith question:
|
| 1. OP isn't qualified to do so, neither are you for that
| matter.
|
| 2. It stigmatizes mental illness.
|
| 3. It doesn't refute my point. It's not germane to the
| point of being mean-spirited, contrary to HN guidelines.
| polartx wrote:
| Hey, I'm sorry and I'd genuinely feel bad if my comment
| seemed like I was targeting you; I will re-read and look
| for ways to communicate better. I wasn't being mean-
| spirited, truly.
|
| I was just trying to convey my feelings about how we all
| could do better to try and move the cursor of focus on
| the the good intentions of peoples' struggles; People and
| things are so rarely black and white.
|
| Your first comment sounds like you are a person of high
| personal ethical standards. Since I don't know you beyond
| this thread, I choose to believe that, (after all, why
| not?). Perhaps you hold others to the similar standards,
| standards that you've earned, and ideally others will
| earn too. The world would be a better place if we all
| held high, un-temptable, ethical standards. But holding
| everyone to that expectation just isn't _realistic_ , but
| that doesn't mean, we can't, in good faith, try and
| encourage others to have that goal.
|
| I'm just trying to leave the door open to the idea that
| those that have not made it there yet, will often respond
| better to encouragement instead of admonishment. I
| realize that this comment and my previous one will be
| construed by many as admonishment--I don't mean it to be.
| I admire you for your character and simultaneously relate
| to the OPs self awareness. With each other's help, we can
| all be better.
| dgfitz wrote:
| This is an excellent microcosm of everything that is
| wrong with the internet. I 100% agree with the entirety
| of your post. Had you not taken the time and effort to
| make a well-thought-out comment like this, the narrative
| would have been shaped from your parents post, possibly
| influencing tens of thousands of people.
| lttlrck wrote:
| beckman466 wrote:
| welcome to techno-feudalism.
| tetris11 wrote:
| If it was an ethical open source initiative that
| ultimately benefits the world the one that was being
| targeted, then yes I'd agree. But if it's a company
| deeply entrenched in dark patterns, willingly destroys
| small competition with anticompetitive practices, and
| trample on basic user rights for triple dollar signs -
| then, really, who cares? To what detriment to humanity
| would there be if OP sold to the highest bidder?
| tapoxi wrote:
| What small competition have they destroyed? There's also
| plenty of competitors in the gaming space with them.
| thirtyfivecent wrote:
| Sony are seeding their online community with toxicity. If
| you have a PSN account look at the available avatars you
| can use.
|
| 1 in 5 have different variations of devils horns on the
| characters heads. 3 in 5 look like they've been cropped
| from communist murals around my city. Almost all of the
| characters look angry and criminal.
|
| Browse these avatars and in your mind compare them to
| Nintendos. The vast majority of users are interacting
| with each other and seeing these creepy avatars as
| they're friends virtual faces. What effect is this having
| on young kids?
| sjtgraham wrote:
| honkler wrote:
| bbarnett wrote:
| The parent was merely stating the payout is wrong, vs
| other avenues.
|
| An example, if you find a bag of cash, typical finders
| fee is 10%. Insurance companies, others, often offer
| this.
|
| Meanwhile, Sony is kicking maybe .01% "cash saved" for
| this vulnerability.
| LadyCailin wrote:
| Or perhaps Sony only considers piracy to cause about 200k
| of damages in actual fact.
| lupire wrote:
| 200k in damages after recovering funds from lawsuits.
| kvirani wrote:
| Let's not let our morals get in the way of doing what's
| right.
| woodruffw wrote:
| I won't downvote this, even though I disagree with many
| of the particulars.
|
| One of note: the "criminals" in this context are, at
| best, homebrew developers and users who'd like to unlock
| the full potential of the hardware they bought. At worst,
| they're "pirates" (the industry term, not mine) and game
| cheats. Nobody likes a cheater in a video game, but I
| don't know if I'd go as far as to make ethical
| prescriptions about it.
|
| Sony feels comfortable paying a pittance for these
| vulnerabilities because the market for them is relatively
| soft. But that doesn't mean that the underlying asset
| actually lacks value; it means that Sony has
| _successfully criminalized_ applications of the asset,
| artificially lowering their salability.
| woodruffw wrote:
| Replying, to avoid edit confusion: you're the CEO of a
| financial services company that seems to employ reverse
| engineering to figure out private banking APIs. In the
| (not-very-distant) past, that was potentially criminal
| under both DMCA and ECPA.
|
| Your position affords you a _unique_ opportunity to have
| some perspective here.
| sjtgraham wrote:
| Thanks for noticing. I do have a unique perspective
| indeed, and that is exactly the activity we engage in. It
| was never criminal. Reverse engineering for
| interoperability has always been permitted by law.
| woodruffw wrote:
| > Reverse engineering for interoperability has always
| been permitted by law.
|
| It's not that straightforward (even if I wish it was).
|
| First, it requires a judge and jury who understand
| "interoperability" to include "connecting to a server you
| don't own and sending it payloads that it isn't
| expecting."
|
| Second, it requires a lenient interpretation of EULAs
| under the DMCA: the DMCA promotes otherwise legal reverse
| engineering activities into illegal activities by
| allowing companies to establish "acceptable use," which
| can include prohibiting reverse engineering activities
| that circumvent restrictions on copyrighted or other
| controlled material. A bank may plausibly (in the eyes of
| attorneys) claim that third-party uses of its APIs
| compromise the bank's ability to comply with federal
| regulations, since no law requires that compliance and
| operation be integral operations.
| bfdm wrote:
| What? That is just clearly untrue, even though I agree it
| ought to be the law. DMCA 1201 made _no_ exemptions to
| circumvention of technical protection measures (for
| research, interoperability, fair use etc). Assuming any
| kind of security measure was employed here the
| interpretations of violating that have been quite broad.
|
| ianal etc.
| sjtgraham wrote:
| Reverse engineering does not necessarily imply
| circumvention of technical countermeasures, e.g. removal
| of DRM.
|
| Reverse engineering would also be a copyright
| infringement issue, which does have a carve out for
| reverse engineering.
| emsixteen wrote:
| > downvoted to oblivion
|
| Wrong website.
| j-krieger wrote:
| You don't need ,,morals" when the topic is about billion
| dollar companies who lowball you and nobody gets hurt if
| you do sell the exploit on the black market
| yieldcrv wrote:
| The market is telling people what the price of a bug is,
| as the legal monetization paths get more and more
| numerous, alongside the illegal ones.
|
| Its literally _only_ the corporation beneficiaries of
| having their own product fixed that are paying the wrong
| amount. Inching up the payout amounts ever so slowly.
|
| Anything that makes those corporations pay out better is
| also a moral outcome, and doing things that supports this
| status quo lacks ethics as well.
|
| (We actually agree that selling to _some_ bidders, and
| _some_ actions, lack ethics)
| justapassenger wrote:
| This isn't about selling guns to killers. Or bugs that
| allow you to spy on political opponents.
|
| It's selling bugs in customer hardware that can used to
| reduce control of the manufacturer of it and allow users
| to run pirated stuff (and homebrew likely as a result).
| It's totally in the best interest of the manufacturer to
| always be the highest bidder.
|
| I don't have any moral issues with people selling those
| issues on the black market, if manufacturer isn't
| interested in rewarding researcher properly.
| cosmodisk wrote:
| You are right, my initial comment excluded morals
| altogether. I did it to emphasize the low value
| attribution to the vulnerability discovery. If I were to
| actually face such dilemma, it would include much more
| complex thought process, including morals.
|
| I understand that nobody has to do the research of any
| sort but my point is that these skills and effort
| involved are being commoditised very quickly and become
| comparable to gig economy. Bounty programmes are very
| very cheap to large corps, compared to the returns
| involved. Building a substantial infosec division that
| could match the crowdsourced model is way more expensive.
| sjtgraham wrote:
| A very thoughtful reply. Thank you. For the avoidance of
| doubt, you clearly do not lack morals yourself :)
| car_analogy wrote:
| Sony TVs spy on what their viewers are watching, and
| Playstations specifically are designed to prevent their
| "owners" from using their property as they wish. And
| let's not forget the rootkit Sony installed on buyers of
| their music CDs, for which no Sony employee or executive
| went to jail.
|
| That Sony is not the criminal here is a reflection of our
| inadequate laws, not morals, and selling vulnerabilities
| to them is just as bad.
| notjoemama wrote:
| I see it as a broken social contract, and this behavior
| has kept me out of white hat too. While selling to the
| highest bidder isn't what we collectively want to happen,
| neither should we want large companies to fail rewarding
| individuals for improving their systems, particularly
| security. I don't want a landscape of pirated software,
| but I can't apply moral judgement to someone who chooses
| to sell the information elsewhere because the owner won't
| offer in-kind value. It seems to me the first immoral
| action is actually being made by the company. I wonder if
| a proper way of addressing this is for individuals to
| negotiate higher awards through a non-profit specializing
| in legal and monetary law.
|
| But what hasn't worked and will continue to not work is
| using social moral condemnation. I think we all find "you
| wouldn't download a car" funny, right? Worse for this
| situation is the context of the growing economic divide
| worldwide in 2022. Under that lens I wouldn't be
| surprised to see this happening more. The more
| oligarchies show individuals that they don't care, why
| should individuals show they care about the oligarchies?
| HideousKojima wrote:
| >Your comment completely lacks morals
|
| Nah, copyright is immoral, bypassing it is the morally
| right thing to do.
| duxup wrote:
| Most white hat security researchers seem driven as much by
| curiosity and just a general passion as rewards.
|
| When I worked with someone who was a point of contact for
| outside security researchers it seemed for many were just
| happy to get their name in the release notes.
|
| And I'm not sure if you're selling that you're a white hat
| researcher anymore...
| YetAnotherNick wrote:
| > Good way to ensure others who find similar exploits to sell
| them to highest bidder on darkmarkets instead as they'll be
| able to get way more than that.
|
| This is illegal AFAIK.
| ChoGGi wrote:
| I wonder if you could use this if Sony sues you for copyright
| infringement damages?
| rvz wrote:
| > Interesting to see that one of the most impactful exploits is
| in an open source library.
|
| WebKit is infested with vulnerabilities and it is a hackers
| paradise for exploitation. Probably the most exploited and
| targeted software component out there.
| keewee7 wrote:
| Maybe paying more than $20k through the HackerOne platform
| became a tax or regulation problem so they bank wired the rest.
| woodruffw wrote:
| This is pretty unlikely. If it's a regulation problem via
| HackerOne it's probably also a regulation problem via a
| direct wire.
| pvg wrote:
| _$20k seems a bit low_
|
| What's the market for this exploit, though? Who is going to pay
| never mind $20k but more or less anything for it?
| kevingadd wrote:
| Wide-scale game piracy can be very profitable in markets that
| aren't well-served by the console operator. You're not gonna
| make money selling pirate blurays in the US since you'll go
| straight to prison, but I can imagine PS4 owners in second or
| third-world countries buying a stack of pirated blurays for
| 20% the cost of retail and local law enforcement not being
| terribly interested in doing something about it.
| pvg wrote:
| _Wide-scale game piracy can be very profitable_
|
| Possibly but who is going to pay you $20k to realize these
| theoretical profits? They essentially mean un-networking
| your console, never updating it, only using physical media,
| likely losing your PSN account. There's a huge leap from
| step 1. 'an exploit exists', step N 'lots of hacked
| consoles and people buying pirated discs for them' and
| whatever step 'PROFIT' appears in. A latent market for free
| or cheap stuff is not the same thing as a market for this
| exploit.
| superjan wrote:
| The title suggests more but if you read the entire post,
| Vulnerability 2 and 4 are specific to PS4. Not exactly the
| flagship product anymore.
| [deleted]
| sergiotapia wrote:
| $20k for pirated ps4/ps5 games? Seems ridiculously low.
|
| When I lived in Bolivia I remember buying PS2 games in the market
| for 10 Bs. ($2). I imagine few people in Bolivia can buy these
| games. Same for other third world countries.
|
| I imagine the exploit author reported it for the clout and a
| "good get" right? It's quite the feather in your cap.
| yoda97 wrote:
| I'm from a 3rd world country and can confirm, everyone is
| keeping their ps4 in v9.00, A shop near me is selling dozens of
| ps4 with +10 pre installed games, each for 280-300$.
| lucb1e wrote:
| It's also not like house owners reward people that tell them
| about an open front door with the total value of their house's
| contents. In Dutch we say "10% finder's wages" (10%
| vindersloon) when someone returns an item they found, say a
| smartphone. Sometimes you get nothing, sometimes you get 20%,
| but nobody expects to get 100% (or even half) of the true value
| of the item you are dutifully returning.
|
| That there is a huge market in less-wealthy countries for
| pirated games is a well-known fact. What strikes me as a leap
| is that there is some mastermind behind it all that has enough
| savings (or other liquidity) to buy these exploits for whatever
| you would consider the true value (if $20k is "ridiculously"
| low), and then needs to earn all that money back by selling
| game copies (presumably there is some hardware cost to burn
| discs) to a population that is large but, indeed, poor.
| ShroudedNight wrote:
| If they already have the networks in place to sell stuff like
| pirated movies, I don't see why they would balk at paying for
| an exploit to sell pirated games. I could also see them using
| an advance + royalty model to share the risk with the exploit
| writer.
| pvg wrote:
| The movies play on unmodified players. This would be like
| making it so the only thing your tv can play is stuff you
| torrented.
| akira2501 wrote:
| No one is returning something to PlayStation, though. This is
| independent intellectual property. Property, that if exposed,
| runs the risk of destroying their entire ecosystem.
|
| And this possibly cuts well beyond simple piracy. PlayStation
| enjoys exclusive control over who does and does not get to
| publish on their platform. A mechanism that earns them
| millions in licensing deals, to the extent that they can
| happily lose money on the sale of the hardware itself. The
| destruction of that mechanism seems akin to destruction of
| their entire platform.
|
| This isn't a "we found your front door unlocked" situation.
| This is a "we found a bomb attached to your spine, and we
| know exactly how to dismantle it."
| jamal-kumar wrote:
| I know a guy who just goes hunting in latin america for old
| copies of games which have become rare and he makes decent side
| cash doing this
| bozhark wrote:
| This is the kind of person that would be hella fun to make a
| mockumentary about.
|
| Like, make all the scenes in the US sepia filtered, then make
| the Latin country's clear filtered kind of jokes.
| the8472 wrote:
| The question is how competitive is the market? Would he get
| more money by auctioning it off? For something like smartphones
| there are plenty of governments that would buy. But for a game
| console? It's mostly commercial pirates and I guess those don't
| have as much money sloshing around.
|
| Maybe one could make it an adversarial kickstarter kind of
| thing. The public pools against sony, full disclosure vs. time-
| delayed disclosure.
| tlbsofware wrote:
| Although 20k seems quite low, I think it is reasonable given the
| rise of game subscriptions.
|
| Who would want to jailbreak and leave their ps5 offline to get 5$
| games that won't work once the station is updated. Where on the
| flip side you could pay 5-15$ Monthly (not sure of PlayStation
| Nows cost but that amount is for Xbox game pass) to have hundreds
| of games at your disposal and never have to physically acquire a
| new disk via black market to play a new game?
| SV_BubbleTime wrote:
| Is there a reason this wouldn't in theory allow a full
| jailbreak and play of the $79 games?
|
| PlayStations' main unique feature are the narrative based
| single player exclusives. So, if you were going to get a PS5
| and Xbox, it seems Xbox for multi and hacked PS5 for single
| seems like an excellent combo - you know - if you were the type
| of person that could justify that sort of thing.
| 14 wrote:
| Back in the day I faced the same consideration with Xbox 360.
| I went with the reset glitch hack and was able to have
| hundreds and hundreds of games all play from an HDD.
| Eventually the hackers got servers running and you could also
| play online with others. A fully jail broken ps5 would
| definitely be appealing.
| e4m2 wrote:
| Author's presentation on the topic:
| https://github.com/TheOfficialFloW/Presentations/blob/master...
| (video not yet available)
|
| Public reimplementation: https://github.com/sleirsgoevy/bd-jb
| (not a "full" jailbreak yet, the kernel part is missing)
|
| To clarify, this exploit only works up to firmware 9.04 on the
| PS4 and up to 4.51 on the PS5.
| muterad_murilax wrote:
| Sony, not Playstation.
| bsagdiyev wrote:
| SIE is technically a different part of Sony and is analogous
| with PlayStation at this point.
| mshockwave wrote:
| SIE is a subsidiary of Sony but they're quite different. Even
| inside SIE the division that makes PlayStation is quite unique
| compared to other (first-party) game studios.
___________________________________________________________________
(page generated 2022-06-19 23:00 UTC)