Jump to content
Thibobo

Mess with the best die like the rest mode by Volodymyr Pikhur - REcon Brussels 2018

Recommended Posts

Yesterday hacker Volodymyr Pikhur did a talk about :

 

gqp521x.png

 

This presentation will talk about how custom Southbridge silicon, responsibe for background downloads while main SoC is off, didn’t help to secure Playstation 4. It will explain how a chain of exploits combined with hardware attacks will allow code to run in the context of the secure bootloader, extract private keys, and sign a custom kernel.

 

All slides and a link to the demo video on youtube can be found here!

 

 

 

Share this post


Link to post
Share on other sites

That looks like a lot of fun :tw_love:

Share this post


Link to post
Share on other sites

According to the hacker, the sys_kldload exploit still exists in firmware 5.00, potentially more recent firmwares as well. The important point of the video above is that the hack persists after boot, demonstrating what is probably the very first custom firmware on the PS4 Sony changed their keys in 5.05, but apparently not the signing process. The kernel bootloader contains the keys for Rest Mode kernel, which is why it was interesting to get access to it.

 

souce: wololo.net

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×