Jump to content

Mess with the best die like the rest mode by Volodymyr Pikhur - REcon Brussels 2018

Recommended Posts

Yesterday hacker Volodymyr Pikhur did a talk about :




This presentation will talk about how custom Southbridge silicon, responsibe for background downloads while main SoC is off, didn’t help to secure Playstation 4. It will explain how a chain of exploits combined with hardware attacks will allow code to run in the context of the secure bootloader, extract private keys, and sign a custom kernel.


All slides and a link to the demo video on youtube can be found here!




Share this post

Link to post
Share on other sites

According to the hacker, the sys_kldload exploit still exists in firmware 5.00, potentially more recent firmwares as well. The important point of the video above is that the hack persists after boot, demonstrating what is probably the very first custom firmware on the PS4 Sony changed their keys in 5.05, but apparently not the signing process. The kernel bootloader contains the keys for Rest Mode kernel, which is why it was interesting to get access to it.


souce: wololo.net

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...