Jump to content

Sell Your Soul To Sony For $50,000


GregoryRasputin
 Share

Recommended Posts

  • GregoryRasputin

 

UPDATE

As TheFlow has posted a link to this thread, I would like to post a few things about this article and why it was made.

 

1.) When I had originally written this article, it was not targeting any developer in particular, this was posted as a deterrent to developers from the scene from selling exploits to Sony, yes it was childish and perhaps I could have used better words, but I did not want exploits being wasted.

 

2.) Like I said this article was targeting scene developers, TheFlow has stated several times that he is not part of the PS4 scene, so how could he then take offense to this?

Also if he does not consider himself to be part of the PS4 scene, then how could I make him leave the PS4 scene? You cannot leave something that you are not part of.

 

3.) TheFlow decided to falsely blame me on him leaving the PS4 scene as a way of getting back at me, he knows I could not have made him leave because in his own words he was never part of the scene.

 

4.) A new exploit was released by TheFlow, this is great for those of you who have been waning to play games above 5.05, but that stops at 7.02, had this exploit not been given to Sony, then you would have at some stage been able to play games and homebrew on 7.50 or 8.00 using this very exploit.

 

5.) I am used to the hate from scene developers, this is nothing new, i say what I feel, I give my opinion and that annoys them, examples such as:

a.) Freakler got angry at me because I kept calling Hackinformer out for selling access to an eCFW and for charging people to install other developers homebrew and apps, Freakler supported this scam and didn't like me calling him out on it, supporting a scammer makes you as dishonest as him.

b.) SKGleba got mad at me for calling out the fact he is two faced, so he decided to use xenophobic and Islamophobic language towards me, now he claims I am the toxic one.

There are other developers I could mention, but I get on with most developers pretty well, most of them are decent and honest.

 

6.) The thread in which I posted my opinion on scene developers selling bugs to Sony was inconveniently not posted at the same time this one was, so here is a link to that article:

I may have been wrong about a couple of things in it, but the sentiment still stands, you shouldn't be part of the scene and selling exploits to Sony.

 

Whilst you are here reading this, why don't you enter this competition to win a PS5 control pad:

 

Anyhow thanks for reading this edit, you can view the original below.

 

 

 

Original Post :)

If you are the type of console hacker with no morals or any human decency, then this bug bounty brought to you by Sony will be right up your ass.

 

1531493-200.png

 

 

Sony are offering a $50,000 reward for exposing critical flaws that will lead to the system being hacked, this is nothing new and but is probably the biggest reward offered for finding a critical flaw.


I had a whole rant posted here regarding this, but I deleted it as I feel deflated and depressed, with all the PlayStation exploits closed over the past year and the ones that will be closed in the future, you can guarantee that the PS4 scene is dead.

 

Sell your soul here:

https://hackerone.com/playstation

  • Like 3
Link to comment
Share on other sites

15 hours ago, GregoryRasputin said:

I had a whole rant posted here regarding this, but I deleted it as I feel deflated and depressed, with all the PlayStation exploits closed over the past year and the ones that will be closed in the future, you can guarantee that the PS4 scene is dead.

 

I hear you. Though it certainly isn't anything knew I was impressed by how many vulnerabilities that so called octox0r sold, all the while pocketing support money from those willing to donate in the name of possible future jailbreaks.

A real portrait of the PS4Scene right there, disgusting.

We need another Cturt from the 1.76 days, another Specter from the 4.05 and definitely another Qwertyoruiopz (that's a talented dude, right there, too bad he seems to have abandoned the scene and even donated his PS4 IIRC) from the 4.55.

 

What really surprised me was to see TheFlow there, he has a history of following through to his claims.

Hopefully he can make amends by disclosing it eventually, even if it's only for firmware 6.20.

Now, I know how bad you must have felt writing that deleted rant, Greg, but you're one of the few authentic guys out there that stay true to his word. However bitter the taste, put it out there.

Your conscience and contributions to this and many other scenes are clean, that's saying something. Keep it up, don't let this new generation of soulless full-stacks get to you.

 

  • Like 2

Ferrarius Verbero Aestus Ferratilis

Link to comment
Share on other sites

4.) A new exploit was released by TheFlow, this is great for those of you who have been waning to play games above 5.05, but that stops at 7.02, had this exploit not been given to Sony, then you would have at some stage been able to play games and homebrew on 7.50 or 8.00 using this very exploit."

 

 

Noob here. Someone correct me if anything. I hardly follow the scene, had a ps4 at 5.05 for years waiting for a higher firmware. Dont know what site there was the list that anything above 5.05 upto one point was within the private sector. My thing is if those private users having this exploit above 5.05 wasnt going to release, at least this is better than nothing. In 6 months will be 3 years since 5.05 was released. How long they wanted to hold on to it. At least we got till 7.02. As for the drama, there will always be people that are ungrateful, social media is the last place to find appreciation in hackers. As for the man getting money from Sony for exploits, maybe is more beneficial for him than whats his getting from thr hacker scene. We don't know how much.  Just my opinion. 

  • Like 1
Link to comment
Share on other sites

AND, like I said in the other thread, this is why there is no community any longer...

  • Like 1
Link to comment
Share on other sites

I dont think that the Playstation bug bounty program necessarily means that the PS4 scene is dead. I know that this post/thread was written before TheFlow released his PS4 firmware 7.02 exploit, so maybe there were some uncertainties that this exploit would be released to the public or not. If thats the case, i can see that, but eventhough the Playstation bug bounty program exist, it still show that exploits can be released. I must admit that i was surprised that Sony allowed this exploit to be released to the public. I didnt think that they would allow it, because eventhough the exploit was patched, releasing it to the public would still mean a newer exploit being possible (previous one was for firmware 5.05 i think?). But it happened, so its not impossible that it can happen again :)

 

Another thing is also that FreeBSD exploits in general (which is what the 7.02 exploit is)  could very well be documented for the public. FreeBSD's official website list a lot of known exploits (maybe all of them?) for anyone to check out: https://www.freebsd.org/security/advisories.html | I will not be surprised if we also see documentation here for the exploit thats being used for PS4 firmware 7.02. And since future FreeBSD exploits will be documented as well, its possible that people can take this public and documented information and see if can be used on the PS4 as well (and most likely PS5 too). But only time will tell what happends.

 

I would also just like to add a sidenote that the Playstation bug bounty program is not just for the PS4 itself, but also including their Playstation related websides and the Playstation Network as a whole. So this could encourage faster security fixes there, which is positive of course (i dont think anyone here is disagreeing with this, i'm just more generally speaking =)).

 

That said, i'm pretty sure that this thread is only talking about the PS4 part, but i just wanted to add this as a side note to whats also the intention with the bug bounty program. I think its pretty strong word to say that someone doesnt have no morals and no human decency, and that they're selling their soul for making money on console exploits. In the bigger pictures, consoles arent really that big of a deal in that regards after all, and i think its understandable that Sony wants to protect their consoles from piracy. But maybe the issue here isnt that Sony has a bug bount program, but perhaps something else instead?

 

---

 

When it comes to TheFlow, i dont know too much about the situation, so unfortunately i cant say much about it. I dont know if the exploit he found on the PS4 was pretty much only his own work or if he borrowed/recieved help from others who had no idea that it would be submitted to a bug bounty program. I see that he thanks a few people, but have anyone of those spoken up and said that they didnt know, and/or that they feel that they should also be payed?

 

I also dont think this thread is the only thing that made him say that he would leave the scene. I might be mixing him up with someone else, but i think he has complained about toxic behavior before as well. I wont be surprised if many people have asked him on Twitter when his announced PS4 exploit would be released, and maybe be angry with him for not releasing it sooner. But as i mentioned, i might be mixing him up with someone else.

 

EDIT: And when TheFlow said that he was not part of the scene, i'm guessing that hes just referring to the part that asks and maybe complains to him about releasing exploits, but i'm not sure.

 

---

 

I didnt read the original thread here, but i appreciate edit that clearifies what the main intention was :)

 

 

  

On 6/26/2020 at 5:03 AM, Bereuza said:

I hear you. Though it certainly isn't anything knew I was impressed by how many vulnerabilities that so called octox0r sold, all the while pocketing support money from those willing to donate in the name of possible future jailbreaks.

A real portrait of the PS4Scene right there, disgusting.

We need another Cturt from the 1.76 days, another Specter from the 4.05 and definitely another Qwertyoruiopz (that's a talented dude, right there, too bad he seems to have abandoned the scene and even donated his PS4 IIRC) from the 4.55.

 

How much support money from the scene did octox0r recieve before he joined this bug bounty program? Did he promise any exploit release and asked for money? I'm just wondering since i havnt heard about this situation before :)

 

It is possible that we get another CTurt, Specter or Qwertyuiopz indeed, but its also possible that they might not release exploits for the public, or at least waiting a long time before its being done. For example, when CTurt released his exploit for PS4 firmware 1.76, he said that the exploit was fixed a long time ago, and he hoped that releasing it to the public wouldnt lead to any adverse effect. So he was caution about releasing it. If it wasnt patched, maybe he wouldnt have released it at all, but who knows. I dont know about Specter and Qwertyuiopz though, if they said something similar. Or now that i think about it, didnt Qwertyuiopz say that he released his exploit because it was already patched? But maybe i'm remembering wrong :)

 

EDIT: I fixed a typo.

Edited by Indeed1
  • Like 1
Link to comment
Share on other sites

  • GregoryRasputin

@Indeed1 thanks for taking the time to reply, you are correct stating that hackers who sell exploits to Sony have no morals is harsh.

My biggest flaw is writing something before thinking of the consequences or fallout, i had written those lines before I even knew that famous scene developers had contributed to the bug bounty, sadly people including TheFlow assumed that I had created this article to attack TheFlow, which isn't the case.

 

Do I wish the exploit could have remained away from Sony for a little longer? of course I do and my i still believe that scene developers should stay away from bounties, but that does not mean I hold any ill will against those who participate in them.

  • Like 1
Link to comment
Share on other sites

On 7/8/2020 at 5:25 PM, GregoryRasputin said:

@Indeed1 thanks for taking the time to reply, you are correct stating that hackers who sell exploits to Sony have no morals is harsh.

My biggest flaw is writing something before thinking of the consequences or fallout, i had written those lines before I even knew that famous scene developers had contributed to the bug bounty, sadly people including TheFlow assumed that I had created this article to attack TheFlow, which isn't the case.

 

Do I wish the exploit could have remained away from Sony for a little longer? of course I do and my i still believe that scene developers should stay away from bounties, but that does not mean I hold any ill will against those who participate in them.

 

No worries. Thanks for your reply too :)

 

I understand. I guess that your intial reaction was more about that this bug bounty program could make it a lot harder to get PS4 hacks, and that isn't something that you wanted? And then later when you thought more about it, you're not angry at either Sony (because its understandable that they want to protect their system against piracy) or those who want to participate in such bug bounty program (because its their choice what to do with their own work (assuming that what they submit to the bug bounty program is mostly their own work/research at least))? If thats the case, i can see that situation.

 

Its not that uncommon to react more strongly at first, then think a bit more about the situation later on, reflecting on the situation. Someone might react differently later on though, maybe they get angry if someone misunderstood them, and dont take the time to explain what they really ment. So what you do here, taking the time to explain what you meant, and saying that you used some harsh words in the begining,  the saying that you didnt really mean that, i think is a very good human quality/attribute to have :)I dont think everyone would have done this.

 

And i also understand the situation if console hacks becomes more more rare (at least to the public), that this can be boring and suck. I mean, this means less activity in a field/subject that one are interested in.

 

I don't hack my consoles personally (the last consoles i modded was my PS1 and PS2, which i did back in the days :)), so its not that big of a deal for me personally if a console gets hacked or not, but i still find it interesting to see how long a console's security system can hold up before someone are able to get around it, and i think it can be interesting to read how people were able to do that. This is how i found this website in the first place, because i read about the recent PS4 kernel exploit, eventhough i'm not hacking my own PS4 :)

 

I would also just like to add a side note that console hacking isnt just about piracy of course. I dont mean to say that, so i just wanted to point that out. I think its safe to say that the majority of people use it for piracy however (which is also primarily why Sony (and Microsoft and Nintendo as well for that matter) tries to stop console hacks. And i guess the possibility of making it easier to cheating online in games is another reason), but its fully possible to use and enjoy console hacks without doing any piracy as well. Its the same with emulators. Its fully possible to use emulators without piracy. But i think its up to each person to decide what they want to do with the hacks, piracy or not, so i wont say much about that.

 

Have a nice day! :)

 

EDIT: By the way, did TheFlow reply to you after you explained what you meant? If i can ask about that.

 

EDIT 2: The FreeBSD exploit is now mentioned on FreeBSD's own site as well: https://www.freebsd.org/security/advisories.html (I just thought i'd mention it since i talked about these exploits might be publically known even if theres a situation were Sony's bug bounty program might not allow for disclosure of exploits (they did allow it this time to my surprise, but who knows what will happen the next time. Maybe they allowed it this time because it was related to FreeBSD in general, and knew that it would be publically know anyway, but thats just a guess from my side). As long as the exploit is related to FreeBSD, i think it will be publically known regardless :)).

 

Edited by Indeed1
  • Like 2
Link to comment
Share on other sites

@Indeed1@GregoryRasputin

 

If I could interject, partially on Greg's behalf to explain somewhat.

 

We both of are the generation where any alignment with any corporation is wrong.  There were communities that believed that one day, unless we kept fighting that one day, the corporations would take over, unless there was a system in place that kept them in check.  Something that they knew would not allow them to step outside the lines.  It was a perilous ecosystem but it kept everyone more or less honest.  n00bs would come into this environment and have a hard time integrating but once they proved themselves, they would be accepted and it was about community involvement and knowledge sharing.  An "us" vs "them" mentality.  Try to thing of it it in today's whistle-blower mentality.  Sources inside corporations would actively help out us, as well as some very talented individuals finding exploits on their own.

 

This started coming under attack several years ago (personally I believe it started when we as a community started putting hacked consoles online--that broke an unspoken rule that cause the all-out war).  The way company measured profits changed.  They started an all out attack at the only adversary they had that was keeping them in check and launch a full out, 4-pronged campaign against this "underground" community.  The first was piracy.  They started counting every download as a lost revenue.  The second tier was convincing the government that this underground community was basically organized crime and using police powers to fight civil disputes.  The third tier was an all-out advertising campaign to convince the general public this underground community was basically organized crime.  The fourth and most detrimental piece was to start recruiting people with bounties and consultancy contracts (which was made acceptable by the previous 3 steps).

 

This is an extremely simplified and "readers-digest" version of what actually happened and it took several years to accomplish, but this is what happened.  FYI--if you don't understand the "readers-digest" version comment, then you likely won't agree with this account of events.

 

The sad thing about this is that now, the corporations have succeeded.  There is no community any longer.  They are free to gouge the general public without fear.  The downfall of their plan is that now they no longer have a justification to explain their own fiscal irresponsibility and within the next few years, there will be another crash.  COVID has only expedited that.  Eventually unfinished games being released almost at an unplayable level, having to buy extra items just so you can finish a game that has no real ending anyways and a flood of over-hyped and under-delivering titles will crash the industry just at it did a few decades ago.

 

The industry needs the underground community and can't survive without it.

Edited by rednekcowboy
  • Like 2
Link to comment
Share on other sites

  • GregoryRasputin
9 hours ago, Indeed1 said:

I understand. I guess that your intial reaction was more about that this bug bounty program could make it a lot harder to get PS4 hacks, and that isn't something that you wanted? And then later when you thought more about it, you're not angry at either Sony (because its understandable that they want to protect their system against piracy) or those who want to participate in such bug bounty program (because its their choice what to do with their own work (assuming that what they submit to the bug bounty program is mostly their own work/research at least))? If thats the case, i can see that situation.

 

I would also just like to add a side note that console hacking isnt just about piracy of course. I dont mean to say that, so i just wanted to point that out. I think its safe to say that the majority of people use it for piracy however (which is also primarily why Sony (and Microsoft and Nintendo as well for that matter) tries to stop console hacks. And i guess the possibility of making it easier to cheating online in games is another reason), but its fully possible to use and enjoy console hacks without doing any piracy as well. Its the same with emulators. Its fully possible to use emulators without piracy. But i think its up to each person to decide what they want to do with the hacks, piracy or not, so i wont say much about that.

 

EDIT: By the way, did TheFlow reply to you after you explained what you meant? If i can ask about that.

 

 

My Initial response was hasty, I realised that after I had posted it, but it had become to late and people had already seen it which is why I wrote a follow up, my opinion will not change on the part which I state "You should not be part of a console hacking scene and selling exploits to the company who owns the console you are cracking", It kills the spirit of a scene, it used to be we would get a hack and Sony would patch it when they found the bug, but now they can just pay a console hacker to find the bug for them  and we are at the mercy whether the actual exploit can be released.

 So my problem is the case that we might no longer get exploits in the future, if Sony decide that the hacker can only state that he found one but not actually release it, then we are screwed and scenes will slowly die.

 

For me hacking console is not about piracy, it is a side affect which is great for some and not so great for others, what I loved about the PS3 scene which is the scene I started in was the community and the developers who seemed more friendly and approachable than they do now, hackers broke the console because that is what they liked doing and not because they wanted to get some financial gain from it, money is great, everyone needs it, but some of us crave other things such as community, it seems that community now is based in Reddit and Twitter where all we see is "ETA WEN".

 

No, TheFlow has chosen not to engage with me, I am not angry with him for doing so, it would have been nice to have a conversation with him man to man, but one can not force someone to do something they don't want to do.

  • Like 2
Link to comment
Share on other sites

13 minutes ago, GregoryRasputin said:

 

 

For me hacking console is not about piracy, it is a side affect which is great for some and not so great for others, what I loved about the PS3 scene which is the scene I started in was the community and the developers who seemed more friendly and approachable than they do now, hackers broke the console because that is what they liked doing and not because they wanted to get some financial gain from it, money is great, everyone needs it, but some of us crave other things such as community, it seems that community now is based in Reddit and Twitter where all we see is "ETA WEN".

 

Yes Piracy is a side affect, but piracy in and of itself is not the evil it is believed in it's definition today.  It wasn't until the accounting system changed and people started counting money that they may never receive.  1 download does not equal 1 lost sale.  People who pirate will always pirate, regardless.  However, instead of equating 1 pirated copy to 1 lost sale, those companies that have actually exploited that in terms of advertising, have actually gained sales.  This is proven by a number of studies.

 

However, that is a discussion that is used only in an attempt to actually deflect from the main point.  Piracy, in the console industry, equates to an extremely small percentage of the underground community and always has been.  Forums bring it to the forefront and corporations use it to attack them but in reality, and forgive me as I don't have the actual current figures in regards to consoles, but it is extremely minute--less than 5%.  Back in the PS3 days it was 2% of the entire userbase.

 

@GregoryRasputin You really missed out on some fun with the original xbox, ps1 and ps2.  Those were the golden days.  There were attempts at all the same things as today, DLC, unfinished and broken releases but they all got squashed simply because the community wouldn't allow it.  In those days, your console was your hardware and any attempt on that was taken as a personal affront and an erosion of your rights and freedoms.

 

I don't know nor did I get involved in this entire TheFlow thing, but as an old-school dinasour form back in the day--just on principal, someone from the scene, taking something a group worked on together and releasing it as their own--regardless of who receives it in the end, is a major no go for me.

 

Someone finds an exploit all on their own, develops it and verifies it--that is their work to do with as they please.  Someone thinks they may have something, goes to a group of people and they develop it together and then that person takes the final product and claims it as their own--that is a problem.  Then again, in today's world, that seems acceptable and common-place. 

 

That is my opinion without emotion and without my personal feelings in regards to giving something to a corporation versus sharing it openly with a community.

 

 

Edited by rednekcowboy
  • Like 2
Link to comment
Share on other sites

On 7/10/2020 at 7:41 PM, rednekcowboy said:

@Indeed1@GregoryRasputin

 

If I could interject, partially on Greg's behalf to explain somewhat.

 

We both of are the generation where any alignment with any corporation is wrong.  There were communities that believed that one day, unless we kept fighting that one day, the corporations would take over, unless there was a system in place that kept them in check.  Something that they knew would not allow them to step outside the lines.  It was a perilous ecosystem but it kept everyone more or less honest.  n00bs would come into this environment and have a hard time integrating but once they proved themselves, they would be accepted and it was about community involvement and knowledge sharing.  An "us" vs "them" mentality.  Try to thing of it it in today's whistle-blower mentality.  Sources inside corporations would actively help out us, as well as some very talented individuals finding exploits on their own.

 

This started coming under attack several years ago (personally I believe it started when we as a community started putting hacked consoles online--that broke an unspoken rule that cause the all-out war).  The way company measured profits changed.  They started an all out attack at the only adversary they had that was keeping them in check and launch a full out, 4-pronged campaign against this "underground" community.  The first was piracy.  They started counting every download as a lost revenue.  The second tier was convincing the government that this underground community was basically organized crime and using police powers to fight civil disputes.  The third tier was an all-out advertising campaign to convince the general public this underground community was basically organized crime.  The fourth and most detrimental piece was to start recruiting people with bounties and consultancy contracts (which was made acceptable by the previous 3 steps).

 

This is an extremely simplified and "readers-digest" version of what actually happened and it took several years to accomplish, but this is what happened.  FYI--if you don't understand the "readers-digest" version comment, then you likely won't agree with this account of events.

 

The sad thing about this is that now, the corporations have succeeded.  There is no community any longer.  They are free to gouge the general public without fear.  The downfall of their plan is that now they no longer have a justification to explain their own fiscal irresponsibility and within the next few years, there will be another crash.  COVID has only expedited that.  Eventually unfinished games being released almost at an unplayable level, having to buy extra items just so you can finish a game that has no real ending anyways and a flood of over-hyped and under-delivering titles will crash the industry just at it did a few decades ago.

 

The industry needs the underground community and can't survive without it.

 

Thanks for your input :)

 

I think it depends on what you mean with having any alignment to a company. I agree that it can be important for people to say their opinion about something that they dont like about companies (or anything else as well for that matter). So if people dont like something that a company do, they can say their opinion about, for sure. When people say their opinion, the problem can be discussed, and things can change for the better. So its important that people speak against companies if people think that the companies do something thats wrong or something that they dont like, i 100% agree with that.


But i dont think the console companies like Microsoft, Nintendo and Sony are trying to take over something in that regards, not at all. The only thing i can see them taking over is their competitors in the same business, but that is quite normal business competition, that is very normal and theres nothing wrong with that, in my opinion. Or what do you think that they might take over? And what do you think that the community is doing, and needs to do, to keep them in check? These companies are giving us entertainment after all, and without them, there wouldnt be any console hacking possible for their consoles in the first place :) But as i mentioned, i think its important for people to say their opinions if they dont like something that a company is doing, for sure, but i dont think the situation is so bad that they're trying to take stuff over or anything like that. But maybe i'm misunderstanding what you mean, so please correct me if i'm wrong and are misunderstadning what you mean :)I also think that the cosnumers are keeping the console companies in check to a certain degree. I dont think that the cosnole companies are free to gouges the consumers without any fear, so i have to disagree with that. If they do to much that the consumer dont like, the consumers might stop buying the products, and this will keep the companies in check, at least to some degree. After all, its very important for basically any business to keep their consumers happy :)

 

 

I also think its important to have some balance and equality, where everyone have some rights, both the companies and the consumers. For example, if consumers should have the right to hack their device (which in general, i think they should), i think its also fair that the companies should have to right to protect against piracy. This way, both parts have their rights, and it can create a balance. If you see what i mean? :)

 

Its a very big topic to discuss what the rights should be or not though, and where this this balance should be, and theres many different opinion about this. But when it comes to gaming consoles in specific, i think its more than fair that the companies tries to secure their system against piracy. That is basically only my point on this subject, in this discussion. Maybe people aren't arguing against this though, so maybe i'm misunderstanding the argument about this.

 

EDIT: I'm sorry for the late edit, but i just wanted to add one thing, how do you mean with a wistle blower situation? That people working for Microsoft, Nintendo and/or Sony should leak information/internal code for the gaming consoles, so that the systems can be hacked easier? If you mean the first think, i dont think that should be done.  A whistle blower situation is usually more about when an employee tells about internal stuff that affects people lives in one way or another, maybe even illegal stuff. This is not really the case when it comes to hacking gaming consoles. Gaming consoles are luxury entertainment products, so its not something very important in that regards. So this wouldnt really be a whistle blower situation in the same regards. If a Microsoft, Nintendo and/or Sony employee leaks interal codes for their gaming consoles to help hackers, then this is more towards being disloyal employees, not whistle blowers in that regards.

 

Or do you mean that hacking consoles is like a whistle blower situation because it opens up the system? If so, i see what you mean, but i dont think its directly a whistle blower situation in that regards, because whistle blowing is more about exposing something bad, while hacking a console is more about just being allowed to run unsigned code on the console, remvoing restrictions from a closed system.

I'm just asking why you mean with the whistle blower comment to make sure that i'm not misunderstanding what you mean with this :)

 

I do understand the "them VS US" mentality when it comes to breaking the protection on a gaming console though. Like a cat and mouse game. First the protection is there, then someone find an exploit. Then this exploit is patched, and someone finds a new exploit again, and its being patch. And this can go on for a long time, like a cat and mouse game :) But i think both consumers should have the right to hack their own gaming console, and that the companies should have the right to protect their systems against hacking and piracy.

 

EDIT 2: I also added some more text.

 

---

 

Gaming companies have always tried to fight piracy, so i dont think this is that much different now than it was before, so there is no "all-out war" going on now compared to before, at least from my experience. I've been in the gaming community for many, many years, and i have never seen Microsoft, Nintendo and/or Sony doing an all-out advertising campaign to the public talking about the console hacking communities being basically like organized crime, if that is what you mean? If so, do you have any examples of that where i can see these ads? And how do you mean about using police power in a civil dispute? Where did that happened?

 

Recruiting hackers for security work is actually not that uncommon. I'm kinda surprised why Sony hasnt done this before actually (at least when it comes to the bug bounty program) because it can be a pretty effective way to increase security. When it comes to computer security in general, many of those who work with computer security are actually hackers. For example, CTurt, who hacked the PS4 first, he is now working for Microsoft when it comes to security :)

 

---

 

I dont think there will any gaming market crash in the next few years. Only time will tell what happends,  but i feel that people have speculated in this for quite some time now, and the gaming industry is maybe bigger than it has ever been :)It doesnt seem to be any gaming market crash coming, at least not anytime soon.

 

When it comes to games being unfinished, its true that some games have some bugs and problems, for sure, but personally, i have hardly played any games that were in an almost unplayable state/level. The only game i think of is Nuclear Throne for Vita. That game had some game crashes at the later level, so i was never able to finish the game because of that (and it was unfortunately never fixed/patched on the Vita. It was only patched on the PS4).

 

I also cant think of many cases where one have to buy extra items just to finish the game. Maybe this is more for mobile games, but not for console games at least (or do you mean this being mostly for mobile games?). The only example i can kinda think of is "Asura's Wrath" for PS3/Xbox 360. This game had a DLC pack with the "real ending" for the game. Otherwise most games can be finished without any problems. At least from my experience, and i've been playing games for many, many years.

 

 

---

 

But i do agree with you that its important that the consumers say their opinion if they dont like something. I dont think this is limited to any underground community (or how do you mean that the industry needs the underground community? And what defines the underground community? Those who are hacking consoles and are using console hacks for personal use?), but for every consumer in general. When people say their opinion, things can change for the better, that is true :)

 

 

 

On 7/11/2020 at 12:19 AM, GregoryRasputin said:

 

 

My Initial response was hasty, I realised that after I had posted it, but it had become to late and people had already seen it which is why I wrote a follow up, my opinion will not change on the part which I state "You should not be part of a console hacking scene and selling exploits to the company who owns the console you are cracking", It kills the spirit of a scene, it used to be we would get a hack and Sony would patch it when they found the bug, but now they can just pay a console hacker to find the bug for them  and we are at the mercy whether the actual exploit can be released.

 So my problem is the case that we might no longer get exploits in the future, if Sony decide that the hacker can only state that he found one but not actually release it, then we are screwed and scenes will slowly die.

 

For me hacking console is not about piracy, it is a side affect which is great for some and not so great for others, what I loved about the PS3 scene which is the scene I started in was the community and the developers who seemed more friendly and approachable than they do now, hackers broke the console because that is what they liked doing and not because they wanted to get some financial gain from it, money is great, everyone needs it, but some of us crave other things such as community, it seems that community now is based in Reddit and Twitter where all we see is "ETA WEN".

 

No, TheFlow has chosen not to engage with me, I am not angry with him for doing so, it would have been nice to have a conversation with him man to man, but one can not force someone to do something they don't want to do.

 

Understood, i see what you mean. Its true that bug bounties can make exploits more rare, but i still believe that there will be an active console hacking community. I think theres still interest in hacking the consoles, simply just for the challenge alone. Like both Apple and Nintendo have bug bounties as well, but their systems are still getting hacked (latest Switch firmware is hacked when it comes to Nintendo, and iOS 14 jailbreak is also available when it comes to Apple). But only time will tell what happends. Security in general seems to be getting better and better as well, making it harder to find exploits, bug bounties or not, but there always seems to be some bugs/exploits popping up anyway :)

 

Are there still a community on IRC by the way? Or have mostly moved over to Reddit and Twitter as you mention? Maybe Discord too.

 

About TheFlow. I understand. Thats true, i was just curious if he had replied.

Edited by Indeed1
  • Like 1
Link to comment
Share on other sites

Interesting topic to get started. This kind of belief goes way back when. I've watched the scene from the PS1 days and its fair to say its come a long way. But lets take it back a knotch to the early days. Back in the day, PS1/PS2, when you found an exploit in a system that was it. That exploit stayed there until there was a hardware revision. There was no software updates back then, exploits stayed. There was no bug bounties, no interconnecting responsibilities. Exploits on PS1/PS2 worked only on those consoles. They didnt affect hardware or software on other platforms.

 

Then you see more open source tools, updating software via the internet. Everyone starts to mix and match open source tools. (Why dont people write their own, well theres not that many people in the world that can write a secure SSL/TLS protocol or implement cryptographic protocols properly? So better not risk it).

 

Later in the gen information security started to become more important, more R&D/gov funds/companies picking up on their infosec. This brings the time of the PSP onwards (PS3/PS4). Where exploiting finding became much more difficult, especially with the added complexity of the systems. It doesnt just affect consoles, it now all electronics come into the mix. PS3/PS4 based on FreeBSD, Webkit used in iPhones/consoles,  so  exploits become cross platform.  You find an exploit in webkit, release it as a zero day. Some NSA/CIA use it to exploit someones phone and kill them. Yes this happens.

 

Furthermore, the increased knowledge of infosec meant there were more hackers out there than before. Better resources to learn, internet etc.

 

During this, a period of companies fighting/suing hackers for finding exploits. The winner, well depended on the country and lawyers. Thankfully it took some time for it to reveal that jailbreaking is not illegal. Given that companies, naturally, want to protect their assets. Its fine to run whatever code you want, but its not fine to leak key encryption keys which can lead to copyright theft/stealing/unwanted copies of software. So bug bounties are introduced, as a way to incentivise InfoSec community to report and be paid for their exploits.

 

This brings us to the modern day hacker, who can spend months upto a year longer, to find and develop worthy exploits in a system, e.g. a kernel exploit in a PS4. PS4 runs FreeBSD, which your local university runs a copy of, another critical server runs a copy of it too. So that exploit does not just hurt the PS4, it hurts alot more people.

 

The person who wrote the exploit, its their code, its their attack. They can do whatever they want with it.

 

You have a few options

  • Release the exploit, Company will patch it within a few weeks, vendors who run FreeBSD frantically figure out a way to patch and secure systems. Those with critical infrastructure have to be on high alert now a zero day is out in the wild. The hacker, who released the exploit, gets sued by people who use FreeBSD and were attacked. It was your unique weapon after all. You get nothing and get disrespect by the InfoSec community (where all these hackers work) as someone who is not trustworthy with finding attack vectors
  • You do the 90 day disclosure, you can alert people who care about exploits to not upgrade past FW x.xx. The people who run critical systems have a chance to defend themselves and fix the bug. After 90 days you release it and it can be used freely. You get some form of compensation after all the months of free labour you put in. You get some respect as being a responsible individual to the community

Most people who complain about hackers doing disclosure have never, ever written an exploit themselves. So really, they have no say.

 

Next theres the 'scene' who lets be honest, we know about that. You want homebrew on the system you bought, well then find the exploit yourself.

"But its my system I want to do what I want" <- No one is stopping you doing anything, you just cant find exploits yourself so you whine and complain about it online...

 

You dont buy a car and steal the gas? When you buy a car you know to run it you will need gas.

Edited by ehneo
  • Like 2
Link to comment
Share on other sites

  • GregoryRasputin

@Indeed1 there are scene IRC channels and servers, but people have mostly went to the likes of Discord and Telegram.

PlayStationHaX has an IRC server, though not that active as it is fairley new, there is a thread here created by Vapor.

 

@ehneo I agree with most of what you wrote, apart from the modern day bit.

If a hacker finds an exploit in a console he has hacked, the code is technically not his as it still belongs to the company of the device he has hacked, It is even less his if he used tools or methods of other hackers who came before him or used methods to test his exploit.

Which is where scene comes to play, without other developers some of those who release code might not achieve what they want or not achieve it as fast, for example if a WebKit was not available then one cannot test a KExploit to see if it works properly, if a WebKit exists, then said hacker would have to use a WebKit which someone else apart from the hacker has already created, hence the community aspect.

 

You cannot make a cheesy chicken omelette, without the cheese, chicken and eggs...

 

 

  • Like 2
Link to comment
Share on other sites

15 hours ago, GregoryRasputin said:

@Indeed1 there are scene IRC channels and servers, but people have mostly went to the likes of Discord and Telegram.

PlayStationHaX has an IRC server, though not that active as it is fairley new, there is a thread here created by Vapor.

 

@ehneo I agree with most of what you wrote, apart from the modern day bit.

If a hacker finds an exploit in a console he has hacked, the code is technically not his as it still belongs to the company of the device he has hacked, It is even less his if he used tools or methods of other hackers who came before him or used methods to test his exploit.

Which is where scene comes to play, without other developers some of those who release code might not achieve what they want or not achieve it as fast, for example if a WebKit was not available then one cannot test a KExploit to see if it works properly, if a WebKit exists, then said hacker would have to use a WebKit which someone else apart from the hacker has already created, hence the community aspect.

 

You cannot make a cheesy chicken omelette, without the cheese, chicken and eggs...

 

 

 

I haven't been able to find any legal documents which says who owns the vulnerability apart from you own the vulnerable code that was written, but not the bug itself. Because the bug is in the software of someone else's code.

 

By this and your assumptions, then a hacker does not own the exploit at all. That means if they find any exploits they have to instantly report them to the vendor. So then there's no scene to begin with because you shouldn't be sharing bugs that you don't own right?

 

Furthermore if I use someone else's bug to test my exploit, as you mention a WebKit bug to test a Kernal exploit, then I can still report my Exploit to be fixed, as long as I don't report the other exploit I used to test it. It's not owned by the community or anyone, it's owned by the vendor.

Link to comment
Share on other sites

  • GregoryRasputin
3 hours ago, ehneo said:

it's owned by the vendor.

Fuck the vendor, it has always been about the cat and mouse between them and us, bug bounties turn those who be potential scene heroes into a pawn for the corporation they were meant to be fighting.

 

 

Link to comment
Share on other sites

21 hours ago, GregoryRasputin said:

@Indeed1 there are scene IRC channels and servers, but people have mostly went to the likes of Discord and Telegram.

PlayStationHaX has an IRC server, though not that active as it is fairley new, there is a thread here created by Vapor.

 

I see. I dont use IRC much myself these days, so i was just curious if its still being used in a bigger fashion :) I remember when basically everything was on IRC.

 

 

5 hours ago, ehneo said:

 

I haven't been able to find any legal documents which says who owns the vulnerability apart from you own the vulnerable code that was written, but not the bug itself. Because the bug is in the software of someone else's code.

 

By this and your assumptions, then a hacker does not own the exploit at all. That means if they find any exploits they have to instantly report them to the vendor. So then there's no scene to begin with because you shouldn't be sharing bugs that you don't own right?

 

Furthermore if I use someone else's bug to test my exploit, as you mention a WebKit bug to test a Kernal exploit, then I can still report my Exploit to be fixed, as long as I don't report the other exploit I used to test it. It's not owned by the community or anyone, it's owned by the vendor.

 

Yeah, you're right that the vendor owns the code itself, and in a way, the exploit is part of that code, but technically, i'm not sure if anyone directly owns a bug or exploit itself. I mean, people can do a write up on how to achieve such exploits without releasing any specific code to download. I think the bug bounty programs are more about NDAs (non disclosure agreements). Its basically just a contract where theres agreement of not posting the bug/exploit to the public. This doesnt stop anyone else from finding and potentially release the exploit to the public if they want that. Sometimes NDAs can also have time limits, like in the gaming industry, where e.g reviewers sign NDAs to not publish early information about the game before a certain time/date. I wonder if the bug bounties for consoles have any time limit to them, that maybe they can release the info in X-amount of years or so. I kinda doubt that, but who knows :)

 

But there might be more legality to this when it comes to releasing exploits, and i hardly know anything about that, unfortuantely.

 

 

1 hour ago, GregoryRasputin said:

Fuck the vendor, it has always been about the cat and mouse between them and us, bug bounties turn those who be potential scene heroes into a pawn for the corporation they were meant to be fighting.

 

Maybe i'm reading "fighting" too literally here, so please correct me if i'm wrong, but i dont think that many hackers necessarily have the viewpoint of fighting a corporation in the regards that they're really against them or anything like that. I think its also in some cases just about a challenge, trying to break a security system to see if it can be done or not (which several of people are interested in doing) :) And also that they want to run their own unsigned code on the systems, even if they're not against the companies.

Edited by Indeed1
Link to comment
Share on other sites

3 hours ago, GregoryRasputin said:

Fuck the vendor, it has always been about the cat and mouse between them and us, bug bounties turn those who be potential scene heroes into a pawn for the corporation they were meant to be fighting.

 

 

 

1 hour ago, Indeed1 said:

 

I see. I dont use IRC much myself these days, so i was just curious if its still being used in a bigger fashion :) I remember when basically everything was on IRC.

 

 

 

Yeah, you're right that the vendor owns the code itself, and in a way, the exploit is part of that code, but technically, i'm not sure if anyone directly owns a bug or exploit itself. I mean, people can do a write up on how to achieve such exploits without releasing any specific code to download. I think the bug bounty programs are more about NDAs (non disclosure agreements). Its basically just a contract where theres agreement of not posting the bug/exploit to the public. This doesnt stop anyone else from finding and potentially release the exploit to the public if they want that. Sometimes NDAs can also have time limits, like in the gaming industry, where e.g reviewers sign NDAs to not publish early information about the game before a certain time/date. I wonder if the bug bounties for consoles have any time limit to them, that maybe they can release the info in X-amount of years or so. I kinda doubt that, but who knows :)

 

But there might be more legality to this when it comes to releasing exploits, and i hardly know anything about that, unfortuantely.

 

 

 

Maybe i'm reading "fighting" too literally here, so please correct me if i'm wrong, but i dont think that many hackers necessarily have the viewpoint of fighting a corporation in the regards that they're really against them or anything like that. I think its also in some cases just about a challenge, trying to break a security system to see if it can be done or not (which several of people are interested in doing) :) And also that they want to run their own unsigned code on the systems, even if they're not against the companies.

 

Yeah @Indeed1 you are right. Hackers dont have the viewpoint of fighting corporations anymore. Its not really justified in the present day. Back in the day, computers were expensive, phones had no power, games consoles were cheaper, so it made sense for people to want to unlock their console for all the homebrew potential.

 

Now computers are cheap, phones are cheap and powerful, consoles well it depends. Id argue now we dont even have a need to unlock our home consoles for homebrew, when in reality we can do all that stuff on our phones/PCs. Maybe portable console sure, but home consoles? Yeah theres no really point anymore. So truely, theres no more corperation fighting any longer.

 

It has, and it always has been, as you say, about the challenge. Who has the most technical balls to unlock a secure console. Whos got the skills to show off.

 

The 'Scene' is still alive and well. Its not about piracy anymore. Its just about having the know-how to unlock the devices. Playing the race to see which group is best.

 

 

 

 

Edited by ehneo
  • Like 1
Link to comment
Share on other sites

On 7/14/2020 at 5:47 PM, ehneo said:

 

 

Yeah @Indeed1 you are right. Hackers dont have the viewpoint of fighting corporations anymore. Its not really justified in the present day. Back in the day, computers were expensive, phones had no power, games consoles were cheaper, so it made sense for people to want to unlock their console for all the homebrew potential.

 

Now computers are cheap, phones are cheap and powerful, consoles well it depends. Id argue now we dont even have a need to unlock our home consoles for homebrew, when in reality we can do all that stuff on our phones/PCs. Maybe portable console sure, but home consoles? Yeah theres no really point anymore. So truely, theres no more corperation fighting any longer.

 

It has, and it always has been, as you say, about the challenge. Who has the most technical balls to unlock a secure console. Whos got the skills to show off.

 

The 'Scene' is still alive and well. Its not about piracy anymore. Its just about having the know-how to unlock the devices. Playing the race to see which group is best.

 

Yeah, when it comes to only being able to use/run homebrew in general, consoles might not be that necessary anymore, thats true. Mini/micro PCs are more accessible now than they were before, and theres also things like Raspberry Pi (this is not be as powerful as the latest consoles though (which is to be expected considering the cheaper price), but not all homebrew require a lot of hardware power).

 

I can still see some advantages with hacking consoles however. It can be more convenient to have everything in one box (instead of having to use e.g a Mini PC for homebrew and a console for gaming). It also makes it possible to apply mods and cheats to offline games (hacked consoles usually gets banned quickly, so i'm not sure that its that big of an issue anymore in regards to online cheating). This is of course possible on PC as well, but i'm also thinking about exclusive games to consoles. This isnt something that i personally have that much interest in, but having the option to do it can be a good thing at least. It might also be easier to make emulators for PC if a console is hacked, since maybe then its easier to see how the inner workings of a console are. Emulators might take years to make though, but it might be nice to have e.g a PS4 emulator 15-20 years from now. Theres also the community aspect around homebrew for specific consoles. I'm sure there are a community around PC homebrew too, but still, the community aspect can be a nice/interesting thing anyway. Having thing to discuss with others etc. within this field :)

 

But yeah, i think that hacking today, at least for some hackers, is more about the challenge of getting past the security, just to see if they have the skills if it can be done rather than being against either Microsoft, Nintendo and/or Sony, i agree. That doesnt mean that one agree with every decision these companies make, and no problem with disagreeing with certain decisions of course, but in general, i dont think many minds that theres a security system in place on the consoles at least (and if there was no security system in the first place, there wouldnt be any challenge or hacking possible to begin with :)).

 

The console hacking is also done to be able to run homebrew though, so thats also some part of it, but i think the challenge itself to see if the security system can be broken is the bigger factor for some hackers at least. And i think this will continue both on PS5 and Nintendo Switch 2 (or what it will be called) as well, so yeah, i think the scene will still be alive, indeed. Maybe even with Xbox too, although it doesnt seem to be that much activety there (have anyone hacked the Xbox One yet, by the way? I've seen people saying that theres not too much interest in hacking the Xbox One because homebrew can officially be run on it already, but i dont know if thats the only reason). This is also what i find the most interesting about console hacking. I mean, i dont use these hacks myself, but i find it interesting how long it potentially will take before someone are able to get past the security system, so i'm looking forward to see how the PS5 and future consoles hold up :)

Edited by Indeed1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...