Jump to content
GregoryRasputin

Sell Your Soul To Sony For $50,000

Recommended Posts

 

UPDATE

As TheFlow has posted a link to this thread, I would like to post a few things about this article and why it was made.

 

1.) When I had originally written this article, it was not targeting any developer in particular, this was posted as a deterrent to developers from the scene from selling exploits to Sony, yes it was childish and perhaps I could have used better words, but I did not want exploits being wasted.

 

2.) Like I said this article was targeting scene developers, TheFlow has stated several times that he is not part of the PS4 scene, so how could he then take offense to this?

Also if he does not consider himself to be part of the PS4 scene, then how could I make him leave the PS4 scene? You cannot leave something that you are not part of.

 

3.) TheFlow decided to falsely blame me on him leaving the PS4 scene as a way of getting back at me, he knows I could not have made him leave because in his own words he was never part of the scene.

 

4.) A new exploit was released by TheFlow, this is great for those of you who have been waning to play games above 5.05, but that stops at 7.02, had this exploit not been given to Sony, then you would have at some stage been able to play games and homebrew on 7.50 or 8.00 using this very exploit.

 

5.) I am used to the hate from scene developers, this is nothing new, i say what I feel, I give my opinion and that annoys them, examples such as:

a.) Freakler got angry at me because I kept calling Hackinformer out for selling access to an eCFW and for charging people to install other developers homebrew and apps, Freakler supported this scam and didn't like me calling him out on it, supporting a scammer makes you as dishonest as him.

b.) SKGleba got mad at me for calling out the fact he is two faced, so he decided to use xenophobic and Islamophobic language towards me, now he claims I am the toxic one.

There are other developers I could mention, but I get on with most developers pretty well, most of them are decent and honest.

 

6.) The thread in which I posted my opinion on scene developers selling bugs to Sony was inconveniently not posted at the same time this one was, so here is a link to that article:

I may have been wrong about a couple of things in it, but the sentiment still stands, you shouldn't be part of the scene and selling exploits to Sony.

 

Whilst you are here reading this, why don't you enter this competition to win a PS5 control pad:

 

Anyhow thanks for reading this edit, you can view the original below.

 

 

 

Original Post :)

If you are the type of console hacker with no morals or any human decency, then this bug bounty brought to you by Sony will be right up your ass.

 

1531493-200.png

 

 

Sony are offering a $50,000 reward for exposing critical flaws that will lead to the system being hacked, this is nothing new and but is probably the biggest reward offered for finding a critical flaw.


I had a whole rant posted here regarding this, but I deleted it as I feel deflated and depressed, with all the PlayStation exploits closed over the past year and the ones that will be closed in the future, you can guarantee that the PS4 scene is dead.

 

Sell your soul here:

https://hackerone.com/playstation

  • Like 3

Share this post


Link to post
Share on other sites
15 hours ago, GregoryRasputin said:

I had a whole rant posted here regarding this, but I deleted it as I feel deflated and depressed, with all the PlayStation exploits closed over the past year and the ones that will be closed in the future, you can guarantee that the PS4 scene is dead.

 

I hear you. Though it certainly isn't anything knew I was impressed by how many vulnerabilities that so called octox0r sold, all the while pocketing support money from those willing to donate in the name of possible future jailbreaks.

A real portrait of the PS4Scene right there, disgusting.

We need another Cturt from the 1.76 days, another Specter from the 4.05 and definitely another Qwertyoruiopz (that's a talented dude, right there, too bad he seems to have abandoned the scene and even donated his PS4 IIRC) from the 4.55.

 

What really surprised me was to see TheFlow there, he has a history of following through to his claims.

Hopefully he can make amends by disclosing it eventually, even if it's only for firmware 6.20.

Now, I know how bad you must have felt writing that deleted rant, Greg, but you're one of the few authentic guys out there that stay true to his word. However bitter the taste, put it out there.

Your conscience and contributions to this and many other scenes are clean, that's saying something. Keep it up, don't let this new generation of soulless full-stacks get to you.

 

  • Like 2

Ferrarius Verbero Aestus Ferratilis

Share this post


Link to post
Share on other sites

4.) A new exploit was released by TheFlow, this is great for those of you who have been waning to play games above 5.05, but that stops at 7.02, had this exploit not been given to Sony, then you would have at some stage been able to play games and homebrew on 7.50 or 8.00 using this very exploit."

 

 

Noob here. Someone correct me if anything. I hardly follow the scene, had a ps4 at 5.05 for years waiting for a higher firmware. Dont know what site there was the list that anything above 5.05 upto one point was within the private sector. My thing is if those private users having this exploit above 5.05 wasnt going to release, at least this is better than nothing. In 6 months will be 3 years since 5.05 was released. How long they wanted to hold on to it. At least we got till 7.02. As for the drama, there will always be people that are ungrateful, social media is the last place to find appreciation in hackers. As for the man getting money from Sony for exploits, maybe is more beneficial for him than whats his getting from thr hacker scene. We don't know how much.  Just my opinion. 

  • Like 1

Share this post


Link to post
Share on other sites

I dont think that the Playstation bug bounty program necessarily means that the PS4 scene is dead. I know that this post/thread was written before TheFlow released his PS4 firmware 7.02 exploit, so maybe there were some uncertainties that this exploit would be released to the public or not. If thats the case, i can see that, but eventhough the Playstation bug bounty program exist, it still show that exploits can be released. I must admit that i was surprised that Sony allowed this exploit to be released to the public. I didnt think that they would allow it, because eventhough the exploit was patched, releasing it to the public would still mean a newer exploit being possible (previous one was for firmware 5.05 i think?). But it happened, so its not impossible that it can happen again :)

 

Another thing is also that FreeBSD exploits in general (which is what the 7.02 exploit is)  could very well be documented for the public. FreeBSD's official website list a lot of known exploits (maybe all of them?) for anyone to check out: https://www.freebsd.org/security/advisories.html | I will not be surprised if we also see documentation here for the exploit thats being used for PS4 firmware 7.02. And since future FreeBSD exploits will be documented as well, its possible that people can take this public and documented information and see if can be used on the PS4 as well (and most likely PS5 too). But only time will tell what happends.

 

I would also just like to add a sidenote that the Playstation bug bounty program is not just for the PS4 itself, but also including their Playstation related websides and the Playstation Network as a whole. So this could encourage faster security fixes there, which is positive of course (i dont think anyone here is disagreeing with this, i'm just more generally speaking =)).

 

That said, i'm pretty sure that this thread is only talking about the PS4 part, but i just wanted to add this as a side note to whats also the intention with the bug bounty program. I think its pretty strong word to say that someone doesnt have no morals and no human decency, and that they're selling their soul for making money on console exploits. In the bigger pictures, consoles arent really that big of a deal in that regards after all, and i think its understandable that Sony wants to protect their consoles from piracy. But maybe the issue here isnt that Sony has a bug bount program, but perhaps something else instead?

 

---

 

When it comes to TheFlow, i dont know too much about the situation, so unfortunately i cant say much about it. I dont know if the exploit he found on the PS4 was pretty much only his own work or if he borrowed/recieved help from others who had no idea that it would be submitted to a bug bounty program. I see that he thanks a few people, but have anyone of those spoken up and said that they didnt know, and/or that they feel that they should also be payed?

 

I also dont think this thread is the only thing that made him say that he would leave the scene. I might be mixing him up with someone else, but i think he has complained about toxic behavior before as well. I wont be surprised if many people have asked him on Twitter when his announced PS4 exploit would be released, and maybe be angry with him for not releasing it sooner. But as i mentioned, i might be mixing him up with someone else.

 

EDIT: And when TheFlow said that he was not part of the scene, i'm guessing that hes just referring to the part that asks and maybe complains to him about releasing exploits, but i'm not sure.

 

---

 

I didnt read the original thread here, but i appreciate edit that clearifies what the main intention was :)

 

 

  

On 6/26/2020 at 5:03 AM, Bereuza said:

I hear you. Though it certainly isn't anything knew I was impressed by how many vulnerabilities that so called octox0r sold, all the while pocketing support money from those willing to donate in the name of possible future jailbreaks.

A real portrait of the PS4Scene right there, disgusting.

We need another Cturt from the 1.76 days, another Specter from the 4.05 and definitely another Qwertyoruiopz (that's a talented dude, right there, too bad he seems to have abandoned the scene and even donated his PS4 IIRC) from the 4.55.

 

How much support money from the scene did octox0r recieve before he joined this bug bounty program? Did he promise any exploit release and asked for money? I'm just wondering since i havnt heard about this situation before :)

 

It is possible that we get another CTurt, Specter or Qwertyuiopz indeed, but its also possible that they might not release exploits for the public, or at least waiting a long time before its being done. For example, when CTurt released his exploit for PS4 firmware 1.76, he said that the exploit was fixed a long time ago, and he hoped that releasing it to the public wouldnt lead to any adverse effect. So he was caution about releasing it. If it wasnt patched, maybe he wouldnt have released it at all, but who knows. I dont know about Specter and Qwertyuiopz though, if they said something similar. Or now that i think about it, didnt Qwertyuiopz say that he released his exploit because it was already patched? But maybe i'm remembering wrong :)

 

EDIT: I fixed a typo.

Edited by Indeed1
  • Like 1

Share this post


Link to post
Share on other sites

@Indeed1 thanks for taking the time to reply, you are correct stating that hackers who sell exploits to Sony have no morals is harsh.

My biggest flaw is writing something before thinking of the consequences or fallout, i had written those lines before I even knew that famous scene developers had contributed to the bug bounty, sadly people including TheFlow assumed that I had created this article to attack TheFlow, which isn't the case.

 

Do I wish the exploit could have remained away from Sony for a little longer? of course I do and my i still believe that scene developers should stay away from bounties, but that does not mean I hold any ill will against those who participate in them.

  • Like 1

Share this post


Link to post
Share on other sites
On 7/8/2020 at 5:25 PM, GregoryRasputin said:

@Indeed1 thanks for taking the time to reply, you are correct stating that hackers who sell exploits to Sony have no morals is harsh.

My biggest flaw is writing something before thinking of the consequences or fallout, i had written those lines before I even knew that famous scene developers had contributed to the bug bounty, sadly people including TheFlow assumed that I had created this article to attack TheFlow, which isn't the case.

 

Do I wish the exploit could have remained away from Sony for a little longer? of course I do and my i still believe that scene developers should stay away from bounties, but that does not mean I hold any ill will against those who participate in them.

 

No worries. Thanks for your reply too :)

 

I understand. I guess that your intial reaction was more about that this bug bounty program could make it a lot harder to get PS4 hacks, and that isn't something that you wanted? And then later when you thought more about it, you're not angry at either Sony (because its understandable that they want to protect their system against piracy) or those who want to participate in such bug bounty program (because its their choice what to do with their own work (assuming that what they submit to the bug bounty program is mostly their own work/research at least))? If thats the case, i can see that situation.

 

Its not that uncommon to react more strongly at first, then think a bit more about the situation later on, reflecting on the situation. Someone might react differently later on though, maybe they get angry if someone misunderstood them, and dont take the time to explain what they really ment. So what you do here, taking the time to explain what you meant, and saying that you used some harsh words in the begining,  the saying that you didnt really mean that, i think is a very good human quality/attribute to have :)I dont think everyone would have done this.

 

And i also understand the situation if console hacks becomes more more rare (at least to the public), that this can be boring and suck. I mean, this means less activity in a field/subject that one are interested in.

 

I don't hack my consoles personally (the last consoles i modded was my PS1 and PS2, which i did back in the days :)), so its not that big of a deal for me personally if a console gets hacked or not, but i still find it interesting to see how long a console's security system can hold up before someone are able to get around it, and i think it can be interesting to read how people were able to do that. This is how i found this website in the first place, because i read about the recent PS4 kernel exploit, eventhough i'm not hacking my own PS4 :)

 

I would also just like to add a side note that console hacking isnt just about piracy of course. I dont mean to say that, so i just wanted to point that out. I think its safe to say that the majority of people use it for piracy however (which is also primarily why Sony (and Microsoft and Nintendo as well for that matter) tries to stop console hacks. And i guess the possibility of making it easier to cheating online in games is another reason), but its fully possible to use and enjoy console hacks without doing any piracy as well. Its the same with emulators. Its fully possible to use emulators without piracy. But i think its up to each person to decide what they want to do with the hacks, piracy or not, so i wont say much about that.

 

Have a nice day! :)

 

EDIT: By the way, did TheFlow reply to you after you explained what you meant? If i can ask about that.

 

EDIT 2: The FreeBSD exploit is now mentioned on FreeBSD's own site as well: https://www.freebsd.org/security/advisories.html (I just thought i'd mention it since i talked about these exploits might be publically known even if theres a situation were Sony's bug bounty program might not allow for disclosure of exploits (they did allow it this time to my surprise, but who knows what will happen the next time. Maybe they allowed it this time because it was related to FreeBSD in general, and knew that it would be publically know anyway, but thats just a guess from my side). As long as the exploit is related to FreeBSD, i think it will be publically known regardless :)).

 

Edited by Indeed1
  • Like 2

Share this post


Link to post
Share on other sites

@Indeed1@GregoryRasputin

 

If I could interject, partially on Greg's behalf to explain somewhat.

 

We both of are the generation where any alignment with any corporation is wrong.  There were communities that believed that one day, unless we kept fighting that one day, the corporations would take over, unless there was a system in place that kept them in check.  Something that they knew would not allow them to step outside the lines.  It was a perilous ecosystem but it kept everyone more or less honest.  n00bs would come into this environment and have a hard time integrating but once they proved themselves, they would be accepted and it was about community involvement and knowledge sharing.  An "us" vs "them" mentality.  Try to thing of it it in today's whistle-blower mentality.  Sources inside corporations would actively help out us, as well as some very talented individuals finding exploits on their own.

 

This started coming under attack several years ago (personally I believe it started when we as a community started putting hacked consoles online--that broke an unspoken rule that cause the all-out war).  The way company measured profits changed.  They started an all out attack at the only adversary they had that was keeping them in check and launch a full out, 4-pronged campaign against this "underground" community.  The first was piracy.  They started counting every download as a lost revenue.  The second tier was convincing the government that this underground community was basically organized crime and using police powers to fight civil disputes.  The third tier was an all-out advertising campaign to convince the general public this underground community was basically organized crime.  The fourth and most detrimental piece was to start recruiting people with bounties and consultancy contracts (which was made acceptable by the previous 3 steps).

 

This is an extremely simplified and "readers-digest" version of what actually happened and it took several years to accomplish, but this is what happened.  FYI--if you don't understand the "readers-digest" version comment, then you likely won't agree with this account of events.

 

The sad thing about this is that now, the corporations have succeeded.  There is no community any longer.  They are free to gouge the general public without fear.  The downfall of their plan is that now they no longer have a justification to explain their own fiscal irresponsibility and within the next few years, there will be another crash.  COVID has only expedited that.  Eventually unfinished games being released almost at an unplayable level, having to buy extra items just so you can finish a game that has no real ending anyways and a flood of over-hyped and under-delivering titles will crash the industry just at it did a few decades ago.

 

The industry needs the underground community and can't survive without it.

Edited by rednekcowboy
  • Like 2

Share this post


Link to post
Share on other sites
9 hours ago, Indeed1 said:

I understand. I guess that your intial reaction was more about that this bug bounty program could make it a lot harder to get PS4 hacks, and that isn't something that you wanted? And then later when you thought more about it, you're not angry at either Sony (because its understandable that they want to protect their system against piracy) or those who want to participate in such bug bounty program (because its their choice what to do with their own work (assuming that what they submit to the bug bounty program is mostly their own work/research at least))? If thats the case, i can see that situation.

 

I would also just like to add a side note that console hacking isnt just about piracy of course. I dont mean to say that, so i just wanted to point that out. I think its safe to say that the majority of people use it for piracy however (which is also primarily why Sony (and Microsoft and Nintendo as well for that matter) tries to stop console hacks. And i guess the possibility of making it easier to cheating online in games is another reason), but its fully possible to use and enjoy console hacks without doing any piracy as well. Its the same with emulators. Its fully possible to use emulators without piracy. But i think its up to each person to decide what they want to do with the hacks, piracy or not, so i wont say much about that.

 

EDIT: By the way, did TheFlow reply to you after you explained what you meant? If i can ask about that.

 

 

My Initial response was hasty, I realised that after I had posted it, but it had become to late and people had already seen it which is why I wrote a follow up, my opinion will not change on the part which I state "You should not be part of a console hacking scene and selling exploits to the company who owns the console you are cracking", It kills the spirit of a scene, it used to be we would get a hack and Sony would patch it when they found the bug, but now they can just pay a console hacker to find the bug for them  and we are at the mercy whether the actual exploit can be released.

 So my problem is the case that we might no longer get exploits in the future, if Sony decide that the hacker can only state that he found one but not actually release it, then we are screwed and scenes will slowly die.

 

For me hacking console is not about piracy, it is a side affect which is great for some and not so great for others, what I loved about the PS3 scene which is the scene I started in was the community and the developers who seemed more friendly and approachable than they do now, hackers broke the console because that is what they liked doing and not because they wanted to get some financial gain from it, money is great, everyone needs it, but some of us crave other things such as community, it seems that community now is based in Reddit and Twitter where all we see is "ETA WEN".

 

No, TheFlow has chosen not to engage with me, I am not angry with him for doing so, it would have been nice to have a conversation with him man to man, but one can not force someone to do something they don't want to do.

  • Like 2

Share this post


Link to post
Share on other sites
13 minutes ago, GregoryRasputin said:

 

 

For me hacking console is not about piracy, it is a side affect which is great for some and not so great for others, what I loved about the PS3 scene which is the scene I started in was the community and the developers who seemed more friendly and approachable than they do now, hackers broke the console because that is what they liked doing and not because they wanted to get some financial gain from it, money is great, everyone needs it, but some of us crave other things such as community, it seems that community now is based in Reddit and Twitter where all we see is "ETA WEN".

 

Yes Piracy is a side affect, but piracy in and of itself is not the evil it is believed in it's definition today.  It wasn't until the accounting system changed and people started counting money that they may never receive.  1 download does not equal 1 lost sale.  People who pirate will always pirate, regardless.  However, instead of equating 1 pirated copy to 1 lost sale, those companies that have actually exploited that in terms of advertising, have actually gained sales.  This is proven by a number of studies.

 

However, that is a discussion that is used only in an attempt to actually deflect from the main point.  Piracy, in the console industry, equates to an extremely small percentage of the underground community and always has been.  Forums bring it to the forefront and corporations use it to attack them but in reality, and forgive me as I don't have the actual current figures in regards to consoles, but it is extremely minute--less than 5%.  Back in the PS3 days it was 2% of the entire userbase.

 

@GregoryRasputin You really missed out on some fun with the original xbox, ps1 and ps2.  Those were the golden days.  There were attempts at all the same things as today, DLC, unfinished and broken releases but they all got squashed simply because the community wouldn't allow it.  In those days, your console was your hardware and any attempt on that was taken as a personal affront and an erosion of your rights and freedoms.

 

I don't know nor did I get involved in this entire TheFlow thing, but as an old-school dinasour form back in the day--just on principal, someone from the scene, taking something a group worked on together and releasing it as their own--regardless of who receives it in the end, is a major no go for me.

 

Someone finds an exploit all on their own, develops it and verifies it--that is their work to do with as they please.  Someone thinks they may have something, goes to a group of people and they develop it together and then that person takes the final product and claims it as their own--that is a problem.  Then again, in today's world, that seems acceptable and common-place. 

 

That is my opinion without emotion and without my personal feelings in regards to giving something to a corporation versus sharing it openly with a community.

 

 

Edited by rednekcowboy
  • Like 2

Share this post


Link to post
Share on other sites
On 7/10/2020 at 7:41 PM, rednekcowboy said:

@Indeed1@GregoryRasputin

 

If I could interject, partially on Greg's behalf to explain somewhat.

 

We both of are the generation where any alignment with any corporation is wrong.  There were communities that believed that one day, unless we kept fighting that one day, the corporations would take over, unless there was a system in place that kept them in check.  Something that they knew would not allow them to step outside the lines.  It was a perilous ecosystem but it kept everyone more or less honest.  n00bs would come into this environment and have a hard time integrating but once they proved themselves, they would be accepted and it was about community involvement and knowledge sharing.  An "us" vs "them" mentality.  Try to thing of it it in today's whistle-blower mentality.  Sources inside corporations would actively help out us, as well as some very talented individuals finding exploits on their own.

 

This started coming under attack several years ago (personally I believe it started when we as a community started putting hacked consoles online--that broke an unspoken rule that cause the all-out war).  The way company measured profits changed.  They started an all out attack at the only adversary they had that was keeping them in check and launch a full out, 4-pronged campaign against this "underground" community.  The first was piracy.  They started counting every download as a lost revenue.  The second tier was convincing the government that this underground community was basically organized crime and using police powers to fight civil disputes.  The third tier was an all-out advertising campaign to convince the general public this underground community was basically organized crime.  The fourth and most detrimental piece was to start recruiting people with bounties and consultancy contracts (which was made acceptable by the previous 3 steps).

 

This is an extremely simplified and "readers-digest" version of what actually happened and it took several years to accomplish, but this is what happened.  FYI--if you don't understand the "readers-digest" version comment, then you likely won't agree with this account of events.

 

The sad thing about this is that now, the corporations have succeeded.  There is no community any longer.  They are free to gouge the general public without fear.  The downfall of their plan is that now they no longer have a justification to explain their own fiscal irresponsibility and within the next few years, there will be another crash.  COVID has only expedited that.  Eventually unfinished games being released almost at an unplayable level, having to buy extra items just so you can finish a game that has no real ending anyways and a flood of over-hyped and under-delivering titles will crash the industry just at it did a few decades ago.

 

The industry needs the underground community and can't survive without it.

 

Thanks for your input :)

 

I think it depends on what you mean with having any alignment to a company. I agree that it can be important for people to say their opinion about something that they dont like about companies (or anything else as well for that matter). So if people dont like something that a company do, they can say their opinion about, for sure. When people say their opinion, the problem can be discussed, and things can change for the better. So its important that people speak against companies if people think that the companies do something thats wrong or something that they dont like, i 100% agree with that.


But i dont think the console companies like Microsoft, Nintendo and Sony are trying to take over something in that regards, not at all. The only thing i can see them taking over is their competitors in the same business, but that is quite normal business competition, that is very normal and theres nothing wrong with that, in my opinion. Or what do you think that they might take over? And what do you think that the community is doing, and needs to do, to keep them in check? These companies are giving us entertainment after all, and without them, there wouldnt be any console hacking possible for their consoles in the first place :) But as i mentioned, i think its important for people to say their opinions if they dont like something that a company is doing, for sure, but i dont think the situation is so bad that they're trying to take stuff over or anything like that. But maybe i'm misunderstanding what you mean, so please correct me if i'm wrong and are misunderstadning what you mean :)I also think that the cosnumers are keeping the console companies in check to a certain degree. I dont think that the cosnole companies are free to gouges the consumers without any fear, so i have to disagree with that. If they do to much that the consumer dont like, the consumers might stop buying the products, and this will keep the companies in check, at least to some degree. After all, its very important for basically any business to keep their consumers happy :)

 

 

I also think its important to have some balance and equality, where everyone have some rights, both the companies and the consumers. For example, if consumers should have the right to hack their device (which in general, i think they should), i think its also fair that the companies should have to right to protect against piracy. This way, both parts have their rights, and it can create a balance. If you see what i mean? :)

 

Its a very big topic to discuss what the rights should be or not though, and where this this balance should be, and theres many different opinion about this. But when it comes to gaming consoles in specific, i think its more than fair that the companies tries to secure their system against piracy. That is basically only my point on this subject, in this discussion. Maybe people aren't arguing against this though, so maybe i'm misunderstanding the argument about this.

 

EDIT: I'm sorry for the late edit, but i just wanted to add one thing, how do you mean with a wistle blower situation? That people working for Microsoft, Nintendo and/or Sony should leak information/internal code for the gaming consoles, so that the systems can be hacked easier? If you mean the first think, i dont think that should be done.  A whistle blower situation is usually more about when an employee tells about internal stuff that affects people lives in one way or another, maybe even illegal stuff. This is not really the case when it comes to hacking gaming consoles. Gaming consoles are luxury entertainment products, so its not something very important in that regards. So this wouldnt really be a whistle blower situation in the same regards. If a Microsoft, Nintendo and/or Sony employee leaks interal codes for their gaming consoles to help hackers, then this is more towards being disloyal employees, not whistle blowers in that regards.

 

Or do you mean that hacking consoles is like a whistle blower situation because it opens up the system? If so, i see what you mean, but i dont think its directly a whistle blower situation in that regards, because whistle blowing is more about exposing something bad, while hacking a console is more about just being allowed to run unsigned code on the console, remvoing restrictions from a closed system.

I'm just asking why you mean with the whistle blower comment to make sure that i'm not misunderstanding what you mean with this :)

 

I do understand the "them VS US" mentality when it comes to breaking the protection on a gaming console though. Like a cat and mouse game. First the protection is there, then someone find an exploit. Then this exploit is patched, and someone finds a new exploit again, and its being patch. And this can go on for a long time, like a cat and mouse game :) But i think both consumers should have the right to hack their own gaming console, and that the companies should have the right to protect their systems against hacking and piracy.

 

EDIT 2: I also added some more text.

 

---

 

Gaming companies have always tried to fight piracy, so i dont think this is that much different now than it was before, so there is no "all-out war" going on now compared to before, at least from my experience. I've been in the gaming community for many, many years, and i have never seen Microsoft, Nintendo and/or Sony doing an all-out advertising campaign to the public talking about the console hacking communities being basically like organized crime, if that is what you mean? If so, do you have any examples of that where i can see these ads? And how do you mean about using police power in a civil dispute? Where did that happened?

 

Recruiting hackers for security work is actually not that uncommon. I'm kinda surprised why Sony hasnt done this before actually (at least when it comes to the bug bounty program) because it can be a pretty effective way to increase security. When it comes to computer security in general, many of those who work with computer security are actually hackers. For example, CTurt, who hacked the PS4 first, he is now working for Microsoft when it comes to security :)

 

---

 

I dont think there will any gaming market crash in the next few years. Only time will tell what happends,  but i feel that people have speculated in this for quite some time now, and the gaming industry is maybe bigger than it has ever been :)It doesnt seem to be any gaming market crash coming, at least not anytime soon.

 

When it comes to games being unfinished, its true that some games have some bugs and problems, for sure, but personally, i have hardly played any games that were in an almost unplayable state/level. The only game i think of is Nuclear Throne for Vita. That game had some game crashes at the later level, so i was never able to finish the game because of that (and it was unfortunately never fixed/patched on the Vita. It was only patched on the PS4).

 

I also cant think of many cases where one have to buy extra items just to finish the game. Maybe this is more for mobile games, but not for console games at least (or do you mean this being mostly for mobile games?). The only example i can kinda think of is "Asura's Wrath" for PS3/Xbox 360. This game had a DLC pack with the "real ending" for the game. Otherwise most games can be finished without any problems. At least from my experience, and i've been playing games for many, many years.

 

 

---

 

But i do agree with you that its important that the consumers say their opinion if they dont like something. I dont think this is limited to any underground community (or how do you mean that the industry needs the underground community? And what defines the underground community? Those who are hacking consoles and are using console hacks for personal use?), but for every consumer in general. When people say their opinion, things can change for the better, that is true :)

 

 

 

On 7/11/2020 at 12:19 AM, GregoryRasputin said:

 

 

My Initial response was hasty, I realised that after I had posted it, but it had become to late and people had already seen it which is why I wrote a follow up, my opinion will not change on the part which I state "You should not be part of a console hacking scene and selling exploits to the company who owns the console you are cracking", It kills the spirit of a scene, it used to be we would get a hack and Sony would patch it when they found the bug, but now they can just pay a console hacker to find the bug for them  and we are at the mercy whether the actual exploit can be released.

 So my problem is the case that we might no longer get exploits in the future, if Sony decide that the hacker can only state that he found one but not actually release it, then we are screwed and scenes will slowly die.

 

For me hacking console is not about piracy, it is a side affect which is great for some and not so great for others, what I loved about the PS3 scene which is the scene I started in was the community and the developers who seemed more friendly and approachable than they do now, hackers broke the console because that is what they liked doing and not because they wanted to get some financial gain from it, money is great, everyone needs it, but some of us crave other things such as community, it seems that community now is based in Reddit and Twitter where all we see is "ETA WEN".

 

No, TheFlow has chosen not to engage with me, I am not angry with him for doing so, it would have been nice to have a conversation with him man to man, but one can not force someone to do something they don't want to do.

 

Understood, i see what you mean. Its true that bug bounties can make exploits more rare, but i still believe that there will be an active console hacking community. I think theres still interest in hacking the consoles, simply just for the challenge alone. Like both Apple and Nintendo have bug bounties as well, but their systems are still getting hacked (latest Switch firmware is hacked when it comes to Nintendo, and iOS 14 jailbreak is also available when it comes to Apple). But only time will tell what happends. Security in general seems to be getting better and better as well, making it harder to find exploits, bug bounties or not, but there always seems to be some bugs/exploits popping up anyway :)

 

Are there still a community on IRC by the way? Or have mostly moved over to Reddit and Twitter as you mention? Maybe Discord too.

 

About TheFlow. I understand. Thats true, i was just curious if he had replied.

Edited by Indeed1
  • Like 1

Share this post


Link to post
Share on other sites

Interesting topic to get started. This kind of belief goes way back when. I've watched the scene from the PS1 days and its fair to say its come a long way. But lets take it back a knotch to the early days. Back in the day, PS1/PS2, when you found an exploit in a system that was it. That exploit stayed there until there was a hardware revision. There was no software updates back then, exploits stayed. There was no bug bounties, no interconnecting responsibilities. Exploits on PS1/PS2 worked only on those consoles. They didnt affect hardware or software on other platforms.

 

Then you see more open source tools, updating software via the internet. Everyone starts to mix and match open source tools. (Why dont people write their own, well theres not that many people in the world that can write a secure SSL/TLS protocol or implement cryptographic protocols properly? So better not risk it).

 

Later in the gen information security started to become more important, more R&D/gov funds/companies picking up on their infosec. This brings the time of the PSP onwards (PS3/PS4). Where exploiting finding became much more difficult, especially with the added complexity of the systems. It doesnt just affect consoles, it now all electronics come into the mix. PS3/PS4 based on FreeBSD, Webkit used in iPhones/consoles,  so  exploits become cross platform.  You find an exploit in webkit, release it as a zero day. Some NSA/CIA use it to exploit someones phone and kill them. Yes this happens.

 

Furthermore, the increased knowledge of infosec meant there were more hackers out there than before. Better resources to learn, internet etc.

 

During this, a period of companies fighting/suing hackers for finding exploits. The winner, well depended on the country and lawyers. Thankfully it took some time for it to reveal that jailbreaking is not illegal. Given that companies, naturally, want to protect their assets. Its fine to run whatever code you want, but its not fine to leak key encryption keys which can lead to copyright theft/stealing/unwanted copies of software. So bug bounties are introduced, as a way to incentivise InfoSec community to report and be paid for their exploits.

 

This brings us to the modern day hacker, who can spend months upto a year longer, to find and develop worthy exploits in a system, e.g. a kernel exploit in a PS4. PS4 runs FreeBSD, which your local university runs a copy of, another critical server runs a copy of it too. So that exploit does not just hurt the PS4, it hurts alot more people.

 

The person who wrote the exploit, its their code, its their attack. They can do whatever they want with it.

 

You have a few options

  • Release the exploit, Company will patch it within a few weeks, vendors who run FreeBSD frantically figure out a way to patch and secure systems. Those with critical infrastructure have to be on high alert now a zero day is out in the wild. The hacker, who released the exploit, gets sued by people who use FreeBSD and were attacked. It was your unique weapon after all. You get nothing and get disrespect by the InfoSec community (where all these hackers work) as someone who is not trustworthy with finding attack vectors
  • You do the 90 day disclosure, you can alert people who care about exploits to not upgrade past FW x.xx. The people who run critical systems have a chance to defend themselves and fix the bug. After 90 days you release it and it can be used freely. You get some form of compensation after all the months of free labour you put in. You get some respect as being a responsible individual to the community

Most people who complain about hackers doing disclosure have never, ever written an exploit themselves. So really, they have no say.

 

Next theres the 'scene' who lets be honest, we know about that. You want homebrew on the system you bought, well then find the exploit yourself.

"But its my system I want to do what I want" <- No one is stopping you doing anything, you just cant find exploits yourself so you whine and complain about it online...

 

You dont buy a car and steal the gas? When you buy a car you know to run it you will need gas.

Edited by ehneo
  • Like 1

Share this post


Link to post
Share on other sites

@Indeed1 there are scene IRC channels and servers, but people have mostly went to the likes of Discord and Telegram.

PlayStationHaX has an IRC server, though not that active as it is fairley new, there is a thread here created by Vapor.

 

@ehneo I agree with most of what you wrote, apart from the modern day bit.

If a hacker finds an exploit in a console he has hacked, the code is technically not his as it still belongs to the company of the device he has hacked, It is even less his if he used tools or methods of other hackers who came before him or used methods to test his exploit.

Which is where scene comes to play, without other developers some of those who release code might not achieve what they want or not achieve it as fast, for example if a WebKit was not available then one cannot test a KExploit to see if it works properly, if a WebKit exists, then said hacker would have to use a WebKit which someone else apart from the hacker has already created, hence the community aspect.

 

You cannot make a cheesy chicken omelette, without the cheese, chicken and eggs...

 

 

  • Like 1

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...