| Tweetovi |
|
fail0verflow
@fail0verflow
|
12. stu 2018. |
|
Took a peek at latest PS4 Pro (CUH-72xx, board NVG-001): same southbridge (CXD90046GG), newly marked syscon (A06-C0L2 but still RL78/G13) - so nothing changes in terms of "Aux Hax" stuff :)
|
||
|
|
||
|
fail0verflow
@fail0verflow
|
5. stu 2018. |
|
Another "PS4 Aux Hax" blog! Using HDMI-CEC to get code exec on all PS4 southbridge versions (including PS4 Pro, etc.), without requiring other parts of the system to be pwned:
fail0verflow.com/blog/2018/ps4-…
|
||
|
|
||
|
fail0verflow
@fail0verflow
|
3. lis 2018. |
|
Small update to Aux Hax:
Nearly same methods are working against devices on recent PS4 Pro board NVB-003:
Syscon A05-C0L2 (R5F101LL)
Belize southbridge (CXD90046GG)
Belize has ROM readout protection and clears stack...they're learning ;)
|
||
|
|
||
|
fail0verflow
@fail0verflow
|
30. srp 2018. |
|
Agree; would be nice if it were useful on other devices too. Note the FM3 on that board was still marked Fujitsu. Design has gone to Spansion, which has merged with Cypress since then. A lot of opportunity for change - or not :D
|
||
|
|
||
|
fail0verflow
@fail0verflow
|
29. srp 2018. |
|
A trio of new blog posts! Checkout "PS4 Aux Hax": hacking Aeolia, Syscon, and DS4. fail0verflow.com/blog/2018/ps4-…
|
||
|
|
||
|
fail0verflow
@fail0verflow
|
25. tra 2018. |
|
It's an upper bound. It could've been disclosed earlier, but not later, otherwise a CVE wouldn't have been allocated (unless we requested it ourselves, which we didn't).
|
||
|
|
||
|
fail0verflow
@fail0verflow
|
25. tra 2018. |
|
Touchée
|
||
|
|
||
|
fail0verflow
@fail0verflow
|
25. tra 2018. |
|
Note the CVE creation date, in case anyone doubted our disclosure timeline. And don't even *think* about trying to give the bug itself a cutesy name. We have enough of those already ;-)
|
||
|
|
||
|
fail0verflow
@fail0verflow
|
25. tra 2018. |
|
The Tegra X1 flaw that both ShofEL2 and Fusée Gelée exploit now has a name: CVE-2018-6242. nvidia.com/en-us/product-… cve.mitre.org/cgi-bin/cvenam…
|
||
|
|
||
|
fail0verflow
@fail0verflow
|
24. tra 2018. |
|
We don't even have any useful ATF patches left ever since we switched to coreboot. As for upstreaming, we've already started: review.coreboot.org/#/c/coreboot/+… :-)
|
||
|
|
||
|
fail0verflow
@fail0verflow
|
23. tra 2018. |
|
Yes, the recent Mesa patchsets work pretty well. We've had working 3D since February. twitter.com/fail0verflow/s…
|
||
|
|
||
|
fail0verflow
@fail0verflow
|
23. tra 2018. |
|
We know. Where do you think all those people suddenly commenting on github.com/denysvitali/li… and ultimately getting it fixed came from? ;)
|
||
|
|
||
|
fail0verflow
@fail0verflow
|
23. tra 2018. |
|
Eww, Xen. Sorry, we're strictly KVM people ;-)
|
||
|
|
||
|
fail0verflow
@fail0verflow
|
23. tra 2018. |
|
Fun fact: we started upstreaming some patches months ago (working with the linux-tegra community on Tegra X1 support in mainline Linux), so if you've seen anyone else running Linux on the Switch recently... chances are they were running some of our code unknowingly ;-)
|
||
|
|
||
|
fail0verflow
@fail0verflow
|
23. tra 2018. |
|
Reminder: ShofEL2 cannot be patched in existing units (it will work on *any* firmware, past or future), it allows full access (all keys and secrets), and it is completely undetectable by normal software. You can dual boot Linux and Switch OS with impunity. twitter.com/fail0verflow/s…
|
||
|
|
||
|
fail0verflow
@fail0verflow
|
23. tra 2018. |
|
ShofEL2, a Tegra X1 and Nintendo Switch exploit fail0verflow.com/blog/2018/shof… github.com/fail0verflow/s…
|
||
|
|
||
|
fail0verflow
@fail0verflow
|
23. tra 2018. |
|
|
||
|
fail0verflow
@fail0verflow
|
23. tra 2018. |
|
ShofEL2 also supports running Switch homebrew. Technically. pic.twitter.com/pIcxvmsgPj
|
||
|
|
||
|
fail0verflow
@fail0verflow
|
23. tra 2018. |
|
Extra derp points because that China-only port was *Twilight Princess*, not *Wind Waker*.
|
||
|
|
||
|
fail0verflow
@fail0verflow
|
23. tra 2018. |
|
Protip for @arstechnica: this is Dolphin on Linux, not some dodgy China-only port for the Shield.
|
||
|
|
||