Joined November 2010
- Tweets 230
- Following 10
- Followers 51,615
- Likes 5
16 Photos and videos
Mar 15
Method we used (>5 years ago, now) on ps5 to fiddle with mp4 and hv memory: github.com/fail0verflow/pros…
hope it helps for linux!
17
113
695
137,371
Mar 15
btw: we first used the included iommu script to bypass iommu and dump x86 kernel text via custom pcie device in m.2 slot - worked first try :')
#historylesson #incaseyouevencared
1
12
230
20,782
🐧
Mar 6
I ported Linux to the PS5 and turned it into a Steam Machine. Running GTA 5 Enhanced with Ray Tracing. 🤯
7
24
480
26,687
14 Sep 2024
want to play with the fbsd umtx exploit? check out github.com/fail0verflow/ps5-…
20
123
607
101,887
27 Jul 2023
8
45
259
49,003
18 May 2022
New blog post about hacking PS VR! We managed to find some major flaws - breaking secure boot and extracting all key material: fail0verflow.com/blog/2022/p…
14
182
581
8 Nov 2021
Translation: We got all (symmetric) ps5 root keys. They can all be obtained from software - including per-console root key, if you look hard enough!
134
1,022
3,572
21 Feb 2020
Here is our implementation of the Renesas RL78 debug protocol (as requested in a comment on the blog): github.com/fail0verflow/rl78…
8
32
184
13 Nov 2018
Took a peek at latest PS4 Pro (CUH-72xx, board NVG-001): same southbridge (CXD90046GG), newly marked syscon (A06-C0L2 but still RL78/G13) - so nothing changes in terms of "Aux Hax" stuff :)
31
55
287
5 Nov 2018
Another "PS4 Aux Hax" blog! Using HDMI-CEC to get code exec on all PS4 southbridge versions (including PS4 Pro, etc.), without requiring other parts of the system to be pwned:
fail0verflow.com/blog/2018/p…
35
386
945
4 Oct 2018
Small update to Aux Hax:
Nearly same methods are working against devices on recent PS4 Pro board NVB-003:
Syscon A05-C0L2 (R5F101LL)
Belize southbridge (CXD90046GG)
Belize has ROM readout protection and clears stack...they're learning ;)
11
48
241
29 Jul 2018
A trio of new blog posts! Checkout "PS4 Aux Hax": hacking Aeolia, Syscon, and DS4. fail0verflow.com/blog/2018/p…
14
159
432
25 Apr 2018
The Tegra X1 flaw that both ShofEL2 and Fusée Gelée exploit now has a name: CVE-2018-6242. nvidia.com/en-us/product-sec… cve.mitre.org/cgi-bin/cvenam…
11
98
290
25 Apr 2018
Note the CVE creation date, in case anyone doubted our disclosure timeline. And don't even *think* about trying to give the bug itself a cutesy name. We have enough of those already ;-)
8
7
123
24 Apr 2018
Fun fact: we started upstreaming some patches months ago (working with the linux-tegra community on Tegra X1 support in mainline Linux), so if you've seen anyone else running Linux on the Switch recently... chances are they were running some of our code unknowingly ;-)
13
32
259
24 Apr 2018
Reminder: ShofEL2 cannot be patched in existing units (it will work on *any* firmware, past or future), it allows full access (all keys and secrets), and it is completely undetectable by normal software. You can dual boot Linux and Switch OS with impunity. x.com/fail0verflow/status/95…
16 Jan 2018
In case it wasn't obvious, our Switch coldboot exploit:
* Is a bootrom bug
* Can't be patched (in currently released Switches)
* Doesn't require a modchip to pull off
x.com/fail0verflow/status/95…
27
156
473
24 Apr 2018
ShofEL2, a Tegra X1 and Nintendo Switch exploit fail0verflow.com/blog/2018/s… github.com/fail0verflow/shof…
22
344
740
23 Apr 2018
ShofEL2 also supports running Switch homebrew. Technically.
23
129
582
23 Apr 2018
In utterly, completely unrelated news, here's a sneak peak at a totally brand new Zelda game coming soon to Nintendo Switch.
37
213
836
23 Apr 2018
Protip for @arstechnica: this is Dolphin on Linux, not some dodgy China-only port for the Shield.
2
22
212
23 Apr 2018
Extra derp points because that China-only port was *Twilight Princess*, not *Wind Waker*.
2
2
102