Console hacker, former Kaspersky Team Lead of Exploits & Network Threat Detection, security researcher. For tips (thx!): ko-fi.com/flatz
Joined December 2008
- Tweets 564
- Following 1,213
- Followers 12,586
- Likes 9,907
11 Photos and videos
Aleksei Kulaev retweeted
Apr 29
7
18
67
9,288
Aleksei Kulaev retweeted
Apr 28
ps5-linux has been released! You can now turn your PS5 Phat console on 3.xx and 4.xx FWs into a fully functional Linux PC gaming device!
github.com/ps5-linux/ps5-lin…
122
712
5,584
467,407
Aleksei Kulaev retweeted
Mar 15
Method we used (>5 years ago, now) on ps5 to fiddle with mp4 and hv memory: github.com/fail0verflow/pros…
hope it helps for linux!
17
112
693
137,388
Aleksei Kulaev retweeted
Mar 6
I ported Linux to the PS5 and turned it into a Steam Machine. Running GTA 5 Enhanced with Ray Tracing. 🤯
499
1,707
18,482
2,277,947
22 Feb 2025
This is funny, just found an easter egg in Siglent oscilloscope that contains Super Mario game available through Web interface.
12
19
192
35,049
Here's the link to the tool I meant to release at the end: github.com/symbrkrs/ps5-uart
It makes fiddling with EMC/EFC/EAP easy, have fun!
10
42
206
45,368
Having a great time at #TheSAS2024 ! You find find slides for my talk here: symbrk.rs/presentations/Beyo… I didn't get through all slides...😅
3
36
151
47,798
Aleksei Kulaev retweeted
23 Oct 2024
Living legend Shawn Hoffman @shuffle2, who extracted all keys from crypto processors of all video game consoles, talks at #TheSAS2024 about hacking PlayStation 5 chips
1
14
98
30,069
Aleksei Kulaev retweeted
23 Oct 2024
Lars Fröder @opa334dev, creator of the Dopamine jailbreak, on stage to talk about iOS hacking in 2024 #TheSAS2024
2
27
290
70,600
9 Oct 2024
There are a few ways on PS5 to defeat HV. One of methods that I've found was related to APIC: struct apic_ops is located in RW segment of kernel data. With KRW you can overwrite a function pointer inside it like xapic_mode and get into ROP, for example (just need to bypass CFI).
33
59
579
71,709
9 Oct 2024
Then, after you do suspend/resume cycle your code will be executed before HV restarts and you can apply kernel patches, etc.
11
13
254
27,724
9 Oct 2024
By the way, it's not the method that has been patched in 5.00. Actually I'm not even sure if has been patched at all, needs testing for which I don't have spare time now. Maybe someone can do it.
22
17
294
31,903
Aleksei Kulaev retweeted
23 Sep 2024
Beyond Oberon: Exploiting PlayStation 5's EFC and EMC by Shawn Hoffman @shuffle2 #TheSAS2024 thesascon.com/ 👀
10
34
214
61,549
14 Sep 2024
Well, this is PS5's umtx exploit for BD-J (a part related to the exploit actually): gist.github.com/flatz/89dfe9…
21
76
469
84,108
Aleksei Kulaev retweeted
14 Sep 2024
want to play with the fbsd umtx exploit? check out github.com/fail0verflow/ps5-…
20
122
606
101,889
31 Jul 2024
Hello, folks. I'm in Serbia/UAE nowadays and looking for new job opportunities in info security. Remote jobs are currently preferred. CV: github.com/flatz/cv
17
50
221
67,957
Aleksei Kulaev retweeted
30 Apr 2024
Decided to publish PPPwn early. The first PlayStation 4 Kernel RCE. Supporting FWs upto 11.00.
github.com/TheOfficialFloW/P…
332
922
4,644
629,155
28 Feb 2024
On 4800s the Nuvoton chip marked 5565D-M was used as multi-controller. Unfortunately, there is no datasheet for it and its pinout very differs from all public datasheets of similar chips that I can find.
3
1
66
14,262
28 Feb 2024
After a week of guessing, bruteforcing, reflashing BIOS (where I put my PSP payload) and observing LPC bus using Logic Analyzer, I was able to find a combination of register/bits that needed to be toggled to activate UART.
1
3
71
13,257
28 Feb 2024
Finally, I have proper read/write/call primitives running via UART server from my PSP payload that works in SVC mode.
3
2
89
13,255