Did CTurt steal some of his PS4 work from other scene hackers?
Aaah, Drama, it’s been a while you hadn’t shown your friendly face.
Screenshots are surfacing from vk.com, a popular social Media in Eastern Europe, about a conversation allegedly between FlatZ and a friend of his, in Russian. It appears CTurt might have used lots of knowledge from others for the PS4 Kernel exploit, that he was not really supposed to disclose, and this *** some people off.
Update: both flatz and CTurt have come back with comments. Flatz stated on ps3hax that although this conversation is real, it was not intended to be made public.
it wasn’t only my work, why the heck people pull phrases out of context? and it wasn’t leaked, Cturt has its own code but i’ve helped him and asked him not to share my stuff and not to do public talks. that’s all. now some my friends decided to leak my private chats, that’s “great”… why the heck everyone needs a public attention? i’m done any deal with such people…
CTurt, on his side, confirmed his group had the Kernel exploit before flatz was involved (proof here), that the exploit was built using his (CTurt’s) SDK, and that flatz indeed helped on some aspects of the vulnerability later on. As examples, CTurt mentioned that the critnest offset was found by himself through trial and error, and the sysctl trick did not come from flatz. Both of these are described in detail in his article.
CTurt confirmed that the two have spoken privately and that the issue was resolved a while ago. The discussion is several days old and the two hackers have resolved this conflict before this private discussion was published. As a mater of fact, CTurt published his Kernel exploit explanation after the two had settled the argument, and with flatz’s approval. He posted a full statement on GBATemp.
The original article:
PS3Hax have a (poorly, automated) translated version:
[15.12.2015 12:34:48] Igor Dolgopolov: Well ka tell why right now, the way it went plum) what for?)
[15.12.2015 12:39:01] flatz: because this first **** *** decided to become famous in the internet, but asked him not to spread
[15.12.2015 12:40:00] Igor Dolgopolov: I thought so … but in the end he turned out to be something? Well you said you were working and only one person?
[15.12.2015 12:40:04] Igor Dolgopolov: or that he is?
[15.12.2015 12:40:48] flatz: Well, I work alone, just helped him, dopomagalsya called. I took my code and now everyone thinks he did it
[15.12.2015 12:41:05] flatz: no, this other person does cturt
[15.12.2015 12:41:24] flatz: now regret that contacted him at all
[15.12.2015 12:41:43] flatz: the people with whom I work schA other things deals
[15.12.2015 12:42:01] Igor Dolgopolov: the people with whom I work schA other things zanimaetsyaa why he does not shine?
[15.12.2015 12:42:18] Igor Dolgopolov: Well vsmysle not laid out as is
[15.12.2015 12:43:06] flatz: early spread, it is necessary to start to break a garbage can, and that’s when Buda
[15.12.2015 12:43:12] flatz: but right now it is useless, but worse afford to do
[15.12.2015 12:43:17] flatz: Well, in principle, have already made
[15.12.2015 12:43:30] flatz: schA Sony stupidly change the keys that I have, and algorithms, while working Caique
[15.12.2015 12:43:40] flatz: *** and then I could Th
[15.12.2015 12:44:04] Igor Dolgopolov: Well, in principle, already sdelalinu here … yes the PS3 although they did not seem to have changed their
[15.12.2015 12:44:07] Igor Dolgopolov: there may well be
[15.12.2015 12:44:15] flatz: and the people finally he did little Th. all based on the work of other people
[15.12.2015 12:44:31] flatz: ps4 on many Che changed in the new firmware
[15.12.2015 12:45:09] Igor Dolgopolov: PS4 to have changed a lot in the new Che proshivkahnu much it’s okay, most importantly to the crypt and encrypt anything fundamentally has not changed, right … Well, I understand?
[15.12.2015 12:46:50] flatz: there is just changing things
[15.12.2015 12:48:08] Igor Dolgopolov: Opensource projects, eh … what for it is necessary only to them, the same is not accepted to do … weird. really special because of leaks
[15.12.2015 12:49:55] flatz: Sony has promised a large selection of exclusives for the PlayStation 4 in 2016
So, err, this kind of warrants a second layer of translation here, but here is my understanding: Basically, Flatz is saying Cturt revealed the PS4 Kernel exploit for fame, but it was not his work and he had not been authorized to disclose it (which he did in details earlier this week). More specifically, flatz states the code is his, in this conversation; and he regrets sharing it with CTurt. The discussion moves on to concerns that Sony could change some of their internal PS4 security and encryption after the PS4 Kernel exploit reveal, but that so far these fundamental systems have apparently not changed.
Flatz is a popular hacker of the PS3 Scene. He is, among other things, behind the IDPStealer tool. It would not be surprising that he his behind some of the research on the PS4.
This conversation is nothing confirmed and all of this is at rumor level at this point. However PlaystationHax confirm from discussions with other hackers that this matches the general consensus.
From a *** scene site, but from those logs and from correspondence i have had with sceners, the case is true pic.twitter.com/HaJEzoIgvE
— PlayStationHaX (@PlayStationHaX) December 20, 2015
The conspiracy theorist in me says there are 2 ways things might have happened: CTurt was a scapegoat from a larger loose group of hackers who did not want their names publicly revealed so that they could work in the shades and/or avoid any legal repercussion, OR, as often happens in the hacking scene, the boundaries of “what is yours, what is mine” within hackers were fuzzy. Given the length and details at which CTurt explained the hack, there is no question to me that he’s put a decent amount of work in understanding and exploiting the vulnerability. That others hackers have helped him along the way and feel this is largely their work, is also understandable. My own experience with HBL has shown me that many hackers/developers have a disproportionate vision of how much they contributed to a given project (this is true both ways), so this kind of situation is not really surprising.