Did CTurt steal some of his PS4 work from other scene hackers?


We are constantly looking for guest bloggers at wololo.net. If you like to write, and have a strong interest in the console hacking scene, contact me either with a comment here, or in a PM on /talk!

15 Responses

  1. Yifan Lu says:

    Some facts: multiple people independently knew about badiret. Some of these people also worked with CTurt. CTurt did not discover it on his own, but I believe he worked with others before working with flatz. Here’s the earliest known public record on exploiting badiret: https://twitter.com/Adam_pi3/status/640673161835470848

    Of everything that he’s published, his main contribution was finding the td_critnest offset. Most of the other things were public or done with help of others. However, synthesizing all that information from different sources was also a feat and he wrote a lot of the code from that information. It would not be fair to say he “stole” it.

    • HAXCKODE says:

      hay tantas cosas escondidas, algunos queremos fama, otros dinero para sobrevivir y otros simplemente nos ha enseñado la vida de que todo con esfuerzo se pueden lograr cosas grandes, claro cuando lo logras no falta el que dice que te copiaste de algo, pero que nuevo hay debajo del sol?

      • sceNamelessOrNot says:

        Well, I think flatz views (now downplayed for political correctness) are still valid, as Yifan indicated. Essentially, I wouldn’t consider CTurt the core developer of the exploit. He had a lot of help from far better people. He released short article(s) to gain what he seemed to be after from the get-go – publicity by a larger audience not propagate technical insights (think Hotz … not Graf).

        Looking at his twitter posts a while back and the references in the article, you need to realize that the original (full) Linux implementer of the exploit, advanced security researches and established members of the community have likely developed significant portions of the exploit (and the exec) while he was extremely lucky that they were all open with him. Yifan probably deserves a lot of credit for the prior works on exec and ROP (maybe more). And the professionals on the original (and the port of the) CVE.

        No doubt he seemed to have understood the exploit while doing the grunt-work of testing and probing and apparently was able to successfully use the resources (people) around him. However, whether or not his fame for the work (or “articles”) is well deserved is questionable. I personally think, the professionals just yielded the claim (as flatz hinted). I am not sure I would call this wrong or right, but it looks like strong “goal oriented” motives (again similar to Hotz).

        Still, the one thing HE – to some small degree – did and non of YOU other guys do is share these things openly. Regardless of whether or not he created them or how much. All you do is say “hush” on old CVEs and code execs of questionable further use, for no good reason. Because bad pirates and big bad Sony may come. Because you want to promote yourself. Because you want to find the exploit for the current firmware … bla bla. You still annoy me the most. If you are truly afraid, use technology to hide. Drop your fame names and release what you know. If you still need the “claim”, sign stuff with a private key and become a mystery.

        Better yet, have fun doing the work and drop the claims. If you collectively and publicly worked on the exploit from the get-go, with contributors and thousands of forkers, who should they come after?

        You are the collective sum of knowledge and thoughts you have received from society. For the rest of your existence, you should pay it back as best you can, or fail it. Regardless of what others (even the majority) lives out to do or promote. Turn gamers into intellectuals and codes by getting them interested. And take comfort in it. Maybe they will even notice and remember your significance. Even if it’s just one of them.

        Essentially, CTurt is as a symptom of a closed, money, fear, fame and arrogance guided society who is extremely brainwashed on the concept of being “first”. Join the rest of computer science out of the Microsoft-closed-source-buy-License-’90 – which now is called apple of course 😉

        Fu** money. Fu** fame. Have fun. Make people smart. Challenge the establishment or become a soulless fame-hipster.

        So long, fellow geeks. Going back to 1.048596 now. Tuturu.

        • sceNamelessOrNot says:

          Oh, and the YOU was (of course) not primarily (not even secondarily directed) towards Yifan who releases a shi*load of his work (thanks man!). It wasn’t even directed towards flatz work.

          YOU meant, the general state of sharing and explaining things to each other. There are no blogs active on the topics. There is nothing public. “Released” stuff is often binary. A bare minimum of unuseful things are on a wiki and behinds the scenes everybody goes “hush”. Nobody explains things to the public. Teaches. Guys are allowed to claim “exec” or “kernel” and then it is only shared behind the scenes and leaked to each other. Not released, even after months. Nobody talks about it because it’s “claimed”. That’s the YOU that disgusts me.

        • sceNamelessOrNot says:

          To make this even more clear:

          What may be improved is open sharing of code. But we have engaged people who do this very well.

          What is missing (!!) is open sharing of thoughts and the documentation and explanation of them (-> Graf). There are many people who could help on your repos. But they have view or no introduction points (of value) and no write-ups and digests. How can they join? If they can’t join, they play games. The scene has the unique position to be able to change young gamers into intelligent coders. But it requires digests.

  2. Xenomorph says:

    Fais moi confiance; les voleurs sont des voleurs. Je ne suis pas du tout surpris.
    Des gens comme eux devraient être mis de côté. Je devais aussi mes recherches avait volé de moi.

  3. flatz says:

    Yifan Lu was right.

    There were several independent groups who worked on this exploit and I was worked on it too. However, I’ve asked Cturt to delete my nickname to be safe from known problems, but unfortunately my real friend decided to bring troubles to me by leaking this chat, so now you know that I was a part of this challenge.

    Actually we have started to work on BSD exploit since September (iirc), when the security advisory or some crash POC (don’t remember which one) have been appeared. We have failed first tests, then pi3 have released a picture of his work on twitter. So I’ve decided to email him about several hints (because x86 architecture is almost new for me and he is known researcher who got some result) but continued tests by myself too. And he have replied me but asked about details (my current code or something, I don’t remember already). But I’ve got a success directly after his answer and some of guys from our group knows about it, so I’ve wrote pi3 about a success and it was my second and last message to him.

    On that time I had only a console with 2.xx firmware and without a possibility to run custom code (but only ROPs), so I wasn’t be able to port an exploit by myself. Some of our guys have started to do it but we had no luck on this time… After several days we have got a confirmation that BadIRET is working on PS4 and have been done by other people. So I’ve got a real opportunity to finish it too and got some useful hints from these people (thanks to them, and this is why I can’t say it is 100% my work and this is why I’m angry when people say “leaked flatz work”). So after that I’ve tried to find a victim console and got it after several days or week, then I was busy porting the working BSD code to PS4. It was a very patient and boring task so I’ve spent three days on it and then I’ve seen my first working kernel code on PS4. And this exploit was different from the one Cturt have (because there are two ways to do BadIRET magic) and it was based on the hint I’ve got before. I haven’t tried much to perform a different way of exploitation on PS4 (however, I have it working on BSD) because there were no benefits using it (kernel code already works). And this final exploit was private because some people asked me not to reveal it.

    From time to time I’ve spoken with Cturt and helped him on some aspects including BadIRET thingy and it was known to me that he is working with pi3. And because I can’t give hints on the final working exploit by the reason I’ve described previously I’ve gave him some hints about my BSD exploit which used a different way and this way of exploitation was completely mine. And I’ve asked him not to share it with others and not to do any talks. However this exploit wasn’t worked on my PS4 because I haven’t found a time to fix it but Cturt did it after some period of time.
    Of course, I haven’t been happy with these twitter and forum posts but I’ve calmed down after some time. It’s just a regular scene’s drama and we see it from time to time. And now I see this stupid action which was done by my real friend who wants to attact attention to my person without my agreement… That’s why I’ve decided to explain all this situation.

    1. PS4 exploit is not a result of one man’s work. It is a work which have been done by several independent developers and some of them are working together (including me).
    2. It is not true when someone say Cturt work is based on stolen work. It is based by hints (including parts of code), yes, but the final code is his work and he spent some time on it.
    3. Please, don’t *** developers with a such drama, they are working hard and most of them don’t want public attention due to different reasons.

    • B7U3 C50SS says:

      If i could thumb up your comment flatz i would. It seems like Cturt’s had enough of this game though, eh? Is it still fair to say that the there is no other way in besides BadIRET? Albeit I acknowledge that BadIRET is patched running on FW’s 2.00 and later. What about our good friend Mr. PARAM.SFO? 😛

    • Supremeone says:

      So can you shed some light on why he suddenly bail out?, he seem to love attention so why suddenly chicken out when all of the attention is at him right now.

  4. Tail870 says:

    Better not to believe vk.com . . .

  5. Zeke says:

    Well that’s that myth debunked then, if flatz and Yifan both agree it’s a collab and CTurt clearly credits the latter (and would have for the former if he hadn’t asked for his handle to be left off the work) so I don’t think there’s any stealing going on at all. Makes sense for hackers with a common goal – in this case running homebrew on the PS4 – to pool their resources and it looks like that’s exactly what has been done. No fuss, no drama. Just something that raises a smile for us PS4 owners… I wouldn’t have expected any news on working PS4 exploits for at least another year so I’m impressed 🙂

  6. MysteriousShadow says:

    I don’t understand this. Maybe it’s just me, but why should fame and recognition matter when the overall goal is to open up the console to homebrew and complete usage of the hardware? To me, the recognition of enabling the hardware to be used to its fullest extent far outweighs the recognition of discovering these capabilities.

  7. Sk8 says:

    Someone will be possible to release a jailbreak P4 those days now?