Chaitin tech: “the bugs we used in the PS4 4.01 Jailbreak will be reported to Sony”
Chinese hackers of the Chaitin Tech security research lab stormed the PS4 scene yesterday by revealing a new PS4 Jailbreak on firmware 4.01 (the latest firmware at the time of their Demo, but Sony published firmware 4.05 earlier today).
PS4 Jailbreak 4.01 – Details will be disclosed to Sony
Today, what appears to be their twitter account (newly created, so take with a pinch of salt) announced that they will disclose to Sony the exploits used in the Jailbreak, per the rules of the GeekPwn hacking contest. Yup, your hopes for a cool release are probably down the drain.
According to the rule of @GeekPwn hacking contest, the bugs we used in jailbreaking PS4 will be reported to @Sony.
— Chaitin Tech (@ChaitinTech) October 25, 2016
This generated some mini drama from some veterans of the PS3/PS4 scene, in particular with evilsperm of Rebug fame stating: “congrats on fully burning a sploit, which were pretty sure others found months ago! I’m sure the payout was ***”
In other words, there’s some concern that the exploit here could have been used by the scene, and will instead be patched by Sony. One benefit for the scene at this point is that some teams who have been using the same exploits might decide to release it for people running on 4.01 or lower. For that we’ll have to wait and see.
This statement from Chaitin Tech actually is suspiciously timely given that Sony released update 4.05 to the PS4 a few hours ago. Although no confirmation has been given yet, there’s a possibility the exploit is already patched.
PS4 4.01 Jailbreak – more details on the hack
Chaitin Tech have published more videos (this time on youtube) showcasing their exploit with slightly more details and an English translation. They also confirmed they used FailOverfl0w’s Linux implementation to run their demo. There’s no details on a potential release for this Jailbreak, however.
Source: Chaitin Tech on twitter
Pathetic, like that Rebug guy said, I hope the payout was good enough to f**k over a whole community of homebrew and emulator enthusiasts…
it always is. I would take money over whiny entitled noobs complaining about being able to use game backups daily
why? its there job. Afterall they work for a cyber security Company.
I agree. They work in cyber sec, if they found the exploit they have every right to report it and get it patched. They found it. Their choice.
I’d do the same, take mkney and improve security than release it so it’s explpited into piracy by others.
Because bottom line that’s what always happens.
I hate it when homebrew and emulator kiddies cry over this..if they want an exploit so bad they should go find it themselves…
There’s also tons of other devices to play homebrew on, including a phone….
grow up loser
Man, these guys are idiots.
why? Its there shop. They work for a cybe security company.
*why? its there job. Afterall they work for a cyber security Company.
*their
thanks
If it was really discovered by someone else months earlier than this hacker group, they would be sc*** some hard work.
Hope it’s not the case.
It’s funny how you guys want a free handout of something a team doesn’t have to release to you. grow up already.
this
What do you expect when they taunt people with it? If their only interest was in reporting it to Sony they could and should have done so quietly.
Why wouldn’t cyber security firm use being good at their job as advertising?
I don’t know what you see happening here, but what I see is a outside company sc*** us over by purposefully throwing away what may be a Important exploit to the devs that give us all our homebrew, exploits, and Linux. Also, lol Wololo, fix your site, I clicked reply and it let me post as someone else and exposed their personal E-Mail. -Kira Slith
wooow just handing it out to playstation great job 😉
Yes. How dare they… -_- They don’t owe you a thing.
I disagree with evilsperm. If I find an exploit, I can do what ever I want with it! These guys decided to use it in a GeekPwn contest (Which is awesome)! Do you know who’s *** the scene up? People with these exploits that have no intention of releasing it. I want to see homebrew so badly on my PS4! I hope this exploit is released to the public (Since I’m sure Sony patched it). At least it will finally get the ball moving (Since the last public exploit is only functional on firmware 1.76)!
I’m sure these clowns ain’t the only ones with this exploit
https://www.psxhax.com/threads/entry-point-used-by-chaitin-tech.938/
yeah 😀 this year christmas falls earlyer….
https://www.psxhax.com/threads/entry-point-used-by-chaitin-tech.938/
Category: core
Module: kernel
Announced: 2016-10-25
Credits: Core Security, ahaha from Chaitin Tech
Affects: All supported versions of FreeBSD.
This vulnerability could cause the kernel to panic. In addition it is
possible to perform a local Denial of Service against the system by
unprivileged processes.
https://www.freebsd.org/security/advisories/FreeBSD-SA-16:15.sysarch.asc
We will never see a release
I think that’s completely fine.
If they discovered the exploit by themselves, they can do whatever they want with it.
If they received help from other people who didn’t want the exploit explained to Sony, that’s different.
Find your own exploit and then you can choose what to do with it.
It may actually get released to the public now instead of being horded by a select few. I mean really, do you think that any of us would have benefited from this exploit if it had not been disclosed to Sony? No. They would have sit on it for themselves, which is perfectly fine, until Sony patched it themselves. At least now maybe the community that didn’t update can get some use from it.
How are people sticking up for them saying they don’t owe us anything? They’ve caused many possibilities to be lost and if they had to inform sony they should of done it quietly.
Why did you people come to this website in the first place if you support people trying to stop the stuff wololo reports on?
This comment sums up the whole drama on this post.
word up son!
I wonder if this has anything to do with the “Dirty COW,” Linux kernel security flaw (CVE-2016-5195). Exploit has been used to hack multiple forms of linux based hardware like android phones… I’m assuming Sony made their latest update patch based off of this since PS4 is a linux based OS.
“How are people sticking up for them saying they don’t owe us anything?”
Because they don’t owe you anything?
“Why did you people come to this website in the first place if you support people trying to stop the stuff wololo reports on?”
OK, you seem to be having trouble understanding a basic fact of life. If you want to clean someone’s house for free, that’s up to you. If you want to be paid instead, that’s also your choice – you are the one doing the work. It isn’t up to the person who owns the house. Now you want anyone who works in the security field to donate all their work to you for free, and then live in a doorway somewhere. You want an exploit for your ps4 so you can nick games? Fine. That simply does not equate to expecting anyone whose efforts uncovered that exploit to be required to give it to you for free so you can pirate stuff. If you don’t understand that, good luck surviving in the adult world.
Did they discover it themselves, or rediscover, or? Also this is like complaining about behavior of Apple on Mac Rumors site. Most of the users here are going to be anti-Sony, regarding security. XD
Also, there’s ways even if you’re careful, of Sony figuring out what you did in a demo.
I wonder, how many are really interested in running (im saying running not developing) homebrew on home consoles these days? With the psx, ps2, xbox, gc and wii there was a real interest in running emulators and homebrew, since there werent any easy way to run the programs in a CRT TV with a decent gamepad. But these days with HDMI, and HD, FHD and 4K led TVs, a cheap PC can run most of the emulators you would run (from atari 2600 or NES/MS to Dreamcast) and for indie game developers is mostly the same, with xinput and almost every console gamepad being easy to use on a PC, anything but.wii u (with the pad) and handhelds seem kinda futile for the common user, we mostly use those hacks to pirate the games.
The only real legit users of those exploits are developers that want to learn the hardware, but us common folks?
Well said!
Actually, emulators and homebrews, whether we like it or not are just lame excuses to continue hacking the consoles with the feels of not having to violate anything or having no illegal actions. We just want to convince ourselves that hacking is not bad because of a good intentions, but it all boils down to playing free games anyway.
I know a lot people will disagree with this and instead fight with their right to run homebrews 🙂 but lets just be honest, playing pirated games is more satisfying… That’s why I never bought PS3 and PS4 up until now and instead built my own gaming pc with all the money saved from not buying consoles. There are lot more games on the PC to keep me busy and entertained without actually buying those games. I wont be playing them like forever anyway, just for the story and move on to other games. I had tons and tons of fun playing games on my wii, ps2 and a mid range laptop the past few years.
Like it or not, console hardware becomes more popular when its actually hackable. face it. prices even went crazily high for the hackable ps3 until now. that’s reality. games developer gets f***ed up anyway because of hacks. haha!! poor people. And there are more people who dont want to pay for games that they want to play than those who are willing to buy them. Finding and playing cracked games maybe more inconvenient but the money that is virtually saved by not purchasing the game is kinda worth it. unless i plan to play the game online with all the features, ill buy the game. 😉
If this is the same exploit the devs have been using in private to discover more PS4 exploits this goes beyond just “doing their jobs” to being outright destructive, Sony never hired them to do this, and using FailOverflow’s kernel more or less belongs broadly to the community they are unintentionally or intentionally damning for some prize money.
Yeah evilsperm, cry us a river. I bet he’s just mad that he himself couldn’t sell it for a pile of cash. What’s up with people these days? Hackers chose to not share their exploits anymore, for whatever reason. They just wait, probably sell it to espionage teams or gov and contribute nothing to what was once a scene. Then someone releases an exploit or sells it to Sony and everyone throws a fit. Guess what baby, they can do what they want with their work. Sorry for the selected 100 people on this planet who can’t make money with that exploit anymore. That’s the problem these days: hackers who cared for fame got replaced with greedy it sec professionals with “scene” names. And every time something gets released some sore loser “leaves the scene for good” only to come back after 2 weeks (under different name) only to contribute next to nothing.
Lucky me just turned on my ps4 first time in 2 months im on 4.01 🙂
Guess il have to wait and hope someone else will figure out the 4.01 exploit