Page 4 of 6

Re: 8 full Kxploits Patched by Sony

Posted: Tue Jan 29, 2013 10:12 pm
by Acid_Snake
yeah that was the problem with those kxploits, yes they were 10, but you release on and sony will patch all the others, the good thing is that we were able to release the best ones, as the other 8 required an active wifi connection

Re: 8 full Kxploits Patched by Sony

Posted: Tue Jan 29, 2013 11:44 pm
by hgoel0974
wololo wrote:
hgoel0974 wrote:So, what you guys mean is that if that kexploit hadn't been leaked we would probably have more kexploits and a more 'secure' future in terms of eCFW?

sigh... Another way Sam Jordam ruined us :x
Well, not really. Leaked or releaased, the end result would have been the same, I always assumed sony would have patched them all at once.
But you devs could have probably kept those exploits hidden and released exploits which were in much 'safer' modules ;)
But I hope that you guys had more kexploits than that, even though they are rare, not because I want you to release them but because that way we can be sure that we still have some control ;)

Re: 8 full Kxploits Patched by Sony

Posted: Wed Jan 30, 2013 9:59 am
by jigsaw
hgoel0974 wrote: But I hope that you guys had more kexploits than that, even though they are rare, not because I want you to release them but because that way we can be sure that we still have some control ;)
Yes we do have control. There are more than one useful kxploits in the wild.
However, it seems that devs are losing interests in looking for more, for different reasons, either work-life-balance or shifting to targeting psv native exploit.

btw, one more post and i'll have a byte-overflow exploit. :lol:

Re: 8 full Kxploits Patched by Sony

Posted: Thu Jan 31, 2013 4:27 am
by lol x
wololo wrote:
yifanlu wrote:Were these 12 dependent on one bug? Since they just happened to all be inside kermit_wlan...
From my understanding, they were more like the same noob issue spread throughout the entire module (as if the person who coded the kermit_wlan didn't understand how psp kernel security works, from what I've been told). Somebody probably was clever enough to review the entire file instead of only one function, or fixed the problem at the source. Note that I haven't seen the actual exploits (they have just been described to me) so my understanding might be incorrect.
AND
wololo on his blog wrote: You will notice that Total_Noob mentions that Coldbird got access to his exploit from a “trusted” person on the scene. That person is me, and I broke the trust TN put in me by doing so. I already apologized to Total_Noob for this, but more explanations and a public apology will come in another post. What I think is important to mention for now is that Coldbird’s CFW (the thing that was leaked) was actually not using TN’s exploit.
so coldbird's(or whoever he names) exploit was just basically the same total noob's exploit??

Re: 8 full Kxploits Patched by Sony

Posted: Thu Jan 31, 2013 4:45 am
by wololo
lol x wrote: so coldbird's(or whoever he names) exploit was just basically the same exploit??
No. At best, they were relying on the same "global" mistake in the kermit wlan implementation.

What happened with Coldbird, TN, and me is basically the following: Pro team started working on ARK a very long time ago (almost a year ago). They had access to a few kernel exploits from trusted people, but these trusted people did not want their exploits to be made public. Pro team was therefore looking for a publicly releasable kexploit, otherwise their work would be kind of wasted. In the meantime, they were making progress on porting Pro CFW to the vita, relying on those "not to be released" kexploits.
A few months later, TN Sent me his kexploit, and I sent it to Coldbird, so that Pro team would adapt ARK to it, with the explicit agreement that this would not be released until TN would make his own work public (which, at this point, we were not sure would ever happen, but we thought it would be doable to convince TN to release by December 2012, which sounded like a nice anniversary date for the Vita). I did not tell TN that I had sent his exploit to Coldbird.

While time was going on, Pro team kept improving Ark, and we were waiting to see a move on TN's end. Progressively though, additional kernel exploits were found, in particular the series of wlan kermit exploits were found by Yosh (and probably other people found some of these in parallel, independently).
By that time, the Pro team therefore had access to dozens of kexploits, some of them with no plans to release per their authors' wishes, others ok to be released (yosh's ones, mostly), and others such as TN's one which remained to be "convinced". ARK was built around that modularity of kernel/user exploits, in a way that would make it easy to port to more exploits.

As I was trying to convince TN to release his work, ARK got leaked, and it turns out some of the logic of the leaked work came from TN's exploit. Is it because Pro took inspiration from TN's work in order to guarantee ARK would be compatible with CEF? Is it because all wlan exploits were basically the same? I never investigated myself, all I have is Coldbird's word that they didn't need TN's work anymore because they had lots of other kexploits, and on the other hand TN's word that the leaked kxploit looked suspiciously similar to his work. Obviously, I shouldn't have given TN's kexploit to Coldbird in the first place, but he is the guy I trust the most in the scene, so if he tells me Ark was not reusing TN's work, I believe him more than whatever other people will tell me. I believe the nuance here is about what was reused eventually. I am assuming Pro didn't directly reuse TN's kexploit, but were using some of his ideas, somewhere. Coldbird would probably have more details if he was still around.

Re: 8 full Kxploits Patched by Sony

Posted: Thu Jan 31, 2013 5:06 am
by lol x
so it was a coincidence that yosh found the exploit(s), or did he take help from TN's exploits to find his exploit series?

maybe when you handed it to coldbird,he may have handed it to yosh and others who got inspired by the global mistake

Off topic: I completely understand that why you trust coldbird so much and why you didn't tell about that to total noob,so don't take my post an insult or an accusation, it was just an clarification on the recent events.

Re: 8 full Kxploits Patched by Sony

Posted: Thu Jan 31, 2013 5:10 am
by wololo
As far as I know, yosh worked on this completely independently. I'm not even sure anyone besides me and Coldbird knew about TN's kxploit

Re: 8 full Kxploits Patched by Sony

Posted: Thu Jan 31, 2013 5:23 am
by lol x
wololo wrote:As far as I know, yosh worked on this completely independently. I'm not even sure anyone besides me and Coldbird knew about TN's kxploit
Thank you for the clarification(s).

one last thing-
coldbird on his blog wrote: One of those people involved in the leak, tricked through social engineering to leak the Prototype, was frostegater, a person initially part of the well known TN-Camp.
I dont get it,frostegator is a talented dev,even wrote guides on finding exploits,gets *** off like that.
With his skills, and the exploit in TN-C(for old firmware),exploit (global mistake) hunting must have been child's play.

Re: 8 full Kxploits Patched by Sony

Posted: Thu Jan 31, 2013 5:37 am
by wololo
lol x wrote: one last thing-
coldbird on his blog wrote: One of those people involved in the leak, tricked through social engineering to leak the Prototype, was frostegater, a person initially part of the well known TN-Camp.
I dont get it,frostegator is a talented dev,even wrote guides on finding exploits,gets *** of like that.
With his skills, and the exploit in TN-C(for old firmware),exploit (global mistake) hunting must have been child's play.
This is fairly complex. All people have different affinities, and I think a mix of "I don't really like the Pro team" and "I want to understand how this thing work" led a few people to work together on trying to break the ARK encryption. This led one guy (sam jordam) to take advantage of the entire situation. He pretended he would help them work on this, but just wanted to get the files and leak them. Which I believe was never The Z or frostegater's plan. They just wanted to privately investigate ARK, just like Pro team had been privately investigating TN's kexploit.

It's quite obvious that all hackers in the scene will, one way or another, get access to other people's work. I'm not saying it is accepted by everybody, but it happens. Usually people don't like to know their secret ongoing work has been given to another guy (like I did for TN's exploit when I gave it to Coldbird), but overall I think everybody knows this happens. What sucks however is when those hackers start trusting random people, like what happened when The Z and frostegater trusted random beta testers to investigate work that wasn't theirs in the first place. One of these second-hand beta testers was Sam Jordam. What sucks even more is that I already knew at the time he was up to no good, and if the Z had let me know about his project, I would have told him to not trust sam jordam. Of course, The Z couldn't let me know about this, because he wasn't supposed to be in possession of ARK files in the first place, and he knew I would have reported that to Coldbird at the time.

Isn't scene drama pretty awesome? :)

Re: 8 full Kxploits Patched by Sony

Posted: Thu Jan 31, 2013 5:56 am
by lol x
wololo wrote: They just wanted to privately investigate ARK, just like Pro team had been privately investigating TN's kexploit.
But it would have been fair,if pro team mentioned that they came to know about the "global" mistake behind kexploit first from total noob, rather than hitting him back by posting that "TN-CAMP".

Off topic:
wololo wrote:Isn't scene drama pretty awesome?
Yes, when you get 4 warnings from a fan-boy,and he himself uses " F*** OFF "(uncensored) in his pm,gives 2 warnings for reportng it,one for double posting and one for using **** Image

Edit:A cool mod Xian removed one warning