Did CTurt steal some of his PS4 work from other scene hackers?
Aaah, Drama, it’s been a while you hadn’t shown your friendly face.
Screenshots are surfacing from vk.com, a popular social Media in Eastern Europe, about a conversation allegedly between FlatZ and a friend of his, in Russian. It appears CTurt might have used lots of knowledge from others for the PS4 Kernel exploit, that he was not really supposed to disclose, and this *** some people off.
Update: both flatz and CTurt have come back with comments. Flatz stated on ps3hax that although this conversation is real, it was not intended to be made public.
it wasn’t only my work, why the heck people pull phrases out of context? and it wasn’t leaked, Cturt has its own code but i’ve helped him and asked him not to share my stuff and not to do public talks. that’s all. now some my friends decided to leak my private chats, that’s “great”… why the heck everyone needs a public attention? i’m done any deal with such people…
CTurt, on his side, confirmed his group had the Kernel exploit before flatz was involved (proof here), that the exploit was built using his (CTurt’s) SDK, and that flatz indeed helped on some aspects of the vulnerability later on. As examples, CTurt mentioned that the critnest offset was found by himself through trial and error, and the sysctl trick did not come from flatz. Both of these are described in detail in his article.
CTurt confirmed that the two have spoken privately and that the issue was resolved a while ago. The discussion is several days old and the two hackers have resolved this conflict before this private discussion was published. As a mater of fact, CTurt published his Kernel exploit explanation after the two had settled the argument, and with flatz’s approval. He posted a full statement on GBATemp.
The original article:
PS3Hax have a (poorly, automated) translated version:
[15.12.2015 12:34:48] Igor Dolgopolov: Well ka tell why right now, the way it went plum) what for?)
…
[15.12.2015 12:39:01] flatz: because this first **** *** decided to become famous in the internet, but asked him not to spread
[15.12.2015 12:40:00] Igor Dolgopolov: I thought so … but in the end he turned out to be something? Well you said you were working and only one person?
[15.12.2015 12:40:04] Igor Dolgopolov: or that he is?
[15.12.2015 12:40:48] flatz: Well, I work alone, just helped him, dopomagalsya called. I took my code and now everyone thinks he did it
[15.12.2015 12:41:05] flatz: no, this other person does cturt
[15.12.2015 12:41:24] flatz: now regret that contacted him at all
…
[15.12.2015 12:41:43] flatz: the people with whom I work schA other things deals
[15.12.2015 12:42:01] Igor Dolgopolov: the people with whom I work schA other things zanimaetsyaa why he does not shine?
[15.12.2015 12:42:18] Igor Dolgopolov: Well vsmysle not laid out as is
[15.12.2015 12:43:06] flatz: early spread, it is necessary to start to break a garbage can, and that’s when Buda
[15.12.2015 12:43:12] flatz: but right now it is useless, but worse afford to do
[15.12.2015 12:43:17] flatz: Well, in principle, have already made
[15.12.2015 12:43:30] flatz: schA Sony stupidly change the keys that I have, and algorithms, while working Caique
[15.12.2015 12:43:40] flatz: *** and then I could Th
[15.12.2015 12:44:04] Igor Dolgopolov: Well, in principle, already sdelalinu here … yes the PS3 although they did not seem to have changed their
[15.12.2015 12:44:07] Igor Dolgopolov: there may well be
[15.12.2015 12:44:15] flatz: and the people finally he did little Th. all based on the work of other people
[15.12.2015 12:44:31] flatz: ps4 on many Che changed in the new firmware
[15.12.2015 12:45:09] Igor Dolgopolov: PS4 to have changed a lot in the new Che proshivkahnu much it’s okay, most importantly to the crypt and encrypt anything fundamentally has not changed, right … Well, I understand?
[15.12.2015 12:46:50] flatz: there is just changing things
[15.12.2015 12:48:08] Igor Dolgopolov: Opensource projects, eh … what for it is necessary only to them, the same is not accepted to do … weird. really special because of leaks
[15.12.2015 12:49:55] flatz: Sony has promised a large selection of exclusives for the PlayStation 4 in 2016
So, err, this kind of warrants a second layer of translation here, but here is my understanding: Basically, Flatz is saying Cturt revealed the PS4 Kernel exploit for fame, but it was not his work and he had not been authorized to disclose it (which he did in details earlier this week). More specifically, flatz states the code is his, in this conversation; and he regrets sharing it with CTurt. The discussion moves on to concerns that Sony could change some of their internal PS4 security and encryption after the PS4 Kernel exploit reveal, but that so far these fundamental systems have apparently not changed.
Flatz is a popular hacker of the PS3 Scene. He is, among other things, behind the IDPStealer tool. It would not be surprising that he his behind some of the research on the PS4.
This conversation is nothing confirmed and all of this is at rumor level at this point. However PlaystationHax confirm from discussions with other hackers that this matches the general consensus.
From a *** scene site, but from those logs and from correspondence i have had with sceners, the case is true pic.twitter.com/HaJEzoIgvE
— PlayStationHaX (@PlayStationHaX) December 20, 2015
The conspiracy theorist in me says there are 2 ways things might have happened: CTurt was a scapegoat from a larger loose group of hackers who did not want their names publicly revealed so that they could work in the shades and/or avoid any legal repercussion, OR, as often happens in the hacking scene, the boundaries of “what is yours, what is mine” within hackers were fuzzy. Given the length and details at which CTurt explained the hack, there is no question to me that he’s put a decent amount of work in understanding and exploiting the vulnerability. That others hackers have helped him along the way and feel this is largely their work, is also understandable. My own experience with HBL has shown me that many hackers/developers have a disproportionate vision of how much they contributed to a given project (this is true both ways), so this kind of situation is not really surprising.
source: vk.com via PlaystationHax
Some facts: multiple people independently knew about badiret. Some of these people also worked with CTurt. CTurt did not discover it on his own, but I believe he worked with others before working with flatz. Here’s the earliest known public record on exploiting badiret: https://twitter.com/Adam_pi3/status/640673161835470848
Of everything that he’s published, his main contribution was finding the td_critnest offset. Most of the other things were public or done with help of others. However, synthesizing all that information from different sources was also a feat and he wrote a lot of the code from that information. It would not be fair to say he “stole” it.
hay tantas cosas escondidas, algunos queremos fama, otros dinero para sobrevivir y otros simplemente nos ha enseñado la vida de que todo con esfuerzo se pueden lograr cosas grandes, claro cuando lo logras no falta el que dice que te copiaste de algo, pero que nuevo hay debajo del sol?
Well, I think flatz views (now downplayed for political correctness) are still valid, as Yifan indicated. Essentially, I wouldn’t consider CTurt the core developer of the exploit. He had a lot of help from far better people. He released short article(s) to gain what he seemed to be after from the get-go – publicity by a larger audience not propagate technical insights (think Hotz … not Graf).
Looking at his twitter posts a while back and the references in the article, you need to realize that the original (full) Linux implementer of the exploit, advanced security researches and established members of the community have likely developed significant portions of the exploit (and the exec) while he was extremely lucky that they were all open with him. Yifan probably deserves a lot of credit for the prior works on exec and ROP (maybe more). And the professionals on the original (and the port of the) CVE.
No doubt he seemed to have understood the exploit while doing the grunt-work of testing and probing and apparently was able to successfully use the resources (people) around him. However, whether or not his fame for the work (or “articles”) is well deserved is questionable. I personally think, the professionals just yielded the claim (as flatz hinted). I am not sure I would call this wrong or right, but it looks like strong “goal oriented” motives (again similar to Hotz).
Still, the one thing HE – to some small degree – did and non of YOU other guys do is share these things openly. Regardless of whether or not he created them or how much. All you do is say “hush” on old CVEs and code execs of questionable further use, for no good reason. Because bad pirates and big bad Sony may come. Because you want to promote yourself. Because you want to find the exploit for the current firmware … bla bla. You still annoy me the most. If you are truly afraid, use technology to hide. Drop your fame names and release what you know. If you still need the “claim”, sign stuff with a private key and become a mystery.
Better yet, have fun doing the work and drop the claims. If you collectively and publicly worked on the exploit from the get-go, with contributors and thousands of forkers, who should they come after?
You are the collective sum of knowledge and thoughts you have received from society. For the rest of your existence, you should pay it back as best you can, or fail it. Regardless of what others (even the majority) lives out to do or promote. Turn gamers into intellectuals and codes by getting them interested. And take comfort in it. Maybe they will even notice and remember your significance. Even if it’s just one of them.
Essentially, CTurt is as a symptom of a closed, money, fear, fame and arrogance guided society who is extremely brainwashed on the concept of being “first”. Join the rest of computer science out of the Microsoft-closed-source-buy-License-’90 – which now is called apple of course 😉
Fu** money. Fu** fame. Have fun. Make people smart. Challenge the establishment or become a soulless fame-hipster.
So long, fellow geeks. Going back to 1.048596 now. Tuturu.
Oh, and the YOU was (of course) not primarily (not even secondarily directed) towards Yifan who releases a shi*load of his work (thanks man!). It wasn’t even directed towards flatz work.
YOU meant, the general state of sharing and explaining things to each other. There are no blogs active on the topics. There is nothing public. “Released” stuff is often binary. A bare minimum of unuseful things are on a wiki and behinds the scenes everybody goes “hush”. Nobody explains things to the public. Teaches. Guys are allowed to claim “exec” or “kernel” and then it is only shared behind the scenes and leaked to each other. Not released, even after months. Nobody talks about it because it’s “claimed”. That’s the YOU that disgusts me.
To make this even more clear:
What may be improved is open sharing of code. But we have engaged people who do this very well.
What is missing (!!) is open sharing of thoughts and the documentation and explanation of them (-> Graf). There are many people who could help on your repos. But they have view or no introduction points (of value) and no write-ups and digests. How can they join? If they can’t join, they play games. The scene has the unique position to be able to change young gamers into intelligent coders. But it requires digests.
Fais moi confiance; les voleurs sont des voleurs. Je ne suis pas du tout surpris.
Des gens comme eux devraient être mis de côté. Je devais aussi mes recherches avait volé de moi.
lmao
Yifan Lu was right.
There were several independent groups who worked on this exploit and I was worked on it too. However, I’ve asked Cturt to delete my nickname to be safe from known problems, but unfortunately my real friend decided to bring troubles to me by leaking this chat, so now you know that I was a part of this challenge.
Actually we have started to work on BSD exploit since September (iirc), when the security advisory or some crash POC (don’t remember which one) have been appeared. We have failed first tests, then pi3 have released a picture of his work on twitter. So I’ve decided to email him about several hints (because x86 architecture is almost new for me and he is known researcher who got some result) but continued tests by myself too. And he have replied me but asked about details (my current code or something, I don’t remember already). But I’ve got a success directly after his answer and some of guys from our group knows about it, so I’ve wrote pi3 about a success and it was my second and last message to him.
On that time I had only a console with 2.xx firmware and without a possibility to run custom code (but only ROPs), so I wasn’t be able to port an exploit by myself. Some of our guys have started to do it but we had no luck on this time… After several days we have got a confirmation that BadIRET is working on PS4 and have been done by other people. So I’ve got a real opportunity to finish it too and got some useful hints from these people (thanks to them, and this is why I can’t say it is 100% my work and this is why I’m angry when people say “leaked flatz work”). So after that I’ve tried to find a victim console and got it after several days or week, then I was busy porting the working BSD code to PS4. It was a very patient and boring task so I’ve spent three days on it and then I’ve seen my first working kernel code on PS4. And this exploit was different from the one Cturt have (because there are two ways to do BadIRET magic) and it was based on the hint I’ve got before. I haven’t tried much to perform a different way of exploitation on PS4 (however, I have it working on BSD) because there were no benefits using it (kernel code already works). And this final exploit was private because some people asked me not to reveal it.
From time to time I’ve spoken with Cturt and helped him on some aspects including BadIRET thingy and it was known to me that he is working with pi3. And because I can’t give hints on the final working exploit by the reason I’ve described previously I’ve gave him some hints about my BSD exploit which used a different way and this way of exploitation was completely mine. And I’ve asked him not to share it with others and not to do any talks. However this exploit wasn’t worked on my PS4 because I haven’t found a time to fix it but Cturt did it after some period of time.
Of course, I haven’t been happy with these twitter and forum posts but I’ve calmed down after some time. It’s just a regular scene’s drama and we see it from time to time. And now I see this stupid action which was done by my real friend who wants to attact attention to my person without my agreement… That’s why I’ve decided to explain all this situation.
So:
1. PS4 exploit is not a result of one man’s work. It is a work which have been done by several independent developers and some of them are working together (including me).
2. It is not true when someone say Cturt work is based on stolen work. It is based by hints (including parts of code), yes, but the final code is his work and he spent some time on it.
3. Please, don’t *** developers with a such drama, they are working hard and most of them don’t want public attention due to different reasons.
If i could thumb up your comment flatz i would. It seems like Cturt’s had enough of this game though, eh? Is it still fair to say that the there is no other way in besides BadIRET? Albeit I acknowledge that BadIRET is patched running on FW’s 2.00 and later. What about our good friend Mr. PARAM.SFO? 😛
So can you shed some light on why he suddenly bail out?, he seem to love attention so why suddenly chicken out when all of the attention is at him right now.
Better not to believe vk.com . . .
Well that’s that myth debunked then, if flatz and Yifan both agree it’s a collab and CTurt clearly credits the latter (and would have for the former if he hadn’t asked for his handle to be left off the work) so I don’t think there’s any stealing going on at all. Makes sense for hackers with a common goal – in this case running homebrew on the PS4 – to pool their resources and it looks like that’s exactly what has been done. No fuss, no drama. Just something that raises a smile for us PS4 owners… I wouldn’t have expected any news on working PS4 exploits for at least another year so I’m impressed 🙂
I don’t understand this. Maybe it’s just me, but why should fame and recognition matter when the overall goal is to open up the console to homebrew and complete usage of the hardware? To me, the recognition of enabling the hardware to be used to its fullest extent far outweighs the recognition of discovering these capabilities.
Someone will be possible to release a jailbreak P4 those days now?
As those days now go, someone won’t be possible to release a jailbreak for P4 (aka Persona 4) 😉