5 new bug bounties awarded by PlayStation to CTurt, potential PS4 Kernel exploits in there
PS4 Hacker CTurt has announced his departure from the PlayStation hacking scene a few days ago, but it seems he has found a lot of bugs before he chose to leave. Although the hacker hasn’t given precise reasons for why he’s leaving, he’s mentioned in the past that he’s had good interactions with the bug bounty team at Sony. Yesterday, PlayStation’s HackerOne page got updated with 6 new bug bounties, 5 of which have been attributed to CTurt.
Michael Crump notes that Sony have paid out a bit more than $50’000 in bounties during the past 90 days, which could easily mean that CTurt has disclosed up to 5 critical exploits for either the PS4 or the PS5. PS4 being most likely, and it’s possible each one of these exploits could lead to a Jailbreak. With Cturt leaving the scene though, the potential for official disclosure of any of these hacks appears very small.
Sony have paid more than $50’000 in bounties for a handful of bug reports. This could indicate most of them are critical
Could there really be 5 new Kernel exploits for the PS4?
We might never know the nature of these exploits, although it’s very possible that diff of upcoming firmware updates could tell hackers what has been patched, and where. Reverse-engineering of the diffs could then give details about the patches, and therefore the exploit. This is how it happened for the 9.00 Jailbreak, after all.
It’s of course unclear if CTurt’s reports are all potential kernel exploits (Zecoxao theorizes that there probably less than that, based on the total sum being paid in bounties), but hopefully time will tell.
Other News from PlayStation’s bug bounty program
In other news, PlayStation have added their iOS and Android PlayStation apps to their bounty program. Those of you who don’t have specialized PS4 or PS5 knowledge, but are proficient in iOS/Android reverse engineering, might give these ones a try.
HackerOne also added a “scope” feature, which significantly clarifies which bug reports are accepted for each company, down to some pretty granular level. PlayStation’s entry for example clarifies which ones of its APIs are in scope for their bounty program, as well as which hardware (in this case, PS4 and PS5).
As always, stay tuned to wololo.net as we’ll be sure to let you know if anything spicy eventually surfaces from this.
there can’t be 5 kernel exploits cause there’s more than 5 reports in the last 3 months, so if we divide that $50.800 by Cturt bounties there will be only be $800 which is wrong cause there are other bounties who got paid too, so there’s a chance it’ll be 3 or 2 kernel exploits not 5.
That’s why he’s left playstation. He’s getting paid by Sony. Why would he work here for free if Sony pays to expose the exploits to them. I can’t fault him like end of day I’d probably do same . Probably other reasons too, but fair play
That’s why he’s left playstation. He’s getting paid by Sony. Why would he work here for free if Sony pays to expose the exploits to them. I can’t fault him like end of day I’d probably do same . Probably other reasons too, but fair play to him
Cturt could u do me a favor in ur linux payloads…
I use Cydia on 13.3 iPhone eyeos
But the pongo-os way of loading Android or Linux dont work for me … what im asking is linux or android bootstraps for checkra1n app so i can do more then just install cydia allso pongo os way fdt bootl dont work either for me
Good on him!
he tips his hat to the pony’s watching on! Smiles with his fat bags of cash and rides off into the sunset
I know for sure time is money but he sold his soul to sony. xd
I hope that ps5 will be never broken
Sony basically paid for his silence like the mafia does.
What a traitor.
First ??
Me thinks this is an April Fools joke .
Why? Coz the guy announced he’s quit the playstation scene and all of a sudden this bombshell of 5 potential kernel exploits drop, too good to be true.
Dude said “Peace out” and then reported his last findings to Sony
Obviously CTurt was bought by Sony. Money $$$
Funny isn’t? For someone that is “leaving the hacking scene”.
In the end, is just another greedy “hacker” that isn’t interested in help anyone or anything.
Maybe you work for free or you want to be payed for your job? Before call him greedy think twice and put yourself in his situation please. Nobody want to work for free expecially many many months for a small hack that would be patched the next update and if you have people who only want a new exploit for free without even thanks him.
Probably they paid him a one time incentive or a job.
Maybe you work for free or you want to be payed for your job? Before call him greedy think twice and put yourself in his situation please. Nobody want to work for free expecially many many months for a small hack that would be patched the next update and if you have people who only want a new exploit for free without even thanks him.
I think he was fair. He announced the he left the PS hacking scene. It is his decision and the others in scene have to accept this.
Even he did it for the money or something else. CTurt have done a lot of things for the scene. So thanks for everything and good luck!