Share this page!

Andy Nguyen Profile picture
Twitter logo
Jun 10 6 tweets 2 min read
bd-jb: Blu-ray Disc Java Sandbox Escape affecting PS3, PS4, PS5. My talk at @hardwear_io will be uploaded in a few weeks. #hardwear_io
hackerone.com/reports/1379975
Fixed on PS4 FW 9.50 and PS5 FW 5.00
I used a BD Burner and BD-RE discs from Verbatim. Do not buy BD-R discs as are only writable once.
I wanted to clarify: Without a kernel exploit, you won't be able to run any pirated games (which would have worked on the PS4 only anyways), because we don't have enough RAM in the bd-j process and there are some other constraints. It was only a theoretical impact.
Advantages of bd-jb compared to WebKit exploit:
- Works on both PS4/PS5
- 100% reliable
- Firmware-agnostic (ROP-less code execution)
- Bigger kernel attack surface
- JIT for executing payloads, so you can write a kernel exploit in C (on PS4 only)
I decided to upload the slides of the talk already: github.com/TheOfficialFlo…

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Andy Nguyen

Andy Nguyen Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @theflow0

Andy Nguyen Profile picture
Oct 13, 2020
BleedingTooth: Linux Bluetooth Zero-Click Remote Code Execution
Blog post available soon on: security.googleblog.com
Google Security Research Repository: github.com/google/securit…
Intel Security Advisory: intel.com/content/www/us…
Video:
CC @sirdarckcat @rh0ler0b0t
BleedingTooth is a set of zero-click vulnerabilities in the Linux Bluetooth subsystem that can allow an unauthenticated remote attacker in short distance to execute arbitrary code with kernel privileges on vulnerable devices.
Read 6 tweets
Andy Nguyen Profile picture
Aug 26, 2019
Surprise! h-encore² released for PS Vita firmware 3.71
github.com/TheOfficialFlo…
That was a small weekend project ;-) I found these kernel vulnerabilities more than a year ago but never bothered to exploit them. Yesterday I implemented it in pure ROP using the unpatched bittersmile savedata exploit.
Please make a donation if you appreciate my work: github.com/TheOfficialFlo…
Read 8 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

:(