fail0verflow

@fail0verflow

Joined November 2010

10Following

52KFollowers

fail0verflow@fail0verflow · Sep 14

want to play with the fbsd umtx exploit? check out github.com/fail0verflow/p…

fail0verflow's tweet card. Contribute to fail0verflow/ps5-umtxdbg development by creating an account on GitHub.

129

618

95.0K

fail0verflow@fail0verflow · Jul 27, 2023

finally... hello, PS5 PSP :)

AAleksei Kulaev@flat_z · Jul 27, 2023

finally... hello, PS5 PSP :)

269

45.0K

fail0verflow@fail0verflow · May 18, 2022

New blog post about hacking PS VR! We managed to find some major flaws - breaking secure boot and extracting all key material: fail0verflow.com/blog/2022/ps4-…

185

591

fail0verflow@fail0verflow · Nov 8, 2021

Translation: We got all (symmetric) ps5 root keys. They can all be obtained from software - including per-console root key, if you look hard enough!

ffail0verflow@fail0verflow · Nov 8, 2021

Another one bites the dust 😎

139

1.0K

4.0K

152

fail0verflow@fail0verflow · Nov 8, 2021

Another one bites the dust 😎

359

2.0K

fail0verflow@fail0verflow · Feb 21, 2020

Here is our implementation of the Renesas RL78 debug protocol (as requested in a comment on the blog): github.com/fail0verflow/r…

fail0verflow's tweet card. Implementation of Renesas debug protocol(s) for RL78 and perhaps other archs - fail0verflow/rl78-debug

185

fail0verflow@fail0verflow · Nov 13, 2018

Took a peek at latest PS4 Pro (CUH-72xx, board NVG-001): same southbridge (CXD90046GG), newly marked syscon (A06-C0L2 but still RL78/G13) - so nothing changes in terms of "Aux Hax" stuff :)

300

fail0verflow@fail0verflow · Nov 5, 2018

Another "PS4 Aux Hax" blog! Using HDMI-CEC to get code exec on all PS4 southbridge versions (including PS4 Pro, etc.), without requiring other parts of the system to be pwned: fail0verflow.com/blog/2018/ps4-…

392

977

fail0verflow@fail0verflow · Oct 4, 2018

Small update to Aux Hax: Nearly same methods are working against devices on recent PS4 Pro board NVB-003: Syscon A05-C0L2 (R5F101LL) Belize southbridge (CXD90046GG) Belize has ROM readout protection and clears stack...they're learning ;)

253

fail0verflow@fail0verflow · Jul 29, 2018

A trio of new blog posts! Checkout "PS4 Aux Hax": hacking Aeolia, Syscon, and DS4. fail0verflow.com/blog/2018/ps4-…

163

445

fail0verflow@fail0verflow · Apr 24, 2018

Fun fact: we started upstreaming some patches months ago (working with the linux-tegra community on Tegra X1 support in mainline Linux), so if you've seen anyone else running Linux on the Switch recently... chances are they were running some of our code unknowingly ;-)

272

fail0verflow@fail0verflow · Apr 24, 2018

Reminder: ShofEL2 cannot be patched in existing units (it will work on *any* firmware, past or future), it allows full access (all keys and secrets), and it is completely undetectable by normal software. You can dual boot Linux and Switch OS with impunity.

ffail0verflow@fail0verflow · Jan 16, 2018

In case it wasn't obvious, our Switch coldboot exploit: * Is a bootrom bug * Can't be patched (in currently released Switches) * Doesn't require a modchip to pull off

163

486

fail0verflow@fail0verflow · Apr 24, 2018

ShofEL2, a Tegra X1 and Nintendo Switch exploit fail0verflow.com/blog/2018/shof… github.com/fail0verflow/s…

fail0verflow's tweet card. Tegra X1 bootrom exploit. Contribute to fail0verflow/shofel2 development by creating an account on GitHub.

349

760

fail0verflow@fail0verflow · Apr 23, 2018

ShofEL2 also supports running Switch homebrew. Technically.

136

605

fail0verflow@fail0verflow · Apr 23, 2018

Jokes aside, we have a 90-day responsible disclosure window for ShofEL2 ending on April 25th. Since another person published the bug so close to our declared deadline, we're going to wait things out. Stay tuned.

233