• Light/Dark
  • Ever wanted an RSS feed of all your favorite gaming news sites? Go check out our new Gaming Headlines feed! Read more about it here.
  • We have made minor adjustments to how the search bar works on ResetEra. You can read about the changes here.

Andy Nguyen cracks PS5 console security

neoak

neoak

Member
Oct 25, 2017
15,263
PLASTICA-MAN said:
Why a security engineer at Google does this on PS5?
Click to expand...
Click to shrink...
Uhhhh, him being at Google has zero implications about what he does. What are you trying to imply there?

PLASTICA-MAN said:
Is he trying to wink at Sony that their system is vulnerbale and that some time spent on it by some pros could crack it?
Click to expand...
Click to shrink...
LOL at least Google who he is ffs.

Also, ALL, and I mean all, systems are vulnerable. Bugs and Exploits are undiscovered, but they exist, due to the nature of how much code and functionality they have and depend on.
 
Last edited:
Mister Jack Frost

Mister Jack Frost

Member
Nov 1, 2021
103
I'm just generally excited for any homebrew applications the developers come up with (maybe get ourselves a port of Doom classic).
 
Afrikan

Afrikan

Member
Oct 28, 2017
16,979
Delusibeta said:
I'd bet a large amount of money, this will be disclosed to Sony and new firmware will ship before the how is disclosed.

If you're interested in PS5 homebrew, might be wise to turn off auto-updates for the OS now.
Click to expand...
Click to shrink...

I would think part of his deals with Sony would also be a delay of announcing his breakthrough. So these past few stability updates might have been the temporary fix.
 

Deleted member 11370

Member
Oct 27, 2017
5,494
PLASTICA-MAN said:
Why a security engineer at Google does this on PS5? Is he trying to wink at Sony that their system is vulnerbale and that some time spent on it by some pros could crack it?
Click to expand...
Click to shrink...

You could at least read the thread before posting something like this.

Dude's not simply a security engineer at Google. That's just his latest job. Andy Nguyen, aka TheFloW, has been a Sony scene hacker for years now. Under the username Total_Noob, he developed the famous TN-V PSP CFW and a myriad other contributions to the scene. He later re-emerged as TheFloW and developed homebrew for the PSV such as Adrenaline (which is, basically, an implementation of TN-V for the ePSP system) and VitaShell, the most commonly used file manager for the system. He's also worked on the PS4 scene. Some time ago, he claimed a $10,000 bounty from Sony on HackerOne for finding and reporting the nature of an apparently severe vulnerability in the PS4 system.
 
Menchin

Menchin

Member
Apr 1, 2019
5,174
If I enable debug settings, will I be able to get rid of the godawful manual recording timer they still haven't allowed me to turn off yet?
 
Pwnz

Pwnz

Member
Oct 28, 2017
14,279
Places
Pokémon said:
I always wonder how software engineers are feeling when they hear about their OS being cracked.
Click to expand...
Click to shrink...

Depends on the company and team A lot of squads see security as a necessity but also as a distraction and annoying.

They're probably feeling like whatever project goals they had are going to be replaced with reactionary churn and retrospectives.
 
yalk_dx

yalk_dx

Member
Nov 3, 2020
1,346
Joey Ravn said:
You could at least read the thread before posting something like this.

Dude's not simply a security engineer at Google. That's just his latest job. Andy Nguyen, aka TheFloW, has been a Sony scene hacker for years now. Under the username Total_Noob, he developed the famous TN-V PSP CFW and a myriad other contributions to the scene. He later re-emerged as TheFloW and developed homebrew for the PSV such as Adrenaline (which is, basically, an implementation of TN-V for the ePSP system) and VitaShell, the most commonly used file manager for the system. He's also worked on the PS4 scene. Some time ago, he claimed a $10,000 bounty from Sony on HackerOne for finding and reporting the nature of an apparently severe vulnerability in the PS4 system.
Click to expand...
Click to shrink...
basically any way you throw it this is a good thing imo. bug/exploit bounties can be great $$
 
Edward850

Edward850

Software & Netcode Engineer at Nightdive Studios
Verified
Apr 5, 2019
992
New Zealand
BabyDontHurtMe said:
How does accessing a debug menu constitute as hacking? Isn't a debug mode just a developer mode?
Click to expand...
Click to shrink...
You can't access the developer menus on a retail PS5 (and frankly I'm surprised they even exist, unless what he did there was flash a dev image? Which yes would still require hacking in some way.). Retail access of the dev menus is only an Xbox thing.
 
OP
OP

Snagglepop

Banned
Oct 25, 2017
169
BabyDontHurtMe said:
How does accessing a debug menu constitute as hacking? Isn't a debug mode just a developer mode?
Click to expand...
Click to shrink...

to get these settings requires a chained webkit and kernel exploit like ps4

webkit exploit was released last week for latest ps4 and ps5 os

there rumour of a new kernel expoilt for ps4 coming soon

possible 9.00 but more likey 8.52 has online gameplay integrity would be compromised

and andy seems to have discover latest ps5 os kernel as image was upload with playstation network
 
El Crono

El Crono

Member
Oct 27, 2017
2,299
Mexico
Amazing. I've never hacked one of my console's within their official lifecycle before, but if one day this means I can install PS 1~3 emulators on my PS5 it'd be hard to resist not doing so.
 

Deleted member 79058

Account closed at user request
Banned
Aug 25, 2020
2,912
Nice, I'm still on 8.01 on my PS4 waiting to hack it lol with the keys I believe a hacked console can keep being updated and play all the latest games
 
FLEABttn

FLEABttn

Member
Oct 25, 2017
1,007
can't imagine having the gall to ask for a ps5 version of doom, and then when the guy who did it responds that he did it, responding with "well it has DRM"
 
Amauri14

Amauri14

Member
Oct 27, 2017
3,694
Danbury, CT, USA
GameAddict411 said:
It will probably allow to run unsigned code on PS5. This will allow homebrew SW to run on the PS5 but also allow piracy. I guess this is why he is reluctant to detail how he did it. Sony will certainly go after him if he did.
Click to expand...
Click to shrink...
Oh, shit, does that means that at the moment, one could install that unofficial 60 fps patch of Bloodborne on a PS5 with those debugging options available?
 
bitcloudrzr

bitcloudrzr

Member
May 31, 2018
13,933
GameAddict411 said:
It will probably allow to run unsigned code on PS5. This will allow homebrew SW to run on the PS5 but also allow piracy. I guess this is why he is reluctant to detail how he did it. Sony will certainly go after him if he did.
Click to expand...
Click to shrink...

Amauri14 said:
Oh, shit, does that means that at the moment, one could install that unofficial 60 fps patch of Bloodborne on a PS5 with those debugging options available?
Click to expand...
Click to shrink...
From the other thread:

gebler said:
Not so fast! Note the "symmetric" qualification in their statement. Digital signatures use asymmetric crypto, which could mitigate the impact of this breach considerably. The dump they show in the screenshot is probably from an encrypted update file, with the clearly readable text proving that they can decrypt it. Assuming asymmetric crypto is used for signatures, being able to read the cleartext of an upgrade file doesn't mean they'll be able to modify it, since its signature would be checked before the PS5 accepts it, and not having the keys for asymmetric encryption would mean that they couldn't produce a valid signature for the modified file. Likewise for other code running on the system. So the impact might be more about gaining insight into how things work, while still not being able to change it (yet).
Click to expand...
Click to shrink...
 

Deleted member 23046

Account closed at user request
Banned
Oct 28, 2017
6,876
Detective said:
Does this mean people will use this for cheat and piracy?
Click to expand...
Click to shrink...
It's hard to evaluate implications without details, but a breach is a breach so you cannot predict all exploits that can go trough it .The difference with the PS3/4 is that companies are now more inclined to pay hackers or even contract them, and Sony maybe more than other because the PSN hack was a retaliation for their legal action against one.

In general companies tend to fight counterfeit more than individual piracy. Counterfeit is the industrial version of individual piracy - the distribution of copied products (or just distant acess to it in case of software) made by an organised network on a large scale with paid intermediates. The money (made on others) is the important factor here, not just the offend.
 
Last edited:
Detective

Detective

Member
Oct 27, 2017
3,853
Manfred said:
It's hard to evaluate implications without details, but a breach is a breach so you cannot predict all exploits that can go trough it .The difference with the PS3/4 is that companies are now more inclined to pay hackers or even contract them, and Sony maybe more than other because the PSN hack was a retaliation for their legal action against one.

In general companies tend to fight counterfeit more than individual piracy. Counterfeit is the industrial version of individual piracy - the distribution of copied products (or just distant acess to it in case of software) made by an organised network on a large scale with paid intermediates. The money (made on others) is the important factor here, not just the offend.
Click to expand...
Click to shrink...

Much appreciated
 
8byte

8byte

Attempted to circumvent ban with alt-account
Banned
Oct 28, 2017
9,880
Kansas
I hope he does the right thing and works with Sony rather than releasing it to the public. I really hate the DRM arms race.
 
Detective

Detective

Member
Oct 27, 2017
3,853
Joey Ravn said:
That really doesn't matter. You came into the thread linking homebrew and piracy, using the same old tired arguments that were debunked in page 1 of the thread, and now you play the victim. Again, if you really wanted an answer, you could have read the thread.
Click to expand...
Click to shrink...

It does matter, There was nothing in the OP thats why I asked. And nothing against it. If you didnt have an answer you could easily ignore my message instead of being an uncivilized person. Its a forum, People ask things.
I aint gonna read every comment to find answer, some of us have other things to do you know.

So yea, Get out more and stay away from the keyboard is my advise to you my friend.

Thanks to Manfred for explaining. Much appreciated again.
 
You must log in or register to reply here.