Hacker News new | past | comments | ask | show | jobs | submit login
PS4 5.05 BPF Double Free Kernel Exploit Writeup (github.com/cryptogenic)
61 points by homarp on July 17, 2018 | hide | past | favorite | 8 comments



What is Microsoft doing right that Nintendo and Sony can't seem to figure out? Near as I can tell, the Xbox 360 is still pretty ironclad short of risky hardware modifications. However all recent Sony and Nintendo consoles have been broken wide open with purely software exploits.


The exploit vector for softmods is almost always WebKit, no matter how recently updated. The problem isn't open source software, but poorly documented corporate-maintained open source software.


> However all recent Sony and Nintendo consoles have been broken wide open with purely software exploits.

WebKit has a lot to do with that. It's not that it's particularly bad or insecure code... it's just a much larger attack surface than had previously been available on most consoles, and the console manufacturers haven't always been very good at keeping it up to date.


Maybe the closed source nature of the Xbox OS makes reverse engineering more difficult? While some of Sony's PS4 OS is proprietary, the majority of the source is open. Same goes for Nintendo I guess, both are using forks of FreeBSD. If a bug is in FreeBSD it's likely in the OS for both consoles.


The Switch exploit is a hardware one, not software


IIRC, while the 360 required hardware modifications, the later generations of mods were not that hard or that risky (of course, your definition of risky is dependent on confidence and skill level for those mods).

Addendum - the original XBox hardware mods were pretty easy too.


While it may not be risky for those of us who are comfortable dismantling hardware and soldering third party chips to the motherboard, you have to admit that is a much higher barrier to entry than browsing to a website designed to leverage the latest webkit exploit. I think it's enough to severely limit the size of a given platforms homebrew community.


The 360 hack I’m familiar with was just a reflash of the DVD drive firmware to always return data to the console as if the disk were legitimate.

This became a cat and mouse game between hackers and MSFT as MSFT started measuring things like latency and expected angles between blocks of data on the physical media to tease out whether the reported legit disk was actually legit or an imperfect copy.

I remember a few ban waves where people using modified consoles had their Xbox Live accounts shut down, then I stopped following it after that.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: