TheFlow has discovered a major exploit called bd-jb for PS3, PS4, and PS5, can be used to load game backups burned to discs

chrisrlink · Jun 12, 2022

urbanman2004 said:
This mf just open up Pandora's Box and this is gonna turn out to be the second coming of the "G-Hotz" saga. TheFlow better lawyer up, lol.

doubt that will happen he wouldn't disclose if Sony put him under an NDA sony's been gracious enough to allow hax after they are patched theres a reason SciresM didn't disclose fusee-geele directly to nintendo (he disclosed it to nvidia the chip maker or we'll never have that exploit EVER

TomRiddle · Jun 12, 2022

sley said:
Awesome but sad that Sony was able to patch it, imagine running homebrew on a playstation system while still being able to go online.

Yeah, homebrew is great but one of the biggest unfortunate disadvantages is that it's too risky for most to install cfw on PS5, let alone run backups if you still want online support.

Now don't get me wrong, it's still always possible to be careful but overall the better thing when hacking systems is to accept and be fine with the chance of loosing online support imo.

gudenau · Jun 12, 2022

So Sony didn't know one of the most basic things about Java's built in object serialization?

So many exploits revolve around that feature, it has so much power and you have to be really careful with it.

godreborn · Jun 12, 2022

TomRiddle said:
Yeah, homebrew is great but one of the biggest unfortunate disadvantages is that it's too risky for most to install cfw on PS5, let alone run backups if you still want online support.

Now don't get me wrong, it's still always possible to be careful but overall the better thing when hacking systems is to accept and be fine with the chance of loosing online support imo.

I agree. I personally don't think exploited consoles for any system should be online. it just ruins it for legit players often enough.

EnigmaExodus · Jun 12, 2022

gudenau said:
So Sony didn't know one of the most basic things about Java's built in object serialization?

So many exploits revolve around that feature, it has so much power and you have to be really careful with it.

You have to remember this is coming from the same people who thought using a constant random-value for ECDSA signatures was a good idea...

https://media.ccc.de/v/27c3-4087-en-console_hacking_2010

Seemingly Sony is trying to play nice with hackers instead of DMCA/lawsuit bullshit from years past.

Shubshub · Jun 12, 2022

But is the Blu Ray Drive Updateable?

TomRiddle · Jun 12, 2022

godreborn said:
I agree. I personally don't think exploited consoles for any system should be online. it just ruins it for legit players often enough.

I mean if you're specifically taking about people who abuse homebrew to cheat in online games then yeah, you have a point.

It sucks because those types of people are ruining online functionality for those who just want to hack their consoles for getting themes or whatever, so I still see why consoles ban you for putting cfw (although I mostly disagree with it).

godreborn · Jun 12, 2022

TomRiddle said:
I mean if you're specifically taking about people who abuse homebrew to cheat in online games then yeah, you have a point.

It sucks because those types of people are ruining online functionality for those who just want to hack their consoles for getting themes or whatever, so I still see why consoles ban you for putting cfw (although I mostly disagree with it).

well, there's that. I also don't think you should be able to sync trophies or achievements. it's unfair to have all the amenities of being legit when most do not even pay for games. it's a catch 22 really. you have to be willing to sacrifice certain aspects of the console if you're going to exploit it.

raxadian · Jun 12, 2022

chocoboss said:
From what I know ( I can be wrong ) it didn't overheat compared to slim and OG ( I have a slim and it heat a lot while playing somme games and I'm afraid it will not live forever ;+; )

My slim doesn't overheat, maybe yours needs cleaning of the internals?

gudenau · Jun 12, 2022

EnigmaExodus said:
You have to remember this is coming from the same people who thought using a constant random-value for ECDSA signatures was a good idea...

https://media.ccc.de/v/27c3-4087-en-console_hacking_2010

Seemingly Sony is trying to play nice with hackers instead of DMCA/lawsuit bullshit from years past.

To be fair, there is more president for that stuff to fail now.

Plus this was submitted to a bug bounty website so it could be fixed.

chrisrlink · Jun 13, 2022

the worst part of hacker one anyone can submit a working exploit even if it isn't theres (good example is a former member on here that was blacklisted by a lot of devs for infiltrating teams and stealing exploit code and selling it to nintendo via hackerone

KuntilanakMerah · Jun 15, 2022

come on we need a hero like George Hotz who can hack on firmware level

CanIHazWarez · Jun 15, 2022

chrisrlink said:
the worst part of hacker one anyone can submit a working exploit even if it isn't theres (good example is a former member on here that was blacklisted by a lot of devs for infiltrating teams and stealing exploit code and selling it to nintendo via hackerone

That's a problem. But also, the real worst part is that the exploits get patched

Blavla · Jun 15, 2022

urbanman2004 said:
This mf just open up Pandora's Box and this is gonna turn out to be the second coming of the "G-Hotz" saga. TheFlow better lawyer up, lol.

Why should he? He even sold that to Sony, (10K i think) he is alowed to share it after the sony patches it

godreborn · Jun 15, 2022

yeah, sony is the one who decides whether an exploit can be disclosed to the public, so theflow0 won't be sued.

Blavla · Jun 15, 2022

godreborn said:
yeah, sony is the one who decides whether an exploit can be disclosed to the public, so theflow0 won't be sued.

that is false. Typically, responsible disclosure guidelines allow vendors 60 to 120 business days to patch a vulnerability. Often, vendors negotiate with researchers to modify the schedule to allow more time to fix difficult flaws. After the responsible disclosure time he can do with it whatever he wants. That´s why Sony needs to patch it or ask the "researcher" for more time

godreborn · Jun 15, 2022

caki883 said:
that is false. Typically, responsible disclosure guidelines allow vendors 60 to 120 business days to patch a vulnerability. Often, vendors negotiate with researchers to modify the schedule to allow more time to fix difficult flaws

Not true. They cannot disclose exploits that are closed source.

Hayato213 · Jun 15, 2022

caki883 said:
that is false. Typically, responsible disclosure guidelines allow vendors 60 to 120 business days to patch a vulnerability. Often, vendors negotiate with researchers to modify the schedule to allow more time to fix difficult flaws. After the responsible disclosure time he can do with it whatever he wants. That´s why Sony needs to patch it or ask the "researcher" for more time

Yup it says 60 - 120 days to patch it

https://www.techtarget.com/searchsecurity/definition/vulnerability-disclosure

godreborn · Jun 15, 2022

like I said, they can't disclose closed source based on the nda, non-disclosure agreement, that you sign with hackerone.

Blavla · Jun 15, 2022

godreborn said:
Not true. They cannot disclose exploits that are closed source.

Blueray and driver for it is not owned by sony. So after the time period he can if he will

Has a PhD in dueling

Yare Yare Daze

Largely ignored

Welcome to the Machine

Member

The Shubinator

Yare Yare Daze

Welcome to the Machine

Well-Known Member

Largely ignored

Has a PhD in dueling

Well-Known Member

Well-Known Member

Well-Known Member

Welcome to the Machine

Well-Known Member

Welcome to the Machine

Newcomer

Welcome to the Machine

Well-Known Member

Similar threads

Popular threads in this forum