A trio of new blog posts! Checkout "PS4 Aux Hax": hacking Aeolia, Syscon, and DS4. fail0verflow.com/blog/2018/ps4-…

Small update to Aux Hax: Nearly same methods are working against devices on recent PS4 Pro board NVB-003: Syscon A05-C0L2 (R5F101LL) Belize southbridge (CXD90046GG) Belize has ROM readout protection and clears stack...they're learning ;)

Another "PS4 Aux Hax" blog! Using HDMI-CEC to get code exec on all PS4 southbridge versions (including PS4 Pro, etc.), without requiring other parts of the system to be pwned: fail0verflow.com/blog/2018/ps4-…

Took a peek at latest PS4 Pro (CUH-72xx, board NVG-001): same southbridge (CXD90046GG), newly marked syscon (A06-C0L2 but still RL78/G13) - so nothing changes in terms of "Aux Hax" stuff :)

Here is our implementation of the Renesas RL78 debug protocol (as requested in a comment on the blog): github.com/fail0verflow/r…

Another one bites the dust 😎

Translation: We got all (symmetric) ps5 root keys. They can all be obtained from software - including per-console root key, if you look hard enough!

New blog post about hacking PS VR! We managed to find some major flaws - breaking secure boot and extracting all key material: fail0verflow.com/blog/2022/ps4-…

x.com/qlutoo/status/…

want to play with the fbsd umtx exploit? check out github.com/fail0verflow/p…

Jokes aside, we have a 90-day responsible disclosure window for ShofEL2 ending on April 25th. Since another person published the bug so close to our declared deadline, we're going to wait things out. Stay tuned.

ShofEL2 also supports running Switch homebrew. Technically.

ShofEL2, a Tegra X1 and Nintendo Switch exploit fail0verflow.com/blog/2018/shof… github.com/fail0verflow/s…

Reminder: ShofEL2 cannot be patched in existing units (it will work on *any* firmware, past or future), it allows full access (all keys and secrets), and it is completely undetectable by normal software. You can dual boot Linux and Switch OS with impunity. x.com/fail0verflow/s…

Fun fact: we started upstreaming some patches months ago (working with the linux-tegra community on Tegra X1 support in mainline Linux), so if you've seen anyone else running Linux on the Switch recently... chances are they were running some of our code unknowingly ;-)