PS News (Replays Added) The 35th Chaos Communication Congress (#35C3) - Everything you need to know!

Hacking and Exploiting Video Game Consoles by both Hardware and Software always had a high demand by many people, not only when we talk about Consoles who had the name "PlayStation" inside. In fact, a lot of Hacks and Exploits can come across aboard when we compare all Releases from a whole year, like in 2018. But as usual, at the end of every year, many Hackers and Developers from all different branches come together to the city of Leipzig, Germany, to present their achievements in front of the wide audience worldwide. So as for this year, the Chaos Computer Club (CCC) welcomes you to join and to participate at the 35th Chaos Communication Congress - or 35C3 in short - which will held from 27th December until 30th December 2018. And because there were always many Hacks and Exploits presented for various Consoles from the "PlayStation-Family" in the past, this Thread will give you a good overview for - as the Title already suggests - Everything you need to know to keep track to the newest "PlayStation-related" Hacks and Exploits. This Thread will also keep updated if you will miss any important presentation for example, so you will be able to watch any Stream or Presentation in repeat. So better keep this Thread here bookmarked in your Favourites. ​

Updated Coverage

• News from #35C3 - @m0rph3us1987 presents his Talk about "Exploiting PS4 Video Apps"
• News from #35C3 - @yifanlu & @DaveeFTW presents their Talk "Viva la Vita Vida"
• News from #35C3 - @AlexAltea showcases the very first Video Output from his PS4 Emulator "Orbital"

Logo of this years Chaos Communication Congress with their slogan: "Refreshing Memories"​

General Vita la Vita Vida Exploiting PS4 Video Apps Orbital PS4 Emulator Other Assembly Rooms

• 
  The 35th Chaos Communication Congress (35C3) is an annual four-day conference on technology, society and utopia organised by the Chaos Computer Club (CCC) and volunteers.
  
  The Congress offers lectures and workshops and various events on a multitude of topics including (but not limited to) information technology and generally a critical-creative attitude towards technology and the discussion about the effects of technological advances on society.
  
  The Congress takes place at
  
  • Messe Leipzig / Congress Center Leipzig (CCL)
  • Messe-Allee 1
  • 04356 Leipzig
  
  More Information
  
  • via Twitter @CCC Events
  • Schedule (Fahrplan) for #35C3
  • via 35C3 Wiki
  • Travel Information
  • Accommodation Information
  
  Streams
  
  • Overview
  • Recordings
  • Re-Live
• 
  This "Lecture" will be probably the highlight for all "PlayStation-related" Talks during the Congress since both very known Developers @yifanlu and @DaveeFTW will present you together their latest and newest achievements in Hacking the PlayStation Vita. This Talk will explain how the security inside the PSVita works and how they "finally defeated it." And their goal is also that their Talk will inspire more people like you to work and to tinker with the PSVita. So this talk shouldn't be missed out don't you think?
  
  UPDATE: This Talk is already presented, to find additional details, please click here.
  
  
  Spoiler

  Since its release in 2012, the PlayStation Vita has remained one of the most secure consumer devices on the market. We will describe the defenses and mitigations that it got right as well as insights into how we finally defeated it. The talk will be broken into two segments: software and hardware. First, we will give some background on the proprietary security co-processor we deem F00D, how it works, and what we had to do to reverse an architecture with minimal public information. Next, we will talk about hardware attacks on a real world secure hardware and detail the setup process and the attacks we were able to carry out. This talk assumes no prior knowledge in hardware and a basic background in system software. Focus will be on the methods and techniques we've developed along the way.
  
  How do you hack a device running a full featured, security hardened, and completely proprietary operating system executed on a custom designed SoC? Although the PlayStation Vita did not reach the market success of its contemporaries, it was a surprisingly solid device security-wise. Sony learned from the mistakes of PS3 and PSP and there were (mostly) no "FAIL" moments. It carried exploit mitigations that are standard today but groundbreaking for a "popular" device in 2012: SMAP, kernel ASLR, > 2 security domains, and more. Molecule was the first group to run unsigned code on the device as well as the first to hack kernel mode and TrustZone. However, to target the security co-processor (F00D), we need to bring out the big guns. Using a highly customized version of the popular ChipWhisperer hardware, we carried out hardware attacks on the device including fault injection (glitching) and side channel analysis. In a board with twelve layers, dozens of unknown ICs, and hundreds of passives, how do you even begin to attack it without any information? We will start with the basics: a whirlwind tour of the theory behind the attacks. Then we will move to the practical application: mapping out the power domains of a SoC, soldering tips for microscopic points, finding a good trigger signal, finding a glitch target, and searching the right parameters. Finally, if time permits, we will also talk a bit about how to extend our existing setup to perform side channel analysis with a few modifications.
  
  It is unfortunate that the Vita was such a niche device, but we hope this talk will inspire more people to pick it up. The Vita is dead, long live the Vita!

  
  
  • Day: 2018-12-29
  • Start Time: 16:10 PM Local Time (10:10 AM Eastern Time / 07:10 AM Pacific Time)
  • Duration: 01:00
  • Room: Borg
  • Language: en
  • iCalendar
  
  Livestream
  
  • HD (.webm)
  • HD (.m3u8)
  • SD (.webm)
  • SD (.m3u8)
  • Audio (.mp3)
  • Audio (.opus)
  • Slides (.webm)
  • Slides (.m3u8)
  
  Replay
  
  • Uncompressed Stream Dump
  • Uncompressed Stream Dump (.mp4) (please "Jump" to Minute 14:30)
  • Full Release
  • Download 1080p (.mp4)
  • Download 1080p (.webm)
  • Download 576p (.mp4)
  • Download 576p (.webm)
  • Audio (.mp3)
  • Audio (.opus)
  • Slides (.mp4)
• 
  But not only the PSVita will have it's Showcase in front of the audience. One Day before, well-known Developer @m0rph3us1987 will also showcase his achievements in "Exploiting PS4 Video Apps." As already mentioned in a previous post, this Talk will explain you how to run "Unsigned Code" on the PS4 no matter which Firmware you installed on your PS4. Hopefully this Talk will give a "Initial Ignition" to the PS4 and it's Developers to see more Homebrew Apps coming on the PS4.
  
  For more Information about the Talk, please click here.
  UPDATE: This Talk is already presented, to find additional details, please click here.
  
  
  • Day: 2018-12-28
  • Start Time: 12:00 PM Local Time (04:00 AM Eastern Time / 01:00 AM Pacific Time)
  • Duration: 00:50
  • Room: Chaos West Stage
  • Language: de (German)
  • iCalendar
  
  Livestream
  
  • HD (.webm)
  • HD (.m3u8)
  • SD (.webm)
  • SD (.m3u8)
  • Audio (.mp3)
  • Audio (.opus)
  
  Replay
  
  • Uncompressed Stream Dump
  • Uncompressed Stream Dump (.mp4) (please "Jump" to Minute 14:30)
  • Full Release
  • Download 1080p (.mp4)
  • Download 1080p (.webm)
  • Download 576p (.mp4)
  • Download 576p (.webm)
  • Audio (.mp3)
  • Audio (.opus)
• 
  The 35C3-Congress is not only about presenting your newest Achievements in front of a wide audience both in front of the people or via the Livestream. The whole Congress in General is also a nice place to meet up with other Hackers and Developers to discuss your newest Achievements just by talking with each other and drinking some coffee or beer etc. Of course everyone can join them if you will visit the Congress as well. Therefore the Organization behind the Congress gives the Hackers and Developers the opportunity to create their own - as they call it - "Assembly Rooms" where you can meet with several Hackers and Developers talking about specific topics.
  
  Well-known Developer @AlexAltea will also be there at such a Assembly talking about Emulation and by giving a new sneak-peek from his early-stage PS4 Emulator, called Orbital.
  
  For more Information about his PS4 Emulator, please click here.
  UPDATE: A Video from this Talk has been released, please click here.
  
  Source: Twitter @AlexAltea
  

  Flying to #35C3. I'll be around the emulation assembly, otherwise reachable @ 8180 (GSM): mostly CTFing, having tschunks and working on Orbital, my LLE PS4 emulator (sneak peek below). Happy holidays!

  I'll be talking about Orbital / PS4 LLE emulation at the ChaosZone stage. Today, Dec 29th, at 21:35 CET.

  
  
  Experiments in PS4 Emulation by @AlexAltea​
  
  Replay
  
• 
  fail0verflow

  ---

  d

  Like the previous years, console hackers team fail0verflow and CTF aficionado's from Eindbazen are getting together for 35C3. We hope to have some table space at the Hackcenter to set up our consoles, show off our hacks, teach people about them and play some Capture The Flag!

  Source: 0xFFA Assembly Room
  
  qwertyyoruiop

  ---

  .

  We got a KJC assembly set up at 35C3 - so come and say hi!

  Source: Twitter @qwertyoruiopz
  
  Nintenbros

  ---

  .

  We are a group of console hacking enthusiasts with a special love for the hardware provided by Nintendo. Come say hello if you want to see cool stuff about 3DS and Switch. Some of us think the Wii U is OK too.

  Source: Nintenbros Assembly Room
  
  Dolphin Emulator

  ---

  .

  Developers from the Dolphin Emulator project and some friends. We emulate the Wii/Gamecube so you can play your favorite Nintendo games in 4K. Other emulators are cool too, come say hello if you worked on one. Feel free to come over to play on our SNES and N64 consoles or bring your Nintendo Switch for some handheld gaming.

  Source: Dolphin Emulator Assembly Room
  

So which Presentation you are up for? You are welcome to discuss it in the Comments-Section.​

 

So has any of you mates understood the meaning of this project? I literally have no idea how video apps could potentially help us trigger a "kernel exploit" or run an unsigned code.

I didn't watch the presentation due to language barrier, however maybe I can predict that there are possible bugs in codec parsers so somehow it is possible to prepare video container which will crash the app. Similar way like in TIFF exploits ages ago.

Fingers crossed. ^^

 

He tried to get a PS4 with an old firmware and failed.
So, he accepted the challenge and played with the unhacked fw in 2015.

He sniffed all the network traffic and tested many apps. The goal is he found video apps that use an old, exploitable version of apple's webkit with *no* ssl. So, at this point he was able to read and write the memory. After dumping the used memory, many tryouts and the use of a freebsd vm, he understood how to modify the memory (vtables) to execute unsigned code. At this point you could take over the machine *if* you've got an working exploit for the running kernel...

Greets.

PS: This should work until now. But, easy fixable via updates of the (video-) apps.

 

Today's Talk about the PlayStation Vita is now also available as a Replay. All links you can find in the Main News.

The Main News is now also updated --> http://www.psx-place.com/threads/ne...-presents-their-talk-vita-la-vita-vida.21908/