[hykem] Yes it's BadIRET. I thought everyone knew that already.
[thexyz] how could everyone know that if it's not posted anywhere
[hykem] Uh: https://twitter.com/hashtag/badiret
[hykem] Check the date
[hykem] Adam 'pi3' Zabrocki @Adam_pi3 Sep 6
[hykem] pi3 was already exploiting that since September
[hykem] He even wrote a blog entry
[CTurt] for Linux, sure
[CTurt] there is no public FreeBSD BadIRET exploit
[hykem] Yes there is
[CTurt] a PoC that crashes kernel
[CTurt] but not an exploit
[CTurt] BadIRET exploit for FreeBSD is easier than Linux though because IDT is rewritable
[hykem] "FreeBSD was fully vulnerable. See the attachment. They seem to have
[hykem] fixed it, but I can't find an advisory."
[hykem] http://www.openwall.com/lists/oss-security/2015/07/09/1
[CTurt] yes
[CTurt] a PoC to crash kernel
[CTurt] but not an exploit
[hykem] I'm not trying to diminish your merit in exploiting it, just stating that the exploit was publicly known.
[CTurt] so what?
[CTurt] of course I already knew this
[thexyz] ok so that guy exploited freebsd not ps4
[hykem] PS4 is kernel is based of FreeBSD
[thexyz] that's true
[thexyz] ok so can i have a ps4 kxploit and kdump if it's all public?
[CTurt] no
[hykem] xD
[Al3x_10m] xD lool
[hykem] CTurt: I assume you found the offset then
[xboner] so redbox, if u report a game not working
[xboner] you get a free rental code
[xboner] i've reported every game i rented as not working for a week
[xboner] rofl
[thexyz] gee that's unfortunate
[hykem] People are already throwing hints about SAMU :\
[Al3x_10m] samu?
[hykem] https://twitter.com/Mathieulh/status/674224837783592960
[thexyz] what i get for helping people
[Al3x_10m] wtf is samu?
[Al3x_10m] secure asset management unit?
[hykem] PS4 + AMD APU = Yes
[Al3x_10m] whoah..interesting..
[thexyz] what does it do?
[hykem] Blows up any chance of getting keys
[Al3x_10m] some kind of security validation..
[flatz] heh
[flatz] it happens again lol
[flatz] well, doesn't matter
[flatz] samu is our new spu
[flatz] developed by amd
[SonyUSA] cturt you around?
[CTurt] partially
[SonyUSA] great work to you and everybody :D
[SonyUSA] does the kexploit let you run elfs with full system rights?
[CTurt] well, I analysed the kernel dump and found all the offsets used by the cred structs
[CTurt] and syscall(24) - getuid now returns 0
[CTurt] so now I am "true" root
[CTurt] Sony changed it a bit
[CTurt] there is sceSblACMgrIsSystemUcred for example