want to play with the fbsd umtx exploit? check out

New blog post about hacking PS VR! We managed to find some major flaws - breaking secure boot and extracting all key material:

Translation: We got all (symmetric) ps5 root keys. They can all be obtained from software - including per-console root key, if you look hard enough!.

Another one bites the dust 😎

Here is our implementation of the Renesas RL78 debug protocol (as requested in a comment on the blog):

Took a peek at latest PS4 Pro (CUH-72xx, board NVG-001): same southbridge (CXD90046GG), newly marked syscon (A06-C0L2 but still RL78/G13) - so nothing changes in terms of "Aux Hax" stuff :).

Another "PS4 Aux Hax" blog! Using HDMI-CEC to get code exec on all PS4 southbridge versions (including PS4 Pro, etc.), without requiring other parts of the system to be pwned:.

Small update to Aux Hax:.Nearly same methods are working against devices on recent PS4 Pro board NVB-003:.Syscon A05-C0L2 (R5F101LL).Belize southbridge (CXD90046GG). Belize has ROM readout protection and clears stack. they're learning ;).

A trio of new blog posts! Checkout "PS4 Aux Hax": hacking Aeolia, Syscon, and DS4.

Note the CVE creation date, in case anyone doubted our disclosure timeline. And don't even *think* about trying to give the bug itself a cutesy name. We have enough of those already ;-).

The Tegra X1 flaw that both ShofEL2 and Fusée Gelée exploit now has a name: CVE-2018-6242.

Fun fact: we started upstreaming some patches months ago (working with the linux-tegra community on Tegra X1 support in mainline Linux), so if you've seen anyone else running Linux on the Switch recently. chances are they were running some of our code unknowingly ;-).

Reminder: ShofEL2 cannot be patched in existing units (it will work on *any* firmware, past or future), it allows full access (all keys and secrets), and it is completely undetectable by normal software. You can dual boot Linux and Switch OS with impunity.

ShofEL2, a Tegra X1 and Nintendo Switch exploit

ShofEL2 also supports running Switch homebrew. Technically.

Extra derp points because that China-only port was *Twilight Princess*, not *Wind Waker*.

Protip for @arstechnica: this is Dolphin on Linux, not some dodgy China-only port for the Shield.

In utterly, completely unrelated news, here's a sneak peak at a totally brand new Zelda game coming soon to Nintendo Switch.

Jokes aside, we have a 90-day responsible disclosure window for ShofEL2 ending on April 25th. Since another person published the bug so close to our declared deadline, we're going to wait things out. Stay tuned.