This is funny, just found an easter egg in Siglent oscilloscope that contains Super Mario game available through Web interface.

Here's the link to the tool I meant to release at the end: https://t.co/iikVzrad6I It makes fiddling with EMC/EFC/EAP easy, have fun!

Having a great time at #TheSAS2024 ! You find find slides for my talk here: https://t.co/9Oeeti7kEw I didn't get through all slides...😅

Living legend Shawn Hoffman @shuffle2, who extracted all keys from crypto processors of all video game consoles, talks at #TheSAS2024 about hacking PlayStation 5 chips

Lars Fröder @opa334dev, creator of the Dopamine jailbreak, on stage to talk about iOS hacking in 2024 #TheSAS2024

By the way, it's not the method that has been patched in 5.00. Actually I'm not even sure if has been patched at all, needs testing for which I don't have spare time now. Maybe someone can do it.

Then, after you do suspend/resume cycle your code will be executed before HV restarts and you can apply kernel patches, etc.

There are a few ways on PS5 to defeat HV. One of methods that I've found was related to APIC: struct apic_ops is located in RW segment of kernel data. With KRW you can overwrite a function pointer inside it like xapic_mode and get into ROP, for example (just need to bypass CFI).

Beyond Oberon: Exploiting PlayStation 5's EFC and EMC by Shawn Hoffman @shuffle2 #TheSAS2024 https://t.co/lArCSxgXo7 👀

PS5's umtx exploit for Lua? https://t.co/Xtt73vtDZW

Well, this is PS5's umtx exploit for BD-J (a part related to the exploit actually):

want to play with the fbsd umtx exploit? check out

Hello, folks. I'm in Serbia/UAE nowadays and looking for new job opportunities in info security. Remote jobs are currently preferred. CV:

Decided to publish PPPwn early. The first PlayStation 4 Kernel RCE. Supporting FWs upto 11.00. https://t.co/INayQSp8fL

https://t.co/eWPyyDQ4bO

Finally, I have proper read/write/call primitives running via UART server from my PSP payload that works in SVC mode.

After a week of guessing, bruteforcing, reflashing BIOS (where I put my PSP payload) and observing LPC bus using Logic Analyzer, I was able to find a combination of register/bits that needed to be toggled to activate UART.

Fortunately, after looking into a lot of pictures on the Internet I was able to find some PC motherboard from MSI that used the same SuperIO chip, and I've found boardview, that's how I've figured out all pins of it. But I still needed datasheet to figure out UART problem.

On 4800s the Nuvoton chip marked 5565D-M was used as multi-controller. Unfortunately, there is no datasheet for it and its pinout very differs from all public datasheets of similar chips that I can find.

There was some pain to exploit it. I've got PSP code execution a week ago but then got stuck because UART interface was inactive. I've guessed that it's some problem with the PSP bootloader that doesn't configure SuperIO chip properly and looks like I was correct.