fail0verflow @fail0verflow Twitter profile

Last Seen Profiles

@MyraT7602

@soner6234

@the_neweurope

@neur0ner

@KAMIARI_SEIMEN

@alen9485

@stwmaniax

@BinorRaja

@tcrwp

@kyeomabels

@jandakembangstw

@megcrowson

@PasutriSukabumi

@Locked_person56

@HANNAHREXlC

@cAV9kuJ9k995390

@Kobzarcheg

@waka_uq

@OptimaBatteries

@CNagengast72431

@92_GameBoy

@EmniyetMugla

@Xeque_Marte

@bokeplokalmalam

@AmanaDaFeline

@Jeannie2321

@stwmaniax

@bokeplokalmalam

@cukienaknikmati

@ARYNEWSOFFICIAL

@sedatcz71267

@rama_deet

@Human24266981

@tsukyiio

@StwGendut

@Mertmer34ist

fail0verflow

@fail0verflow

7 years

🐧🐧🐧🐧 #switch

126

2K

5K

fail0verflow

@fail0verflow

3 years

Translation: We got all (symmetric) ps5 root keys. They can all be obtained from software - including per-console root key, if you look hard enough!

fail0verflow

@fail0verflow

3 years

Another one bites the dust 😎

76

377

2K

148

1K

4K

fail0verflow

@fail0verflow

3 years

Another one bites the dust 😎

76

377

2K

fail0verflow

@fail0verflow

7 years

We made a nice scroller for Switch :)

87

678

2K

fail0verflow

@fail0verflow

7 years

In case it wasn't obvious, our Switch coldboot exploit: * Is a bootrom bug * Can't be patched (in currently released Switches) * Doesn't require a modchip to pull off

fail0verflow

@fail0verflow

7 years

We made a nice scroller for Switch :)

87

678

2K

62

623

2K

fail0verflow

@fail0verflow

6 years

Introducing our new, revolutionary technology for Nintendo Switch modification. Welcome to SwitchX PRO. Coming soon.

80

506

1K

fail0verflow

@fail0verflow

6 years

Another "PS4 Aux Hax" blog! Using HDMI-CEC to get code exec on all PS4 southbridge versions (including PS4 Pro, etc.), without requiring other parts of the system to be pwned:

36

410

1K

fail0verflow

@fail0verflow

6 years

In utterly, completely unrelated news, here's a sneak peak at a totally brand new Zelda game coming soon to Nintendo Switch.

41

239

918

fail0verflow

@fail0verflow

6 years

ShofEL2, a Tegra X1 and Nintendo Switch exploit

GitHub - fail0verflow/shofel2: Tegra X1 bootrom exploit

Tegra X1 bootrom exploit. Contribute to fail0verflow/shofel2 development by creating an account on GitHub.

github.com

22

368

792

fail0verflow

@fail0verflow

7 years

The First PS4 Kernel Exploit: Adieu

29

452

773

fail0verflow

@fail0verflow

7 years

Dumping a PS4 Kernel in "Only" 6 Days:

19

299

700

fail0verflow

@fail0verflow

6 years

ShofEL2 also supports running Switch homebrew. Technically.

25

145

645

fail0verflow

@fail0verflow

2 years

New blog post about hacking PS VR! We managed to find some major flaws - breaking secure boot and extracting all key material:

14

191

603

fail0verflow

@fail0verflow

6 years

And for those who don't want to wait or want a more cost-effective solution, we're also introducing a lite version of SwitchX. Available at your local hardware store TODAY.

24

132

577

fail0verflow

@fail0verflow

6 years

Reminder: ShofEL2 cannot be patched in existing units (it will work on *any* firmware, past or future), it allows full access (all keys and secrets), and it is completely undetectable by normal software. You can dual boot Linux and Switch OS with impunity.

fail0verflow

@fail0verflow

7 years

In case it wasn't obvious, our Switch coldboot exploit: * Is a bootrom bug * Can't be patched (in currently released Switches) * Doesn't require a modchip to pull off

62

623

2K

29

174

516

fail0verflow

@fail0verflow

6 years

A trio of new blog posts! Checkout "PS4 Aux Hax": hacking Aeolia, Syscon, and DS4.

14

172

466

fail0verflow

@fail0verflow

9 years

Who said 3D drivers for the PS4 wouldn't happen any time soon?

36

306

433

fail0verflow

@fail0verflow

9 years

Yesterday we lost our friend @gnihsub . May he rest in peace.

67

297

360

fail0verflow

@fail0verflow

8 years

Open sourcing The Homebrew Channel:

8

169

325

fail0verflow

@fail0verflow

6 years

The Tegra X1 flaw that both ShofEL2 and Fusée Gelée exploit now has a name: CVE-2018-6242.

12

107

318

fail0verflow

@fail0verflow

6 years

Took a peek at latest PS4 Pro (CUH-72xx, board NVG-001): same southbridge (CXD90046GG), newly marked syscon (A06-C0L2 but still RL78/G13) - so nothing changes in terms of "Aux Hax" stuff :)

32

56

307

fail0verflow

@fail0verflow

6 years

Fun fact: we started upstreaming some patches months ago (working with the linux-tegra community on Tegra X1 support in mainline Linux), so if you've seen anyone else running Linux on the Switch recently... chances are they were running some of our code unknowingly ;-)

13

32

294

fail0verflow

@fail0verflow

6 years

Small update to Aux Hax: Nearly same methods are working against devices on recent PS4 Pro board NVB-003: Syscon A05-C0L2 (R5F101LL) Belize southbridge (CXD90046GG) Belize has ROM readout protection and clears stack...they're learning ;)

11

49

259

fail0verflow

@fail0verflow

6 years

Jokes aside, we have a 90-day responsible disclosure window for ShofEL2 ending on April 25th. Since another person published the bug so close to our declared deadline, we're going to wait things out. Stay tuned.

10

43

248

fail0verflow

@fail0verflow

1 year

Aleksei Kulaev

@flat_z

1 year

finally... hello, PS5 PSP :)

139

255

2K

8

44

257

fail0verflow

@fail0verflow

6 years

Protip for @arstechnica : this is Dolphin on Linux, not some dodgy China-only port for the Shield.

3

22

243

fail0verflow

@fail0verflow

5 years

Here is our implementation of the Renesas RL78 debug protocol (as requested in a comment on the blog):

GitHub - fail0verflow/rl78-debug: Implementation of Renesas debug protocol(s) for RL78 and perhaps...

Implementation of Renesas debug protocol(s) for RL78 and perhaps other archs - fail0verflow/rl78-debug

github.com

9

34

192

fail0verflow

@fail0verflow

7 years

For those wondering about the song, this is "Is back 2002.mod" by Estrayk. If you want more, check out The Mod Archive!

Is back 2002.mod by Estrayk

I think that this was the last module that I composed in Amiga in 2002 before I left scene for ever. Good memories.!

www.youtube.com

7

19

166

fail0verflow

@fail0verflow

9 years

We've released the PS4 kexec-style code to load the Linux kernel from Orbis OS. (exploit not included)

GitHub - fail0verflow/ps4-kexec: Implementation of the kexec system call for PS4

Implementation of the kexec system call for PS4. Contribute to fail0verflow/ps4-kexec development by creating an account on GitHub.

github.com

4

124

149

fail0verflow

@fail0verflow

9 years

Work-in-progress repo:

GitHub - fail0verflow/ps4-linux: Linux kernel fork with PS4 support (work in progress)

Linux kernel fork with PS4 support (work in progress) - fail0verflow/ps4-linux

github.com

5

103

162

fail0verflow

@fail0verflow

9 years

Turns out USB *does* work on PS4 Linux. We thought it didn't, and that more work was needed, but we must've accidentally fixed something.

9

45

137

fail0verflow

@fail0verflow

6 years

Note the CVE creation date, in case anyone doubted our disclosure timeline. And don't even *think* about trying to give the bug itself a cutesy name. We have enough of those already ;-)

8

7

137

fail0verflow

@fail0verflow

7 years

@SamZaNemesis Our thoughts on L4T are best summed up by this picture.

3

13

141

fail0verflow

@fail0verflow

8 years

Console Hacking 2016: Postscript

4

49

138

fail0verflow

@fail0verflow

9 years

17

64

128

fail0verflow

@fail0verflow

9 years

Console Hacking 2015: Liner Notes

5

95

123

fail0verflow

@fail0verflow

6 years

Extra derp points because that China-only port was *Twilight Princess*, not *Wind Waker*.

2

115

fail0verflow

@fail0verflow

11 years

Slides from our talk: http://t.co/s5tI5OHSFD / Video: http://t.co/KrSPYTU2gF (torrent: http://t.co/OsilBItusE )

3

73

108

fail0verflow

@fail0verflow

7 years

@gasper_sedej Nouveau and an open boot stack. We don't do blobs unless under extreme duress.

5

6

98

fail0verflow

@fail0verflow

9 years

Evil broken NOP command strikes back.

4

20

88

fail0verflow

@fail0verflow

3 years

@damienmiller No

1

6

83

fail0verflow

@fail0verflow

9 years

[drm] ring test on 🍩 succeeded in 1 usecs

12

34

80

fail0verflow

@fail0verflow

7 years

@ktemkin @reswitchedteam Not bad ;-)

2

72

fail0verflow

@fail0verflow

9 years

Why does everyone interpret our rants about crazy hardware as security related? We're porting Linux. We're writing drivers, not exploits.

8

30

69

fail0verflow

@fail0verflow

9 years

Achievement Unlocked: Broke GPU driver by switching to NFS over UDP

2

33

70

fail0verflow

@fail0verflow

7 years

@hedgeberg No closed-source boot chain components were involved in the making of this tweet.

3

10

66

fail0verflow

@fail0verflow

9 years

More patches: Vendor: (0x1002) Device: AMD LIVERPOOL (DRM 2.43.0, LLVM 3.7.0) (0x9920)

GitHub - fail0verflow/ps4-radeon-patches: Small patches to add PS4 support to Linux userspace...

Small patches to add PS4 support to Linux userspace libraries - fail0verflow/ps4-radeon-patches

github.com

11

23

59

fail0verflow

@fail0verflow

6 years

@hedgeberg @hexkyz Shhh, it's more fun if you wait until the blogpost.

4

2

42

fail0verflow

@fail0verflow

10 years

HubCap: owning the ChromeCast http://t.co/GRcXztE2Ki #android #chromecast #hacking

0

52

42

fail0verflow

@fail0verflow

3 years

@3226_2143 @notzecoxao yes, but it's arm here

3

4

39

fail0verflow

@fail0verflow

14 years

Great BBC article: http://www.bbc.co.uk/news/technology-12116051

0

130

37

fail0verflow

@fail0verflow

7 years

@Sun_Ultra10 That's not us.

1

0

37

fail0verflow

@fail0verflow

7 years

@hedgeberg @ktemkin Challenge accepted.

2

36

fail0verflow

@fail0verflow

9 years

3D is *almost* working in the kernel branch on GitHub. It's missing one patch that needs to be cleaned up due to it being a horrible hack.

3

16

35

fail0verflow

@fail0verflow

14 years

Standalone Linux on the PS3 Slim demo (with video): http://goo.gl/8oZVj (this is what *should* have been the 27c3 demo, had video worked)

0

95

35

fail0verflow

@fail0verflow

9 years

It's worth noting that with the released kexec loader and kernel (and an exploit) you should be able to replicate our 32c3 demo.

0

13

34

fail0verflow

@fail0verflow

12 years

The fail behind Mega's "secure boot": http://t.co/gIhD9Shr . Comes with a forging demo. If you host Mega's CDN, try it! ;)

6

120

33

fail0verflow

@fail0verflow

2 years

@vpikhur @oct0xor @theflow0 @hardwear_io If a tree falls in a forest and no one is around to hear it, does it make a sound?

9

3

33

fail0verflow

@fail0verflow

11 years

Console Hacking 2013: Omake: http://t.co/o1VYF7JY2w (more hardware details, vWii mode, and an explanation of some of the keys).

4

51

31

fail0verflow

@fail0verflow

4 years

@VVildCard777 @LightningMods_ With emc code exec, you can handle all snvs msgs to sc yourself. Makes it easier to fiddle with snvs contents and avoid bad writes into the actual sc. sc dump is still required for key. hdd backup isn't required, but maybe faster than going through recovery install.

3

33

fail0verflow

@fail0verflow

9 years

Hint: the NOP thing has nothing to do with exploits and everything to do with

drm/radeon: use packet2 for nop on hawaii with old firmware · torvalds/linux@0e16e4c

Older firmware didn't support the new nop packet. v2 (Andreas Boll): - Drop usage of packet3 for new firmware Signed-off-by: Alex Deucher Review...

github.com

5

13

29

fail0verflow

@fail0verflow

12 years

8 Days. http://t.co/jJD7FEdM . 27181eb3cc988732fc416563c6f21b4a34b88a05.

13

56

30

fail0verflow

@fail0verflow

9 years

WARNING: OFF-BY-4 ERROR DETECTED IN SDMA ENGINE. EVACUATE IMMEDIATELY. REPEAT. UATE IMMEDIATELY.EVAC

7

9

27

fail0verflow

@fail0verflow

12 years

"The Wii U is a system we can all enjoy together" - Reggie Fils-Aime http://t.co/6GMgD6Dd

14

133

22

fail0verflow

@fail0verflow

14 years

totally epic ps3 fail about to be unveiled at #27c3 , stream it at: http://saal1.h264.27c3.fem-net.de/ or http://wmv.27c3.fem-net.de/saal1

0

72

27

fail0verflow

@fail0verflow

10 years

#31c3 CTF signals20 safelock write-up: @eb_CTF

0

26

24

fail0verflow

@fail0verflow

10 years

Part 2 of HubCap: owning the Chromecast http://t.co/Pc5EoLTAQT #android #chromecast #hacking

0

29

25

fail0verflow

@fail0verflow

10 years

Enhancing the AVIC-5000NEX #hacking #hardware #android

0

31

24

fail0verflow

@fail0verflow

6 years

@diwidog @St4rkDev Touchée

2

1

23

fail0verflow

@fail0verflow

11 years

New blog post: The future of console homebrew (and a shot of Espresso) http://t.co/NnVsoSB9UI

17

56

24

fail0verflow

@fail0verflow

12 years

We finally have a YouTube channel: http://t.co/MkD5axPX ! To kick things off, here's a sneak Wii U peek: http://t.co/JPFVak2l

5

45

24

fail0verflow

@fail0verflow

11 years

For those interested: we used reveal.js to make those slides. Check it out: http://t.co/4Ox7OOcAkm

GitHub - hakimel/reveal.js: The HTML Presentation Framework

The HTML Presentation Framework. Contribute to hakimel/reveal.js development by creating an account on GitHub.

github.com

0

6

23

fail0verflow

@fail0verflow

6 years

@coreboot_org We don't even have any useful ATF patches left ever since we switched to coreboot. As for upstreaming, we've already started: :-)

0

3

23

fail0verflow

@fail0verflow

14 years

slides: http://events.ccc.de/congress/2010/Fahrplan/events/4087.en.html

0

38

22

fail0verflow

@fail0verflow

9 years

Thanks to @kr105rlz for testing our kexec code, giving early feedback, and proving that it works with his code/exploit setup!

1

5

22

fail0verflow

@fail0verflow

6 years

@ktemkin Eww, Xen. Sorry, we're strictly KVM people ;-)

0

2

19

fail0verflow

@fail0verflow

9 years

ring 0 test failed

2

8

18

fail0verflow

@fail0verflow

10 years

The #31c3 CTF is over and we won! Props to pasten and @DragonSectorCTF for the tough competition and to @StratumAuhuur for organizing it!

3

11

19

fail0verflow

@fail0verflow

9 years

That repo is a 4000-ish line diff, not a 7000-ish line diff, because it's missing some debug stuff and stub/dummy/broken drivers.

1

6

16

fail0verflow

@fail0verflow

12 years

Never underestimate the power of one guy with 29 guys cheering him on: http://t.co/uTa9NH8e 2b30b7... & 6a0b87...

8

33

15

fail0verflow

@fail0verflow

13 years

Don't worry all, we are just warming up the twitter engine - getting ready for more tweeting in December ;-)

43

29

15

fail0verflow

@fail0verflow

14 years

fail0verflow is the name of our 'group'. We are a bunch of curious hackers who have been working on a bunch of things over the last 3 years.

0

24

12

fail0verflow

@fail0verflow

14 years

How it all started on 2010-12-10 @ 22:50: <segher> aaaaaaaand: <segher> THEY MADE THE BEGINNER MISTAKE

0

29

14

fail0verflow

@fail0verflow

10 years

. @PlaidCTF pwn375 __nightmares__ write-up: #PlaidCTF2014

0

10

13

fail0verflow

@fail0verflow

14 years

http://pastie.org/private/0unla7m2kxdlehmepzkktw <-- sha1 hashes for some keys

0

17

12

fail0verflow

@fail0verflow

10 years

. @PlaidCTF misc250 freya write-up: #PlaidCTF2014

0

11

12

fail0verflow

@fail0verflow

10 years

. @PlaidCTF web800 bronies write-up: #PlaidCTF2014 @eb_CTF

0

10

12

fail0verflow

@fail0verflow

14 years

There have been some pretty bad articles recently, but Gizmodo's most recent really takes the cake. I don't think there's one correct word.

0

21

10

fail0verflow

@fail0verflow

10 years

Team 0xffa is the Final Fail Alliance: 0xf0f (Fail0verflow) + 0xeb (eindbazen), for those that missed it ;) (cc @eb_CTF )

0

6

10

fail0verflow

@fail0verflow

14 years

Myth: Geohot -> Sony pulls OtherOS -> JB -> Fail. Fact: Slim had no OtherOS -> Geohot -> ... . Geohot started his work due to the Slim.

0

26

10

fail0verflow

@fail0verflow

14 years

welcome @mha42 to twitter! If it runs UNIX and has flashing LEDs he knows _everything_ about it. Pls follow him so we can blow up his mbox.

0

14

10

fail0verflow

@fail0verflow

14 years

some tools for ps3 files. expect some fail, this is still WIP: http://git.fail0verflow.com/?p=ps3tools.git

0

21

10

fail0verflow

@fail0verflow

9 years

The CHICKEN_BITS, they do nothing!

0

2

8

fail0verflow

@fail0verflow

10 years

. @PlaidCTF for400 zfs write-up: #PlaidCTF2014 @eb_CTF

0

5

9

fail0verflow

@fail0verflow

10 years

#31c3 CTF pwn30 pong write-up: @eb_CTF

0

6

9

fail0verflow

@fail0verflow

10 years

. @PlaidCTF re300 tiffany write-up: #PlaidCTF2014 @eb_CTF

0

8

fail0verflow

@fail0verflow

9 years

@i0n1c @bl4sty When @comex looks at a system, exploits just reveal themselves ;-)

1

4

9

fail0verflow

@fail0verflow

10 years

. @PlaidCTF for350 bbox write-up: #PlaidCTF2014 @eb_CTF

0

9

8

fail0verflow

@fail0verflow

10 years

. @PlaidCTF for450 rsa write-up: #PlaidCTF2014 @eb_CTF

0

6

8