Researchers who discover a vulnerability that allows them to play pirated games on PS4 and PS5 will be rewarded with a reward of 2 million yen or more.
Google security engineer
# 1379975 bd-j exploit chain
https://hackerone.com/reports/1379975
Playstation confirms chain of 5 vulnerabilities on PS4 / PS5 | Hacker News
https://news.ycombinator.com/item?id=31799414
According to Nguyen, a 'bd-jb' exploit that exploits all five vulnerabilities will allow PS4 and PS5 to play pirated games burned to Blu-ray discs. Nguyen set the severity of this series of vulnerabilities to 7-8.9 out of 10 and submitted the report on October 25, 2021.
Advantages of bd-jb compared to WebKit exploit:
— Andy Nguyen (@ theflow0) June 11, 2022
--Works on both PS4 / PS5
--100% reliable
--Firmware-agnostic (ROP-less code execution)
--Bigger kernel attack surface
--JIT for executing payloads, so you can write a kernel exploit in C (on PS4 only)
This report was confirmed by PlayStation, Sony Interactive Entertainment (SIE), on October 30, and correction measures were taken. As a result, Mr. Nguyen earned $ 20,000 (about 2.2 million yen at the rate at that time) as a reward for the bug reward program.
However, the SIE side updated the status of the report to 'solved', but did not publish the contents of the report. Therefore, Mr. Nguyen requested the disclosure of the report from the SIE side, and HackerOne, which plans the bug reward program, also requested the disclosure of the report like Mr. Nguyen. The report was subsequently disclosed on June 11, 2022.
Hacker News, a social news site, said, ' Bug reward programs like Hacker One does may delay the disclosure of reports and some companies refuse to pay bug rewards, so I would like to participate. No. '' The $ 20,000 that reports five vulnerabilities that make pirates all-you-can-play is probably a small reward. '' The bug reward program doesn't exist to make money. I don't think $ 20,000 is too cheap because it's for white hackers who hack for their own enjoyment and curiosity . '
Related Posts:
