Wednesday, March 15, 2017

Yet Another Apologetic Moment

So, just a quick status update first: I've been doing some lv0 research on my free time, but I've mostly moved on to the Switch (who hasn't at this point?).
I'm really enjoying the public efforts showing up in regards to hacking it (see PegaSwitch for example) and I  truly hope this will turn out to be a more sane "scene" than the previous ones.

Anyway, on to the reason behind this post.
I was very happy to exploit lv1 on my 1.50 Vita, did a small write-up on the process and documented the exploit used.
Well, there was something I left out on my previous post (on purpose): a lot of the information that led me to achieve a successful lv1 hack was leaked from someone else (who shall not be named for privacy).

First, a bit of context. I did find a memory leak using the 0x12F SMC (which I tweeted about) and discovered the meaning of the shared memory areas earlier on January. However, I was stuck there for quite a while, limited to an arbitrary 8 byte read primitive.
Then, suddenly, I began receiving anonymous emails with *very* *specific* information about this particular bug and how to use it to achieve lv1 code execution. The person made very clear that didn't want to be involved and allowed me to do whatever I deemed right with the information.
After successfully recreating the exploit and achieving code execution I tried to contact the person again for a few reasons (mainly, trying to understand how he/she/it had this knowledge). After days without a reply and getting my emails bounced back (the individual's email address even seemed to be randomly generated and was using a widely popular secure email service) I decided to write-up about the bug while keeping certain details away.

I honestly thought I was doing no harm, but, at the same time I had my suspicions. Fast forward to today, the real author of this exploit contacted me and after chatting for a while it became clear that this information I was provided with was leaked.
The main reason behind this post is to properly acknowledge the author of the exploit (who also found the bug in the first place) and to stress out how important the author's work is.

I favor honesty over fame, but unfortunately a lot of people think differently. I still don't know exactly what was the point of all this, nor do I know if the leaker shared this with more people (in that case, it would be a matter of time until someone did the same thing I did).
I began working on security and writing on this blog always having a strict policy of not getting involved in drama. Turns out, it simply can't be avoided.

I apologize publicly to the author of the exploit for publishing it and to everyone that was misled into thinking it was entirely my work. I hope you all can understand the position I was in and also that it was never my intention to shine through the efforts of others.
I obviously take the blame for taking the wrong decision and publishing the exploit, while I should've just kept it for myself or at least try to understand better where it came from.

I'm truly not used to all this backstabbing, secrecy and wars over fame that brew from the console hacking "scenes", so I naively assumed this was someone sharing the information with the single purpose of bringing it to the public without his/hers/its name attached to it.

I've learned my lesson from this event and I'm deeply sorry for what happened.