CTurt

@CTurtE

Security Engineer at Google

cturt.github.io
Joined October 2013
14 Photos and videos Photos and videos

Tweets

You blocked @CTurtE

Are you sure you want to view these Tweets? Viewing Tweets won't unblock @CTurtE

  1. Pinned Tweet
    3 Aug 2020

    I’m thrilled to announce that I’ve joined Google on the ISE Cloud team! I’m starting remotely here in the UK for now, but I’ll be moving to Switzerland before the end of this year.

    52 replies . 8 retweets 409 likes
    Undo
  2. Mar 28

    New blog post! How I hacked an online Poker site: (clickbait warning)

    24 replies . 11 retweets 126 likes
    Undo
  3. Mar 11

    6 months later and I’m still receiving new bounties from PlayStation. Just wanted to say: I’m very happy with my interactions with this team, and I can’t wait to disclose some of the findings!

    Just heard from PlayStation that I’ve been awarded a $10k bounty, thanks! 👀
    78 replies . 60 retweets 517 likes
    Undo
  4. 10 Sep 2021

    An update: they’re also sending me a PS5 console, which is great because I don’t actually have one yet. Thanks again to the PlayStation security team :)

    Just heard from PlayStation that I’ve been awarded a $10k bounty, thanks! 👀
    49 replies . 27 retweets 480 likes
    Undo
  5. 19 Aug 2021

    Although PS2 is explicitly out of scope in their bounty program, if you did have an exploit for a PS2 game, I wonder if you could still convince them to payout under the rationale that for PS2 streaming in PS Now it would be RCE on their servers.

    Replying to @CTurtE
    Please tell me it’s for the PS2 hax 😂
    7 replies . 4 retweets 98 likes
    Undo
  6. 19 Aug 2021

    Just heard from PlayStation that I’ve been awarded a $10k bounty, thanks! 👀

    69 replies . 60 retweets 608 likes
    Undo
  7. 8 Jun 2021

    Path traversals are still alive in file sharing enabled chat apps. Thanks to Dino for the speedy fix :)

    21 likes
    Undo
  8. 3 May 2021

    And here's the previous upload from 2006 that I'm comparing it to. Applying old YouTube compression to VHS tapes is frustratingly bad, so I'm super excited by these new remasters :)

    1 reply . 13 likes
    Show this thread
    Show this thread
    Undo
  9. 3 May 2021

    This is really cool! Someone has remastered a bunch of the old instructional guitar VHS tapes in 1080p 60 FPS, using some machine learning software. Here's Yngwie Malmsteen 'Hot Licks' from 1991... You can actually see the frets he's playing, finally!

    6 replies . 13 retweets 82 likes
    Show this thread
    Show this thread
    Undo
  10. 18 Apr 2021

    Many instructions calculate and set multiple flags, when only one is actually needed in the context; in these cases we could emit a more optimised handler alongside the original ROM, essentially converting the game to use a finer-grained instruction set, without fully recompiling

    4 likes
    Show this thread
    Show this thread
    Undo
  11. 18 Apr 2021

    A less extreme idea: decoding which registers each instruction in ROM writes to, and tracking whether they actually get read by subsequent instructions, or just overwritten (up until say an indirect jump).

    1 reply . 4 likes
    Show this thread
    Show this thread
    Undo
  12. 18 Apr 2021

    For the remaining games, some additional static optimisations could be done. For instance, on the extreme side, people have completely recompiled games statically:

    1 reply . 4 likes
    Show this thread
    Show this thread
    Undo
  13. 18 Apr 2021

    Along with hand tuned assembly, this trick of cutting out the overhead of the main loop by using a “weird machine” allows many games to run full speed!

    1 reply . 3 likes
    Show this thread
    Show this thread
    Undo
  14. 18 Apr 2021

    To speed up the instruction cycle of a traditional interpreter: loop { call opcode_handler[x]; check_timings_for_interrupts(); } Instead of returning back to the main loop, each opcode handler inlines the timing checks and jumps directly to the next one:

    1 reply . 3 likes
    Show this thread
    Show this thread
    Undo
  15. 18 Apr 2021

    The GBA’s 32KB of fast RAM isn’t enough to dynamically load a GBC ROM, which could be up to 8MB. Instead, the GBC ROM gets added to the emulator’s ROM file. The whole ROM can be accessed, but there isn’t space to largely JIT new code, aside from a few game-specific “speed hacks”

    2 replies . 3 likes
    Show this thread
    Show this thread
    Undo
  16. 18 Apr 2021

    This technique is really cool! I saw a similar thing used in the GameBoy Color emulator for the GameBoy Advance, goombacolor.

    This is an incredibly creative project. Here a thread to explain how it works for the unintroduced to weird machines. QEMU translates binaries to an intermediate representation called tiny code. Then it has 2 ways of executing it. (1/7)
    Show this thread
    1 reply . 2 retweets 21 likes
    Show this thread
    Show this thread
    Undo
  17. 12 Mar 2021

    If you give buffer overflow this opposite definition (preventing buffer overflow), it becomes completely meaningless to say “this software has buffer overflows”.

    1 retweet 7 likes
    Show this thread
    Show this thread
    Undo
  18. 12 Mar 2021

    Pet peeve: when software returns an error on insufficient space and calls it a buffer overflow error... no, that would be if the scenario _wasn’t_ handled and the buffer actually overflowed, not when you explicitly prevent it by returning an error to indicate insufficient space

    2 replies . 2 retweets 19 likes
    Show this thread
    Show this thread
    Undo
  19. 27 Feb 2021

    The elusive PlayStation 2 security coprocessor, 'Mechacon', has finally been dumped for the first time!

    ac4685b16373e98728c035b786a6f2ab7f31b1207108ae0381bbb9a8ce9c753b
    Show this thread
    15 replies . 133 retweets 647 likes
    Undo
  20. Retweeted
    23 Feb 2021
    Replying to

    More legit Rust 0day I’ve wanted fixed for 2 years now: You can hide unsafe code without your own unsafe block by abusing other people’s macros. It even bypasses #![forbid(unsafe_code)]

    2 replies . 4 retweets 13 likes
    Undo
  21. 27 Jan 2021

    So many people talking about GME... They all went from “security researcher” to “securities researcher” real quick! 😂

    1 reply . 4 retweets 53 likes
    Undo

@CTurtE hasn't Tweeted yet.

Loading seems to be taking a while.

Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

    You may also like

    ·