Alexey Kulaev

@flat_z

Joined December 2008
6 Photos and videos Photos and videos

Tweets

You blocked @flat_z

Are you sure you want to view these Tweets? Viewing Tweets won't unblock @flat_z

  1. 18 Dec 2021

    this trick may work on other crypto hw as well if it doesn't restrict key lengths

    3 replies . 4 retweets 36 likes
    Show this thread
    Show this thread
    Undo
  2. 18 Dec 2021

    a crypto flaw was in ability to issue hmac operation with key length < 16, for example, by setting it to 1 you can bruteforce key bytes one by one by comparing hmac result with hmac result with known partial key, see code in gist

    4 replies . 16 retweets 91 likes
    Show this thread
    Show this thread
    Undo
  3. 18 Dec 2021

    this issue was fixed between 7.55 and 9.00

    17 replies . 6 retweets 79 likes
    Show this thread
    Show this thread
    Undo
  4. 18 Dec 2021

    so, PS4 Crypto Coprocessor (CCP) interface in secure kernel had a bug that allowed us to dump (or better saying, bruteforce) key slots from SAMU, that's how AES/HMAC keys from PFS, portability keys, VTRM keys, etc could be retrieved on unpatched firmware:

    50 replies . 184 retweets 708 likes
    Show this thread
    Show this thread
    Undo
  5. Retweeted
    22 Nov 2021

    Small write-up about AES key extraction in TSEC // Nintendo Switch You can read it here:

    11 replies . 173 retweets 613 likes
    Undo
  6. Retweeted
    19 Nov 2021

    Je Ne Sais Quoi - Falcons over the Horizon A blogpost/writeup on TSEC co-authored by and myself. Enjoy!

    13 replies . 84 retweets 273 likes
    Undo
  7. Retweeted
    7 Nov 2021

    Another one bites the dust 😎

    88 replies . 431 retweets 2,564 likes
    Undo
  8. 23 Sep 2021

    Just dropped my project I've worked on for several years: it's PS4 PKG/PFS unpacker, that can build GP4, generate all keys, etc

    14 replies . 88 retweets 420 likes
    Undo
  9. Retweeted
    8 Jun 2021

    Chrome and Windows zero-day exploit chain used in the wild by PuzzleMaker APT

    137 retweets 254 likes
    Undo
  10. 18 May 2021

    Two LPEs in McAfee Total Protection, well done :)

    I’ve written my first blog post - write-up for CVE-2021-23874! How to enumerate COM-objects attack surface, explore implemented functionality and exploit it
    1 reply . 1 retweet 8 likes
    Undo
  11. 24 Jan 2021

    hey Sony, why dealing with PS store UX is harder than writing an exploit for PS? a half of year have passed since introduction of new UI and the stupid bug is still here: i can't buy a game without clearing cookies/appcache each time...

    3 replies . 9 retweets 73 likes
    Undo
  12. 18 Jul 2020

    usage: downgrade_elf.py --sdk-version 05.050.001 --verbose old.elf new.elf downgrade_sfo.py --sdk-version 05.050.001 --system-version 05.050.000 --verbose old.sfo new.sfo

    5 replies . 21 retweets 106 likes
    Show this thread
    Show this thread
    Undo
  13. 18 Jul 2020

    two scripts i've made some time ago to downgrade ps4 elf/sfo to lower fw:

    23 replies . 60 retweets 294 likes
    Show this thread
    Show this thread
    Undo
  14. Retweeted
    6 Jul 2020

    sha1sum uaf.c 🧐😭😭

    600167f029d18507912597c2465e25644d8bc34c
    12 replies . 20 retweets 148 likes
    Undo
  15. Retweeted
    6 Jul 2020

    Here you are, , PS4 kernel exploit for FW 7.02 and below. Vulnerability discovered on 2019-06-09. This must be chained together with a WebKit exploit, for example for FW 6.50.

    291 replies . 736 retweets 3,070 likes
    Show this thread
    Show this thread
    Undo
  16. 28 May 2020

    Analysis of two 0-days which we have found some time ago:

    3 replies . 75 retweets 194 likes
    Undo
  17. Retweeted
    2 Mar 2020

    TIL: Windows Revocation Lists (STL, such as boot.stl and driver.stl) work with a "truncated hash" format that is always 16 bytes... to... save... memory🤯 Here's an example. 1/2 cc

    3 replies . 35 retweets 128 likes
    Show this thread
    Show this thread
    Undo
  18. Retweeted
    14 Jan 2020

    It seems that nobody is able to implement ECC properly

    This you are strongly encouraged to implement the recently released CVE-2020-0601 patch immediately.
    1 reply . 3 retweets 18 likes
    Undo
  19. Retweeted
    30 Dec 2019

    Also while I am on twitter :P PS4 Webkit exploit for 6.XX consoles. Gains addrof/fakeobj and arbitrary read and write primitives. Fixed in 7.00. Uses bug from:

    61 replies . 138 retweets 505 likes
    Undo
  20. 30 Dec 2019

    sadly ccc is over, it was very cool to meet many friends in one place at , I hope to see all of you next year, you're the best and one of the smartest people i know. happy new year!

    1 reply . 1 retweet 39 likes
    Undo

@flat_z hasn't Tweeted yet.

Loading seems to be taking a while.

Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

    You may also like

    ·