Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Point-to-Point Protocol Over Ethernet (PPPoE) is a network protocol for communication between network endpoints. This is included on the Playstation, which is where this was reported at.

The vulnerability is fairly straight forward: a statically allocated buffer (2048 in size) can be appended with more data than this. When processing a PADI packet, it copies in data into this buffer, with a size less than 2048.

However, by tagging this correctly, two packets will be combined into a larger packet. When these packets are combined, it creates a buffer larger than 2048. From their experiments, the largest possible overwrite is 2800 bytes, which is quite the overflow!

From the authors understanding, this originates from buggy code in BSD. To run this exploit, turning on Ethernet is required. Then, after connecting to a laptop, reconfiguring the device with the malicious payload will trigger the buffer overflow.

Overall, great bug but I wish there was more insight into how they found it and if this was exploitable or not. Even though these appear to be non-default settings, they were awarded 10K.