While the PS5 console was privately exploited shortly after its release, the recently agreed disclosure information between PlayStation and TheFloW seems to have led to the public PS5 hack, but not without its constraints.
For those following the PS5 hacking scene, you may have noticed some major activity over the past month; Especially from the known visual hacker, TheFloW, who recently published a disclosure on the Hacker One program that PlayStation has partnered with to eliminate bugs, and major security flaws on their platform. This disclosure, as it turns out, detailed how a vulnerability in BD-J (Blu-ray Disc Java) allowed TheFloW to gain kernel access on the PS5.
The crazy part about this is that it was a feat that was first released on the PS4 two years ago, just before the PS5, as noted in TheFloW’s disclosure.
The PS5 is vulnerable to which it easily gives an attacker kernel access. This vulnerability was reported by me for PS4 2 years ago when PS5 didn’t exist yet, thus it should be treated as a new report and not duplicate,
I was able to use this vulnerability in conjunction with the bd-j exploit chain to gain kernel access.
See for more details.
influence
Get Kernel Access on PS5.
With this information in hand, it didn’t take long for visual developer SlayersGovie to implement a “work-in-progress” kernel exploit based on recent revelations.
we got the kernel by egploit @sleirsgoevy
— Control_eXecute (@notzecoxao) September 29, 2022
However, as stated in the post, it was only a “work-in-progress”, which means it wasn’t quite ready yet. Well, four days later, and visual dev Specter (and a few others listed on the github page) finally shared the full exploit.
here it is. Thanks to everyone mentioned earlier. Be careful the stability is not great, of course something needs to be improved. https://t.co/J7MJOZlTOx
— Specter (@spectordev) 2 October 2022
Note that this exploit is only executable on consoles running Update 4.03, which was released a year ago this month. This means that if you have been using your console for online gaming since then, and are up-to-date with the latest updates, this exploit will not work on your system. Specter also warns of low stability, and this is mostly for developers to play with, rather than the general public.
The exploit strategy is for the most part based on TheFlow’s BSD/PS4 PoC with some changes made to accommodate the annoying PS5 memory layout (see more) research notes section). This sets up an arbitrary read/(semi-arbitrary) write primitive. There are many limitations to this exploit and its capabilities, and as such, it is mostly intended for developers to play around with to reverse engineer parts of the system.
Also note; Stability is pretty low, especially compared to PS4 adventures. This is due to the nature of the bug being tied to race conditions as well as the PS5’s mitigation and memory layout. This document will contain research information about PS5 and this exploit
While the unfortunate side effect of this hack/jailbreak is undoubtedly allowing the system to run pirated games (in its current state, the exploit doesn’t allow this), there are some developers on the scene who could put some of its vulnerabilities to good use. Huh.
take the known soul modder Lance McDonald, If you haven’t heard of him by now, we highly suggest you check out his Twitter and all his contributions to the Souls franchise, as well as other titles.
However, what has certainly been one of his greatest achievements was his contribution in figuring out how to run Bloodborne, a game locked at 30fps with frame-pacing issues, to run at 60fps unlocked , with frame pacing fixed. This has been a long-requested feature from PlayStation fans since the PS4 Pro was first released. And with the PS5 getting many older games the 60fps patch, some thought Bloodborne would eventually be one of those titles. Sadly, we are still waiting and the only known way to play Bloodborne at higher frame rates is to jailbreak the PS4 or PS4 Pro, and even that is not stable.
There was a glimmer of hope for the future, however, as Digital Foundry was unexpectedly sent some footage of Bloodborne using Lance’s 60fps patch and playing on the PS5. Result? Well, check it yourself.
Bloodborne won’t be the only PS4 title that has yet to be officially patched, but has received an unofficial one as developer Illusion is working on an unlocked FPS patch for several PS4 titles like Gravity Rush, DriveClub, and more.
And then don’t forget the number of homebrews the PS4 got over the course of its lifetime. There are certainly some positives, although understandably, they probably won’t outweigh the negatives. Which begs the question – what does this exploit really mean for online gaming on PlayStation?
Firmware Updates Should Keep Online Cheaters at Bay
One of the biggest concerns with the PS5 now publicly being hackable is that it will bring an onslaught of online fraudsters. This has been such a huge concern, especially since the PS3 days where hacking was so widespread. The PS4 saw a huge reduction in online fraud, although it still has some capability such as save modifications.
However, anyone who follows the scene will already know that many of these exploits can only be achieved on consoles with a specific firmware, but are not currently required for online play. This means that only a small number of people were actually able to hack their console due to the limitations of the supported firmware.
The same is true for the PS5, as the exploit was apparently fixed back in September of 2021 — a full year earlier. This is also part of the reasoning why these hackers/security researchers are allowed to reveal them now instead of a year ago.
With the PS5 in high demand, and stocks constantly running low, chances are you’ll find a console out there that’s capable of exploits. And if you were, you would have no way of going online with it. Unlike the PS4, the PS5 also prevents users from copying their game saves from the console. While hacked consoles will most likely be bypassed, you’re going to have a hard time getting those modified saves onto a legitimate PS5 because there’s no option to copy the PS5 saves back to a legitimate console via USB. Is.
Of course users can modify their PS5 saves and games, update their console, and go online, but then they will be completely locked out of jailbreaking as there is no known way to downgrade the firmware , and if it were, it would no doubt be an easy process for most users.
So in short, PS5 owners won’t have to worry much about encountering an online cheater on the PS5, unless the title has a PS4 version with cross-gen save support, the point of entry for which will be on the PS4. , It’s based entirely on current knowledge, and how things went in the past, so it may all change down the road.
We hope not, because we certainly don’t need more cheaters than ever, especially with cross-play becoming more standard, and PCs joining the mix.
Source
