PlayStation hack flow revealed yesterday by Exploit Chain Using Blu-ray Disc on PS4 and PS5The security researcher said in his disclosure that the exploits could lead to “trivial kernel exploits” on PS4, as well as pirated discs on PS5.
Beyond the initial excitement, we have a lot of questions and answers are slowly bubbling up. This is what we know so far. (As always, let us know in the comments if you think we’ve done something wrong!)
I heard there was big news yesterday. Where is the hack for my PS4/PS5?
Legendary PlayStation hacker TheFlow reveals a slew of exploits for PS4 and PS5 at a meeting yesterday, exploiting a vulnerability in the Blu-ray driver used by both consoles.In theory, these vulnerabilities could lead to PS4 jailbreak There may also be pirated discs on the PS5, but:
Nothing can be directly exploited by the end user. At the moment, what we have is a (pretty precise) Explain what vulnerabilities exist on the console, and where the firmware code is located. Compiling all this information into a working proof of concept for either console is “left as an exercise for the reader”. Then, assuming someone reproduces what TheFlow describes in the report (a kernel panic), this still needs to be correlated with more discoveries (such as kernel exploits) to turn into a full jailbreak.
in other words: Something that can be used by end users can take months to come out of it. As a good reminder, it Seasoned hacker spent months releasing PS4 7.55 jailbreak As early as 2021, TheFlow will reveal it again, although the disclosure is quite detailed.
How does this disclosure affect PS4?
Assuming the actual implementation of the exploit chain is published:
For users running on firmware 9.00 or loweryou can already jailbreak your console. As you can imagine, this exploit chain is Existing Kernel Vulnerabilities (We assume here that the kernel exploit functions are accessible from the BD context). TheFlow says the vulnerability is 100% reliable, which means people will Looking forward to a 100% stable jailbreak for PS4. This would be an improvement over current jailbreaks, which sometimes require multiple retries due to the randomness of the underlying userspace utilization (Webkit exploit).
For those running on firmware 9.03/9.04: TheFlow says that with the success of this exploit chain, the kernel exploit is “trivial because there is no SMEs and can simply use the broken function pointer to jump to the user“. The way we read here is It might be very easy to achieve privilege escalation (jailbreak for PS4 9.03/9.04) in this case. Take it with a pinch of salt here, something “trivial” to TheFlow may still require a lot of research for others.
For those running on firmware 9.50 or higher: PlayStation has fixed the security hole in 9.50, so There’s nothing here for you. try Get a PS4 with lower firmware when you have the chance. At the very least, stop updating your console if you wish to jailbreak.
Does this bug mean the return of pirated discs on PS4 and the need to burn dozens of Blu-ray discs (e.g. for homebrew or emulators)?
Most likely not. The fact that the exploit runs with a Blu-ray exploit doesn’t restrict users to this format after a successful exploit: the Blu-ray exploit is the “entry point” to unlocking the console. Once the jailbreak is active in RAM, loading homebrew (yes, pirated games) will most likely work the same way it does: installing it on the console from a PC via USB or FTP, then from the PS4 hard drive run it.
What does this Blu-ray bug mean for PS5 hackers and piracy?
TheFlow initially stated in his report that this exploit chain could easily lead to pirated discs. Because this is not a kernel vulnerability per se (no full access to the console), operations in the context of BD will be restricted, but in his report, the hacker is convinced that this could lead to the creation of pirated discs. The report doesn’t mention whether this is for PS4 or PS5, suggesting both:
UDF driver https://github.com/williamdevries/UDF For PS4 and PS5, which includes a buffer overflow.[…] With these loopholes, you can Shipping Pirated Games on Blu-ray Disc. Even without a kernel exploit is possible because we have JIT capabilities.
He has since clarified this on Twitter:
I’d like to clarify: without the kernel exploit, you won’t be able to run any pirated games (only on PS4 anyway) because we don’t have enough RAM in the bd-j process and have some other limitations. This is only a theoretical impact.
— Andy Nguyen (@theflow0) June 11, 2022
So, for those who think this leads to instant piracy, here’s the big deal: From this point of view, the road to PS5 disc piracy has not been smooth sailing, and the hacker appears to be referring specifically to PS4 games. It’s also possible that TheFlow may just be trying to cover itself legally: of all the points disclosed, the threat of PS5 piracy is probably the least interesting technically, but the biggest threat to Sony’s business.
There may still be paths leading to PS5 disc piracy here. Whether “entrepreneurs” will figure it out any time soon and start selling pirated games is anyone’s guess.
As far as hacking goes, this opens a very important door for the security of the PS5, and other hackers may start exploiting it to dig into the PS5’s internals. This could lead to more discoveries for tinkerers should a vulnerability emerge. How quickly depends on how quickly people can reproduce and distribute TheFlow findings.
Is the PS3 affected by these exploits, and if so, what does this mean for the PS3?
TheFlow states that the PS3 is also affected by the bug, which we believe is because it uses the same drivers as its sister. But it’s possible he hasn’t done a full implementation for that console yet, and needs to work out those details. Differences in implementation may mean that the exploit chain does not work, or is not easily implemented on PS3. Zecoxao told us people are looking into it:
We are working on it, don’t worry 🙂
— Control_eXecute (@notzecoxao) June 11, 2022
So is it safe to update my PS5/PS4 to X.XX?
Well…though TheFlow Stated that his exploit chain was fixed on PS4 9.50 and PS5 5.00, there are other exploits lurking in the console that may prove necessary.PS5 Kernel Vulnerability Patched According to PS5 4.50 Zekso, it may be the key to full access to the console. The rule of thumb remains the same: Avoid updating your console until specific content is published. This works on PS4 and PS5.
Kernel vulnerability patched in 4.50
— Control_eXecute (@notzecoxao) June 11, 2022