featured image

After revealing a PS5 Kernel exploit yesterday, hacker TheFloW has announced that he will provide more details during a security presentation in Paris in October. Meanwhile, other scene hackers are working on an implementation of the hack. The race is on!

PS5 Kernel Exploit – The Current Status

Yesterday, a PS5 vulnerability was revealed by hacker TheFloW via PlayStation’s bug bounty program on HackerOne. The vulnerability, the hacker says, could give us Kernel access to the PS5 in conjunction with an access point such as the BD-JB exploit chain.

Interestingly, this is an old PS4 vulnerability in FreeBSD’s IPV6 implementation, which the hacker discovered was still present on early PS5 firmwares.

PS5 Kernel Exploit – Affected Firmware

It is still unclear which firmware is affected by the vulnerability. Given the timeline, we suspect that at least Firmwares up to 4.50 included are vulnerable, with 4.51 (or 5.00) potentially patching the vulnerability.

Beyond the firmware requirements, the question arises as to which model of the PS5 could actually benefit from a potential hack. The BD-JB exploits require a physical edition of the PS5, as they require a Blu-Ray disc to perform the entry exploit.

It’s worth remembering that the PS5 is also vulnerable to a Webkit user mode exploit up to Firmware 4.03, which could be used as a separate entry point for those with a digital edition PS5. Whether that exploit is easy to combine (or even compatible) with the IPV6 Kernel exploit remains to be seen. It also seems clear that most efforts will initially focus on the BD-JB + IPV6 combination, as this is what TheFloW has been using and for which most of the implementation details will be available initially.

In other words, my current guess is that people with a physical edition PS5 with 4.50 or lower will see something soon, while people on 4.03 or lower (digital edition or those with a physical edition who don’t want to buy a Blu-Ray disc) burner ) may also see something that uses the Webkit exploit at some point. That’s why I think we’re seeing a lot of people right now calling 4.03 as the “gold” firmware for PS5 hacks.

Scene hackers exploiting PS5 kernel implementation. Homebrew a possibility? Definitely not piracy

Since TheFloW’s unveiling yesterday, other hackers like ZNullPtr have been investigating the exploit chain’s implementation on PS5. A resulting hack could happen in days, weeks, or months, depending on the difficulty of implementing the Kernel exploit from existing PS4 code and then linking the exploits together.

Multiple PlayStation hackers have come out of the woods to clarify that a kernel exploit on the PS5 isn’t as “powerful” as kernel exploits on previous-generation consoles. Notably, a combination of user + kernel exploit is not enough to enable piracy on the device, unlike what was possible on the PS3 or PS4.

ZNullPtr reminded us again not too long ago that extra security is in place on the PS5 to prevent piracy, including a hypervisor and other measures to be circumvented.

This indicates that homebrew on the PS5 could be possible without piracy, something that for many of us on the scene would actually be the best of both worlds. There’s obviously still a long way to go before we can run our own apps on the PS5, but no doubt we’ll see more surface area soon.

TheFloW to provide additional details in October

Meanwhile, TheFloW is not resting on its laurels. The security engineer will appear next month at the Hexacon security conference in France where, he saidhe will reveal more about this newly revealed kernel exploit.

I had initially assumed that this presentation would be a rerun of the BD-JB exploit presentation he did earlier this year, and I was completely wrong.

It will certainly be interesting to see if any independent progress is made by other hackers in the meantime, or if TheFloW will provide critical details in October. The hexacon website does not mention whether the presentations will eventually be uploaded online.