HomeTechnologyMore details surface on PS4/PS5 Blu-ray exploits

More details surface on PS4/PS5 Blu-ray exploits

PlayStation hacker TheFloW shocked the scene yesterday by revealing an exploit chain using Blu-Ray discs on the PS4 and PS5. The security researcher said in his disclosure that these exploits could lead to “trivial kernel exploitation” on the PS4 and hacked discs on the PS5.

Past the initial excitement, we are left with a lot of questions, for which the answers slowly bubble up. Here’s what we understand so far. (As always, if you think we got it wrong, let us know in the comments!)

I heard there was some big news yesterday. Where is the hack for my PS4/PS5?

Legendary PlayStation hacker TheFloW revealed a chain of exploits for the PS4 and PS5 yesterday at a conference, using vulnerabilities in the Blu-Ray driver used by both consoles. Theoretically, these exploits could lead to Jailbreak on PS4 and possibly hacked discs on PS5, but:

Nothing has been released that could be directly exploited by end users. At the moment, we have a (fairly accurate) explanation of what vulnerabilities exist on consoles, and where in the firmware code. Compiling all of this information into a working proof of concept for either console is “left as an exercise for the reader”. Then, assuming someone replicates what TheFloW described in the report (a Kernel Panic), this still needs to be paired with more discoveries (like a Kernel Exploit) to be turned into a full fledged Jailbreak.

In other words: it could be months before something usable by the end user comes out of it. As a reminder, it took seasoned hackers several months to release a PS4 7.55 Jailbreak after another TheFloW disclosure in 2021, although the disclosure was quite detailed.

What are the implications of this disclosure for the PS4?

Assuming an actual implementation of the exploit chain is released:

For people running Firmware 9.00 or lower, you can already jailbreak your console. One could imagine that this exploit chain is associated with existing Kernel exploits (here we assume that the kernel exploit functions are accessible from the BD context). TheFloW stated that this exploit is 100% reliable, which means that people expect a 100% stable Jailbreak on PS4. This would be an improvement over current Jailbreaks, which sometimes require multiple attempts due to the randomness of the underlying user exploit (Webkit exploit).

For people running Firmware 9.03/9.04: TheFloW said that with this successful exploitation chain, Kernel Exploitation is “trivial, since there is no SMEP and one can just pass to the user with a corrupted function pointer“. The way we read this here is that setting up a privilege escalation (a Jailbreak for PS4 9.03/9.04) in this context could be very simple. Take that with a pinch of salt here, what’s “insignificant” to TheFloW might still be a lot of research for other people.

For people running Firmware 9.50 or higher: PlayStation fixed security vulnerabilities in 9.50 so there is nothing for you here. Try to get your hands on a lower PS4 firmware when you get the chance. At the very least, stop updating your console if you expect to jailbreak it.

Would this exploit mean the return of pirated discs to the PS4, and the need to burn dozens of Blu-Ray discs, for example for homebrew or emulators?

Preferably not. The fact that the exploit uses Blu-Ray vulnerabilities to run does not limit users to this format after successful exploitation: the Blu-Ray vulnerability is the “entry point” to unlock the console. Once a Jailbreak is active in RAM, loading homebrew (and yes, pirated games) would probably work the same way it always has: install it on the console via USB or FTP from his computer, then run it from the PS4’s hard drive. .

What does this Blu-Ray exploit mean for PS5 hacking and hacking?

TheFloW initially stated in their report that this chain of exploits could easily lead to pirated discs. Because it’s not a kernel exploit per se (no full console access), actions in the BD context would be limited, but in his report, the hacker was confident that it could lead creating pirated discs. The report didn’t mention if it was for PS4 or PS5, implying both:

UDF driver https://github.com/williamdevries/UDF is used on PS4 and PS5 which contains a buffer overflow.[…] With these vulnerabilities, it is possible to ship pirated games on bluray discs. This is possible even without a kernel exploit because we have JIT capabilities.

He has since taken to Twitter to clarify this:

So, it’s pretty important here, for people who thought this was going to lead to an instant hack: the path to hacking PS5 discs isn’t straight forward from this point, and it seems the pirate meant PS4 games specifically. It could also be that TheFloW is simply trying to cover itself legally: of all the points in the disclosure, the threat of hacking the PS5 is probably the least interesting from a technical point of view, but the most threatening for Sony’s business. .

There may still be a path to disc hacking for the PS5 here. Whether “entrepreneurs” quickly find out and start selling pirated games, anyone can guess.

As far as hacking goes, this opens up a pretty big doorway inside the PS5’s security that other hackers might start using to dig into the PS5’s internals. Once that breach is there, it could lead to more discoveries for DIYers. The timeline depends on how quickly people are able to replicate and distribute TheFloW’s findings.

Is the PS3 impacted by these exploits, and if so what would this mean for the PS3?

The PS3 is pretty much hackable for the most part, thanks to PS3Xploit, PS3Hen, and hybrid firmware, but more exploits couldn’t hurt and could help achieve a full CFW for hardware revisions that are still incompatible.

TheFloW said the PS3 is also affected by the exploit, we imagine because it uses the same driver as its younger siblings. But it’s possible he hasn’t worked on a full implementation for this console, and the details need to be worked out. The differences in implementations could mean that the exploit chain doesn’t work or isn’t easy to implement on the PS3. Zecoxao told us people were looking at it:

So, is it safe to update my PS5/PS4 to X.XX?

Well… Although TheFloW states that its exploit chain has been fixed on PS4 9.50 and PS5 5.00, there are other exploits lurking on the console that might be needed. A PS5 kernel exploit has been patched in PS5 4.50 according to Zecoxao, and it could be the key to full console access. The general rule remains the same: until something concrete is released, avoid updating your console. This is true for PS4 and PS5.

Stay tuned!

Must Read