Can BD-J lead to a PS4 hack?
Can we use the support of Java on Blu-Ray discs to hack the PS4? The question is pretty much as old as the PS4 itself, but keeps resurfacing regularly. Not so long ago for example, someone claimed they had found a vulnerability in the BD-Live implementation of the PS4 (that one turned out to be pretty much a hoax, though).
BD-J Lets us run homebrew on the PS3 and PS4
Rumors set aside, the PS3 is actually able to run limited homebrew on Blu Rays thanks to BD-J. Unsurprisingly, it was found a while ago that the PS4 has similar functionality. Yes, you can run a NES emulator in Java on your PS4, through the BD-J SDK. Proof of concept videos, and even ISOs everyone can burn on their own Blu Ray to play with, have been around for almost 2 years.
The system is of course not without limitations on the PS4, one of them being that sound doesn’t work (although people have pointed out that sound could be a possibility with some tweaks).
The video below showcases a NES emulator running on the PS4 through BD-J. This was done more than a year ago! This is not technically a hack, but unsigned code execution could lead to more:
Details and tools for BD-J on the PS4 can be found on playstationhax, at least for the links that are not dead (Did I mention this was done 2 years ago?), and I encourage people to keep the discussion alive, there or on our own forums.
Regularly, scene members ask if this could lead to something more. Interestingly, it seems the possibility to investigate BD-J potential flaws on the PS4 hasn’t been looked into very seriously over the past few years by hackers. As scene veteran GregoryRasputin puts it on playstationhax: “The tools are here, but not everyone can be bothered or think it’s worth playing homebrew from a Blu Ray disc with no sound”. Additionally, it’s likely not everyone has a Blu-ray burner lying around, and would be willing to shell the cost of the Blu rays for experiments. (Although you can find those for pretty cheap nowadays)
Can BD-J be exploited?
Of course, the real question here is not what kind of homebrews we could program in the limited BD-J environment, rather if the Java interpreting environment could give us access to more than that, potentially through vulnerabilities in the JVM.
Wikipedia says: “Security in BD-J is based on the Java platform security model. That is, signed applications in JARs can perform more tasks than a non-signed, such as Read/Write access to local storage, network access, selection of other titles on the BD-ROM disc, and control of other running BD-J applications.”
So, we can run unsigned code, but under stricter conditions than if it could be signed.
The question still remains to understand if some level of privilege escalation could be achieved. Blu Ray players have been the target of vulnerabilities involving BD-J recently (see here on Blu-Ray sandbox escape and here on rooting Blu-ray players). Security Research Stephen Tomkinson in particular says:
The Blu-ray specification not only provides superior video quality over the previous generation of DVDs, it also supports a richer interactive user experience, with dynamic menus, embedded games and access to the latest trailers downloaded from the Internet. These rich features are built using BD-J, a variant of Java which allows disc authors to build a range of user interfaces and embedded applications, structured into Xlets. Xlets are analogous to the web’s Applets which have long been a source of security concerns.
[…]
Anyway as stated I set out to discover and exploit weakness which could yield a credible threat scenario against both software and hardware Blu-ray players… and I succeeded!
So it’s not impossible to imagine that the software on the PS4 blu-ray player could be exploited as well. It seems what it would take here is a few skilled people with the right amount of time and interest to dig into this.
I hope to god $ony releases ps1/ps2 bc at some point for ps4. It wouldn’t surprise me if one of the selling features of the PS4NEo was ps1/2/3 backward compatibility.
So finaly, Sony has found a way to stop hacking. As of today, nobody can ever create a CUSTOM FIRMWARE. On the net there is only BLA, BLAs, nothing else. Ubuntu or other OS on Ps4 are useless.
Ps4 is the begining of no hack consoles.
I have a question about the PS4 itself. How well documented are the chips. If we have full kernel access to the PS4, is there enough info on the machine to make a Dolphin 5.0 level emulator or better or is the chip in the PS4 going to cause the same issues with the Original Xbox as far as emulation goes?
I hope an emulator can be made and a way to rip discs become available, that way I can just buy games and not get a PS4 all together.
Is the formatting on this page totally sc***?
BD-J is like running a JAVA script in the PS4 browser.
Maybe are you talking about BDLive ?
Java and Javascript are completely different and unrelated.
Hey wololo
I love your website and i understand the reasons of Ads. But a second ago i visited your site and nearly fell into a handy abonnement… Twice!
Please, thats way too much!
Download uBlock origin.
Has anyone tried this new ps4 jailbreak looks good to me ps4portal.net/ps4-jailbreak-official-cfw/
lol
Double LOL
https://upload.wikimedia.org/wikipedia/en/b/bb/Tomb_Raider_-_The_Action_Adventure_cover.jpg
Tomb Raider The Action Adventure 2006 DVD Burn
I think the Devs station too slowly in Ps4 hacker scene , almost 4 years Ps4 and no sad is cfw !
Well someone is completely oblivious to how long it took PS3 to get anything……
Not to mention the PS Vita. It took awhile just to run code natively through the PSM for Unity exploit.
Thanks for making a article about my post! I really look up to you guys at wololo so its nice to see that your looking at what I have been trying to figure out recently.
ps3’s first cfw happened in 2011. the console was released in 2006. that’s 5 years, and we’re only now just seeing the first steps of a hack for ps4. it was released in 2013. that’s 3 years. maybe we’ll see cfw next year.
and ps3 scene isn’t even finished,ps3 superslims still have to be exploited