Webkit FontFace Exploit confirmed to work on PS5! (First public exploit ever on the PS5?)
Update: Article has been updated to add confirmation that the exploit works on the latest firmware 21.02-04.03
Multiple people have confirmed that Sleirsgoevy’s implementation of the Webkit FontFace exploit works on PS5, although up to which firmware, still needs to be entirely confirmed (latest firmware 21.02-04.03 has been confirmed be vulnerable, see below).
A Webkit exploit in itself is not terribly useful for end users, but this is to my knowledge the first ever confirmed PS5 exploit, so this is pretty big news.
Twitter user @a_koski_a in particular has a video showing the exploit running to completion on firmware 21.01-03.21.00. That specific firmware update was released in July this year, so it’s a few iterations behind, but it’s possible the exploit works on higher firmwares too.
After few panics it worked.
PS5 21.01-03.21.00@KameleonRe @sleirsgoevy @MSZ_MGS @SonysNightmare @frwololo @ps4_hacking @PSXHaxDOTcom @kd_tech_ @LightningMods_ @_AlAzif pic.twitter.com/nAmGEVGpMl— rAwP0TAT0 (@a_koski_a) October 28, 2021
User @ArdeeSantos3 has also confirmed with a video that firmware 21.02-04.02 is also impacted by the vulnerability. At this point we only need actual confirmation for the latest and greatest, 21.02-04.03, to be confirmed exploitable, but it seems extremely likely.
Works on PS5 as well. Mine’s firmware 21.02-04.02. pic.twitter.com/siAykM1d2J
— Ardee Santos (@ArdeeSantos3) October 28, 2021
Scene Veteran Zecoxao has stated the exploit works on the latest PS5 firmware, but I’m not sure I’ve seen actual proof of that yet. This has been confirmed by @StretchEcho who published a youtube video showing the exploit running on 21.02-04.03.
What does a PS5 Webkit exploit mean for the scene?
Even “just” a webkit exploit could open the door to some nice investigation of the PS5’s internals. It would be fairly limited but could let us access some sections of the PS5’s RAM, and from there possibly fetch a few of the console’s libraries, for reverse engineering. It’s unlikely a kernel exploit would be found from there, but one can dream.
How to test and confirm the FontFace Exploit on your PS5
- Get the exploit from Sleirsgoevy’s github and put it on your local server, then point your PS5’s browser to the file (alternatively, point your PS5 to one of the public servers hosting the file such as https://kameleonreloaded.github.io/900Test/
- Note: It’s a bit tricky to use the PS5’s browser since it is hidden…. you’ll want to follow this guide to get it to load, and then try to to click your way to the page you want to access.
- Click on the html button and wait
- You should see a series of Javascript alerts (click ok for each one). They are, in order:
- guessed fontface addr:…
- stringimpl leak:…
- fastmalloc.length =…
- jsvalue leak:…
- array256=…
- butterfly=…
- arrays[257].length=…
- addrof(null)=…
- Last but not least, a series of comma separated numbers
If you see the whole sequence of alerts, in particular the last one (comma separated numbers), congrats, the exploit worked for you! If it fails at any of the steps above (which would be visible by an error message such as “not enough memory”, or the browser not doing anything for a long amount of time), then your attempt failed, and you should reload the page and try again.
It might take multiple attempts to get the exploit to work for you, there’s lot of randomness involved given the nature of the exploit. With that being said, don’t give up and try a few times before calling it a day
If you get a success, please do post your firmware in the comments below!
And in any case, do not update your PS5 firmware if you intend to ever hack it.
Cool. Let the fall of the PS5 begin.
fall of ps5? Psshhhhh If you want to play online you will be updating it. And all that means is people will just want to buy another console for a minimum of 2……..problem is GETTING one lol.
And so it begins…
i have one never used (only checked firmware) with firmware 2.30 and 1 with the latest for online.
maybe there is hope and i can use the new one for some games.
let’s hope the ps5 gets hacked and something nice comes out of that
hopefully sometime before christmas. It would be an amazing present!
Certainly would be. But are any scene hackers looking at a PS5 K-exploit currently?
Only your dead pets
Cool might keep my ps5 offline for a while then there isn’t really any games I’m playing online at the minute.
there arent any games to even play offline
I can’t do anything online with my older firmware, so I don’t see how this is possible unless I’m missing something.
Just put it in the bin. It will end up there anyway. Piece of worthless plastic ***.
Bonjour,
Fonctionne pour moi
Ps4 9.00
wi mesie
Mine which is at 4.02 and i only get the first 3 pop ups.
Serious question – how do you get the web browser without signing online to the PSN?
Mines on 21.02-04.00 still