It’s been a while since we last did a summary of the hacking situation on the PS5, so let’s go again. Long story short, Sony’s latest console remains locked, for pretty much everyone.

PS5 Jailbreak 2022 Status

Here are some of the key things that happened over the past few months, around PS5 security:

• We’ve had proof last year from hacking group Fail0verflow and PlayStation scene veteran TheFloW that the console can indeed be fully hacked, with the two groups sharing some level of proof here and here.
• We’ve also seen a webkit exploit work on the PS5, up to firmware 4.03 included, and a PS5 usermode ROP toolchain consequently released. ZNullPtr has also recently confirmed he (and possibly Chendochap) has still been working on exploiting the PS5.
• PlayStation have also recently awarded a $20’000 exploit bounty to TheFloW, possibly for the PS5 exploit he’s mentioned last year.

All of these are “promising” but are not any guarantee at this point. The only “usable” tool at your disposal, whether you  are a tinkerer who wants to dive into PS5 security, or an end user, is the usermode ROP toolchain, provided your PS5 is on firmware 4.03 or lower. So, what’s next?

What’s required for a PS5 Jailbreak

In some shape or form, hacking a system typically requires two main things: 1) a way to run unsigned code (what we usually refer to as a usermode exploit on the console hacking scene), and from there 2) some sort of privilege escalation to gain full control of the console (what is typically called a kernel exploit). The ins and outs of how those two aspects are achieved can depend on the target system, but that’s the gist of it.

So to summarize the current status from the section above, we do have the usermode exploit (through a webkit vulnerability) up to 4.03, and proof that privilege escalation is possible, although nothing’s been disclosed on that aspect.

ZNullPtr in particular has disclosed a bit of the security and mitigations in place to prevent privilege escalation on the PS5:

They tried to make it similar to xbox security, where there is a HV + virtualized app container. So even if you get a kernel exploit, you can’t immediately pirate the games. However, hypervisor locking up registers and other mitigations make it 100x harder to get there even

— ZnullPtr

PS5 Jailbreak – ETA Wen

The question on everyone’s mind is when the next piece of the puzzle will be revealed publicly, and that point is really hard to tell. Fail0verflow haven’t released anything publicly in ages, and have or less refrained from being the “first” to disclose anything since the PS3 era.

TheFlow had consistently been releasing his work to the scene, with an exception of the very last PS4 Jailbreak, in which he either didn’t get approval for disclosure from Sony, or decided it was time to stop giving away stuff to the scene (the underlying vulnerability was ultimately found, exploited, and released by others). Either way, it’s possible the same schema will repeat here, in light of the recent news of the $20’000 bounty.

ZNullPtr seems to be confident he could release something if he gets it to work (disclaimer: that’s our interpretation from what he tweeted, not something he directly said), but that would probably also be conditioned on PlayStation accepting a disclosure.

Conclusion

As of April 2022, no Jailbreak for the PS5 has been released, and anyone claiming they have it is most likely lying to you (possibly for profit, don’t click on their surveys). There are some rays of hope for those of us on firmware 4.03 or below, and in particular people can play (and dig for kernel exploits) with the ROP toolchain, but at the moment this all looks very thin. There is certainly no indication of a kernel exploit release any time soon.

Of course, when the situation changes, it will be on the frontpage, so stay tuned.