PS4/PS5 security: Fail0verflow disclose PSVR hack, dump all hardware secrets of the device
Hacking Team Fail0verflow have disclosed yesterday a series of vulnerabilities in the PSVR (PlayStation VR) headset. The PSVR is a potential entry point to hack the PS4 or the PS5, which is why the team had an interest in it in the first place. Their work led them to dump all hardware secret keys of the device, and crack the authentication mechanism of the PSVR.
PSVR Hack: What vulnerabilities were found?
Fail0verflow’s ps5_enthusiast (is he ps4_enthusiast‘s little brother? 😉 ) describes several security vulnerabilities of the PSVR headset, in a lengthy writeup.
Most notably, some functions accessed through the PCIe interface allowed them to decrypt and copy the firmware image into readable memory. This let them get access to all of PSVR’s keys, which were stored in the dumped Trusted Applications.
Furthermore, the team managed to dump actual hardware secrets, through FIGO (Secure coprocessor of the Marvell 88DE3214 SoC) vulnerabilities.
You can read the full writeup for full details.
PSVR Hack: what are the implications for the PS4/PS5?
Fail0verflow state they ultimately didn’t use the PSVR authentication mechanism as an entry point to hack the PS5 or the PS4 further (it’s worth reminding everyone that they did successfully hack the PS5, so what they’re saying here is that this PSVR research is not what led to the PS5 hack).
The scene could now technically use any programmable device to act as a PSVR headset for these two consoles, then dig to see if this gives them access to more “trusted” information within the consoles, or to an entry point for further privilege escalation exploits. Whether this is useful currently is up to debate, considering there is a working Webkit exploit on PS5 up to certain firmwares
Source: Fail0verflow
WOW
The fact the he disclose this info and also openly stated that he abandoned this method to hack PS5, means this method is not useful. Otherwise, he would have gone to Sony for some bounty. Maybe he already tried but Sony denied him, because this method does not post a threat to the console (hence again, is useless).
Useless for console hacking, but perhaps can be used to make compatible 3rd-party VR headsets for PS4 and PS5?
Last
I’m a smol brain person and these are big words but I like this site
Very nice
N I C E.
Does this mean I could (in the future) use my existing HTC VIVE on my PS4 if someone creates a driver for it?