Heads up: PSVR2 Horizon bundle is $349 (42% off) on Amazon and other retailers. (affiliate link)

PS5/PS4: Hacker TheFloW discloses Blu-ray Disc exploit toolchain. PS5 piracy not a matter of “if”, but “when”

wololo

Finger on the pulse of the PlayStation hacking scene since 2006

42 Responses

  1. Pirdown says:

    No matter what you think of it, or if you care about it, The Flow0 is more than a hacker, more than a genius, he’s a true legend !!

    • bjohndick says:

      if this bears fruit on the PS3 – 4 – 5 idk if legend is even the right word.

  2. Firstus Fan says:

    wow this is great news for the scene!
    Guessing disc ps5s will be in high demand soon

  3. fl0wfan says:

    Holy ***, that’s huge

  4. Tyree says:

    Exciting stuff

  5. slangza777 says:

    Bluray writers gonna become popular among the scene soon?

  6. Raj says:

    Wow feels like I’m going back in time to burning ISOs to disc for my Xbox 360! Fortunately I have a physical edition PS5 so… time to pick up a BD burner. Bring it on!

  7. achilles613 says:

    The Flow is such a sellout for disclosing this to Sony, I remember when he went by the name total_noob and his and only his version of TNV was the best way of running unofficial copies of PSP games on the PS Vita, now he’s stooping to a new low selling out an exploit to Sony for $$$, he is a fraction of what he once was back in the PS Vita hacking days with his good-guy white-hat hacker disclosing exploits to Sony first so they can patch it before releasing it to the public, either way I’m a PC gamer so I don’t have to worry about Jailbreaking anything, only thing I got to worry about is Denuvo in PC games but we have someone who’s honest for that EMPRESS who is no sellout and would never ever release an exploit to Denuvo even if they paid her millions of $$$

    • Opeth says:

      I’m sure he cares about your autistic opinion more than the tens of thousands of dollars he has from Sony.

    • loki says:

      So he should disclose the hack to you. So you can take the heat and get sued for millions.

    • loki says:

      achilles613 doesn’t mind getting sued or going to jail. Give him the hack.

    • tactix says:

      yeah because he owes you or the scene anything you entitled ***

    • achilles613 says:

      most people who jailbreak their console have piracy in mind, booting up an N64 emulator to play legend of zelda ocarina of time on a PS Vita with ARK or TNV is a form of piracy even if it’s legal because the games are considered abandonware it’s still piracy, you’re playing an officially copy of a game taken from a ROM website on a console that Sony doesn’t explicitly allow, also jailbreaking phones and certain devices in the US are legal but doing it on consoles isn’t so you’ve already crossed a threshold, playing a homebrew game that’s basically a port of DOOM on DOS or Quake for the PS Vita is a form of piracy, so it’s the same thing and no different with running an unofficial copy of a PS5 game on a PS5, if you think someone only wishes to jailbreak their PS5 so they can reinvent a homebrew Indie Pong from the 1970s I kid you not, most people who eagerly await their exploit for PS5 wish to use one way or another unofficial copies of games whether their PS5, N64, Gameboy, Retro, Ports, etc., this is why it’s crazy how The Flow decided to be a sellout by selling it to Sony to patch and exploit before releasing it to us, ever wondered why wololo hasn’t had any articles on the Xbox One scene, it’s because Microsoft allows people to develop Homebrew which makes jailbreaking the Xbox One now clear that it’s for piracy purposes, Homebrew is simply a method to legalize and justify being a pirate, you think someone who owns an Xbox One would really care about downloading a Pong homebrew, or would they be more inclined to play emulators which I have no idea if Microsoft allows or not, also many other Homebrew that aren’t ports allow you to use your device or enable extra features that somehow benefit piracy like all these tools for PS Vita and such being released, so kid yourselves not, the only exceptions I can think of where jailbreaking a console wouldn’t be for piracy purposes is to either run a Render Farm or for Cryptomining, otherwise most people when thinking of jailbreaking a PS5 look forward towards playing unofficial games on it, whether it’s actual PS5 games or emulators and ROMS that are copyrighted or native ports of copyrighted games that are Retro

    • ej says:

      Lmao if you had the opportunity you would too. Let’s be real, either way he said it would work on PS4 FW “< 9.50” so honestly, as long as you took instructions from the latest PS4 Jailbreak, you should still be able to jailbreak as long as a jailbreak comes out. So stop ***

  8. Lolshto says:

    No way anybody is going to be burning BD discs. PS5 games are on multilayer 4K discs too, I don’t even know if such writable discs exist. But maybe it can be used as an entry point.

  9. NORATIO says:

    I want to bang my head… bought a PS5 Digital Edition and been not playing in the wait of this disclosure…

  10. Mark Ponson says:

    The only reason this sellout is disclosing and hyping this up is because he’s already made bank from Sony and they both know this won’t ever become a thing in the wild.

    He’s just a shill for Sony at this stage – ‘look what you could have had, losers’

    • Sword says:

      No. Just no.

      Most people interested in hacking their consoles keep them on low firmwares. If YOU didn’t that is YOUR fault. If you are on a low firmware you wont have any issues. Theflow selling to Sony makes him money yes, but it keeps him on the right side of Sony, AND he is one of the few Bug Bounty folks that disclose their exploits to people other than Sony.

      So to recap, people that want to hack get an exploit chain, theflow gets paid for his work, and the only idiots who are mad are those that don’t stay on a low firmware.

      Literally everyone wins the way theflow approaches things.

  11. bloodclot says:

    @achilles613 – (rant). you are jealous he is making money off his talent, you cant blame him for that. you are welcome to exploit these vulnerabilities too.

  12. chocalandro says:

    *** life I`m in 5.02

  13. Nikeymikey says:

    Good work again from the flow. But PS5 doesn’t even have any games worth pirating right now. At least that means my PS5 doesn’t have to worry about finally being taken out of its box, where its been sat since Dec when it was delivered. Am tempted to leave it sealed forever and sell it for £10k in 30 years time 🙂

    @achilles613, what an absolute bell end you really are. I bet you would say “No Sony I don’t want your money, I prefer being bent over in prison.”

    Same goes to all the others who are crying that he used his skill and talent to make some $$$, I don’t blame him at all. If only there was a way to stop all these moaning knobs from actually using anything related to this exploit when it becomes useful 🙂

    And to all you PS5 owners who just want this to pirate games… Don’t buy a console if you cant afford to buy the games you want to play. You do not have a god given right to be able to play these things 🙂

  14. Joinas Bernes says:

    I see TheFlow as a person who has being doing a big favor to the industry as he is pushing the software limits so the engineers from these companies (Sony, Nintendo, Microsoft, etc …) can improve their products in terms of security.

    Certainly Microsoft (and other not games related companies) have an eye on this kind of revelation as Xbox also has a blue ray disc tray.

    In the end of the day, TheFlow is the one responsible for helping the industry to improve their security software. That´s a great acomplishment.

  15. Slith says:

    I have to agree (though the vitriol doesn’t help your point). All I see here is an entry point that could’ve lasted the community a few months at the very least, being sold for cash while expecting the same applause of a proper scene release. Another fool trying to have their cake and eat it too.

    Empress is a bad example to point to. She is illegally monetizing her work, regularly goes on racist and sexist rants (the real deal, not the Twitter kind), doesn’t credit her raw sources, and goes after other elements of the scene without reason. She’s the exact archetype who’d sell out given a big enough paycheck (probably ~$450,000), and blame the scene for it.

    • The Real Pirate says:

      As long as EMPRESS delivers cracks I don’t give a *** where he gets his releases, who he hates and/or which colour of humans he doesn’t like. Sellout trashes like the flow who literally sells 0day exploits for pennies which could be earned in less then a month in US is the real problem, yes.

    • achilles613 says:

      I agree using EMPRESS might not be the best example but think about this, there’s a huge difference between collecting first $500 from pirates to crack a game vs offering her reverse engineering tech and exploits to Denuvo for billions of $$$, if The Flow would only release a hack that’s encrypted so it’s difficult to debug for $500 that would be understandable but selling it to Sony so they can screw over people who don’t want to pay for their games is just a complete form of being a sellout

  16. theman says:

    Honestly $20,000 reward for the exploit isn’t enough pay from SONY. We as a community could’ve gotten more money together for him not to send it via the bounty program and just anonymously release it for the homebrew scene.

  17. ArcaneAdam says:

    So if I purchase a brand new PS5 right now, is it vulnerable to this?

  18. Jacob84 says:

    All that hype for “webkit” launched from blu-ray xD

  19. Donald says:

    What about his later comment:

    “I wanted to clarify: Without a kernel exploit, you won’t be able to run any pirated games (which would have worked on the PS4 only anyways), because we don’t have enough RAM in the bd-j process and there are some other constraints. It was only a theoretical impact.”

    Isn´t this the opposite of the info in the article? No backup games will load huh?

  20. Skates says:

    To those uninitiated, Sony has to make a huge buck with the recently released games for now. Afterwards I’m pretty sure they’ll let them exploits and JBs slide like nothing.

  21. Sword says:

    @theman the thing you don’t get (and the others complaining don’t get) is an only homebrew release would get you a usable exploit for 1-maybe 2 months before being patched and we would be right back at the same spot.

  22. Cd says:

    Wow. First off why and how come. I own a ps4 pro and would be super sad if I rendered my connection into the entire world, disconnected or banned or made *** by some ***. Even the FF7 remake won’t let me pay for a ps5. My wallet is crying at me, ever game now is the next HBO special of drag on and on and then more ***. Interested yes buy way more confused and plainly ***.

  1. June 11, 2022
  2. June 12, 2022

    […] hacker TheFloW gave the scene an electroshock yesterday by revealing an exploit chain using Blu-Ray discs on the PS4 and the PS5. The security researcher stated in his disclosure that these exploits could lead to “trivial […]

  3. June 13, 2022

    […] hacker TheFloW has shared the slides (in pdf format, link below) for his presentation on the PS4/PS5 Blu-ray attacks. The slides add color and details to the report he published last week on […]

  4. June 16, 2022

    […] PlayStation hacker TheFloW disclosed a series of exploits impacting the PS4 and the PS5 last week, using the Blu-Ray architecture as an entry point. Although the disclosure was fairly detailed, it […]

  5. June 20, 2022

    […] been a big weekend for the PS5 and PS4 scenes, with progress being made on the BD-JB exploits for both consoles. None of these release represent a massive breakthrough, but each one shows […]

  6. June 23, 2022

    […] BD-JB is a series of exploits (an exploit chain) that allows exploitation of the PS4 and PS5, up to firmwares 9.04 and 4.51 respectively, revealed by Hacker TheFloW earlier this year. […]