PS4 Blu-Ray Hack: Sleirsgoevy releases BD-JB implementation
It didn’t take long! Following TheFloW‘s disclosure of a Blu-Ray exploit chain for PS4 and PS5 last week, hacker Sleirsgoevy has released a working proof of concept of the exploits today. From what we gather, this proof of concept code relies on PS4 specific parts of the hack, so, although the hacker didn’t give specifics, we assume this is a PS4-only release.
PS4/PS5: What is BD-JB?
Legendary PlayStation hacker TheFloW disclosed a series of exploits impacting the PS4 and the PS5 last week, using the Blu-Ray architecture as an entry point. Although the disclosure was fairly detailed, it didn’t include an actual implementation of the hack, which the scene was left to reconstruct from the disclosure.
This is what sleirsgoevy has done with this release, which implements 3 of the 5 vulnerabilities reveled by TheFloW. It is worth mentioning that this release doesn’t include a kernel exploit, and as such this isn’t a Jailbreak in itself.
From the Readme:
BD-JB reimplementation based on TheFlow’s report and presentation. Implements loading arbitrary .bin payloads using vulnerabilities #2 (privileged constructor call), #3 (privileged method call), #4 (jit hack) from the report. Listens for payloads on port 9019.
The first (and only) argument to the payload is the address of sceKernelDlsym, which can be used to resolve other symbols. It seems that libkernel_sys.sprx always has id 0x2001, and you can look up other libraries by getting the full list of handles and looking up name of each handle. You can’t directly call syscalls due to missing kernel patches.
BD-JB Download and Requirements
Don’t jump the gun! This release assumes that you are familiar with the concept of creating and sending payloads to an exploited console. This means in its current state, it is useful for advanced tinkerers/users only, and will most likely not be useful to you at all if you have no idea what these things are.
Requirements
- A PS4 with firmware vulnerable to the BD-JB attack (Firmware 9.04 or below)
- A Blu-Ray burner (preferably that supports rewritable blu-rays)
- A Blu-Ray disc (preferably rewritable a.k.a. BD-RE)
- The iso provided by Sleirsgoevy (source code link below)
Steps
- Burn the iso on a rewriteable Blu-Ray disc
- Insert Blu-Ray disc in the PS4 and launch the application
- You should then be able to send payloads to port 9019 from your computer
You can also download the source from Sleirsgoevy’s github here.
Source: Sleirsgoevy
This is the beginning of the true end of disc drives on consoles. The all digital Era for games is upon us. #ripdisc
First
this Blu-ray burner is usable ?
https://www.amazon.com/Buffalo-MediaStation-Desktop-Blu-Ray-BRXL-16U3/dp/B00C8FBBJ4?th=1&tag=wagic-20
The only thing that matters is being able to write rewriteable blu-rays because the exploit is bound to evolve, so you won’t want to waste lots of blu-ray discs for this. Looks like this burner supports Rewriteable discs (BD-RE) so you’re good to go (source: https://www.buffalotech.com/products/mediastation-16x-desktop-bdxl-blu-ray-writer)
Thanks for your answer, in my case, I’d like to use previous hack through link on web ( even not always successful ) because bluray burner and even bluray disk is not often available in VietNam. May be i must wait until a game shop in my country to sell this BD-JB ( more long time to achieve new jb for ps5 ).
If this becalmed popular, I am sure people will sell the pre-burnt discs on AliExpress / eBay etc.
First
And now it beings
Fiiiiiiiirst
Need some clarity on the exploit disk.
Some reports have stated that ISO must be burned to BR-RE … why wouldn’t a regular writable BR disk not work?. Obviously a BR-RE would be better if the ISO had regular updates as that would save on disks.
Exactly what you said: regular BR disk will work, but you could end up wasting a lot of discs as the exploit evolves, hence the suggestion for BD-RE
nice
unfortunal,you cant downlod it via your link
No problem here, what’s the issue you’re seeing?
Firts
Kernel xploit 9.0.4 soon
That’s the only thing I care for tbh. Elden Ring, Forbidden West, Elex 2, Stranger of Paradise and so much more
Interesting, I’m sure someone will implement it in a way that it grabs the payload from the internet automatically. BD-Java was possible to load from a usb drive in a PS3, maybe there will be a way without burning a BD disk?
Good progress, unfortunately I’m on 9.51 so I will wait
Same Here!
wow, he’s the real first…
FirsTus In your Face
I wonder how fast sony can fix this
Already fixed.
First!!!
This is a great improvement on the ps hack scene. I hope sleirsgoevy (and other great hackers) has enough time to continue their work, deliver to the scene workable ps hack. Thanks them for their efforts!
Can’t wait to see where this exploit leads to.
can you use this to send p00bs as a payload and full jailbreak or this does nothing but someday will let you play burned ps4 game blurays when someone writes elf loader?
So i can CFW my PS4 with this?
I’m currently using the LG WH16NS40 this the link, am i cool or do i need to get a specific one, thanks. https://www.amazon.com/LG-Super-Internal-Blu-ray-Rewriter/dp/B00E7B08MS/ref=pd_day0fbt_sccl_1/134-7897920-1650950?pd_rd_w=n8HkC&content-id=amzn1.sym.28060bf9-0745-4e32-a449-e95381c8ca7a&pf_rd_p=28060bf9-0745-4e32-a449-e95381c8ca7a&pf_rd_r=SEG6PGSDWWXNRW76NCCY&tag=wagic-20&pd_rd_wg=YlGU5&pd_rd_r=33783258-d940-4e3d-8063-3ca605fc8516&pd_rd_i=B00E7B08MS&psc=1