PS4 Blu-Ray Hack: Sleirsgoevy releases BD-JB implementation
It didn’t take long! Following TheFloW‘s disclosure of a Blu-Ray exploit chain for PS4 and PS5 last week, hacker Sleirsgoevy has released a working proof of concept of the exploits today. From what we gather, this proof of concept code relies on PS4 specific parts of the hack, so, although the hacker didn’t give specifics, we assume this is a PS4-only release.
PS4/PS5: What is BD-JB?
Legendary PlayStation hacker TheFloW disclosed a series of exploits impacting the PS4 and the PS5 last week, using the Blu-Ray architecture as an entry point. Although the disclosure was fairly detailed, it didn’t include an actual implementation of the hack, which the scene was left to reconstruct from the disclosure.
This is what sleirsgoevy has done with this release, which implements 3 of the 5 vulnerabilities reveled by TheFloW. It is worth mentioning that this release doesn’t include a kernel exploit, and as such this isn’t a Jailbreak in itself.
From the Readme:
BD-JB reimplementation based on TheFlow’s report and presentation. Implements loading arbitrary .bin payloads using vulnerabilities #2 (privileged constructor call), #3 (privileged method call), #4 (jit hack) from the report. Listens for payloads on port 9019.
The first (and only) argument to the payload is the address of sceKernelDlsym, which can be used to resolve other symbols. It seems that libkernel_sys.sprx always has id 0x2001, and you can look up other libraries by getting the full list of handles and looking up name of each handle. You can’t directly call syscalls due to missing kernel patches.
BD-JB Download and Requirements
Don’t jump the gun! This release assumes that you are familiar with the concept of creating and sending payloads to an exploited console. This means in its current state, it is useful for advanced tinkerers/users only, and will most likely not be useful to you at all if you have no idea what these things are.
- A PS4 with firmware vulnerable to the BD-JB attack (Firmware 9.04 or below)
- A Blu-Ray burner (preferably that supports rewritable blu-rays)
- A Blu-Ray disc (preferably rewritable a.k.a. BD-RE)
- The iso provided by Sleirsgoevy (source code link below)
- Burn the iso on a rewriteable Blu-Ray disc
- Insert Blu-Ray disc in the PS4 and launch the application
- You should then be able to send payloads to port 9019 from your computer
You can also download the source from Sleirsgoevy’s github here.