PS5 IPV6 Kernel exploit: TheFloW to reveal more in upcoming infosec conference, other Hackers already working on implementation
Following the disclosure of a PS5 Kernel exploit yesterday, hacker TheFloW has announced he will give further details in October, at a security presentation in Paris. Meanwhile, other scene hackers are working on an implementation of the hack. The race is on!
PS5 Kernel Exploit – The current status
Yesterday, a PS5 vulnerability was disclosed by hacker TheFloW through PlayStation’s bug bounty program on HackerOne. The vulnerability, the hacker says, can get us Kernel access to the PS5 when combined with an entry point such as the BD-JB exploit chain.
Interestingly, this is an old PS4 vulnerability in FreeBSD’s IPV6 implementation, that the hacker discovered was still present on early PS5 Firmwares.
PS5 Kernel exploit – impacted firmwares
It is still unclear which firmwares are impacted by the vulnerability. Considering the timeline, we are guessing that at least Firmwares up to 4.50 included are vulnerable, with 4.51 (or 5.00) possibly patching the vulnerability.
Beyond the firmware requirements, there comes the question of which model of the PS5 can actually benefit from a potential hack. The BD-JB exploits require a physical edition of the PS5, as they require, well, a Blu-Ray disc to run the entry exploit.
It’s worth remembering that the PS5 is also vulnerable to a Webkit usermode exploit up to Firmware 4.03, which could be used as a separate entry point for people with a digital edition PS5. Whether that exploit is easy to combine (or even compatible) with the IPV6 Kernel exploit remains to be seen. It seems also obvious that most efforts will focus initially on the BD-JB + IPV6 combination, given that it’s what TheFloW has used, and the thing for which most implementation details will be available initially.
In other words, my current guess is that people running a physical edition PS5 with 4.50 or below might see something soon, while people on 4.03 or below (digital edition or those on physical edition who don’t want to buy a Blu-Ray disc burner) might see something leveraging the Webkit exploit at some point too. Which is why I think we are seeing lots of people mentioning 4.03 as being the “golden” Firmware for PS5 hacks at the moment.
Scene hackers looking into PS5 Kernel exploit implementation. Homebrew a possibility? Piracy certainly not
Since TheFloW’s disclosure yesterday, other hackers such as ZNullPtr have been looking into implementing the exploit chain on PS5. A resulting hack could happen within days, weeks, or months, depending on the difficulty of implementing the Kernel exploit from existing PS4 code, then chaining the exploits together.
We’re already looking at a PS5 implementation, however half of the exploit is not possible. Also, it should be noted: kernel access will NOT give piracy! That now requires HV access (unless they seriously F()$3^ something up, which is possible / tho doubtful)
— Z (@Znullptr) September 21, 2022
Multiple PlayStation hackers have come out of the woods to clarify that a Kernel exploit on the PS5 is not as “powerful” as kernel exploits on on former generation consoles. Specifically, a user+kernel exploit combination is not enough to enable piracy on the device, unlike what was possible on the PS3 or PS4.
ZNullPtr again reminded us not so long ago that additional security is in place on the PS5 to prevent piracy, including a Hypervisor and other mitigations that would need to be bypassed.
This indicates homebrew on the PS5 could be possible without piracy, something that a lot of us on the scene actually would be the best of both worlds. There’s of course a long way to go before we can actually run our own apps on the PS5, but no doubt that we’ll see more surface soon.
TheFloW to give additional details in October
In the meantime, TheFloW is not resting on his laurels. The security engineer is scheduled to appear at the Hexacon security conference in France next month, where, he said, he will reveal more about this newly disclosed kernel exploit.
I had initially assumed this presentation would be a rehash of the BD-JB exploit presentation he did earlier this year, and I was very wrong.
It will certainly be interesting to see if any progress is done independently by other hackers in the meantime, or if TheFloW will give critical details in October. The hexacon website does not mention whether the presentations will be uploaded online eventually.
I don’t really care about the piracy side, I just want a way to load a PS2 and 1 emulator so I can play the games I own all on the one console. Hopefully the PS3 emulation also progresses to the point where it can run on a PS5 (this is a very big hope) as my library is biggest on the PS3.
bruh just get a ps2
I do have a PS2, but have to keep an oldish TV around because manufactures only supply HDMI now. Would love to be able to just have the one TV. Also, I already know about the PS2 to HDMI things, but I would rather just game on the one system as well.
I care about the piracy simply because if I want to use homebrew on older firmware, I can’t subscribe to ps plus or buy new releases. So I have to choose between keeping an older system for fews homebrews or having an up-to-date PS5 that allow me to play recent games.
I don’t care about homebred all I need is piracy !
Damn. Just opened my ps5 horizon bundle. Ended up with a 5.1 firmware.