PS5 Kernel exploit backported to support firmwares 3.00, 3.10, 3.20, 3.21, 4.00, 4.01, and 4.02 (Webkit version, WIP)
PS5 Hacker Chendochap has released today an implementation of the PS5 Kernel exploit (Webkit version) that now supports a wide range of Firmware revisions. All firmwares from 3.00 to 4.51 (included) are now supported by the exploit, although a few things still need to be ironed out and testing is required.
PS5 Kernel exploit support for lower firmwares – Work in Progress
This is work in progress, pending the right offsets being found for all firmwares, which should be achieved with a bit of testing and elbow grease. Theoretically, all these firmwares are vulnerable to both the Webkit exploit and the kernel exploit.
From the readme:
Exploit should now support the following firmwares:
- 3.00 (partially)
- 3.10 (partially)
- 3.20
- 3.21 (potentially partially)
- 4.00 (potentially partially)
- 4.02 (potentially partially)
- 4.03
- 4.50
- 4.51
Why backport the PS5 exploit?
The goal of having the exploit working and stable on a multiplicity of firmwares is for people to stay on as low a firmware as possible, while still being able to benefit the ongoing research.
Lower firmwares are a good thing for reverse engineering efforts, because they might contain more vulnerabilities that could help hack the PS5 further. In the current state, although we do have a kernel exploit and arbitrary read/write achieved, this is still severely constrained by the fact that hackers can’t read executable memory (due to XOM). This means that the things one would typically be able to read, dump, and disassemble (firmwares, games,…) are not accessible at the moment.
Being able to hack the hypervisor and/or get read access to the XOM parts of the ram, would allow the scene to make significant progress. One hope is that some vulnerabilities in older firmwares could help us get there.
Download and test the PS5 exploit on firmwares 3.00~4.51
If you’re on 4.03/4.50/4.51, theres’ probably little benefit for you trying this revision of the exploit. If you’re on a lower firmware however, you might want to give it a try and see if you can test, as well as possibly help the scene with offsets, etc…
To run the exploit, follow our tutorial here, but make sure you get the exploit from Chendochap’s github branch rather than the location we mention in the tutorial.
Firmware 4.02:
OFFSET_KERNEL_DATA_KQUEUE_LOW_WORD == 0x8d2f
Hope that helps someone somehow: )