PS5 kexploit: Prosper0gdb (debugger) update + SELF dumper by Sleirsgoevy, Update Blocker by 68Logic

Some good releases for PS5 happened in the past 24h. Sleirsgoevy updated his BD-JB implementation for PS5, improving prosper0gdb (debugger) support, as well as adding a payload to dump system files. There’s a lot to go through, including decrypted system files that have been shared (Download links at the end of the article). Let’s dig in!

What is propser0gdb for PS5?

Propsero was the internal codename at Sony for the PS5 (and/or its SDK). The name (or, in this case, stylized as “Prosper0”) has been used by several developers hackers to identify PS5 specific tools and code that they’ve built for it.

Propser0gdb is Sleirsgoevy’s debugging tool for the PS5 Jailbreak. It was added to his bd-jb implementation in early October 2022.

PS5 BD-JB exploit – What’s new with this release

Sleirsgoevy added memory map (mmap) functionality to his toolset, which lets us access files in memory, to then dump these files (with the included SELF dumper utility).

Zecoxao has shared a series of files dumped via this code:

https://t.co/gqN0et2vVe partial dump from system modules by @sleirsgoevy . full dump maybe today.

— Control_eXecute (@notzecoxao) November 5, 2022

At a quick glance, there appears to be more files than what was already dumped several months ago through the webkit exploit.

Since some of the content is fully decrypted, folks on the scene have gone through the files in debuggers to look at them, such as PS4 developer OSM:

Seems like most of the cool stuff lives in Sce.Vsh.ShellUI.ReactNativeShellApp.dll. It also looks like the settings menu got a revamp would need some new RE work to do the same as PS4. Lots of debug goodies left behind though! pic.twitter.com/MrEmR8aLtb

— OSM ツ (@LegendaryOSM) November 5, 2022

OSM has stated some devkit-related code still exists in retail libraries. This could help hackers with further research.

I do assume similar tools could be easily created for the Webkit exploit as well, it’s possibly only a matter of one of the hackers working on the webkit version to port them.

Update blocker by 68Logic

In an unrelated release, 68Logic has released an elf payload for the webkit exploit, which blocks Firmware updates. This works by creating a folder where the temporary update file should normally be downloaded by the console. Since the console can’t overwrite the folder, it doesn’t download the update.

Although this payload is nice progress, Al-Azif has mentioned that Sony know about the trick and now delete such folders before attempting the download, it’s unclear if it really works as expected. We do advise people to not rely too much on this for now and instead setup their exploit environment in order to block the right IPs.

PS5 Self Dumper + Decrypted System Files + Update Blocker Downloads

As a reminder, to run some of these tools you will need a hackable PS5.

• PS5 BD-JB Exploit implementation (with mmap + SELF Dumper) by Sleirsgoevy
• Dumped system files:
  • Partial System module dump (Zecoxao/Sleirsgoevy)
  • system_ex module (Zecoxao/Sleirsgoevy)
• Update Blocker ELF for PS5 by 68Logic