We’ve mentioned it yesterday, John Tornblom has been working on putting the Blu-Ray version of the PS5 exploit up to speed with the Webkit version. He’s now ported one of the most important features of the Webkit version to the Blu-Ray version: ELF Loading.

PS5 Kernel Exploit – BD-JB status

Multiple hackers have been looking into pushing the PS5 Kernel exploit one step further, with some of them working on the BD-JB (Blu-Ray) implementation, others on the Webkit implementation (these are two usermode entry points that ultimately leverage the same kernel exploit for privilege escalation).

Developer John Tornblom in particular has been very active, and has ported the ELF loader from the Webkit version to the Blu-Ray version of the exploit. This is critical, because a bunch of payloads right now are being released in this format. The BD-JB exploit already allowed for some payloads in the Java (JAR) format, but those would have to be created from scratch, compared to ELF files which are already being created for the Webkit exploit and which are often simple to port from past PS4 payloads, in the first place.

Bottom line: this could dramatically improve access to multiple payloads for people who run the exploit on BD-JB.

I won’t lie, as a Digital version PS5 owner, I’m a bit concerned about this race between the two exploits. It’s becoming a growing possibility that the BD-JB exploit could be leveraged in a better way than the webkit exploit, simply because it’s compatible with older firmwares. Older firmwares might have the holy grail, the hypervisor exploit that everybody’s been looking for, and that would mean only people with a Physical Edition of the PS5, running on very early firmwares, would get access to such a thing.

BD-JB + PS5 Kernel Exploit – download and run

The files can be found here.

You will need to burn the exploit on a Blu-Ray disc. Sadly there is no iso release on John’s github so you will need to make the iso from scratch:

On Debian-flavored operating systems, you can invoke the following commands to install dependencies, and compile the source code.

john@localhost:~$ sudo apt-get install build-essential libbsd-dev git pkg-config openjdk-8-jdk-headless openjdk-11-jdk-headless
john@localhost:~$ git clone --recurse-submodules https://github.com/john-tornblom/bdj-sdk
john@localhost:~$ ln -s /usr/lib/jvm/java-8-openjdk-amd64 bdj-sdk/host/jdk8
john@localhost:~$ ln -s /usr/lib/jvm/java-11-openjdk-amd64 bdj-sdk/host/jdk11
john@localhost:~$ make -C bdj-sdk/host/src/makefs_termux
john@localhost:~$ make -C bdj-sdk/host/src/makefs_termux install DESTDIR=$PWD/bdj-sdk/host
john@localhost:~$ make -C bdj-sdk/target

Usage example

john@localhost:~$ make -C bdj-sdk/samples/helloworld

If everything was built successfully, you will find an BD-RE iso file bdj-sdk/samples/helloworld/helloworld.iso

In this case, use ps5-elf-loader instead of helloworld, of course. From there, you can burn the iso* to a Blu-Ray. Insert the Blu Ray and run it from your PS5 to start the exploit, then try to load ELF files by sending them to port 9020 with Netcat.

Some of the existing ELF payloads can be found here.

* You can find Blu Ray burners for reasonably cheap on Amazon and other retailers (make sure they support BD-RE and Dual Layer DL).  Rewritable Verbatim discs (BD-RE) are recommended so you don’t have to buy tons of discs you’ll use only once.