PlayStation security researcher ZNullPtr has been running a funding campaign, in order to buy necessary hardware to look deeper into the PS5 CPU. Specifically, ZNullPtr is trying to acquire some AMD 4700s Desktop Kits, and is trying to raise $3000.

What are AMD 4700s Desktop Kits and why do they matter for PS5 hacking?

It is believed that 4700s are based on repurposed PS5 APUs. This is what TomsHardware says on these kits:

How did such an odd product come to market? At last count, Sony has sold more than 10 million PS5 consoles, each with its own special custom ‘Oberon’ chip designed by AMD. These custom chips come with eight Zen 2 cores and a powerful custom RDNA graphics engine, but an untold number of chips suffer from defects during the manufacturing processes, meaning that they won’t function correctly (if at all), typically resulting in a trip to the trash bin. Sometimes the chips simply can’t meet certain clock speed criteria. Regardless of the issue with these chips, they can’t be used in a console, but AMD appears to have found a way to sell the defective silicon by creating a system board with most of the key components you need to craft small systems.

AMD However hasn’t confirmed that the CPU of the 4700s is based on the PS5 one, but the author of that review (and other reviewers) is pretty convinced it is. They say:

AMD has declined to comment on whether or not the AMD 4700S chip consists of defective PS5 silicon, but the identical chip packaging and completely unique system requirements (like GDDR6) make it clear. AMD has also conspicuously avoided using Ryzen branding.

There is an expectation in the PS5 hacking community that 4700s CPU could be similar enough to the PS5 that investigating it will yield more information on the PS5 APU, at the hardware level. It is possible hackers want to attempt hardware glitch attacks on the CPU.

Even then, it’s a long shot. The CPUs might be different enough that hardware glitches that works on one, might not work on the other. Still, it’s the best shot the scene seems to have right now.

State of PS5 Hacking and why Hardware research is an option

Late last year, a Kernel exploit was disclosed for the PS5 by hacker TheFloW. This led to initial expectations that a PS5 Jailbreak was right around the corner, but it turns out the PS5 is a much more secure device than previous generations. Although the hacking community does have access to a lot of data thanks to the Kernel exploit, the PS5 remains mostly locked, in particular due to its hypervisor, a piece of middleware that abstracts the hardware away from the system, and, from hackers’ perspective, dramatically limits what can be done with the system.

It is believed that hacking the PS5 Hypervisor would be key to unlocking the PS5 further, but this is a simple, therefore robust, piece of software, that might be tough to crack without hardware means.

Why are donations being asked for PS5 security research?

Hardware hacking is not cheap, and has progressively become something that only companies with significant funding can afford. A small group of hobbyists doing it on the side, generally don’t have the money ready to burn on an enterprise that has a high risk of failure.

Running a new fundraiser with goal of $3000.
For two prototype kits available for developers to figure out MP* / a53* / hypervisor.

See my profile for donation options, message for more options

We can use ANY amd 4700s devices.
(elitemini cr50, prebuilt PC’s, or desktop kits)

— Z (@Znullptr) January 3, 2023

ZNullPtr has a goal of $3000 to acquire the development kits, and says he’s roughly received a third of the target so far, since he started the fundraising 10 days ago.

The developer has a significant track record on the PlayStation hacking scene. In particular, he was one of the people behind P00bs4, the PS4 9.00 Jailbreak, last year.

AMD 4700s CPU . Photo by @aschilling

We often see here on Wololo.net people who take issue with security researchers and hackers “selling” their findings through bug bounty companies such as HackerOne. PlayStation pays $10’000 for critical issue reports on their PS4 and PS5 consoles (this includes kernel exploits that could lead to a Jailbreak).

I’ve been often told that gathering $10’000 shouldn’t be difficult for the “scene”, to pay hackers for Jailbreaks instead of them going through bug bounty programs. But I have personally expressed doubt multiple times at the capacity of the hacking scene to gather large sums of money, when it comes to financing some security research with no guaranteed outcome. We’ll see if it’s different this time.

Do understand if you are donating to ZNullPtr, that you are financing him to increase his personal knowledge on the PS5 internals. Nothing more, nothing less. In particular, this is not some kind of crowdfunding with a guaranteed Jailbreak at the other side of the tunnel, or anything that would lead to illegally releasing intellectual property or copyrighted information.

With all of this being said, I’m not telling anyone what to do with their money, but ZNullPtr’s donation info is below for those interested:

How to Donate to ZNullPtr

All donation links are on ZNullPtr’s profile on twitter

(I am not linking directly to his various donation links, in case he updates them)