PS5: SpecterDev shares details on “In-Kernel” Hypervisor (earlier versions of the PS5 Hypervisor found in Firmwares <=2.50)


We are constantly looking for guest bloggers at If you like to write, and have a strong interest in the console hacking scene, contact me either with a comment here, or in a PM on /talk!

10 Responses

  1. Marco says:

    Wouldn’t it be possible to solder wires to the 16 GB GDDR6 SDRAM and the 512 MB DDR4 SDRAM memory pools and read or write to the XOM protected areas from another computer connected to these wires, e.g. whilst halting process execution in user space at a desired state and perhaps additionally underclocking the memory bus to facilitate external read or write operations, in order to possibly further analyse the hypervisor for exploitable entry points? Would XOM protect such write operations through integrity checks? If yes, could such an approach still be used to gain further insight or control over the hypervisor?

    • chivaree says:

      Its not feasible. Other than the possibility of damage, it could be an unreliable read. In private, they already have the keys. Meaning, they already have a way to peek into the system. so there’s no need for that. You just can’t find these publicly because the process may involve the use of private keys and/or the process on obtaining them through software is a very fragile and important aspect of the private hack. It keeps the doors open for them. What they are all waiting is an “exploitable” in-system code that when shared to the public doesn’t make them illegal. Remember that, using Sony code, showing private keys and using them, and even a modified version of the original Sony codes are subject for copyright infringement. Exploiting your own console isn’t inherently illegal, its the copyrightable things and trademark secrets are.

  2. KokamiDavid says:

    Some PS3 versions (Fat, 20xx, 21xx, 25xx) are probably the only lucky Sony Console that have the best hack for the best experience: CFW: easiest to use without having to jabreak when rebooting, the safest when not having to remove the case to solder the modchip, and the neatest when not having to attach USB or memory card, What all Microsoft and Sony consoles can’t do. Currently only Nintendo’s Console Wii and WiiU can do the same.

  3. lollypop says:

    mmcfwemu on syscon msduo timemachine alex

  4. Axlezip says:

    Lol this post like all others aren’t theories like Sony freaking out. I know it’s a solid breakthrough and key already found just hope time is like the psp jailbreak in a sense where this could leave doors open permanently and allow permanent spoofing of updates. Sony sc*** all with a poor design and no slim so I feel they can suck it. Ps5 deserves a ps3 jailbreak all the way just to straighten out Sony for there treatment to there customers this run around.

  5. redfall xsx rtx3060 ps4 ps3 xbox360 xbox vita 72 seasons says:

    2.50 haha yes ps5 will be never broken I think

  6. Rubicon Rich says:

    I have a second ps5 on fw 1.02 it’s a launch model only powered on once. Should I update to 2.50