PPPwn Kernel exploit: What about the PS5?

Today, hacker TheFloW released a Jailbreak chain for  PS4 11.00. Named PPPwn, the exploit works on PS4 systems up to firmware 11.00 included. The underlying vulnerability also impacts PS5 up to Firmware 8.20 included, so why didn’t we see a similar release for the PS5 today?

The answer might be complex, but SpecterDev has provided a few pointers as to why the PS5 could be much harder to exploit through this vulnerability.

PS5 Might see a PPPwn exploit as well, but it could take a while

According to the PS5 hacker, and as we all know by now, the PS5 has much stronger security mitigations in place than the PS4. This means that although the vulnerability is present on the PS5 as well, the PS5 System is well guarded against further successful exploitation, beyond a simple Denial of Service. Specifically, SpecterDev says:

PS4 is much weaker in terms of mitigations which played a part in allowing a remote exploit w/o userland code execution. PS5 is different. SMAP+CFI make this much harder to do. XOM also plays a role, even if CFI were a non-issue, you can’t easily get gadgets to ROP with either. It might not be impossible but a new strategy would be needed and you’d need to go for R/W. You’d also likely need userland code exec. I wouldn’t expect anything soon.. 

SMAP, CFI, XOM, and the need for userland execution all are additional “walls” erected on the PS5 that are not here (or weaker versions) on the PS4. Whether those can be bypassed is a question that remains to be answered (and I’m sure a lot of hackers will be looking). But, long story short, a Jailbreak on the PS5 which leverages the PPPwn exploit, doesn’t appear to be right around the corner.

As a reminder, SpecterDev did a presentation last year at an infosec conference, where he described some of those security mechanisms and how the PS5 is significantly “stronger” than the PS4 on these aspects.

TheFloW’s exploit directly goes for the jugular with root privilege escalation, not needing userland execution to begin with (the user connecting to the malicious PPPoE endpoint can arguably be considered as the only “userland” part here). On the PS5, according to SpecterDev, we would need userland access to be able to deactivate more of the PS5s mitigations. Userland exploits exist for the PS5 (in particular the Mast1c0re exploit) but would also need significant modifications to work in the context of the PPPoE exploit. That might not even be doable since Mast1c0re runs within a game, while the PPPoE exploit is triggered from within one of the setup screens on the console. However I am assuming that getting userland execution once you have root, is easier than the other way around.

The other mitigations, however, are extremely significant.

SMAP (Supervisor Mode Access Prevention) was a bit of an afterthought on the PS4, and has been defeated via various means on that console (see here). On the PS5, it appears SMAP was built more securely within the hypervisor (some details here) and is harder to defeat, in particular in recent firmwares (a SMAP bypass vulnerability was reported to Sony in 2021 and allegedly patched on or around firmware 2.30).

Additionally, it appears the PS5 kernel has verification mechanisms in place to ensure some of its code execution isn’t being hijacked. Namely, according to Chendochap, the PS5 uses clang’s Control Flow Integrity (CFI) mechanisms.

In a nutshell, clang extracts the control-flow graph (CFG) during compile-time to determine what functions legitimately call each other. This information is then used to generate code validating the function calls represented by call or callq instructions. At runtime, calls are validated against this information, and on detecting an illegal call or return, program execution is interrupted to avoid an attacker subverting the program’s control flow. –source redhat

XOM (eXecute Only Memory) has also been a huge pain for PS5 exploits, where even with root access, some parts of the kernel cannot be read or written to, only executed at runtime. Although hackers such as Sleirsgoevy found ways to “bypass” this with extensive monitoring of the console’s registers, this has proven to be a strong mitigation, delaying a lot of the hacking work on the console.

I believe that if TheFloW had a working PS5 PPPwn exploit, that’s what he would be presenting at the TyphoonCon in May, not PS4. So I’m assuming he got stopped by some of the mitigations SpecterDev is talking about.

Based on that, and SpecterDev’s explanation, it is very likely a PS5 Jailbreak on recent firmwares is still far off in the future, if possible at all.

Source: SpecterDev