PS5 UMTX Jailbreak: SpecterDev releases 1.xx/2.xx implementation based on Webkit entry point, other firmwares to come (but…)

PlayStation hacker SpecterDev has released an implementation of the recently disclosed umtx exploit for PS5. This is a Jailbreak using that particular exploit, and relying on the psfree webkit exploit as an entry point. SpecterDev stated that this particular implementation can ultimately be ported up to firmwares 5.xx included. Firmware 6.00 patched the webkit vulnerability used here, so a different entry point will need to be used in order to activate the umtx exploit on firmwares 6.00 and above (up to 7.61).

TL,DR

• People on Firmwares 1.xx/2.xx can already give a try to this newly released Jailbreak
• On Firmwares 3.xx to 5.xx, more work is required for this particular implementation of the Jailbreak, but this might come with time
• Firmwares 6.00 to 7.61 cannot use this particular implementation, since it relies on a webkit exploit which was patched in 6.00. There is however significant hope that other entry points can be leveraged (such as BD-JB or a game exploit) to then trigger the umtx exploit/jailbreak.
• PS5 Firmware 8.00 patches the umtx exploit, so a PS5 on 8.00 or above will not be able to run the jailbreak

UMTX SpecterDev 1.xx/2.xx implementation

If you’re running on firmwares 1.xx/2.xx, you can download SpecterDev’s implementation on his github at https://github.com/PS5Dev/PS5-UMTX-Jailbreak, or try it on Zecoxao‘s host here: https://zecoxao.github.io/umtx/

Emphasizing again that this implementation is only confirmed to work on Firmwares 2.xx as well as 1.xx (which received support a few hours after the initial release). Specifically, supported firmwares currently are:

• 1.05
• 1.10
• 1.11
• 1.12
• 1.13
• 1.14
• 2.00
• 2.20
• 2.25
• 2.26
• 2.30
• 2.50

UMTX exploit. What about firmwares 3.00 and above?

Firmwares 3.xx to 5.xx could eventually be supported with the same codebase, and in particular the webkit exploit involved here. However Specterdev has clarified that firmwares 3.00 and above added additional security and mitigations that need to be bypassed for this to work on these firmwares. It is also unclear if he is the one who will be working on this, as he stated “As I’m mostly only interested in lower firmwares, this exploit doesn’t support FW >= 3.00 as of yet”

The umtx vulnerability should work up to Firmware 7.61 included. However, in Firmware 6.00, Sony patched the webkit vulnerability used as an entrypoint here. This means a different usermode exploit need to be leveraged, in order to create a full Jailbreak chain for Firmwares 6.00 to 7.61. For those of us with a disc-based PS5, the BD-JB exploit will probably eventually get a working implementation of the exploit chain, but for those on a digital edition of the PS5, it is yet unclear what usermode entry point can be used. However flatz seemed to hint that he might have some game based exploit lying around, similar to what we had with Okage:Shadow King on the Mast1c0re exploit.

As always, we’ll need to wait until the dust settles on this one.