PS5: SpecterDev releases umtx Jailbreak for Firmware 5.50 and below. Payloads still need work on 5.xx

wololo

We are constantly looking for guest bloggers at wololo.net. If you like to write, and have a strong interest in the console hacking scene, contact me either with a comment here, or in a PM on /talk!

6 Responses

  1. Cognoscenti says:

    @wololo you said : “Following the release for Firmwares 1.xx and 2.xx just a couple days ago, code has been added to the umtx Jailbreak for PS5, and it now supports Firmwares up to 5.50 included. This is pretty big news, considering that until today, only Firmware 4.51 and below were actually hackable.

    However, there are limitations with this Jailbreak for Firmwares 5.00 and above. ”

    SO the JB is supported 5.00 and below OR 5.50 and below !! ?? .50 is a huge difference considering Forbidden West bundle and God of War Bundle offer 4.50 to 5.00 and the most recent was offering 5.50….

  2. Cognoscenti says:

    People need to understand this :

    Bypassing the hypervisor (HV) on the PS5 will not directly allow you to install or run PS5 FPKGs (Fake Packages), as the PS5’s package management system (for games and apps) involves a separate security chip that is responsible for decrypting and validating PS5 PKGs (packages). This is a key difference between the PS4 and PS5.

    Key Points:
    PS4 PKGs: On the PS4, the package (PKG) system is handled at the kernel level. This means that once kernel access is achieved through an exploit, one can manipulate the system to decrypt and run unauthorized games or apps (FPKGs).

    PS5 PKGs: The PS5, on the other hand, uses a dedicated security chip to handle the decryption and validation of its packages (PKGs). Even if you were to bypass the PS5 hypervisor and gain kernel access, the decryption of PS5 PKGs would still require compromising this dedicated chip. Without gaining control over this chip, running fake or unauthorized PS5 games (FPKGs) is not feasible.

    This separate chip is part of the PS5’s trusted execution environment (TEE), which provides additional hardware-based security measures, ensuring that package management is isolated from the main CPU and kernel, thus preventing tampering even if the kernel is compromised.

    What Would Be Required:
    To enable FPKGs or fully compromise the PS5’s package management system, a researcher would need to:

    Bypass the hypervisor (to gain kernel-level control).

    Compromise the dedicated chip responsible for PKG handling, similar to what would be required in a hardware-level attack on trusted execution hardware.

    Conclusion:
    While bypassing the hypervisor is a significant achievement, it only grants kernel-level access, which is insufficient for manipulating PS5 games and packages. Accessing or disabling the additional security provided by the hardware chip is necessary to unlock FPKGs on the PS5​

    Additional Info :

    The PS5 employs a Trusted Execution Environment (TEE) that isolates sensitive operations, like handling PS5 PKGs, within dedicated hardware. This TEE provides strong isolation from the system’s kernel, so even if the kernel or hypervisor is compromised, the TEE can still protect cryptographic operations like package decryption. Thus, bypassing the hypervisor alone won’t allow access to PS5 PKGs

  3. Chuchuchu says:

    It’s going to take something big to get me to shift from 4.03

  4. N3X says:

    On X he has it working on 5.xx /Andrew2007__/status/1839679126786998727

  5. 5.50 JAILBREAK!! says:

    The sdk was just updated for 5.xx!

Leave a Reply

Your email address will not be published. Required fields are marked *

Most comments are automatically approved, but in some cases, it might take up to 24h for your comments to show up on the site, if they need manual moderation. Thanks for your understanding