PS5: SpecterDev defeats the Hypervisor
PlayStation hacker SpecterDev has taken to Twitter today to hint that he has managed to hack the PS5 hypervisor with (at least) the help of ChendoChap. Although it’s unclear if the hack will be released at this point, SpecterDev gave the precision that this is for firmwares 1.xx/2.xx, and that Firmware 3.00 patches the vulnerabilities that have been used here.
PS5 Hypervisor: the holy grail of hacking the PS5?
It’s been known for a while that the PS5 is way more secure than the PS4 when it comes to hacking attempts. In particular, the PS5 runs with a Hypervisor, which controls and limits what all processes can do, including the kernel itself.
Case in point, although the console has been Jailbroken on low firmwares for quite some time, arbitrary read/write to the firmwares have still eluded the scene (most kernel hacks currently rely on Sleirsgoevy‘s “kstuff” which bypasses some of these limitations by patching registers at execution time, instead of patching the kernel in RAM).
Controlling the hypervisor could finally give read/write access to the kernel and allow for deeper modifications of the console firmware at runtime, like a HEN does on the PS4 or PS3.
Feels great when an idea can finally be tested and works out after like a year 🙂
Shouts to ChendoChap for working out the ROP chain. Protip: staying < 3.00 is a good idea. pic.twitter.com/7Fl3HjlpAC
— Specter (@SpecterDev) September 29, 2024
Breaking the hypervisor in itself isn’t the end of the story though. Ahead of the news, Zecoxao has attempted to calm everyone’s expectations with the following message:
some heads up about ps5 pkg instalation and hypervisor being defeated: defeating the hypervisor won’t automatically make you able to install ps5 pkgs, even if you have access to kernel .text read and write. You can however use the added power to try and defeat the a53io core processor that separately handles the ps5 pkgs, but nobody has tried that yet.
Hypervisor will be harder to access on Firmwares 3.00 and above
In firmware 3.00, Sony entirely re-architected the Hypervisor and this patched the method that was used to access it in Firmwares 2.xx in the first place. SpecterDev had already explained that in earlier firmwares, the hypervisor was actually part of the kernel. According to the hacker, “sony probably knew (or at least suspected) what we did was a possibility which is why they rearchitected the whole thing“.
Multiple hackers have allegedly been able to hack the Hypervisor, including flatz and now SpecterDev. It is also believed that Fail0verflow have a Hypervisor exploit.
Source: SpecterDev
sony just keeps getting cucked harder and harder
Not really systems get updated and lower firmwares still cant access everything an online system can so….
Not at, on the contrary Sony is pulling the strings on the hacking scene with the Bounty program where hackers are receiving money prizes for their efforts and Sony allowing or not their exploits to be public.
Nintendo should learn that from Sony
The bounty only last 3 months.
Hence why thefl0w disclosed.
We would not be anywhere without thefl0w but Sony only patch the issue and yhe exploit is released.
How do.you think we got this far?
Its not a good thing for the gaming industry….thats particulary why we have so many indies games on the ps4,ps5
1.X 2.X hypervisor exploit is not exactly something many people will be able to take advantage of.
And without backports, what the heck are you going to run on it? Homebrew that would run on a Nokia?
Cool for the handful of people who can use this. Pointless for the vast majority.
I would be happy to learn how to do this stuff someday
I still have my horizon zero Dawn ps5 unopened. Hopefully it’s at a low dirmwarey
How have you not checked xD plug it in already and have a look!
If it is below 3.00 then it isn’t useful tbh. It is like that old 1.x PS4 hack.
Great achievement, but not many PS5’s are under 3.00.
Firmware 3.00 was released in 2021, during covid when scalpers got everything.
Yea, PS5s didn’t exist where I lived during that time. Genuinly never seen one in person until recently when I bought one last year on firmware 7.00.
Happy for the few that can use this – will continue to allow my ps5 to catch dust.