Byepervisor presentation video by SpecterDev

The Infosec folks at Hardwear.io have published SpecterDev‘s talk on “Byepervisor“, the hypervisor exploit chain he created for the PS5.

SpecterDev released the exploit itself as well as the slides several weeks ago, so technically there isn’t much “new” in this presentation from October, but it’s great to have it available for everyone looking for additional details, and who couldn’t make it to the conference itself (probably a lot of us, considering the conference was in the Netherlands and the event’s tickets cost several hundreds of dollars)

What is Byepervisor

The PS5 Hypervisor is a piece of middleware designed to protect the console’s Firmware, notably its kernel, from malicious attacks. The Hypervisor in particular enforces eXecute Only Memory (XOM) rules on the kernel, to avoid attackers from reading/writing critical parts of the system. It is a key component of the PS5’s security, and bypassing or hacking it has forever been considered an essential part of getting full control over the PS5 system.

Byepervisor is such an exploit for earlier versions of the PS5 Hypervisor, which works on Firmwares 2.xx and 1.xx. This is an exploit by SpecterDev, which the PlayStation hacker disclosed in October 2024.

Bypervisor exploit Video presentation

The video can be found on Hardwear.io’s youtube channel, enjoy:

Download and use Byepervisor

You can download the Byepervisor exploit source code at https://github.com/PS5Dev/Byepervisor

You should really build it yourself from the sources (if you can’t/won’t do that, I’ll be bold and say that this kind of tool, in its current state, is probably not for you), but Zecoxao has provided a compiled version here: https://qiwi.gg/file/5j5w6925-byepervisornologger (source)

The slides for SpecterDev’s presentation can also be found at https://github.com/PS5Dev/Byepervisor/blob/main/Byepervisor_%20Breaking%20PS5%20Hypervisor%20Security.pdf7

Additional details at https://wololo.net/2024/10/26/ps5-byepervisor-exploit-files-released/