A PS5 sits in front of a virtual grid as hackers prepare to run abandonware on it.

Image: Sony / Kotaku

Hackers have been circling the PS5 for almost a year now, and it appears they may have finally managed to jailbreak the 2020 hardware with a new kernel-level exploit first discovered on the PS4. While it doesn’t allow access to execute certain types of code, the exploit has made it possible for at least one person to reportedly run Kojima’s Silent Hill demo prequel, P.T., on their PS5, and will likely have massive implications as more people explore the jailbreak.

The PS5 IPV6 Kernel exploit, discovered by “PlayStation hacking god” Andy “TheFloW” Nguyen last month, now has a way to be implemented, as tweeted over the weekend by hacker SpecterDev. It relies on a previously known vulnerability in Webkit, the PS5’s web browser technology, that works on PS5s running firmware 4.03, and possibly earlier versions as well.

The exploit works by having the PS5 access a web server housed on a local PC that contains SpecterDev’s implementation of the hack. It apparently works around 30 percent of the time, giving users access to the console’s debug mode, and thus letting them run software outside of what was originally intended by Sony.

Here’s a demonstration of the new exploit that was tweeted yesterday:

“This exploit gives us read/write access, but no execute,” reports console hacking blog Wololo.net. “This means no possibility to load and run binaries at the moment, everything is constrained within the scope of the ROP chain. The current implementation does however enable debug settings.”

Even so, the early exploit was still enough to let Dark Souls archeologist Lance McDonald install abandoned PS4 micro-horror game P.T., which isn’t officially backward compatible on the PS5:

The IPV6 webkit exploit was discovered by TheFloW two years ago on the PS4. He found it again on the PS5 and reported it to Sony in January 2022. “It seems like their patch somehow got reverted when doing FreeBSD9 to FreeBSD11 migration,” he recently told Motherboard. TheFloW subsequently received a $10,000 bounty from Sony and the vulnerability was disclosed on the site HackerOne on September 20, 2021.

Ever since, others in the PlayStation hacking community have been working on ways to exploit the vulnerability to jailbreak both the disc-based PS5 and its all-digital counterpart. Console manufacturers try to keep their systems locked down in part to ward off piracy, and today’s jailbreak is likely just the beginning of hackers poking holes in that security. Sony didn’t immediately respond to a request for comment.

    





Source link

By admin