The PS5 Has Been Jailbroken

This reminds me of a meme.<p>&gt; PS5 User: hey can I install a SSH server on my PlayStation? &gt; Sony: NOOOOOO YOU CAN&#x27;T DO THAT THAT&#x27;S&#x27; ILLEGAL WE&#x27;LL SUE YOU FOR VIOLATING TOS<p>&gt; Steam Deck User: hey can I install a SSH server on my Steam Deck? &gt; Valve: It&#x27;s already included. Have fun.

That reminds me of a video that I watched a few months ago about how an earlier generation of PlayStation got jailbroken very late in its lifecycle because Sony decided to disable Linux (or something like that, I don’t remember). As long as that feature was available, nobody cared to hack the console because they could do what they want, but as soon as Sony pulled the feature, the console was hacked in a very short time.

<a href="https:&#x2F;&#x2F;github.com&#x2F;Cryptogenic&#x2F;PS5-4.03-Kernel-Exploit" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;Cryptogenic&#x2F;PS5-4.03-Kernel-Exploit</a><p>Fine documentation of the process and the (limitations of the) exploit.

Nice one, from the video it looks like he chained a browser vuln with a kernel vuln to make his jailbreak. Assuming it&#x27;s a JIT optimization bug (as browser vulns often are, but I&#x27;m just guessing here), I wonder if Sony might attempt to mitigate this in future by disabling JIT, as Apple has done with its Lockdown Mode.<p>Looks like the other thing they could do for this particular vector is prevent https requests from being intercepted and replaced - why should the user be permitted to override certificate errors in this case? Doesn&#x27;t make sense.

&gt; &quot;This exploit achieves read&#x2F;write, but not code execution. This is because we cannot currently dump kernel code for gadgets, as kernel .text pages are marked as eXecute Only Memory (XOM). Attempting to read kernel .text pointers will panic!<p>&gt; As per the above + the hypervisor (HV) enforcing kernel write protection, this exploit also cannot install any patches or hooks into kernel space, which means no homebrew-related code for the time being.&quot; [1]<p>So yeah, it&#x27;s not a full jailbreak yet.<p>[1] <a href="https:&#x2F;&#x2F;github.com&#x2F;Cryptogenic&#x2F;PS5-4.03-Kernel-Exploit" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;Cryptogenic&#x2F;PS5-4.03-Kernel-Exploit</a>

Feels like any time a console gets jailbroken, it&#x27;s always a JavaScript use-after-free exploit in the browser webview that they use to open the user manual. IIRC this was true for the PS Vita, 3DS, Wii U, among others? I wonder if at some point console vendors will stop using webviews entirely?

<a href="https:&#x2F;&#x2F;wololo.net&#x2F;2022&#x2F;10&#x2F;03&#x2F;released-ps5-kernel-exploit-webkit-vulnerability-for-firmware-4-03&#x2F;" rel="nofollow">https:&#x2F;&#x2F;wololo.net&#x2F;2022&#x2F;10&#x2F;03&#x2F;released-ps5-kernel-exploit-we...</a>

It&#x27;s surprising that they deploy all of that debug stuff onto the console and then hide the switch behind a big lock to be picked. Why not just not deploy it?

The kernel exploit has been fully published: <a href="https:&#x2F;&#x2F;wololo.net&#x2F;2022&#x2F;10&#x2F;03&#x2F;released-ps5-kernel-exploit-webkit-vulnerability-for-firmware-4-03&#x2F;" rel="nofollow">https:&#x2F;&#x2F;wololo.net&#x2F;2022&#x2F;10&#x2F;03&#x2F;released-ps5-kernel-exploit-we...</a>

I remember people using PS3 as compute cluster [1] some time ago. Is this still possible with PS5? My general question is: are there and what are some non-gaming purposes of jailbroken PS5?<p>[1] <a href="https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;PlayStation_3_cluster" rel="nofollow">https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;PlayStation_3_cluster</a>

I am entirely supportive of the user&#x27;s right to do what they please with their devices (a right which may soon be enshrined in European law under the Digital Markets Act), and I celebrate jailbreaks as a means of liberating users from oppressive vendors. That said, I cannot help but smile at the fact that console hacks are almost <i>always</i> exploited from the web browser these days. If you need more proof that the web is a bloated, complex platform which is impossible to secure, then here you have it.

While I applaud people being able to use their hardware the way they want to, I know that this inevitably leads to rampant cheating and will ultimately ruin games across consoles as most of the big games these days support cross play.

&quot;Often when the PS5 panics (at least in webkit context), there will be awful audio output as the audio buffer gets corrupted in some way.&quot;<p>Hmmm... when I bought the PS5, for a few days everything was fine. Then it started to have garbled sounds whenever It booted up. If I power cycle the monitor the sound issues disappear.<p>Couldn&#x27;t bring it back to its normal state. Maybe just some quirks with the monitor... maybe someone is sitting inside my PS ;D. Monitor has no issues with the Xbox.

This post looks better? <a href="https:&#x2F;&#x2F;www.psxhax.com&#x2F;threads&#x2F;ps5-4-03-kernel-exploit-webkit-rop-implementation-via-specterdev.14405&#x2F;" rel="nofollow">https:&#x2F;&#x2F;www.psxhax.com&#x2F;threads&#x2F;ps5-4-03-kernel-exploit-webki...</a>

So, it&#x27;s now easier to run custom software on the PS5 than obtaining one?

Time to port my game engine to PS5 I guess.

The dedication jailbreakers have to the craft is truly admirable. I remember back in the mid-1980s coming to the realization that the war between people trying to build copy protection and those trying to crack it was an unwinnable war. I thought this as I copied the latest version of CopyWrite so that I myself could just copy whatever program I wanted at the time.

I still can&#x27;t buy the PS5 in my country. To me, Sony is dead. I&#x27;ve had every Playstation console from the start and have bought one within months of release, it has been almost TWO years now and still there&#x27;s nothing. I&#x27;ll never purchase any of their things ever again.

I guess it&#x27;s time to buy one!<p>That kind of news always increase sales, so they can benefit from it if they damage control correctly, a new model is just around the corner, so it&#x27;s all good i guess

I wonder when companies will move to more adversarial tactics like banning accounts to try and stay ahead in the jailbreak arms race.<p>We’ve seen similar tactics for gaming anti-cheat purposes for quite some time. Companies like Tesla have threatened to disable services to discourage reverse engineering and software modification.

How do you know for sure if it&#x27;s jailbroken?<p>For instance it might still phone home and install a new firmware&#x2F;software image.

So now would be a good time to buy a PS5, keep it in boxed until this is released and use it to pirate all the games?

PS5 is still not available anywhere in Switzerland. Why it is so scarce? It is used for mining or something?

what does it mean &quot;jailbreaking&quot; a gadget, esp a PS5? noob here.

Nice! But can you even buy it?

PS6 will be written in Rust.

Playstation 5? What&#x27;s that?<p>I&#x27;ve head of them but have never seen one in a store.

Now people can pirate all 5 exclusive games that aren&#x27;t already on PC. But really, pretty cool.

I am astonished it was found via one of the vanguard&#x2F;blackrock people (aka google and apple, yeah microsoft is there too), insanely bloated and kludgified, javascripted web engines, Ohlala! Really surprised! (severe irony).

Maybe I am old fashioned, I am not buying an expensive device which I cannot use 100% completely. Only exception is my iPhone. They release consoles every year or so and not letting anyone update the previous ones. I find it silly to purchase consoles every year.