Hacking group says it has found encryption keys needed to unlock the PS5

[Lightwreather]

Summary

 

Fail0verflow announcement suggests a private exploit to expose system's secure kernel.

 

Quotes

Quote

Hacking group Fail0verflow announced Sunday evening that it had obtained the encryption "root keys" for the PlayStation 5, an important first step in any effort to unlock the system and allow users to run homebrew software.

The tweeted announcement includes an image of what appears to be the PS5's decrypted firmware files, highlighting code that references the system's "secure loader." Analyzing that decrypted firmware could let Fail0verflow (or other hackers) reverse engineer the code and create custom firmware with the ability to load homebrew PS5 software (signed by those same symmetric keys to get the PS5 to recognize them as authentic).

Extracting the PS5's system software and installing a replacement both require some sort of exploit that provides read and/or write access to the PS5's usually secure kernel. Fail0verflow's post does not detail the exploit the group used, but the tweet says the keys were "obtained from software," suggesting the keys didn't need to make any modifications to the hardware itself.

Separately this weekend, well-known PlayStation hacker theFlow0 tweeted a screenshot showing a "Debug Settings" option amid the usual list of PS5 settings. As console-hacking news site Wololo explains, this debug setting was previously only seen on development hardware, where the GUI looks significantly different. But TheFlow0's tweet appears to come from the built-in sharing function of a retail PS5, suggesting he has also used an exploit to enable the internal flags that unlock the mode on standard consumer hardware.

TheFlow0 adds that he has "no plans for disclosure" of his PS5 exploit at this point. In recent years, TheFlow0 has taken part in Sony bug-bounty programs that reward the responsible disclosure of security flaws in PlayStation hardware.

 

My thoughts

Okay, so this happened. Honestly I'm not really that much into crpytography and/or hacking, so I don't think I'll be able to give much of an explanation of how this could've happened. However, this seems to be good news for modders and homebrewers (and to an extent pirates as well). Now, something similar happened with the PS3, so I'm pretty sure Sony might sue this group and release a firmware update to patch this. So, if you want to use this exploit, you'd better unplug your PS5 (if you managed to find one) from the interwebs.

 

Sources

ArsTechnica

Fail0verflow - Twitter

theFlow0 - Twitter

Wololo

[emosun]

the real challenge will be finding a ps5 to try it on lol

[Skiiwee29]

^^ Shes not wrong. 

 

I'm more surprised its taken a year since launch for this to have happened. 

[EphraimK]

Remember how fast the Nintendo Wii received it's root access?

 

I'm still waiting for a "legal" way (meaning not using illegal chips) to hack a switch lite lol

[EphraimK]

7 minutes ago, emosun said:

the real challenge will be finding a ps5 to try it on lol

You can't even find PS5s in stores these days.

[rcmaehl]

To be noted, these are TWO DIFFERENT exploits that both can individually blow the PS5 wide open. Hopefully, we'll see a PS5 linux port soon.

[cj09beira]

Insert "Pause champ" here

If one could run linux on it, it might become a really cool option, as there is no way to get that much perf at those prices.

[emosun]

8 hours ago, Skiiwee29 said:

I'm more surprised its taken a year since launch for this to have happened. 

thats how long it took before failoverflow got a real ps5 and not just the box filled with sand

[dilpickle]

Why do you need to "homebrew" on a PS5?

 

We all know what this will be used for...

[Kisai]

On 11/9/2021 at 5:47 AM, rcmaehl said:

To be noted, these are TWO DIFFERENT exploits that both can individually blow the PS5 wide open. Hopefully, we'll see a PS5 linux port soon.

We're going to see a story, in the next 24 months where some crappy cryptominer runs on the ps5 gpu, and buys up all the PS5's in the country.

[Lightwreather]

1 hour ago, Kisai said:

We're going to see a story, in the next 24 months where some crappy cryptominer runs on the ps5 gpu, and buys up all the PS5's in the country.

I think that's already happened right?

[Kisai]

3 hours ago, J-from-Nucleon said:

I think that's already happened right?

Those were PS4's and it was FIFA bots playing to get rare drops in free lootbox cruft as I remember it.

 

Ultimately game machines should be used for gaming during their active shelf life, and if their post-shelf life allows them to be repurposed instead of landfilled, that is OK with me. That's how we got XBMC (Kodi) in the first place, because of that short-lived original Xbox which was little more than a Pentium III.

 

 

[WolframaticAlpha]

On 11/9/2021 at 12:02 PM, EDK Tech said:

Remember how fast the Nintendo Wii received it's root access?

 

I'm still waiting for a "legal" way (meaning not using illegal chips) to hack a switch lite lol

That was mainly through the gamecube bc, which had access to less resources(no wireless, less memory etc). The entire wii mode pwning was helped sugnificantly by recontructing the memory dump of the gamecube bc and came quite a bit later.