At the hardwear.io security conference, TheFlow recently introduced five new bugs for the PS3, PS4 and PS5 that pack a punch.
Andy Nguyen, better known as The Flow, introduced the day before yesterday at the US security conference hardwear.io presented a total of five new vulnerabilities for the PS4, PS5 and probably also the PS3. In combination, the exploits can be used to load pirated copies on the game consoles.
A full jailbreak works on the PS4, it said in his seminar. Furthermore, according to Nguyen, the method is “100 % reliable“, which is a big difference from recent webkit-based exploit chains on PS4. These are buggy and sometimes require numerous retries before the jailbreak finally works.
Sony found the vulnerability in the PS4 9.51 and PS5 5. patched after programmer TheFlow reported them as part of its participation in the HackerOne bounty program. In other words, the PS4 is affected up to and including firmware 9., the PS5 up to and including version 4.29. The PS5 Digital Edition is of course not affected by the bug, as the exploit requires inserting a malicious disc into the game console. No disc = no jailbreak or loader possible.
PS5 and PS4 Blu-Ray Vulnerabilities
The slides and video of his presentation are said to be in go online in the next few weeks, according to the jailbreak blog wololo.net. Sony has approved the programmer’s request to publish details of exploits on the HackerOne portal. However, there is no proof-of-concept file underneath. That would have made it too easy for imitators.
PS5 piracy on the rise?
Although not technically a kernel exploit, this set of exploits is enough to cause significant damage to the devices. TheFloW concludes its report by stating that running black-copy games is possible on the PS5. The discs would contain the vulnerability and load a pirated version of the game. For the PS4, he states that exploiting the kernel (i.e. a jailbreak) becomes trivial with this series of exploits.
But the PS4 is not a kernel exploit. However, a special ELF loader can easily be created there in order to load and run copies of games that have not been purchased. Breaking kernel protection should be easy.
TheFlow must not distribute jailbreak itself
The report probably contains enough details for other hackers to investigate the issue on the PS5 etc. and reproduce the exploit chain without extensive example code. From there, creating loaders to load pirated content will be a possibility. Although the creation may not be as “trivial” for everyone as it is for someone with the capabilities of TheFloW.
Blu Ray Burner are available fairly cheaply from Amazon and other online retailers and physical stores. If you want to buy them for such purposes, you have to make sure that they support BD-RE and Dual Layer DL. TheFloW has stated that he used Verbatim Rewritable Discs (BD-RE) in his experiments. However, such discs are not mandatory.
Anyone who has already purchased a PS5 Digital Edition has had bad luck. This doesn’t help you when it comes to playing games that you haven’t bought.
But it’s still too early for any cheering anyway. Nobody has made the five vulnerabilities publicly available yet. Some jailbreakers also have the problem that they still haven’t had a chance to buy a PS5 themselves due to Sony’s delivery problems.
About Lars Sobiraj
Lars Sobiraj started in 2000 as a career changer for various computer magazines. 2006 numerous other online magazines were added in addition to gulli.com. He is the founder of Tarnkappe.info. In addition, Ghandy, as he calls himself in the scene, has been teaching participants at various universities and training institutions since 2014 how to use the Internet is working.