Sign up or login to join the discussions!

Kyle Orland - Oct 3, 2022 4:49 pm UTC

Long-time console hacker and exploit developer SpecterDev has released a PS5 exploit that can give users root privileges and read/write access to large chunks of system memory. While this exploit can't be used to actually execute arbitrary code just yet, it represents an important step toward getting homebrew code running on the console.

From there, the exploit uses an error in how the PS5's browser implementation handles memory locking while setting IPv6 socket headers. While the details get pretty technical, the exploit essentially sets up a race condition to access that exposed socket header memory before it's fully locked. That small bit of access is then used as a hook to start reading and writing arbitrary data into large areas of the PS5's memory via an RPC server on the host machine.

Because this exploit relies on a race condition, SpecterDev warns that it only works about 30 percent of the time and might lead to multiple kernel panics (and subsequent lengthy system restarts) before read/write access is successfully obtained. The exploit also can't currently write to low-level "kernel space" (which is still protected by an intact hypervisor) or even execute any code that a user might write to user space (which relies on areas of "Execute Only Memory" that are still protected).

Still, the exploit provides access to the PS5's debug menu, as hacker Lance McDonald demonstrated in a tweet last night. It also provides PS5 hackers with an entry point to learn more about the PS5's memory and security systems and could serve as a potential beachhead for developing a fully homebrew-compatible hack for the console. That said, SpecterDev warns that "homebrew will take a lot of effort" because of the aforementioned security protections that are still intact.

The PlayStation 5 has been jailbroken. pic.twitter.com/54fvBGoQGw

While this exploit currently works on version 4.3 of the PS5 firmware (released last October), SpecterDev speculates that some slight changes could get a similar exploit to work on firmware version 4.5 (released last December). Sony marked the issue as "resolved" on HackerOne in April, though, suggesting that the same vulnerability probably won't work in firmware versions released since then.

While the days of regular PS5 owners being able to install their own homebrew apps on the PS5 may still be a ways off, the hacking community won't rest until that time arrives.

You must login or create an account to comment.

Join the Ars Orbital Transmission mailing list to get weekly updates delivered to your inbox.

CNMN Collection WIRED Media Group © 2022 Condé Nast. All rights reserved. Use of and/or registration on any portion of this site constitutes acceptance of our User Agreement (updated 1/1/20) and Privacy Policy and Cookie Statement (updated 1/1/20) and Ars Technica Addendum (effective 8/21/2018). Ars may earn compensation on sales from links on this site. Read our affiliate link policy. Your California Privacy Rights | Do Not Sell My Personal Information The material on this site may not be reproduced, distributed, transmitted, cached or otherwise used, except with the prior written permission of Condé Nast. Ad Choices