In a bit of news that should definitely cause Sony employees to wince, a security researcher has managed to jailbreak the PlayStation 5 console. In the long run, this would mean modders would be able to create homebrews. It also opens up the possibility of piracy on the system. However, the exploit is very much in its infancy and doesn’t really do much as it stands.
The researcher, SpecterDev, managed to implement an IPV6 Kernel exploit. This exploit will work on any PS5 model, including the PS5 Digial Edition. However, this exploit would only work on devices running the older 4.03 firmware. It was noted that the exploit will not work with higher firmware as they are not vulnerable to the webkit exploit.
PlayStation 5 jailbroken!
As mentioned earlier, the exploit is still at a very nascent stage and is severely limited in what it can do. SpecterDev notes that the exploit is quite unstable and currently works about 30% of the time. As such, developers and modders planning to implement the exploit might need to try multiple times.
Another limitation is that while the exploit gives read/write access, it does not allow for execution. As such, it is not possible to load and run binaries at the moment. The exploit does allow root privileges and enables the debug settings menu.
However, as you may have realised by now, there are some limitations to the exploit. The following are the limits listed on the Github page.
- This exploit achieves read/write, but not code execution. This is because we cannot currently dump kernel code for gadgets, as kernel .text pages are marked as eXecute Only Memory (XOM). Attempting to read kernel .text pointers will panic!
- As per the above + the hypervisor (HV) enforcing kernel write protection, this exploit also cannot install any patches or hooks into kernel space, which means no homebrew-related code for the time being.
- Clang-based fine-grained Control Flow Integrity (CFI) is present and enforced.
- Supervisor Mode Access Prevention/Execution (SMAP/SMEP) cannot be disabled, due to the HV.
- The write primitive is somewhat constrained, as bytes 0x10-0x14 must be zero (or a valid network interface).
- The exploit’s stability is currently poor.
- On a successful run, exit the browser with the circle button, PS button panics for a currently unknown reason.