• Hey, guest user. Hope you're enjoying NeoGAF! Have you considered registering for an account? Come join us and add your take to the daily discourse.

PS5: Flat_z dumps PS5 Secure Processor, confirms he has a PS5 Hypervisor exploit (via a PS4 Game Save exploit)

Thick Thighs Save Lives

NeoGAF's Physical Games Advocate Extraordinaire
ps5_hypervisor_flatz.jpg


PlayStation hacker flat_z claims he has gained access to the PS5’s Platform Secure Processor (PSP). This means he has access to most decryption keys on the console. The hacker also confirmed he has a Hypervisor exploit, and added the whole chain was triggered via software (no hardware hack) through a Disc-based PS4 game. No details have been given on what Firmware this was achieved on, and there wasn’t any plan announced to release the exploit chain.

Flat_z claims PS5 Hypervisor hack through software means​

Hacker Flat_z, known for his past work on the PS4 and his recent involvement with PS5 security, stated he has hacked the PS5 Hypervisor via an exploit chain triggered through a disc-based PS4 savegame exploit.

flat_z_hypervisor_exploit.jpg


The security researcher posted a minimal screenshot of what is believed to be PS5’s PSP (Secure Processor) code, as proof that he has gained (read) access to one of the most protected locations on the PS5 System.

ps5_psp_hypervisor_exploit.png


PS5 Hypervisor exploit – what’s next​

Zecoxao states that flat_z now has access to all PS5 decryption keys. Having access to the keys would at the very least mean a possibility to decrypt Firmware files and game files. This can be useful, at the very least, for hackers looking to reverse engineer the latest and greatest Firmware updates to look for more vulnerabilities.

Generally speaking, there’s not guarantee that flat_z will release anything. Some people believe he has found and leveraged the same exploit that Fail0verflow used almost 2 years ago. They haven’t released anything, and flat_z hasn’t stated he plans to release either.

Unless the hacker plans to release his findings, this doesn’t mean much for the end user at the moment, although it appears you’re in better shape than most if you own a (low firmware) Disc Edition PS5.

On a side note however, a growing number of PS5 hackers believe that fpkgs (or an equivalent) could be achievable without a hypervisor exploit on the PS5. This means (PS4 games for sure, PS5 less likely) piracy could theoretically be a thing with the existing PS5 kernel exploit, although nobody has released anything in that direction so far.

flatz_fpkg_ps5.png


What does it mean for Digital Edition PS5 Owners?​

Once again, it appears a disc was involved in the exploit. However, when asked about it, Flat_z stated that probably any usermode exploit could be used as an entry point. This means webkit exploit for example might be on the table, but this remains to be confirmed.

flatz_exploit_ps5.png


As a reminder, such hacks on modern systems require multiple exploits to be triggered (hence the name “exploit chain”) in order to achieve code execution, privilege escalation, and more. The very first entry point, at the “usermode” level, requires some input from the user, either through a modified save game (which is what was done here in a PS4 game), or a malicious html/javascript page via the console’s browser, for example.

It could be possible to then trigger privilege escalation independently of the initial entry point, which is why webkit might be a viable attack vector even if a PS4 Game was used in this first iteration of the hack. Of course, it seems that hackers tend to like the disc-based hacks more than the rest, meaning Digital consoles might end up being second class citizens of the PS5 hacking scene in the future. Only time will tell

 
There isn't much point in the end user doing anything with this until the time comes when Sony abandons the PS5. One slip-up and you could easily get banned.
 
Last edited:

Kenneth Haight

Gold Member
What's this even saying?
Paves the way to use the console with illegitimate games, aka copies with no write protection etc. they have cracked the console after 2 years is basically what this saying I believe. Pointless really as these consoles are so “always online” now that it’s utterly pointless. But interesting to see how it is actually done, that is a cool process to see. Wonder how many bricked PS5’s they’ve been through in a few years.
 

Sleepwalker

Member
Ill be looking forward to modding my PS5 after it has been abandoned by Sony and not any time before. Considering the PS4 is still supported It will probably be in 20 years by the time I fuck around with this. Still fascinating though.
 
Last edited:

Red5

Member
Ah memories, back when Geohotz released his PS3 exploit and modshops started selling PS3 Jailbreak USB's. Got mine for 30$, let you run custom homebrews, dump BD Rom games, run Emulators, it was sweet.

Paves the way to use the console with illegitimate games, aka copies with no write protection etc. they have cracked the console after 2 years is basically what this saying I believe. Pointless really as these consoles are so “always online” now that it’s utterly pointless. But interesting to see how it is actually done, that is a cool process to see. Wonder how many bricked PS5’s they’ve been through in a few years.

Not pointless to a lot of people in lower income countries where they'd settle for a library of offline games and sacrificing online play. But then again most people in my country are buying PS5 for Fifa and COD warzone and nothing else.
 
Top Bottom