More details are emerging about the PS4 / PS5 Blu-ray exploits

PlayStation hacker TheFloW gave the scene an electric shock yesterday by revealing a exploitation chain that used Blu-Ray discs on PS4 and PS5. The security researcher stated in his revelation that these exploits can lead to “trivial core exploitation” on PS4, and pirated discs on PS5.

After the initial tension, we are left with many questions, to which answers slowly bubble up. Here is what we have understood so far. (As always, if there is anything you feel we were wrong about, please let us know in the comments section!)

I heard there was big news yesterday. Where is the hack for my PS4 / PS5?

The legendary PlayStation hacker TheFloW revealed a chain of exploits for PS4 and PS5 yesterday at a conference, using vulnerabilities in the Blu-Ray driver used by both consoles. Theoretically, these exploits could lead to a Jailbreak on PS4 and possibly pirated discs on PS5, but:

Nothing has been released that can be exploited directly by end users. At the moment we have a (fairly precise) explanation of what vulnerabilities are on the consoles, and where in the code of the firmware. Gathering all this information into a working proof of concept for both consoles is “left as an exercise to the reader”. So, assuming someone reproduces what TheFloW has described in the report (a kernel panic), this still needs to be associated with more discoveries (like a kernel exploit) to be turned into a full-fledged Jailbreak.

In other words: it can take months before something that can be used by the end user comes out of this. As a good reminder, it took several months for experienced hackers to release a PS4 7.55 Jailbreak after another revelation from TheFloW back in 2021, despite the fact that the revelation was quite detailed.

What are the implications of this revelation for the PS4?

Provided that an actual implementation of the utilization chain is published:

For people running on real estate 9.00 or lower, you can already Jailbreake your console. It is conceivable that this utilization chain will be linked to existing core utilization (we assume here that the core utilization functions can be accessed from the BD context). TheFloW has stated that this exploitation is 100% reliable, which means that people would expect a 100% stable Jailbreak on PS4. This will be an improvement over today’s Jailbreaks, which sometimes require more attempts due to the randomness of the underlying user country utilization (Webkit utilization).

For people running on real estate 9.03 / 9.04: TheFloW has stated that with this exploitation chain successful, Kernel Exploitation “trivial, since there is no SMEP and one can simply jump to the user with a broken function pointerThe way we read this here is it implementing rights scaling (a Jailbreak for PS4 9.03 / 9.04) in this context can be very simple. Take this with a pinch of salt here, what is “trivial” for TheFloW may still require a lot of research for other people.

For people running firmware 9.50 or later: PlayStation has patched the security holes in 9.50 so there is nothing for you here. Try to get a lower firmware PS4 when you get the chance. At the very least, stop updating your console if you expect to Jailbreak it.

Will this utilization mean the return of pirated discs on PS4, and the need to burn dozens of Blu-Ray discs, for example for home brewing or emulators?

Most likely not. The fact that exploit uses Blu-Ray vulnerabilities to drive does not limit users to this format after successful exploitation: Blu-Ray vulnerability is the “entry point” to unlock the console. When a Jailbreak is active in RAM, loading homebrew (and yes, pirated games) will most likely work the same way it always has: install it on the console either via USB or FTP from your computer, and run it from PS4- the hard disk.

What does this Blu-Ray exploit mean for PS5 hacking and piracy?

TheFloW first stated in its report that this chain of exploitation could easily lead to pirated records. Because this is not a kernel exploit in itself (no full access to the console), actions within the BD context would be limited, but in its report, the hacker was sure that this could lead to the creation of pirated discs. The report did not mention whether this was for PS4 or PS5, and suggested both:

The UDF driver is used on PS4 and PS5 which contain a buffer overflow.[…] With these vulnerabilities it is possible to send pirated games on bluray discs. It is possible even without a core utilization since we have JIT functions.

He has since taken to Twitter to clarify this:

So this is pretty important here, for people who thought this was going to lead to immediate piracy: The road to pirating PS5 discs is not easy from this point, and it seems that the hacker meant specifically PS4 games. It could also be that TheFloW is simply trying to cover itself legally: of all the points in the revelation, the threat of piracy on PS5 is probably the least interesting from a technical level, but the most threatening to Sony’s business.

There is still possibly a way that leads to piracy of PS5 here. Whether “entrepreneurs” will find out quickly and start selling pirated games is someone’s guess.

When it comes to hacking, this unlocks a pretty significant door inside the PS5’s security, which other hackers can start using to dig into the PS5’s interior. Once the fracture is here, this can lead to more finds for peaks. How fast depends on how fast people are able to reproduce and distribute TheFloW’s findings.

Is PS3 affected by these exploits, and if so, what will it mean for PS3?

PS3 is mostly hackable for the most part, thanks to PS3Xploit, PS3Hen and Hybrid Firmwares, but several exploits could not hurt, and can help against full CFW for the hardware revisions that are still incompatible.

TheFloW has stated that the PS3 is also affected by the utilization, we imagine because it uses the same driver as its younger sisters. But it is possible that he has not worked on a full-fledged implementation for that console, and that the details need to be ironed out. Differences in implementations may mean that the exploitation chain does not work, or that it is not easy to implement on PS3. Zecoxao has told us that people watch it:

So it’s safe to update my PS5 / PS4 to X.XX then?

Well … Although TheFloW states that his exploitation chain was fixed on PS4 9.50 and PS5 5.00, there are other utilities lurking around the console, which may prove necessary. A PS5 core utilization was patched in the PS5 4.50 according to Zecoxao, and that may be the key to full access to the console. The rule of thumb remains the same: until something specific is released, avoid updating the console. This applies to PS4 and PS5.