Over the weekend, hackers revealed that the Playstation 5 (PS5), Sony’s latest darling, has been broken into—not just once but twice.
Fail0verflow, the hacking group notorious for breaking Playstation consoles, and Andy “TheFlow” Nguyen, a security engineer at Google and widely known in the Playstation Vita scene, both tweeted samplings of their successful PS5 hacks.
Translation: We got all (symmetric) ps5 root keys. They can all be obtained from software – including per-console root key, if you look hard enough! https://t.co/ulbq4LOWW0
— fail0verflow (@fail0verflow) November 8, 2021
Fail0verflow announced they were able to retrieve all PS5 symmetric root keys, including a per-console root key, from the firmware itself. A root key is used to decrypt and reverse engineer the console’s firmware. A reverse-engineered firmware, of course, opens the door for creating and introducing homebrew PS5 software into the console, allowing other software and games to run in it. These homebrews will be signed with the same symmetric root keys so the PS5 can recognize them as belonging to its own. This also opens the door for finding future exploits.
Fail0verflow are yet to reveal any details about how they did the hack, but there has been speculation that they may have used a kernel exploit or carried out some “significant hardware glitching”.
#PS5Share pic.twitter.com/xem0A7i3rC
— Andy Nguyen (@theflow0) November 7, 2021
Nguyen, on the other hand, was able to access the Debug Setting option of a retail PS5, something that is normally available only on hardware testkits. Wololo, the site who first wrote and published about this, said the Debug Setting option is disabled on retail consoles. “But it can be enabled on retail consoles by patching some flags, located at specific addresses in the firmware at Runtime.”
Nguyen gaining access to the usually invisible console option makes one think he likely used a PS5 kernel exploit. It remains to be seen if Nguyen’s and fail0verflow’s exploits are the same, if not similar.
We won’t be hearing any confirmation or refutation from Nguyen though, as he already pointed out in a tweet that he has no plans of disclosing the exploit he used. Fail0verflow may or may not choose to disclose either. In a blog post eight years ago, the group admitted that developing homebrew software for closed consoles no longer appeals to them. Not only does this require a great deal of work, they are also constantly at risk of litigation. To top it off, game pirates get the bank on their hard work.
So, what can we expect from these PS5 hacking revelations? A firmware patch from Sony, perhaps, which has happened before, or nothing at all. But it is interesting to think about the future of homebrew software at this point. Is the homebrew scene in the Playstation—or other consoles for that matter—dead? If so, would anyone dare take up the mantle?
The post Playstation 5 hacked—twice! appeared first on Malwarebytes Labs.
Article Link: Playstation 5 hacked—twice!