{"id":85848,"date":"2022-10-03T18:01:56","date_gmt":"2022-10-03T18:01:56","guid":{"rendered":"https:\/\/harchi90.com\/new-ps5-kernel-exploit-seemingly-lets-someone-run-kojimas-pt\/"},"modified":"2022-10-03T18:01:56","modified_gmt":"2022-10-03T18:01:56","slug":"new-ps5-kernel-exploit-seemingly-lets-someone-run-kojimas-pt","status":"publish","type":"post","link":"https:\/\/harchi90.com\/new-ps5-kernel-exploit-seemingly-lets-someone-run-kojimas-pt\/","title":{"rendered":"New PS5 Kernel Exploit Seemingly Lets Someone Run Kojima&#8217;s PT"},"content":{"rendered":"<div>\n<figure class=\"sc-1eow4w5-1 eLNveM align--bleed js_lazy-image js_marquee-assetfigure\" data-id=\"d3e25c1b4488d6b5a3e51eda1b44f7cd\" data-recommend-id=\"image:\/\/d3e25c1b4488d6b5a3e51eda1b44f7cd\" data-format=\"jpg\" data-width=\"1920\" data-height=\"1080\" data-lightbox=\"true\" data-alt=\"A PS5 sits in front of a virtual grid as hackers prepare to run abandonware on it. \" data-recommended=\"false\" data-hide=\"false\" contenteditable=\"false\" draggable=\"false\">\n<div class=\"sc-1eow4w5-2 loxZOX has-data img-wrapper\" contenteditable=\"false\" style=\"max-width:1920px\" data-alt=\"A PS5 sits in front of a virtual grid as hackers prepare to run abandonware on it. \" data-link-reference=\"\" data-link-target=\"\" data-syndicationrights=\"true\" data-imagerights=\"other-license\" data-hide=\"false\" data-hidecredit=\"false\"><span class=\"sc-1eow4w5-0 dnhHtZ js_lightbox-wrapper\"><\/p>\n<div style=\"padding-bottom:56.3%\" class=\"sc-1eow4w5-3 lktKQM image-hydration-wrapper\">\n<div><img alt=\"A PS5 sits in front of a virtual grid as hackers prepare to run abandonware on it. \" srcset=\"https:\/\/i.kinja-img.com\/gawker-media\/image\/upload\/c_fill,f_auto,fl_progressive,g_center,h_80,pg_1,q_80,w_80\/d3e25c1b4488d6b5a3e51eda1b44f7cd.jpg 80w, https:\/\/i.kinja-img.com\/gawker-media\/image\/upload\/c_fit,f_auto,g_center,pg_1,q_60,w_140\/d3e25c1b4488d6b5a3e51eda1b44f7cd.jpg 140w, https:\/\/i.kinja-img.com\/gawker-media\/image\/upload\/c_fit,f_auto,g_center,pg_1,q_60,w_265\/d3e25c1b4488d6b5a3e51eda1b44f7cd.jpg 265w, https:\/\/i.kinja-img.com\/gawker-media\/image\/upload\/c_fit,f_auto,g_center,pg_1,q_60,w_340\/d3e25c1b4488d6b5a3e51eda1b44f7cd.jpg 340w, https:\/\/i.kinja-img.com\/gawker-media\/image\/upload\/c_fit,f_auto,g_center,pg_1,q_60,w_490\/d3e25c1b4488d6b5a3e51eda1b44f7cd.jpg 490w, https:\/\/i.kinja-img.com\/gawker-media\/image\/upload\/c_fit,f_auto,g_center,pg_1,q_60,w_645\/d3e25c1b4488d6b5a3e51eda1b44f7cd.jpg 645w, https:\/\/i.kinja-img.com\/gawker-media\/image\/upload\/c_fit,f_auto,g_center,pg_1,q_60,w_740\/d3e25c1b4488d6b5a3e51eda1b44f7cd.jpg 740w, https:\/\/i.kinja-img.com\/gawker-media\/image\/upload\/c_fit,f_auto,g_center,pg_1,q_60,w_965\/d3e25c1b4488d6b5a3e51eda1b44f7cd.jpg 965w, https:\/\/i.kinja-img.com\/gawker-media\/image\/upload\/c_fit,f_auto,g_center,pg_1,q_60,w_1165\/d3e25c1b4488d6b5a3e51eda1b44f7cd.jpg 1165w, https:\/\/i.kinja-img.com\/gawker-media\/image\/upload\/c_fit,f_auto,g_center,pg_1,q_60,w_1315\/d3e25c1b4488d6b5a3e51eda1b44f7cd.jpg 1315w, https:\/\/i.kinja-img.com\/gawker-media\/image\/upload\/c_fit,f_auto,g_center,pg_1,q_60,w_1465\/d3e25c1b4488d6b5a3e51eda1b44f7cd.jpg 1465w, https:\/\/i.kinja-img.com\/gawker-media\/image\/upload\/c_fit,f_auto,g_center,pg_1,q_60,w_1600\/d3e25c1b4488d6b5a3e51eda1b44f7cd.jpg 1600w\" sizes=\"&#10;&#9;&#9;&#9;&#9;(max-width: 25em) calc(100vw - 32px),&#10;&#9;&#9;&#9;&#9;(max-width: 37.31em) calc(100vw - 32px),&#10;&#9;&#9;&#9;&#9;(min-width: 37.37em) and (max-width: 49.94em) calc(100vw - 32px),&#10;&#9;&#9;&#9;&#9;(min-width: 50em) and (max-width: 63.69em) 800px,&#10;&#9;&#9;&#9;&#9;(min-width: 63.75em) and (max-width: 85.19em) calc(66.5vw - 32px),&#10;&#9;&#9;&#9;&#9;800px&#10;&#9;&#9;&#9;\" draggable=\"auto\" data-chomp-id=\"d3e25c1b4488d6b5a3e51eda1b44f7cd\" data-format=\"jpg\" data-alt=\"A PS5 sits in front of a virtual grid as hackers prepare to run abandonware on it.\" data-anim-src=\"\"\/><\/div>\n<\/div>\n<p><\/span><\/p>\n<p><figcaption class=\"sc-7s1ndr-0 ikKPtM no-caption\">Image<!-- -->: <!-- -->Sony \/ Kotaku<\/figcaption><\/p>\n<\/div>\n<p><span data-id=\"d3e25c1b4488d6b5a3e51eda1b44f7cd\" data-recommend-id=\"image:\/\/d3e25c1b4488d6b5a3e51eda1b44f7cd\" data-format=\"jpg\" data-width=\"1920\" data-height=\"1080\" data-lightbox=\"true\" data-alt=\"A PS5 sits in front of a virtual grid as hackers prepare to run abandonware on it. \" data-recommended=\"false\" data-hide=\"false\" class=\"js_recommend\"\/><\/figure>\n<p class=\"sc-77igqf-0 bOfvBY\">Hackers have been circling the PS5 <span>for almost a year now<\/span>and it appears they may have finally managed to jailbreak the 2020 hardware with a new kernel-level exploit <span>first discovered on the PS4<\/span>.  While it doesn&#8217;t allow access to execute certain types of code, the exploit has made it possible for at least one person to reportedly run Kojima&#8217;s Silent Hill demo prequel,<em> PT<\/em>on their PS5, and will likely have massive implications as more people explore the jailbreak.<\/p>\n<p class=\"sc-77igqf-0 bOfvBY\">the <span>PS5 IPV6 Kernel exploit<\/span>discovered by \u201cPlayStation hacking god\u201d Andy \u201cTheFloW\u201d Nguyen last month, now has a way to be implemented, as <span><a rel=\"nofollow noopener\" class=\"sc-1out364-0 hMndXN sc-145m8ut-0 eRdxJX js_link\" data-ga=\"[[&quot;Embedded Url&quot;,&quot;External link&quot;,&quot;https:\/\/twitter.com\/SpecterDev\/status\/1576643254656778241&quot;,{&quot;metric25&quot;:1}]]\" href=\"https:\/\/twitter.com\/SpecterDev\/status\/1576643254656778241\" target=\"_blank\">tweeted over the weekend<\/a><\/span>  by hacker SpecterDev.  It relies on a previously known vulnerability in Webkit, the PS5&#8217;s web browser technology, that works on PS5s running firmware 4.03, and possibly earlier versions as well.<\/p>\n<p class=\"sc-77igqf-0 bOfvBY\">The exploit works by having the PS5 access a web server housed on a local PC that contains SpecterDev&#8217;s implementation of the hack.  It apparently works around 30 percent of the time, giving users access to the console&#8217;s debug mode, and thus letting them run software outside of what was originally intended by Sony.<\/p>\n<p class=\"sc-77igqf-0 bOfvBY\">Here&#8217;s a demonstration of the new exploit that was tweeted yesterday:<\/p>\n<p><span class=\"twitter-embed\"><iframe data-src=\"https:\/\/kotaku.com\/embed\/inset\/iframe?id=twitter-1576724107487764484&amp;autosize=1\" autoresize=\"true\" id=\"twitter-1576724107487764484\" data-recommended=\"false\" width=\"500\" height=\"159\" class=\"core-inset lazyload\" frameborder=\"0\" scrolling=\"no\" allowfullscreen=\"\" webkitallowfullscreen=\"webkitAllowFullScreen\" mozallowfullscreen=\"mozallowfullscreen\"><\/iframe><\/span><\/p>\n<p class=\"sc-77igqf-0 bOfvBY\">\u201cThis exploit gives us read\/write access, but no execute,\u201d reports <span>console hacking blog Wololo.net<\/span>.  \u201cThis means no possibility to load and run binaries at the moment, everything is constrained within the scope of the ROP chain.  The current implementation does however enable debug settings.\u201d<\/p>\n<p class=\"sc-77igqf-0 bOfvBY\">Even so, the early exploit was still enough to let <em>Dark Souls <\/em>archeologist Lance McDonald install abandoned PS4 micro-horror game<em> PT<\/em>which isn&#8217;t officially backward compatible on the PS5:<\/p>\n<p><span class=\"twitter-embed\"><iframe data-src=\"https:\/\/kotaku.com\/embed\/inset\/iframe?id=twitter-1576768394707161088&amp;autosize=1\" autoresize=\"true\" id=\"twitter-1576768394707161088\" data-recommended=\"false\" width=\"500\" height=\"159\" class=\"core-inset lazyload\" frameborder=\"0\" scrolling=\"no\" allowfullscreen=\"\" webkitallowfullscreen=\"webkitAllowFullScreen\" mozallowfullscreen=\"mozallowfullscreen\"><\/iframe><\/span><\/p>\n<p class=\"sc-77igqf-0 bOfvBY\">The IPV6 webkit exploit was discovered by TheFloW two years ago on the PS4.  He found it again on the PS5 and reported it to Sony in January 2022. \u201cIt seems like their patch somehow got reverted when doing FreeBSD9 to FreeBSD11 migration,\u201d he <span>recently told <em>motherboard<\/em><\/span>.  TheFloW subsequently received a $10,000 bounty from Sony and the <span>vulnerability was disclosed<\/span> on the site HackerOne on September 20, 2021.<\/p>\n<p class=\"sc-77igqf-0 bOfvBY\">Ever since, others in the PlayStation hacking community have been working on ways to exploit the vulnerability to jailbreak both the disc-based PS5 and its all-digital counterpart.  Console manufacturers try to keep their systems locked down in part to ward off piracy, and today&#8217;s jailbreak is likely just the beginning of hackers poking holes in that security.  Sony didn&#8217;t immediately respond to a request for comment.<\/p>\n<p class=\"sc-77igqf-0 bOfvBY\"><\/p>\n<\/div>\n<p><script async src=\"\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script>    .<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Image: Sony \/ Kotaku Hackers have been circling the PS5 for almost a year nowand it appears they may have finally managed to jailbreak the 2020 hardware with a new kernel-level exploit first discovered on the PS4. While it doesn&#8217;t allow access to execute certain types of code, the exploit has made it possible for &hellip;<\/p>\n<p class=\"read-more\"> <a class=\"\" href=\"https:\/\/harchi90.com\/new-ps5-kernel-exploit-seemingly-lets-someone-run-kojimas-pt\/\"> <span class=\"screen-reader-text\">New PS5 Kernel Exploit Seemingly Lets Someone Run Kojima&#8217;s PT<\/span> Read More &raquo;<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"default","ast-global-header-display":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","spay_email":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false,"jetpack_publicize_feature_enabled":true},"categories":[4],"tags":[14934,27028,28598,28601,13008,286,11524,6549,657,28599,656,28600,629],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack-related-posts":[{"id":86085,"url":"https:\/\/harchi90.com\/new-ps5-exploit-unlocks-root-privileges-read-write-memory-access\/","url_meta":{"origin":85848,"position":0},"title":"New PS5 exploit unlocks root privileges, read\/write memory access","date":"October 3, 2022","format":false,"excerpt":"enlarge \/ Hackers are getting closer to fully unlocking user control of the PS5 hardware.Sony Long-time console hacker and exploit developer SpecterDev has released a PS5 exploit that can give users root privileges and read\/write access to large chunks of system memory. While this exploit can't be used to actually\u2026","rel":"","context":"In &quot;Technology&quot;","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":85268,"url":"https:\/\/harchi90.com\/released-ps5-kernel-exploit-webkit-vulnerability-for-firmware-4-03\/","url_meta":{"origin":85848,"position":1},"title":"Released!  PS5 Kernel exploit + Webkit vulnerability for Firmware 4.03","date":"October 3, 2022","format":false,"excerpt":"Oh, wow, only a few hours after tweeting that this needed to be \u201cironed out\u201d, SpecterDev has now published his implementation of the PS5 IPV6 Kernel exploit! This release relies on the Webkit vulnerability as an entry point, meaning it will work on any PS5 (including PS5 Digital edition) running\u2026","rel":"","context":"In &quot;Technology&quot;","img":{"alt_text":"","src":"https:\/\/i0.wp.com\/wololo.net\/wagic\/wp-content\/uploads\/2022\/10\/PS5_debug_settings_specterdev-1-1024x576.jpg?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":85744,"url":"https:\/\/harchi90.com\/ps5-has-seemingly-been-jailbroken-and-people-are-already-installing-pt-on-it\/","url_meta":{"origin":85848,"position":2},"title":"PS5 Has Seemingly Been Jailbroken, and People are Already Installing PT on It","date":"October 3, 2022","format":false,"excerpt":"Sony's PlayStation 5 seems to have been jailbroken \u2013 so of course, people are installing PTPlayStation modders SpecterDev unveiled the new jailbreak earlier today \u2013 an experimental IPV6 kernel exploit for the PS5. This jailbreak relies on a WebKit vulnerability as an entry point, so it will only work on\u2026","rel":"","context":"In &quot;Technology&quot;","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":18980,"url":"https:\/\/harchi90.com\/ps5-bd-jb-exploit-bdj-sdk-updated\/","url_meta":{"origin":85848,"position":3},"title":"PS5 BD-JB exploit: BDJ-SDK updated","date":"July 19, 2022","format":false,"excerpt":"Developer John Tornblom has pushed multiple updates to his BDJ-SDK github, a repository that contains the latest and greatest files for the PS5 DB-JB exploit toolchain. BDJ-SDK: what's new Since his initial release, here's what's been added to the repo: Use FileFileIO in favor of FileURLConnection Support for more FileIO\u2026","rel":"","context":"In &quot;Technology&quot;","img":{"alt_text":"","src":"https:\/\/i0.wp.com\/wololo.net\/wagic\/wp-content\/uploads\/2022\/04\/ps5_prospero_large.jpg?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]}],"fifu_image_url":"https:\/\/i.kinja-img.com\/gawker-media\/image\/upload\/c_fill,f_auto,fl_progressive,g_center,h_675,pg_1,q_80,w_1200\/d3e25c1b4488d6b5a3e51eda1b44f7cd.jpg","_links":{"self":[{"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/posts\/85848"}],"collection":[{"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/comments?post=85848"}],"version-history":[{"count":0,"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/posts\/85848\/revisions"}],"wp:attachment":[{"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/media?parent=85848"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/categories?post=85848"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/tags?post=85848"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}