News

The Fail0verflow team approached the PlayStation 5 hack

Recently, members of the well-known hacker group Fail0verflow shared a code snippet on Twitter and reported that they managed to get to all the root keys of the PlayStation 5.

Apparently, the screenshot shows the decrypted PS5 firmware file, where the code related to the secure loader is highlighted. In theory, analyzing the decrypted firmware will help Fail0verflow (and other hackers) reverse the code and create custom firmware with the ability to download third-party software to the PS5.

Of course, to extract the PS5 system software and install a replacement, they will need some kind of exploit that will provide read / write access to the usually closed console kernel.

While Fail0verflow contributors have not written anything about such an exploit, they only note that the keys were “obtained from software”, that is, it did not require any hardware intervention.

Since the hackers do not disclose any details of their hacking so far, the network is already building theories and actively discussing the theoretical possibilities that open after obtaining the root keys. For example, Reddit users explain that the high-profile headlines about “PS5 hacking” are not entirely correct.

.They say they found the decryption keys. Root symmetric keys. [But] the decryption keys are always symmetric, because there is no point in using a public / private key system if the decryption key is always on the device (that is, it will be public). Decryption will simply be slower if you are using PKI [Public Key Infrastructure] for encryption / decryption (obfuscation).The code, of course, is also signed and will use PKI, but the private key is not on the device and cannot be recovered from the device. Thus, there must be “root asymmetric keys” (something like), but they did not find them, since they are not on the device at all. With this hack, they will be able to decrypt games and decrypt other things encrypted on the device (save files and so on). But they won’t be able to sign the new code. Another exploit is required to run new code on the system.happyscrappy explains on Reddit.

Speaking of exploits, it’s worth noting that over the weekend, another well-known hacker, theFlow0, posted a screenshot on Twitter that included Debug Settings, previously only available on developer hardware (where the GUI looks completely different), among the usual PlayStation 5 settings.

Wololo explains that theFlow0 screenshot was taken on a regular PS5 and published using the PS5Share PS5 feature. This indicates that the hacker has random write access, that is, most likely, he also has an exploit for the PS5 kernel. At the same time, theFlow0 made it clear that it does not plan to release its exploit to the public and disclose any details.

Let me remind you that we recently talked about the fact that Pwn2Own members made the printer to play AC / DC.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)
Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Recent Posts

Remove Chernars pop-up ads (Virus Removal Guide)

Chernars.com is a domain that tries to force you into subscribing to its browser notifications…

21 hours ago

Remove Eclipse-adblocker.pro pop-up ads (Virus Removal Guide)

Eclipse-adblocker.pro is a site that tries to trick you into clik to its browser notifications…

21 hours ago

Remove Initiateadvancedcompletelythe-file.top pop-up ads (Virus Removal Guide)

Initiateadvancedcompletelythe-file.top is a site that tries to force you into subscribing to its browser notifications…

21 hours ago

Remove Pbmsoultions pop-up ads (Virus Removal Guide)

Pbmsoultions.com is a domain that tries to trick you into clik to its browser notifications…

4 days ago

Remove Prizestash pop-up ads (Virus Removal Guide)

Prizestash.com is a site that tries to trick you into subscribing to its browser notifications…

4 days ago

Remove Verifiedbreaking pop-up ads (Virus Removal Guide)

Verifiedbreaking.com is a domain that tries to force you into subscribing to its browser notifications…

4 days ago