Hacking group says they discovered encryption keys wanted to unlock the PS5

161 0

Enlarge / The hardware doesn’t need to be opened this way to decrypt the PS5 kernel, but it still serves as a good visual metaphor for how the system is now being “exposed”.

Hacker group Fail0verflow announced on Sunday evening that it had received the encryption “root keys” for the PlayStation 5, an important first step in unlocking the system and allowing users to run homebrew software.

The tweeted announcement includes an image of the PS5’s seemingly decrypted firmware files, highlighting code pointing to the system’s “secure loader”. Analyzing this decrypted firmware could allow Fail0verflow (or other hackers) to reverse engineer the code and create custom firmware with the ability to load homebrew PS5 software (signed with the same symmetric keys for the PS5 to recognize as authentic) .

Extracting the PS5’s system software and installing a replacement both require an exploit that provides read and / or write access to the PS5’s normally secure kernel. Fail0verflow’s post doesn’t describe the exploit the group used, but the tweet says the keys were “obtained from software,” which suggests the keys didn’t have to make any changes to the hardware itself.

Regardless, well-known PlayStation hacker theFlow0 tweeted a screenshot this weekend showing a “Debug Settings” option amid the usual list of PS5 settings. As the console hacking news site Wololo explains, this debug setting was previously only seen on development hardware, where the GUI looks significantly different. However, TheFlow0’s tweet appears to have come from the built-in sharing feature of a retail PS5, suggesting that it also used an exploit to activate the internal flags that unlock the mode on standard consumer hardware.


TheFlow0 adds that he has “no plans to disclose” his PS5 exploit at this point. For the past several years, TheFlow0 has participated in Sony’s bug bounty programs that reward the responsible detection of vulnerabilities in PlayStation hardware.

A story of hacking

Fail0verflow’s weekend announcement comes roughly 11 years after the group announced that it exposed the private keys for the PlayStation 3 by exploiting a flawed implementation of Sony cryptography. Sony later sued members of the collective for allegedly bypassing system security; Hacker George “GeoHot” Hotz independently discovered the same information and posted the actual key on his website (the case was later settled). In 2013, Fail0verflow wrote a blog post stating that “we may have reached the point where homebrew is no longer attractive on closed game consoles,” thanks in part to “a very real risk of litigation” and the The fact that “game pirates” are not only becoming large users of the result of these efforts, but by far the overwhelming majority (not because there are more pirates, but because there are fewer home brewers). But in 2018 Fail0verflow was one of several hacking groups that discovered the “unpatchable” exploit that made it possible to run unsigned code on the Nintendo Switch.

It remains to be seen whether and when similar exploits for the PS5 will become public and Sony can temporarily switch them off with firmware updates, as in the past.

Leave a Reply