Jailbreaking is not the preserve of iPhones. In fact, just about any device that runs firmware has the ability to be hacked so that the end user can run software not originally intended by the manufacturer. This is the case for Android, but also for consoles. After the Switch, it’s the PS5’s turn to be jailbroken, rooted or hacked. Everything is synonymous here.
A PlayStation 5 firmware 4.03 jailbreak
A tweet shared by Lance McDonald on Sunday has already received over 2 million views and shows us the first PlayStation 5 jailbreak based on a kernel exploit called Cryptogenic and a vulnerability Webkit present in Sony firmware version 4.03.
It’s…beautiful.
The PlayStation 5 has been jailbroken. pic.twitter.com/54fvBGoQGw
—Lance McDonald (@manfightdragon) October 3, 2022
The Cryptogenic kernel exploit mentioned above is open source on GitHub and was originally shared by user on Sunday @SpecterDev. The page displays a lot of information about Cryptogenic and the work that went into making it possible.
On the source code page, we learn that the Cryptogenic exploit might support older firmware with some modifications, but it won’t be able to go beyond version 4.03, because the Webkit exploit is fixed in the updates. more recent days. Other caveats include the instability of the exploit and its 30% success rate, which means that exploiting the core may require several attempts before being successful.
Here are some conclusions / warnings for those who want to take the plunge:
- It appears from various tests and dumps with the read primitive that the PS5 has reverted to page size 0x1000 compared to 0x4000 for the PS4.
- It also seems on the PS5 that adjacent pages rarely belong to the same slab, as you will get very different data in adjacent pages. The memory layout seems more scattered.
- Often when the PS5 panics (at least in the context of webkit) there is horrible audio output because the audio buffer is somehow corrupted.
- Sometimes this audio corruption persists on next boot, it is unknown why.
- Similar to the PS4, the PS5 requires manually pressing the console’s power button twice to restart after a panic.
- It’s normal for the PS5 to take an absurd amount of time to restart after a panic if it’s isolated from the internet (unfortunately). Expect startup to take 3-4 minutes.
A fairly limited jailbreak
To date, the Cryptogenic exploit allows reading and writing in kernel memory and unlocks access to the menu Debug Settings of the PlayStation 5, but does not allow code execution, which means users cannot load or run binaries, or apply patches or other interface modifications. Concretely, this means that the possible tweaks that we know well on iPhone are not yet on the agenda.
The PlayStation 5 Debug Settings menu, activated by a jailbreak.
Also, PlayStation 5 firmware version 4.03 is about a year old, most PlayStation 5 users have probably already upgraded to an unsupported version.
But here is what is still very interesting, while Apple users are still waiting for an iOS 15 jailbreak, not to mention a future iOS 16 jailbreak.