The PS5 Has Been Jailbroken
Sony’s nearly two year old PlayStation 5 (PS5) console has now been jailbroken, based on the latest information.
Lance McDonald reported on Twitter that the PS5 has been jailbroken, which means that it can now run unsigned code and homebrew content. He shared a video in which a debug settings menu is seen in the console settings section, which allows users to run unsigned code on the PS5.
It’s worth mentioning that this IPV6 Kernel exploit relies of the Webkit vulnerability as an entry point, which means that any PS5 console running on firmware 4.03 will be able to run it. Firmware versions prior to 4.03 may work, though the exploit might require some tweaks. Currently, the exploit will not work with firmware versions above 4.03, as the Webkit exploit has since been patched.
The exploit itself isn’t stable at the moment, and only works about about 30% of the time. Therefore, those looking to try out the exploit are cautioned that it might require several attempts before it gets through. What’s perhaps more significant is that this exploit only allows you to read and write, not execute. As a result, there is currently no way to load and run binaries. Everything is restricted within the scope of the ROP chain. Nevertheless, the current implementation does support debug settings, as mentioned earlier.
How To Run The PS5 Exploit
Follow the guidelines below to use the exploit on your PS5 running firmware version 4.03.
- Configure fakedns via ‘dns.conf’ to point ‘manuals.playstation.net’ to your PCs IP address
- Run fake dns: ‘python fakedns.py -c dns.conf’
- Run HTTPS server: ‘python host.py’
- Go into PS5 advanced network settings and set primary DNS to your PCs IP address and leave secondary at 0.0.0.0
- Sometimes, the manual still won’t load and a restart is needed, unsure why it’s really weird
- Go to user manual in settings and accept untrusted certificate prompt, run
- Optional: Run rpc/dump server scripts (note: address/port must be substituted in binary form into exploit.js)