PlayStation 5 Jailbreak is now possible! Once jailbroken, the exploit enables users to gain access required to debug settings on the Sony game console. But it is important to note that the exploit making jailbreak for PlayStation 5 a reality works on firmware 4.50, for more on this see details here. To get the PS5 jailbreak file, click on the link below. And keep reading the article for further information on jailbreak PlayStation 5.
Before proceeding, let me make this clear that the jailbreak is limited in its usefulness at this point.
Recently, a modder named Lance McDonald showed off the PS5 IPV5 Kernel exploit performing its magic on the gaming device in a video shared on Twitter. It is also worth noting that the same hacker became famous for creating an unofficial Bloodborne 60FPS patch.
To jailbreak the device, the PS5 exploit uses Webkit vulnerability but only on consoles running firmware 4.03 with the prospect of working on newer operating systems in some cases, more on that below.
Also, Sony has plugged the vulnerability in the most recent version of the system software thus rendering the exploit useless on updated consoles.
Table of Contents
Jailbreak For PlayStation 5
As mentioned earlier, the jailbreak functions in a limited set of circumstances provided PS5 hardware meets certain preconditions. The main constraint is related to the supported software, which is v4.03, to begin with. Although version 4.50 replaced that in December 2021, the possibility of most users running a console with that firmware is rather slim. For those of you looking to grab a 4.03 or 4.50 on PS5, see a few tips here.
And even if a few of them do have their devices operating on compatible software, the jailbreak isn’t capable of accomplishing grand feats of customization.
Basically, it simply opens up access to the console’s debug settings in addition to grating root privileges.
And since it lacks any code execution features, running customized software isn’t an option yet.
In simple terms, people get access to read and write capabilities, but can’t execute commands. To see how it works, see the video below in which McDonald walks us through the installation of a game demo. Sadly, he is not able to run it due to the current state of the jailbreak.
Additionally, early reports suggest that the success rate of the jailbreak hovers around the 30% mark.
What’s more, as things on the development front currently stand, the PS5 jailbreak exploit takes several attempts to run successfully.
It’s… beautiful.
The PlayStation 5 has been jailbroken. pic.twitter.com/54fvBGoQGw
— Lance McDonald (@manfightdragon) October 3, 2022
Moreover, VGC notes that this jailbreak isn’t going to work wonders for most.
Given the limitations of the alleged exploit and the fact it only works on a specific, year-old firmware version, it will currently likely only be of use to other hackers curious to see how it works and whether they can use it at a starting point for something more effective.
Now given the jailbreak requires old firmware, it will disqualify many PlayStation 5 users from being able to run it.
That said, take this as an opening of the door to potentially fruitful developments in the future.
PlayStation 5 Kernel Exploit Info:
This release relies on the Webkit vulnerability as an entry point, meaning it works on any PS5 (including the PS5 Digital edition) running firmware 4.03. Lower firmware might work with a caveat that the exploit might need tweaking. Higher firmware versions will not work at the moment (they are not vulnerable to the Webkit exploit).
According to SpecterDev, this exploit comes with significant limitations. Notably:
- The exploit is fairly unstable, and in his experience will work about 30% of the time. If you are trying to run it, don’t give up, it might require several attempts before the exploit gets through
- Possibly more important, this exploit gives us read/write access, but no execute! This means no possibility to load and run binaries at the moment, everything is constrained within the scope of the ROP chain. The current implementation does however enable debug settings.
More specifically, from the exploits readme:
Currently Included
- Obtains arbitrary read/write and can run a basic RPC server for reads/writes (or a dump server for large reads) (must edit your own address/port into the exploit file on lines 673-677)
- Enables debug settings menu (note: you will have to fully exit settings and go back in to see it).
- Gets root privileges
Limitations
- This exploit achieves read/write, but not code execution. This is because we cannot currently dump kernel code for gadgets, as kernel .text pages are marked as eXecute Only Memory (XOM). Attempting to read kernel .text pointers will panic!
- As per the above + the hypervisor (HV) enforcing kernel write protection, this exploit also cannot install any patches or hooks into kernel space, which means no homebrew-related code for the time being.
- Clang-based fine-grained Control Flow Integrity (CFI) is present and enforced.
- Supervisor Mode Access Prevention/Execution (SMAP/SMEP) cannot be disabled, due to the HV.
- The write primitive is somewhat constrained, as bytes 0x10-0x14 must be zero (or a valid network interface).
- The exploit’s stability is currently poor. More on this is below.
- On a successful run, exit the browser with circle button, PS button panics for a currently unknown reason.
Stability Notes
Stability for this exploit is at about 30% and has multiple potential points of failure. In order of observed descending likelihood:
- Stage 1 causes more than one UAF due to failing to catch one or more in the reclaim, causing latent corruption that causes panic sometime later on.
- Stage 4 finds the overlap/victim socket, but the pktopts is the same as the master socket’s, causing the “read” primitive to just read back the pointer you attempt to read instead of that pointer’s contents. This needs some improvement and to be fixed if possible because it’s really annoying.
- Stage 1‘s attempt to reclaim the UAF fails and something else steals the pointer, causing an immediate panic.
- The kqueue leak fails and it fails to find a recognized kernel .data pointer.
In short, not many other than hackers would find this release of any use. But despite restrictions, this is the first-ever public release of such a powerful PS5 hack, which shows a pathway to other discoveries.
PlayStation 5 Jailbreak Video
Scene member Echo Stretch has managed to run the exploit and showcased it in action via a video, as you can see below. In the video, you can view the package installer and Debug menu getting unlocked on the PS5.
Testing PS5 4.03 Kernel Exploit For Disc Or Digital PS5@frwololo @ps4_hacking pic.twitter.com/K8p8j0owoq
— Echo Stretch (@StretchEcho) October 3, 2022
PS5 Jailbreak Download Link
If you want to try the jailbreak, click on this link here to download the hack or the code itself over at GitHub.
For instructions on how to use it, follow the instructions Wololo has shared in their tutorial on the subject.
This is a developing story, as more people will test and report their findings on this hack in the coming days, so stay tuned.
