The scene is progressing quite quickly, even if limited to the PlayStation5
consolealone, with opening discoveries up the ability to bypass the console’s security guards.
After the release of a kernel exploit last month, the community has now turned its attention to the Hypervisor, a crucial component that controls access to the kernel RAM and offers protection against external attacks.
SpecterDev and the exploit “Byepervisor”
Developer and hacker SpecterDev, known for its work on Sony console safetySony, has announced that it will unveil a new exploit for PS5’s Hypervisor at the Hardwear.io security conference, which will be held in Amsterdam from October 21-25.
Its exploit, called “Byepervisor”, will be the subject of a detailed presentation in which the vulnerabilities exploited to gain access to the console kernel will be explained, bypassing the protections put in place by the Hypervisor.
The Hypervisor is a security middleware in the firmware of the PlayStation 5 console, whose main task is to protect the kernel from attacks, in particular thanks to the implementation of XOM (Execute Only Memory) technology.
This technology makes it difficult for hackers to read or modify critical parts of the system. However, SpecterDev confirmed that its exploit allows it to overcome this barrier, allowing custom code to be executed and system libraries decrypt.
In its presentation, entitled “Byepervisor: How We We We Have Compromiseed the PS5 Hypervisor,” SpecterDev will display two unknown vulnerabilities in firmware versions up to 2.50, which can be exploited to gain complete control of the Hypervisor and bypass XOM protections.
In addition, it will release scripts to assist researchers in the reverse engineering of the PS5 system, making them publicly available immediately after the conference.
SpecterDev’s announcement SpecterDevcomes after months of speculation, with several members of the hacking community suspecting the developer was working on a PS5 Hypervisor vulnerability.
The confirmation came with the official announcement of his presentation at Hardwear.io, an event known for being a meeting point between cybersecurity experts and hackers.
Already in the past, this stage has hosted significant interventions in the field of gaming consoles, including the 2022 presentation in which TheFloW revealed the famous BD-JB exploit for PS4 and PS5.
The Hypervisor’s role in PS5 security
The Hypervisor is a critical component of the PS5’s security, as it limits and manages access to the kernel, the console’s operating heart.
Through the enforcement of the XOM rules, the system is designed to prevent any unauthorized code from reading or writing in critical areas of memory.
This level of protection has so far made it difficult for hackers to gain complete control of the console, even in the presence of already known kernel exploits.
However, with the announcement of SpecterDev, it seems that this protection has been circumvented at least for firmware versions up to 2.50.
The Exploit of Flatz for Firmware up to 4.51
In parallel with the revelations of SpecterDev, another notorious hacker, Flatz, confirmed that he had a separate exploit for the PS5 Hypervisor.
This exploit, unlike SpecterDev, runs on newer firmware versions, up to the 4.51 included. However, Flatz said that the exploit was corrected with the release of the firmware 5.00, thus limiting the effectiveness of the exploit to previous firmware.
Despite this discovery, Flatz explained that he does not intend to publicly release his work, at least not until the person who discovered the main vulnerability decides to disclose it.
This position is dictated by a form of respect and collaboration between hackers, a common practice in the community, in which one prefers not to publish an exploit that is based on the work of another without his consent.
Future prospects for
PS5hacking
The findings of SpecterDev and Flatz indicate that the PS5 hacking scene is making rapid progress. While the SpecterDev exploit will only affect firmware 1.xx and 2.xx, the Flatz exploit expands the range of vulnerable versions by up to 4.51.
However, it remains to be seen if and when these vulnerabilities will be exploited and shared with the public more broadly.
Source: wololo.net