Posted!  PS5 Kernel Exploit + Webkit Vulnerability for Firmware 4.03 -

Posted! PS5 Kernel Exploit + Webkit Vulnerability for Firmware 4.03 –

Oh wow, just hours after tweeting that this needed to be “ironed out”, SpecterDev has now released their implementation of the PS5 IPV6 Kernel exploit!

This build relies on the Webkit vulnerability as an entry point, meaning it will work on any PS5 (including the PS5 Digital Edition) running firmware 4.03. Lower firmwares may work (although the exploit may require tweaking). Higher firmwares will not work at this time (they are not vulnerable to the Webkit exploit)

The PS5 4.03 kernel exploit is here!

SpecterDev warns against important limitations of this feat. Notably :

  1. The exploit is quite unstable and in his experience will work about 30% of the time. If you try to run it, don’t give up, it may take several tries before the exploit passes
  2. Perhaps more importantly, this exploit gives us read/write access, but no execute! This means that there is no ability to load and run binary files at the moment, everything is restricted as part of the ROP chain. The current implementation does, however, enable debug settings.

Specifically, from the exploit’s readme file:

Currently included

  • Gets arbitrary read/write and can run a basic RPC server for reads/writes (or a dump server for large reads) (must change your own address/port in the exploit file at lines 673-677)
  • Enables the debug settings menu (note: you will have to completely exit settings and go back to see it).
  • Get root privileges

Download and run

You can download the hack here.

You’ll need Python to run the SpecterDev implementation, and you’ll run a web server on your local PC that your PS5 can access.

  1. Configure fakedns via dns.conf point to your PC’s IP address
  2. Run fake DNS: python -c dns.conf
  3. Run the HTTPS server: python
  4. Go to the PS5 advanced network settings and set the primary DNS to your PC’s IP address and leave the secondary on
    1. Sometimes the manual still won’t load and a reboot is needed, I don’t know why it’s really weird
  5. Go to user manual in settings and accept untrusted certificate prompt, run
  6. Optional: run rpc/dump server scripts (note: address/port must be replaced as binary in exploit.js)

This is a developing story as more and more people will be testing and reporting on this hack in the coming days, so stay tuned!

Source: SpectreDev

#Posted #PS5 #Kernel #Exploit #Webkit #Vulnerability #Firmware

Leave a Comment

Your email address will not be published. Required fields are marked *