Join Us and become a Member for a Verified Badge to access private areas with the latest PS4 / PS5 PKGs.
Not open for further replies.
Recently PS4 Scene developer @zecoxao announced on Twitter that he's added PS5 Non-Volatile Storage (NVS) Documentation to the PS5DevWiki for the PS5 Scene alongside rumors from both notzecoxao and @oneman123 aka ZiL0G80 of 'something coming' for both the PS4 and PS5 respectively with "it's an exploit" proceeded by "full chain" in response to the initial Tweets. šŸ”„

Since last week's release of both a PS4 v9.00 Firmware and PS5 v4.03 Firmware WebKit Exploit with no details publicly disclosed thus far on @CTurt's $10K PlayStation Bug Bounty, only time will tell if there is any correlation... until then, from PS5 Non Volatile Storage

Short for NVS, holds some information about the console, including console unique identifiers, tokens, flags, and registry flags, as well as some semi-permanent ones.

Bank # Block # Start Offset in /dev/sflash0s0x34 Start Offset in Sflash Size Notes
0 0 0 0x1C4000 0x2000 Size decrease since PS4, previous size was 0x3000, now it's 0x2000
0 1 0x2000 0x1C6000 0x1000
0 2 0x3000 0x1C7000 0x800 console data region
0 3 0x3800 0x1C7800 0x800 all ffs
0 4 0x4000 0x1C8000 0x3000 tokens and flags region
1 0 0x7000 0x1CB000 0x3000 tokens and flags region (backup)
1 1 0xA000 0x1CE000 0x1000
Mapping of the detailed area (NVS service)

Bank # Block # Start Offset Start Offset in Sflash Size Notes
0 2 0x210 0x1C7210 0x11 hw_info (padded with 0xF FFs)
0 2 0x230 0x1C7230 0x20 hw_model
0 2 0x250 0x1C7250 0x10 board_id
0 2 0x260 0x1C7260 0x10 SOCUID ?
0 2 0x5FC 0x1C75FC 4 EAP Magic
0 4 0x68 0x1C8068 4 Current Firmware Version ??? (little endian) (upper half)
0 4 0x1FC 0x1C81FC 4 EAP Magic
0 4 0xC10 0x1C8C10 8 Factory Firmware Version ??? (little endian)
0 4 0xC18 0x1C8C18 8 Factory Firmware Version TimeStamp ??? (little endian)
0 4 0xC20 0x1C8C20 8 Minimum Firmware Version ??? (little endian)
0 4 0xC28 0x1C8C28 8 Minimum Firmware Version TimeStamp ??? (little endian)
0 4 0xC30 0x1C8C30 8 Current Firmware Version ??? (little endian)
1 0 0x68 0x1CB068 4 Current Firmware Version ??? (little endian) (upper half)
1 0 0x1FC 0x1CB1FC 4 EAP Magic
1 0 0xC10 0x1CBC10 8 Factory Firmware Version ??? (little endian)
1 0 0xC18 0x1CBC18 8 Factory Firmware Version TimeStamp ??? (little endian)
1 0 0xC20 0x1CBC20 8 Minimum Firmware Version ??? (little endian)
1 0 0xC28 0x1CBC28 8 Minimum Firmware Version TimeStamp ??? (little endian)
1 0 0xC30 0x1CBC30 8 Current Firmware Version ??? (little endian)
Permanently Enabling NVS Flags when Servicing PS4 or PS5 Unit

Non Volatile Storage Flags (such as IDU Mode or permanent UART) sometimes do not apply correctly.

The reason for this is because all of these flags are stored in the memory of the southbridge (which persists after reboots as long as battery is on)

So you must completely drain the power battery by removing the power cable and, if necessary, remove CMOS battery to completely drain.

Finally, if that doesn't work, recheck if you have written the flag correctly. Sometimes that may not happen. Credit to @flatz for this information.

PS5 Non-Volatile Storage (NVS) Documentation, Something Coming Rumors.jpg


So a full chain PS4 exploit is on the way - but which version?

The dumped Lost Judgment patch was firmware 9.00, so hopefully it's that and all the latest patches are available. šŸ„³
Not open for further replies.