Join Us and become a Member for a Verified Badge to access private areas with the latest PS4 PKGs.
Not open for further replies.
In PlayStation 5 News over the weekend Security Engineer theflow0 (aka TheOfficialFloW on Github) tweeted a screenshot via PS5Share of PS5 Debug Settings (normally intended for use with a PS5 Development Kit / PS5 Testing Kit) on a Retail PS5 Console, and as there won't be a CCC 2021 event this year where fail0verflow (Blog) has previously excelled they broke the news via Twitter with a secldr_oberon_c_dec.bin screenshot from the current PS5UPDATE v4.03 Firmware decrypted... revealing that Sony's PS5 secure loader isn't all that secure while confirming in a consecutive Tweet they've obtained ALL the symmetric PS5 Root Keys from software including the per-console root key! 😍 🗝️ 🥳

Back in early 2020 Fail0verflow Implemented the PS4 Renesas RL78 Debug Protocol, while just last month a PS4 9.00 Userland / PS5 4.03 WebKit Exploit by Sleirsgoevy was released following a Use-After-Free Vulnerability found to affect the PS5 OSS WebKit although a PS5 Kernel Exploit (KEX) is Required for a full PlayStation 5 Jailbreak (PS5 Jailbreak Status).

As for those asking ETA WEN? for a public PS5 Exploit disclosure, with many sceners including SpecterDev and AbkarinoMHM still battling PlayStation 5 Scalpers to obtain a console to tinker on according to theflow0 there are "No plans for disclosure. No ETA."

However, since Sony introduced their PlayStation Bug Bounty Program developer TheFloW Vowed PS4 Disclosure and followed through on his word releasing a PS4 Kernel Exploit (KEX) for 7.02 Firmware alongside another PS4 Exploit Disclosed via TheFloW so he's not opposed to public disclosure in general, but there may be Sony-imposed / HackerOne-imposed conditions or other circumstances currently preventing it. To speculate: perhaps he simply wanted to prove it was possible while stepping back and allowing someone else into the spotlight... and $ony's radar. 😱

In any case this level of sheer pwnage brings back fond memories of when Sony botched the PlayStation 3's security by utilizing an incorrect implementation of the PS3 ECDSA (Elliptic Curve Digital Signature Algorithm), and while the PS5Scene that saw an unexpected PS5 DevKit Leak earlier this year may have to wait for the goods to surface from another source at least everyone can rest assured of their existence knowing what has been accomplished thus far in private PS5 Dev circles. :ninja: :notworthy:

Below is a brief article recap sorted by date with the oldest first, cheers to @sabalbo123 for the heads-up earlier and @JackFlap also earlier on this exciting PS5Scene progress! 🍻
Tl;dr: PlayStation 5 on current v4.03 Firmware is now hacked via private PS5 Kernel Exploit (KEX) complete with the PS5 Debug Settings Mode enabled / unlocked, all PS5 Keys to decrypt and encrypt files but no ETA for a public release yet... so don't update your console if you wish to run backup games and homebrew whenever a full PS5 Jailbreak is released!

:arrow: Related Tweets & Method for Unlimited GameSharing PS5 / Previously Released Unlimited PS4 / PS5 Game Sharing Methods
PS5 Debug Settings on Retail Console, PS5 Root Keys Obtained from Software!.png

PS5 Debug Settings on Retail Console, PS5 Root Keys Obtained from Software!.jpg


While this is incredible news when it comes to hacking the console, it does not mean CFW is possible. PS3 was an exception because the need for the keys was basically voided if I remember correctly. These PS5 keys don't give you access to make CFW as firmware still needs to be signed with Sony's private keys that only they have.
private keys = cfw directly.
Just like PS3 3.55 era.
The dev already mentioned in the follow-up tweet that it's obtained via software method so no hardmode needed 😁😁
Absolutely amazing news! The progress of the ps5 hacking scene in such a short timespan is blowing me away! Keeping my eyes peeled on this... Does this mean ps5s will eventually be able to be modded on latest fw or will i need 2 consoles like the ps4 era? 1 updated and 1 not..
Never gonna see these keys, just like PS4 SAMU keys. Maybe when the consoles gets End of Life'd, not sooner, unless someone decides to leak the keys themselves.

Also doubt there's gonna be a kexploit disclosed any time soon either.
Not open for further replies.