Recently PS4 Scene developer @zecoxao announced on Twitter that he's added PS5 Non-Volatile Storage (NVS) Documentation to the PS5DevWiki for the PS5 Scene alongside rumors from both notzecoxao and @oneman123 aka ZiL0G80 of 'something coming' for both the PS4 and PS5 respectively with "it's an exploit" proceeded by "full chain" in response to the initial Tweets.
Since last week's release of both a PS4 v9.00 Firmware and PS5 v4.03 Firmware WebKit Exploit with no details publicly disclosed thus far on @CTurt's $10K PlayStation Bug Bounty, only time will tell if there is any correlation... until then, from PlayStationDev.wiki: PS5 Non Volatile Storage
Short for NVS, holds some information about the console, including console unique identifiers, tokens, flags, and registry flags, as well as some semi-permanent ones.
Mapping of the detailed area (NVS service)
Since last week's release of both a PS4 v9.00 Firmware and PS5 v4.03 Firmware WebKit Exploit with no details publicly disclosed thus far on @CTurt's $10K PlayStation Bug Bounty, only time will tell if there is any correlation... until then, from PlayStationDev.wiki: PS5 Non Volatile Storage
Short for NVS, holds some information about the console, including console unique identifiers, tokens, flags, and registry flags, as well as some semi-permanent ones.
Bank # | Block # | Start Offset in /dev/sflash0s0x34 | Start Offset in Sflash | Size | Notes |
0 | 0 | 0 | 0x1C4000 | 0x2000 | Size decrease since PS4, previous size was 0x3000, now it's 0x2000 |
0 | 1 | 0x2000 | 0x1C6000 | 0x1000 | |
0 | 2 | 0x3000 | 0x1C7000 | 0x800 | console data region |
0 | 3 | 0x3800 | 0x1C7800 | 0x800 | all ffs |
0 | 4 | 0x4000 | 0x1C8000 | 0x3000 | tokens and flags region |
1 | 0 | 0x7000 | 0x1CB000 | 0x3000 | tokens and flags region (backup) |
1 | 1 | 0xA000 | 0x1CE000 | 0x1000 |
Bank # | Block # | Start Offset | Start Offset in Sflash | Size | Notes |
0 | 2 | 0x210 | 0x1C7210 | 0x11 | hw_info (padded with 0xF FFs) |
0 | 2 | 0x230 | 0x1C7230 | 0x20 | hw_model |
0 | 2 | 0x250 | 0x1C7250 | 0x10 | board_id |
0 | 2 | 0x260 | 0x1C7260 | 0x10 | SOCUID ? |
0 | 2 | 0x5FC | 0x1C75FC | 4 | EAP Magic |
0 | 4 | 0x68 | 0x1C8068 | 4 | Current Firmware Version ??? (little endian) (upper half) |
0 | 4 | 0x1FC | 0x1C81FC | 4 | EAP Magic |
0 | 4 | 0xC10 | 0x1C8C10 | 8 | Factory Firmware Version ??? (little endian) |
0 | 4 | 0xC18 | 0x1C8C18 | 8 | Factory Firmware Version TimeStamp ??? (little endian) |
0 | 4 | 0xC20 | 0x1C8C20 | 8 | Minimum Firmware Version ??? (little endian) |
0 | 4 | 0xC28 | 0x1C8C28 | 8 | Minimum Firmware Version TimeStamp ??? (little endian) |
0 | 4 | 0xC30 | 0x1C8C30 | 8 | Current Firmware Version ??? (little endian) |
1 | 0 | 0x68 | 0x1CB068 | 4 | Current Firmware Version ??? (little endian) (upper half) |
1 | 0 | 0x1FC | 0x1CB1FC | 4 | EAP Magic |
1 | 0 | 0xC10 | 0x1CBC10 | 8 | Factory Firmware Version ??? (little endian) |
1 | 0 | 0xC18 | 0x1CBC18 | 8 | Factory Firmware Version TimeStamp ??? (little endian) |
1 | 0 | 0xC20 | 0x1CBC20 | 8 | Minimum Firmware Version ??? (little endian) |
1 | 0 | 0xC28 | 0x1CBC28 | 8 | Minimum Firmware Version TimeStamp ??? (little endian) |
1 | 0 | 0xC30 | 0x1CBC30 | 8 | Current Firmware Version ??? (little endian) |