Join Us and become a Member for a Verified Badge to access private areas with the latest PS4 PKGs.
In PS5 Scene news today, proceeding the PS5 RPi Pico W Server Project developer @euroali (Twitter) aka Euro Ali on Discord shared a PS5 Redis.elf payload for connecting to Redis server on PlayStation 5 consoles that are exploited with additional details below. :geek:

Download: redis.elf (17.1 KB) / Payload Injector Clients

According to Wikipedia, Redis (Remote Dictionary Server) is an in-memory data structure store, used as a distributed, in-memory key–value database, cache and message broker, with optional durability.

Below are some related messages from Euro Ali on Discord:
  • redis server can execute lua. and we can have permanent payload loader as it is background service.
  • yeah lua execution supported
  • yes this is output from ps5.
  • but i think lua is sandboxed. I don't know if this function will work.
  • I'm making this s**t public, anyone can connect to the redis server on their ps5.
  • source code is not closed. I was actually going to post it, but it's on my other computer.
  • It's actually quite simple in logic.
  • application + code execution sandbox available, code execution sandbox = disabling global lua functions
  • maybe it's possible to break the code execution sandbox via webkit.
  • How To Fix CVE-2022-0543- A Critical Lua Sandbox Escape Vulnerability In Redis
  • ps5 has low redis version but unfortunately this is open for linux only. I tested it and I can confirm it doesn't work.
  • An unexpected Redis sandbox escape affecting Debian-based distros
Code:
redis-cli eval 'return select(2, loadstring("\027")):match("binary") and "VULNERABLE" or "OK"' 0
I had tested this.
ps5 returns ok
  • i have never tried this. PS5 uses redis 6.0.4
  • even older than this version. so 2020 release
  • I don't have a ps5 right now, you can try it if you want.
  • Just run the elf file I shared. then you can connect to redis with the cli from the port it gives.
  • port is closed to outside.
  • payload simply connects to redis locally and broadcasts that port outside. basically I used ftps5's source code, thank you for publishing socket example to them.
PS5 Redis.elf by Euro Ali to Connect to Redis Server on PlayStation 5.png
 

Comments

Top