With arbitrary code execution in a PS4 game process, homebrew software, including JIT optimised emulators, and potentially even some pirated commercial PS4 games could be run under this context. This would be especially convenient on the PS5 because the newly introduced hypervisor enforces that code pages (both userland and kernel) are not readable, and I don't have the patience to try to write a blind kernel exploit again as I did when I ported BadIRET to the PS4 without a kernel dump. Having JIT privilege means that fully compromising the emulator, including the compiler co-process, would grant the ability to run fully arbitrary native code (not just ROP) on the PS4/PS5 without the need for a kernel exploit. Since the PS2 emulator is really a PS4 title that runs due to backwards compatibility, they were unable to make changes to the software, and so its JIT privilege had to be spared. Sony aggressively removed JIT privileged attack surface from the PS5, disabling JIT in both the web browser and the BluRay player. The PS2 emulator is some of the last remaining JIT privileged code on the PS5. ![]() This is particularly valuable because access to running just the subset of officially available PS2 games on these platforms is being charged at the highest tier of PlayStation's new subscription service. I settled on attacking the PS2 emulator, which turns out to be a very appealing target for a number of reasons:Įscaping it would grant the ability to run pirated PS2 games on the PS4, PS5, and potentially also the PSN cloud gaming service. It's been a long time since I last worked on any modern PlayStation hacking, but with the release of the PS5 and the introduction of PlayStation's bug bounty program, I was motivated to attempt some kind of exploit chain that would work on the PS5. Note that these vulnerabilities were discovered and reported back in September 2021, but I was only able to publish this now. ![]() ![]() See also Part 2, covering the next part of the exploit chain, and PlayStation's response to the research.įor the impatient, a demo video for the first part of this chain is presented later in this article. In this article I will discuss how I successfully escaped the PS2 emulator developed for the PlayStation 4. Mast1c0re: Hacking the PS4 / PS5 through the PS2 Emulator - Part 1 - Escape Initial publication: September 14th, 2022
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |