Hackers claim they have cracked the PS5 and obtained all symmetric root keys

Cal Jeffrey

Posts: 3,667   +1,129
Staff member
A hot potato: Jailbreaking, modding, pwning, whatever you want to call it—hackers delight in making a device do something that the manufacturer did not intend. Over the years, the process has grown more complicated, but the hackers always seem to find a way. It seems that as we near the first anniversary of the PlayStation 5, someone has already cracked the system.

Over the weekend, hackers from Fail0verflow claimed to have rooted the PS5. A Sunday tweet states the group has obtained all symmetric PlayStation 5 root keys. It allegedly got the key by decrypting the PS5's firmware. The tweet included an image of the cracked software highlighting the system's supposedly exposed secure loader (secldr).

More often than not, jailbreaking a PlayStation console requires modification of the hardware. Although Fail0verflow did not reveal its exploit, it did say that the keys were "obtained from software," suggesting that no hardware modifications were necessary.

If valid, this is huge because it means Fail0verflow or other hackers can create custom PS5 firmware capable of loading software signed with these authentic root keys. It would allow users to run homebrewed games without physically modifying their systems. However, it also means pirates can use the same method to run bootlegged software.

The exploit can also allow the PlayStation 5 to have an alternate operating system like Linux installed, turning it into a $500 gaming PC. As strange as it may sound, running Linux on a PlayStation was a Sony-sanctioned option in the PS2 and early PS3 days.

Sony marketed and sold a PS2 Linux Kit in 2002 that included a Linux-based operating system, a USB keyboard/mouse, a VGA adapter, a PlayStation 2 Ethernet network adapter, and a 40 GB hard disk drive. There was no such kit for the PS3, but the system software had a settings feature called "OtherOS" used to set up an alternate operating system on a partition. However, Sony removed the option in 2010, citing "security concerns."

Gaming console modification has always been a hot-button issue, whether through hardware or software. The hacking community claims it frees up consumer-owned hardware to allow users to do what they want with it. Manufacturers and developers see it as a way to circumvent copy protection and bootleg games, which Sony takes very seriously.

Permalink to story.

 

AKBrian

Posts: 9   +21
Important distinction: This exploit was discovered by a group of well known bug bounty hunters and is unlikely to make it into the wild, and it's probable that it's already been patched out on current and connected systems.

However, sometimes just knowing what angle to approach from can help others attack the same vector, so it may pop up again a year or two later for those who have older, by-then-still-unpatched systems, or prompt a newer and more effective workaround. :)
 

eforce

Posts: 1,046   +1,508
If for no other reason than long term open source support, console manufacturers should be required to open their OS. Especially with digital only you are at their mercy. Once they stop supporting the machine, no more downloads of the games you supposedly own.

No they shouldn't, if you don't like it, don't buy it.
 

Yenega

Posts: 302   +206
If for no other reason than long term open source support, console manufacturers should be required to open their OS. Especially with digital only you are at their mercy. Once they stop supporting the machine, no more downloads of the games you supposedly own.

And if you scracth a disc so the game does not work?

What is the chance of Sony closing their servers? You can download the games if you want and store them locally. You are free to take a backup, if you don't trust Sony 😂

If you don't like how this work, then a console is probably not for you. Physical media is dying, and for good reason. Digital only is the future.

I bought a few physical games for my PS4 Pro but I hate to change disc. With digital games I can start whatever game I want without getting up from the couch, change disc and then hear the damn disc spin up = slower loading.

Sony supports PS3 digital games still and will continue to do so.
 

mbrowne5061

Posts: 2,064   +1,283
No they shouldn't, if you don't like it, don't buy it.
Imo, every OS provider (be it Mac, PC, console, phone, whatever) should be required to open source their OS within a few years of ending security updates to an OS. Preferably, within 6-12 months, even.

If they want to maintain the security of the OS, fine, they're more than welcome to keep it closed indefinitely. But as soon as they EOL it, a clock should start ticking to when they are required to make the source code open to the public.

Let the nerds maintain it once a company is done with it.
 

EdmondRC

Posts: 402   +580
If this is true...

I remember with the Wii, the ability to software hack it and run homebrew was only fixed after a hardware revision. I don't know if this is similar or if Sony could prevent it by just doing a firmware update. Either way, its early days so even if its a hardware revision, Sony will put a stop to it soon.

It would make a dandy Linux gaming computer though. If that is a viable option, I can see people buying the PS5 and hacking it for that reason. Proton has really changed things for Linux gamers.
 

eforce

Posts: 1,046   +1,508
Imo, every OS provider (be it Mac, PC, console, phone, whatever) should be required to open source their OS within a few years of ending security updates to an OS. Preferably, within 6-12 months, even.

If they want to maintain the security of the OS, fine, they're more than welcome to keep it closed indefinitely. But as soon as they EOL it, a clock should start ticking to when they are required to make the source code open to the public.

Let the nerds maintain it once a company is done with it.
No they shouldn't, if you don't like closed devices, don't buy them.
 

mbrowne5061

Posts: 2,064   +1,283
No they shouldn't, if you don't like closed devices, don't buy them.
Yes, they should. If companies don't want their devices hacked, they shouldn't close their source code off.

Closed source = infinite time for hackers to work with = 100% chance of security failure at some point in the future. Closed source is a 'when' not 'if' in terms of a security breach. With open source, you're going to have just as many people - if not more - working to patch holes as they're found.

I can understand closing your source code while you're still trying to get a return on your investment into your R&D. But once you EOL the product, you've stopped trying to get a return, and should open the software up.
 

eforce

Posts: 1,046   +1,508
Yes, they should. If companies don't want their devices hacked, they shouldn't close their source code off.

Closed source = infinite time for hackers to work with = 100% chance of security failure at some point in the future. Closed source is a 'when' not 'if' in terms of a security breach. With open source, you're going to have just as many people - if not more - working to patch holes as they're found.

I can understand closing your source code while you're still trying to get a return on your investment into your R&D. But once you EOL the product, you've stopped trying to get a return, and should open the software up.
That's a choice they should make voluntarily.
 

mbrowne5061

Posts: 2,064   +1,283
That's a choice they should make voluntarily.
No, it shouldn't be. Its a public safety issue.
Imagine every PS4 still online ends up with a security issue that allows them to be slaved into a bot network. Sony stopped supporting them, they aren't doing security updates - nothing to really ever patch the issue (without open sourcing the OS, so the community can take care of it). That bot network could then be used to perform DDoS attacks to whomever goes through the effort to utilize it (like, say, a utility grid) - and no way to really take it offline unless you convince everyone with an old PS4 to take their offline. The same can be said of really any internet-connected device.
It is a matter of 'when' not 'if' a security hole is found in a system, but it is a matter of 'if' not 'when' said hole gets patched - but being open sourced increases the chances that holes get patched. Open source code bases are the only way to ensure long-term security (or even any security at all, according to some trains of thought).
 

eforce

Posts: 1,046   +1,508
No, it shouldn't be. Its a public safety issue.
Imagine every PS4 still online ends up with a security issue that allows them to be slaved into a bot network. Sony stopped supporting them, they aren't doing security updates - nothing to really ever patch the issue (without open sourcing the OS, so the community can take care of it). That bot network could then be used to perform DDoS attacks to whomever goes through the effort to utilize it (like, say, a utility grid) - and no way to really take it offline unless you convince everyone with an old PS4 to take their offline. The same can be said of really any internet-connected device.
It is a matter of 'when' not 'if' a security hole is found in a system, but it is a matter of 'if' not 'when' said hole gets patched - but being open sourced increases the chances that holes get patched. Open source code bases are the only way to ensure long-term security (or even any security at all, according to some trains of thought).
Sony is not responsible for the criminal activity of others.
 

Theinsanegamer

Posts: 3,785   +6,640
Fantastic news, the PS5 would be a mighty emulation machine. Imagine being able to play ALL PS games on the PS5.

I'm already thinking of a PS5 that would have all the PS2 and 3 games in my library on the second SSD.
No they shouldn't, if you don't like closed devices, don't buy them.
Closed services should not be allowed, period. No more walled gardens sucking away consumers money.
 

Avro Arrow

Posts: 3,125   +4,007
TechSpot Elite
I'm trying REALLY hard, but I cannot bring myself to care about this one way or the other. Sony's not in danger of going out of business and I really have a hard time feeling sorry for multi-billion dollar companies.
 

Avro Arrow

Posts: 3,125   +4,007
TechSpot Elite
Imo, every OS provider (be it Mac, PC, console, phone, whatever) should be required to open source their OS within a few years of ending security updates to an OS. Preferably, within 6-12 months, even.

If they want to maintain the security of the OS, fine, they're more than welcome to keep it closed indefinitely. But as soon as they EOL it, a clock should start ticking to when they are required to make the source code open to the public.

Let the nerds maintain it once a company is done with it.
I couldn't agree more. That's where Media Player Classic come from and it's far better than anything Microsoft puts out today. Imagine if they had been forced to open up Windows XP x64. Vista would have died on the vine because XP was so much better.
No, it shouldn't be. Its a public safety issue.
Imagine every PS4 still online ends up with a security issue that allows them to be slaved into a bot network. Sony stopped supporting them, they aren't doing security updates - nothing to really ever patch the issue (without open sourcing the OS, so the community can take care of it). That bot network could then be used to perform DDoS attacks to whomever goes through the effort to utilize it (like, say, a utility grid) - and no way to really take it offline unless you convince everyone with an old PS4 to take their offline. The same can be said of really any internet-connected device.
It is a matter of 'when' not 'if' a security hole is found in a system, but it is a matter of 'if' not 'when' said hole gets patched - but being open sourced increases the chances that holes get patched. Open source code bases are the only way to ensure long-term security (or even any security at all, according to some trains of thought).
Yup, that's one of the reasons that the privacy protection in Firefox is so damn good. It's open-source and people can find issues.