How the Sony PlayStation PS4 Security Was Defeated | MVG

The Sony Playstation 4 was launched in North America in November 2013 and with it a new generation of video games, as with the launch of any new game console, questions arise about

security

and, in some cases, systems are released to the market with perhaps less testing than necessary and exploit entry points can be determined, but in this modern age of console CPU key cryptography, encryption data execution prevention and more, it means that exploits are becoming a lot harder to identify, unlike the Playstation 3 and the Sony consoles that preceded it this time. did its homework, the

playstation

4 was a very secure piece of hardware, the days of soldering an 11 wire mod chip to fail the data bus or reset spam are long gone, if only there was an exploit to find it, would be in the software and most likely be at the user's

security

access level, but even the most secure console has its weaknesses after Sony Playstation 3 was so famously exploited with its jailbreak device for PlayStation 4.

Sony would invest a lot in security for the first year and a half of the console's launch without any public announcement about piracy and many people believe that the security of Sony PlayStation 4 has never been

defeated

, but that is not true, what you may not know is that yes, PlayStation 4 security has been

defeated

with a timeline of various exploits since 2015, meaning that unsigned code execution is possible and there is a homebrew community surrounding the

playstation

4, albeit much smaller than, for For example, the Nintendo Switch, so when we think of the Sony PlayStation 4 we don't immediately think that it is a system that has been defeated from a security point of view, but the reality is that there have been exploits on the Sony Playstation 4 since about 2015 they have allowed the system to run unsigned code.

The Sony PS4 was the first Sony console to support the x86 architecture. The custom single-chip AMD processor. It houses the CPU, which is an 8-core processor called Jaguar, and the GPU, a custom AMD-based Radeon graphics engine running at 1.84 teraflops. The ps4 also consists of 8 gigabytes of gddr5 ram and 500 gigabytes or 1 terabyte of internal storage, depending on the model. The PlayStation 4 Pro mid-generation refresh offered some hardware upgrades for more power, but the underlying architecture and operating system were the same and this, of course, was for compatibility reasons. The PlayStation 4 operating system is known as Orbis and is based on FreeBSD, which is a Unix operating system, much of the PS4 operating system, was developed using open source tools and a quick look at the license screen will guide you. through all the pieces of open source software that were used to create the orbis operating system during the ps3 jailbreak era. to downgrade its firmware by booting the PS3 into factory service mode, the hardware was criticized for not using the efuse technology that was used in the Xbox 360.

When an update was pushed, a fuse inside the processor blew, causing which meant that there was never any way to revert to an exploitable version of a kernel, interestingly the Sony PS4 also does not use electronic fuses and uses revocation lists during the early years of the PS4, the motivation to jailbreak or exploit the system was always present, however, was nowhere. close to levels of targeted attacks after Sony removed other operating systems from the ps3, but because the Orbis OS is made up of many open source libraries, the logical first step would be to start there, the ps4 comes with a browser web which is part of the operating system the engine known as webkit is also used in browsers for other gaming systems such as playstation vita nintendo 3ds and nintendo wii u webkit would serve as an entry point for many exploits it is open source and already has a history of known vulnerabilities maybe some of them were not patched on the ps4, the first public exploit was released by security researcher sea turd in 2015, known as bad irat, this was a previously known kernel exploit that was discovered on linux and freebsd and when applied to a ps4 with firmware 1.76 the system was vulnerable, the exploit leverages webkit and its just-in-time execution to gain access to the kernel, resulting in system corruption and the ability to override a pointer and redirect the kernel .

This was the first but important step to running homebrew on the PlayStation 4, but it also required a low firmware model and was not well known. Sony would simply remove it just in time from the web browser and make sure that any game that needed to be played would need to be on the latest firmware revision, thereby addressing the issue. issue before it really became widespread after the incorrect irat kernel exploit was discovered and then patched. More work was done to identify newer exploits. cte would also discover and release the dl-close vulnerability, another kernel exploit for firmware 1.76 that was a buffer overflow from this exploit.

It was also patched and ctert would soon announce his withdrawal from PS4 security research; However, at the time there were many expert-level security researchers looking to exploit the PlayStation 4 and because Webkit ran on other game consoles, discoveries were often found on other systems first and then ported. on the ps4 this would continue for some time and Sony would quickly resolve them in firmware updates with a message of overall improved system stability. By 2017, the playstation 4 was running firmware 4.55 and a significant vulnerability would be discovered in the kernel. Freebsd deployed a virtual machine known as bpf. or Berkeley packet filter that would provide a secure network layer and ensure reliable transmission of data packets and embed them in the core.

A race condition situation can occur when two threads reference the same pointer, one thread would release the pointer while the other thread tries to execute it. It is free and this allows the user to get an out-of-bounds right which can then lead to code execution in supervisor or ring-o mode. Sony patched this exploit in firmware 4.70, but it only patched the correct functionality and not the core issue itself, which persisted. Security researcher spectradev wrote a similar exploit for firmware 5.05, which would be well known as the 505 ps4 exploit. At the time the ps4 homebrew scene was gaining momentum and homebrew developers would soon be working on tools and emulator apps for a jailbroken ps4 and if you were lucky enough to run a ps4 with firmware 5.05 you can simply use whatever you found.

It is known as a hen or homebrew enabler that uses the Sony web browser as an entry point to trigger the BCF exploit and allow unsigned code to execute. 5.05 would be the last known exploitable ps4 for a few years and this is partly why the ps4 homebrew scene was quite small compared to others, as time went on finding an exploitable ps4 with 505 would be very rare and many believed that the ps4 homebrew scene was over, but in march 2020 andrew newan aka the flux, the well known security researcher who was instrumental in defeating security on the playstation vita announced that he was looking into security on the playstation 4 and advised users to keep firmware 6.72 or lower if possible and on July 6 the flow then submitted its new exploit to Playstation, who are offering a reward.

Their kernel exploit would allow the hijacking of kernel code reading, writing and execution primitives and would once again use the webkit as an entry point, although a proof of concept was soon available on the PS4, this meant that trying to locate A Playstation 4 firmware 6.72 would be much easier due to the nature of the exploit that Sony had patched before it was made public, but it opens the door to many more users interested in homebrew on the PS4. So what can you actually do with a modified Sony Playstation 4? Well, let's take a quick look and show you some of the cool things it's capable of doing to address the elephant in the room.

Yes, it is absolutely possible to play pirated games on a modded console. ps4 and I'm not going to beat around the bush, it's one of the reasons people own a modded system in the first place and with 6.72 it means a much larger library of games that can be played on the system without requiring an update to the system. system, but my motivation is homebrew and there are some really cool things you can do with the ps4 and with the power of the console it makes it a great emulation box. First of all, you can enjoy many ps2 games on the system with the emulator developed for PS2 classics are not anywhere near perfect and the compatibility list is a bit hit and miss, but you can play ps1 and ps2 games on your ps4 .

There is also a Linux distribution that is great. Normally Linux isn't something I'm very interested in, but this one is a little different, as you can see, it handles emulation quite well. It also comes with a Steam client that allows you to log in and play from your Steam library. Not all games are supported, those that require direct decks for example, but anything that requires vulcan or opengl to run and in most cases works quite well. You can also turn your ps4 into a kodi media center, but if you don't like Linux, there are still many great native Orbis apps and overall it's very interesting. system to dive into but unfortunately the community just doesn't seem to be there, the small but dedicated group of people are working on ps4 homebrew but sadly the main reason for a system seems to be for pirated games but still hopefully 6.72 doesn't it will be.

However, the latest ps4 exploit to appear is interesting because as we know, Sony likes to release firmware updates long after the hardware's end of life, but in conclusion, thanks to the hard work and dedication that the research security has been put into the PlayStation 4, its security has improved. In fact, we have been defeated, but this time Sony has always been one step ahead and not the other way around. Many people aren't even aware that a home scene exists on PlayStation 4. However, what there is is pretty impressive and hopefully we'll see it. Things continue as we move into the next generation with the PS5, so ultimately this is how the PlayStation 4 has been beaten from a security standpoint.

Now this time, Sony has stayed one step ahead of hackers and security experts in the past. the other way around, with the psp and ps vita it was always a cat and mouse game, but Sony has been very good with security this time on the ps4, but that doesn't mean you can't run unsigned code on a playstation 4. Now before I go, I wanted to leave a couple of links in the description below to some really comprehensive homebrew guides on PlayStation 4, much better than the ones I had in my video. I was really just scratching the surface of what's possible on PS4. so check out those links, they are much more complete than what I put in this particular video.

Well, guys, we'll leave it here. Let me know what you thought of this video in the comments below. Don't forget to like and subscribe. I'll see you guys in the next video, bye for now.