popular hacking group Fail0verflow announced Sunday evening that they had obtained the encryption “root keys” for the PlayStation 5, a step in front in any effort to unlock the system.
Translation: We got all (symmetric) ps5 root keys. They can all be obtained from software – including per-console root key, if you look hard enough! https://t.co/ulbq4LOWW0
— fail0verflow (@fail0verflow) November 8, 2021
They tweeted an image of what appears to be the PS5’s decrypted firmware files, highlighting code that references the system’s “secure loader.” Analyzing that decrypted firmware could let Fail0verflow (or other hackers) reverse engineer the code and create a custom firmware with the ability to load homebrew PS5 software (signed by those same symmetric keys to get the PS5 to recognize them as authentic).
Extracting the PS5’s system software and installing a replacement both require some sort of exploit that provides read and/or write access to the PS5’s usually secure kernel. Fail0verflow’s post does not detail the exploit the group used, but the tweet says the keys were “obtained from software,” suggesting the keys didn’t need to make any modifications to the hardware itself.
Separately this weekend, well-known PlayStation hacker theFlow0 tweeted a screenshot showing a “Debug Settings” option amid the usual list of PS5 settings from the built-in sharing function of a retail PS5
As console-hacking news site Wololo explains, this debug setting was previously only seen on development hardware, but TheFlow0’s tweet appears to come , suggesting he has also used an exploit to enable the internal flags that unlock the mode on standard consumer hardware.
TheFlow0 adds that he has “no plans for disclosure” of his PS5 exploit at this point.