Home » PS5 Payload SDK Replace: arbitrary syscalls help added

PS5 Payload SDK Replace: arbitrary syscalls help added

by Ethan Marley
0 comment

The PS5 Hacking group is making sluggish however regular progress. While most of us should look forward to particulars on what SpecterDev talked about in his infosec presentation on the PS5 Hypervisor final week, there are nonetheless issues we will get our fingers on already. Developer John Tornblom has pushed a number of updates to his PS5 Payload SDK Implementation, including particularly arbitrary syscall help yesterday. Also, for the reason that final time we coated it, it appears the SDK has gained help for PIE (relocation help a.ok.a location impartial ELF recordsdata)

What is BD-JB for PS4/PS5

BD-JB is a sequence of exploits (an exploit chain) that enables exploitation of the PS4 and PS5, as much as firmwares 9.04 and 4.51 respectively, revealed by Hacker TheFloW in 2022. The hacking scene has been creating and sustaining a sequence of instruments counting on these vulnerabilities, particularly to load and execute unsinged code (binary payloads and/or ELF recordsdata) on the PS5.

Because it depends on vulnerabilities within the Blu-Ray layer of Sony’s consoles, within the case of the PS5, this exploit isn’t appropriate with digital version PS5s. Those working a Digital Edition of the PS5 may need to strive the Webkit exploit, which is appropriate as much as firmware 4.51 included.

TheFloW has used the kernel exploit together with the bd-jb exploit chain to realize kernel entry on the PS5, and disclosed BD-JB in 2022

What’s the PS5 Payload SDK

From the Readme:

This is an SDK for growing ELF payloads focused at exploited PS5s working the BD-J ELF loader. Several artifacts on this repository originate from the PS5SDK undertaking.

Download & Use PS5 Payload SDK


INSTALL:
john@localhost:ps5-payload-sdk$ sudo apt-get set up build-essential
john@localhost:ps5-payload-sdk$ make
john@localhost:ps5-payload-sdk$ make DESTDIR=/choose/ps5-payload-sdk set up

USAGE:
john@localhost:ps5-payload-sdk$ export PS5_PAYLOAD_SDK=/choose/ps5-payload-sdk
john@localhost:ps5-payload-sdk$ make -C samples/hello_world
john@localhost:ps5-payload-sdk$ export PS5_HOST=ps5; export PS5_PORT=9020
john@localhost:ps5-payload-sdk$ make -C samples/hello_world check

ADDING NEW SCE LIBS: 
If you've gotten decrypted sprx recordsdata that you simply wish to work together with, you'll be able to construct stubs for them as follows:
john@localhost:ps5-payload-sdk$ sudo apt-get set up wget python3 python3-pyelftools
john@localhost:ps5-payload-sdk$ cp /path/to/sprx/libSceXYZ.sprx sce_stubs/
john@localhost:ps5-payload-sdk$ make -C sce_stubs stubs
john@localhost:ps5-payload-sdk$ make DESTDIR=/choose/ps5-payload-sdk set up


You may also like

Leave a Comment