How the Sony PlayStation PS4 Security Was Defeated | MVG

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

and many people believe that the sony playstation 4 security has never been defeated

so when we think about the sony playstation 4 we don't immediately think that is a system that has been defeated from a security standpoint

and many believed that the ps4 homebrew scene was done

many people aren't even aware that there's even a homebrew scene on the playstation 4.

Isn't this kind of begging the question?

I mean, admittedly I was lucky enough to buy a ps4 slim just at the right time shelves still had exploitable firmwares, and so I usually read /r/ps4homebrew.

But throughout the video, hacks seemed to be this sort of crazy mythological chimera like the ECDSA fail or something. They are not, at least those that happened so far? They are relatively normal bugs that can and do happen over millions of lines of code. Rather than the implied open source aspect being important, this was just about X amount of eyes caring enough about a "relatively normal security model" (compare instead this the tightness of an xbox).

Then, people aren't following the scene as much as it happened back with PS2/PS3.. Sure we can say that. But of course the market for piracy itself shifted, now that everybody and their cousin is multiplayer (if not also free to play)?

not all games are compatible the ones that require direct decks for example but anything that requires

Wine/proton/dxvk works pretty well - as long as games can stomach a cpu with the single thread performance of 2007.

👍︎︎ 36 👤︎︎ u/mirh 📅︎︎ Oct 05 2020 🗫︎ replies

Obligatory "Mistakes were made."

👍︎︎ 63 👤︎︎ u/MorninLemon 📅︎︎ Oct 05 2020 🗫︎ replies

noice. always enjoy these

👍︎︎ 44 👤︎︎ u/GizmoVader 📅︎︎ Oct 05 2020 🗫︎ replies

Other than "cool that it can run", is there any point in running homebrew/Linux on the ps4 rather than just buying a faster PC cheaper?

👍︎︎ 6 👤︎︎ u/[deleted] 📅︎︎ Oct 06 2020 🗫︎ replies

Question: Why not focus on creating great homebrew software for Linux and Windows? Spending almost seven years to break the security of a PS4 and pretend it's for homebrew sake is kind of a "huh?" reaction. Personally, I would just play emulators and such on an actual PC.

👍︎︎ 5 👤︎︎ u/Nullhitter 📅︎︎ Oct 06 2020 🗫︎ replies

way to pad out the timing MVG

👍︎︎ 5 👤︎︎ u/megamanxoxo 📅︎︎ Oct 06 2020 🗫︎ replies

Can't wait to watch this when I get home

👍︎︎ 1 👤︎︎ u/axiswfr 📅︎︎ Oct 05 2020 🗫︎ replies

Captions

[Music] the sony playstation 4 launched in north america in november of 2013 and with it a new generation of video gaming as with any new game console launch questions arise about the security and in some cases the systems are rushed to market with perhaps less testing than necessary and exploit entry points can be determined but in this modern day and age of cryptography per console cpu keys encryption data execution prevention and more means that exploits are becoming much more difficult to identify unlike the playstation 3 and the sony consoles that came before it this time sony did its homework the playstation 4 was a very secure piece of hardware the days of soldering on an 11 wire mod chip to glitch the data bus or spam reset the cpu are long gone if there was an exploit to find it would be in software and most likely be at the user level security access but even the most secure console has its weak points after the sony playstation 3 was so famously exploited with its jailbreak device for the playstation 4 sony would invest heavily in security with the first year and a half of the console launch having no public announcements ever made regarding hacking and many people believe that the sony playstation 4 security has never been defeated but that is not true what you may not be aware of is yes the playstation 4 security has been defeated with a timeline of various exploits since 2015 which means that unsigned code execution is possible and there is a homebrew community surrounding the playstation 4 albeit much smaller than say the nintendo switch so when we think about the sony playstation 4 we don't immediately think that is a system that has been defeated from a security standpoint but the reality is there has been exploits on the sony playstation 4 since about 2015 that have allowed the system to run unsigned code the sony ps4 was the first sony console to support the x86 architecture the single chip custom amd processor houses the cpu which is an 8 core processor code named jaguar and the gpu a custom amd based radeon graphics engine running at 1.84 teraflops the ps4 also consists of 8 gigabytes of gddr5 ram and either 500 gigabytes or 1 terabyte of internal storage depending on the model the mid generation refresh the playstation 4 pro offered some hardware updates for more power but the underlying architecture and operating system were the same and this of course was for compatibility reasons the playstation 4's operating system is known as orbis and is based on freebsd which is a unix operating system much of the ps4 os was developed with open source tools and a quick glance at the license screen will walk you through all the pieces of open source software that was used to make up the orbis os during the ps3 jailbreak era it was possible to downgrade its firmware via use of booting the ps3 into factory service mode the hardware was criticized for not using efuse technology which was used on the xbox 360. when an update was pushed a fuse would blow inside the processor this meant that there was never any way to downgrade back to an exploitable version of a kernel interestingly enough the sony ps4 also does not use e-fuses and utilizes revocation lists instead during the early years of the ps4 motivation to jailbreak or exploit the system was always present however it was not anywhere near the levels of targeted attacks after sony famously removed other os from the ps3 but because the operating system orbis is composed of many open source libraries the first logical step would be to start there the ps4 comes with a web browser which is a part of the operating system the engine known as webkit is also used on browsers for other game systems such as the playstation vita nintendo 3ds and nintendo wii u webkit would serve as the entry point for many exploits it's open source and already has a history of known vulnerabilities perhaps some of them weren't patched on the ps4 the first public exploit was released by security researcher sea turd in 2015 known as bad irat this was a previously known kernel exploit that was discovered in linux and freebsd and when applied to a ps4 with firmware 1.76 the system was vulnerable the exploit takes advantage of webkit and its just in time execution to gain kernel access resulting in system corruption and the ability to override a pointer and redirect the kernel this was the first but an important step into running homebrew on the playstation 4 but it also required a low firmware model and it wasn't very well known sony would simply remove just in time from the web browser and ensure that for any game that needed to be played you would need to be on the latest firmware revision hence addressing the issue before it really became widespread after the bad irat kernel exploit was discovered and then patched more work was done to identify newer exploits cte would also discover and release the dl-close vulnerability yet another kernel exploit for firmware 1.76 that was a buffer overflow this exploit was also patched and ctert would then soon announce his retirement from ps4 security research however by this time there were many expert level security researchers looking into exploiting the playstation 4 and because webkit ran on other game consoles discoveries were often found on other systems first then ported to the ps4 this would go on for some time with sony quickly resolving them in firmware updates with a general improving system stability message by 2017 the playstation 4 was at firmware 4.55 and a significant kernel vulnerability would be discovered freebsd implemented a virtual machine known as bpf or berkeley packet filter which would provide a secure network layer and ensure reliable transmission of data packets and embed them in the kernel a race condition situation can occur when two threads reference the same pointer one thread would free the pointer while the other attempts to execute it pose free and this allows a user to obtain an out of bounds right which can then lead to code execution in supervisor or ring-o mode sony patched this exploit in firmware 4.70 but they only patched the right functionality and not the core problem itself which remained security researcher spectradev wrote a similar exploit for firmware 5.05 which would be well known as the 505 ps4 exploit by this point the ps4 homebrew scene was gaining momentum and homebrew developers would soon work on emulators tools and applications for a jailbroken ps4 and if you were lucky enough to run a 5.05 firmware ps4 you can simply use what's known as a hen or homebrew enabler that uses sony's web browser as the entry point to trigger the bcf exploit and allow for unsigned code to run 5.05 would be the last known exploitable ps4 for a few years and this is partly the reason why the ps4 homebrew scene was quite small in comparison to others as time progressed finding an exploitable ps4 running 505 would be very scarce and many believed that the ps4 homebrew scene was done but in march of 2020 andrew newan also known as the flow well-known security researcher who was instrumental in defeating security on the playstation vita announced that he was looking at security on the playstation 4 and advised users to stay on firmware 6.72 or lower if possible and on july 6 the flow then submitted his new exploit to playstation who are offering a bounty reward his kernel exploit would allow for the hijacking of kernel read write primitives and code execution and once again would use the webkit as the entry point although a proof of concept it was soon made available on the ps4 this meant that trying to track down a 6.72 firmware playstation 4 would be much easier due to the nature of the exploit sony had patched it before it was made public but it does open up many more users who were interested in homebrew on the ps4 so what can you actually do with a modified sony playstation 4 well let's take a quick look and show you some of the cool things that it's capable of doing so to address the elephant in the room yes it's absolutely possible to play pirated games on a modded ps4 and i'm not going to dance around the issue it's one of the reasons why people own a modded system in the first place and with 6.72 means a much larger library of games that can be played on the system without requiring a system update but my motivation is homebrew and there are some really cool things that you can do with the ps4 and with the power of the console makes it a great emulation box first of all you can enjoy many ps2 games on the system with the emulator that was developed for ps2 classics it's nowhere near perfect and the compatibility list is a bit hit and miss but you can indeed play ps1 and ps2 games on your ps4 there is also a linux distribution which is great normally linux is not something that i'm really interested in but this one is a little different as you can see it handles emulation quite well it also comes with a steam client which allows you to log in and play from your steam library not all games are compatible the ones that require direct decks for example but anything that requires vulcan or opengl should run and in most instances it runs quite well you can also turn your ps4 into a kodi media center but if you don't like linux there are still some many great orbis native applications as well and overall it's a very interesting system to dive into but unfortunately the community just doesn't seem to be there the small but dedicated group of individuals are working on ps4 homebrew but sadly the main reason for a system seems to be for pirated games but still 6.72 hopefully won't be the last ps4 exploit that comes out it is interesting however because as we know sony likes to issue firmware updates long after the hardware's end of life but in conclusion thanks to the hard work and dedication that security research has put into the playstation 4 its security has indeed been defeated but this time around sony has always been one step ahead rather than the other way around many people aren't even aware that there's even a homebrew scene on the playstation 4. what there is however is quite impressive and hopefully we will see things continue as we move into the next generation with the ps5 so that is ultimately how the playstation 4 has been defeated from a security standpoint now this time around sony has kept one step ahead of the hackers and security experts in the past it was kind of the other way around with the psp and the ps vita it was always that cat mouse game but sony has been very very good about security this time around on the ps4 but that's not to say you can't run unsigned code on a playstation 4. now before i go i did want to leave a couple of links in the description below to some really comprehensive homebrew guides on the playstation 4 a lot better than what i had in my video i was really just scratching the surface with what's possible on the ps4 so check those links out they are far more comprehensive than what i have put in this particular video well guys we are going to leave it here let me know what you thought about this video in the comments below don't forget to like and subscribe and i'll catch you guys in the next video bye for now [Music] [Music] you

Info

Channel: Modern Vintage Gamer

Views: 740,728

Rating: undefined out of 5

Keywords: ps4, playstation 4, sony, ps4 pro, ps4 games, modding, exploits, homebrew, hacking, orbis, hen, 5.05, 6.72, 1.73, badiret, specterdev, theflow, mvg, modern vintage gamer, kernel exploit, webkit, open source, freebsd, security, linux, jailbreak

Id: OxRTGMe_RuE

Channel Id: undefined

Length: 12min 22sec (742 seconds)

Published: Mon Oct 05 2020