Front-page Hacking 

TheFlow has discovered a major exploit called bd-jb for PS3, PS4, and PS5, can be used to load game backups burned to discs

photo_2022-06-10_13-34-33.jpg

One of the PlayStation scene's most notable figures, TheFlow (Andy Nguyen), is back at it again. He's discovered a major exploit that affects not just one PlayStation console, but three. A hackerone report by TheFlow sheds light on five vulnerabilities that range in effectiveness, allowing users to load payloads that can be used to exploit the PlayStation 3, PlayStation 4, and even the PlayStation 5. The exploit is referred to as bd-jb, or the Blu-ray Disc Java Sandbox Escape, and was featured during a panel at this year's hardwear.io security conference.

Below are 5 vulnerabilities chained together that allows an attacker to gain JIT capabilities and execute arbitrary payloads. The provided payload triggers a buffer overflow that causes a kernel panic. Please consider each of the vulnerabilities individually. AFAIK, this is the first exploit chain that is being submitted to you :)
Click to expand...

According to Nguyen's report, a UDF driver can cause an overflow on both the PS4 and the PS5. An exploit chain, aka bd-jb, can then be loaded as the payload as a burned Blu-ray disc. The hack, in summary, will allow users to burn physical discs of game backups, and then play them on their consoles. This affects PlayStation 4 consoles below OFW 9.50, and PlayStation 5 systems that are below OFW 5.0.

With these vulnerabilities, it is possible to ship pirated games on bluray discs. That is possible even without a kernel exploit as we have JIT capabilities.
Click to expand...



TheFlow's panel that discusses the exploit in detail will be uploaded in "a few weeks". The full hackerone report and all of its technical details can be read about below.

Following the initial report, TheFlow made an update to his claims.



:arrow: Source
 
  • Like
  • Love
  • Wow
Reactions: grillmasterxbbq, Dothackjhe, lordelan and 62 others
Click to expand...
Noctosphere

Noctosphere

Nova's Guardian
Member
Level 27
Joined
Dec 30, 2013
Messages
6,756
Trophies
3
Age
30
Location
Biblically accurate Hell
XP
18,719
Country
Canada
elm said:
Ok….. so Basically just to re-write another game over it and that’s all? I guess I thought There was some bigger picture I was missing with the BD-RE discs.
Click to expand...
Actually, if it fails once on a disc, you can't reuse ir, so the disc will have to be trashed
While on RW, if the burning fails, well, the disc is still usable
 
  • Like
Reactions: Marc_LFD and elm
Marc_LFD

Marc_LFD

Well-Known Member
Member
Level 19
Joined
Nov 3, 2021
Messages
5,570
Trophies
1
Age
34
XP
8,980
Country
United States
RW discs would make more sense and make the whole "Swap Magic" process more tolerable.

I'd still rather drag n' drop to my USB and then install on my PS4. Also, while the Pro is better than the Launch and Slim, the Slim is silent so that's a huge plus for me (I seriously hate noisy consoles).
 
  • Like
Reactions: elm
urbanman2004

urbanman2004

Well-Known Member
Member
Level 9
Joined
Jan 10, 2013
Messages
925
Trophies
1
XP
1,639
Country
United States
This mf just open up Pandora's Box and this is gonna turn out to be the second coming of the "G-Hotz" saga. TheFlow better lawyer up, lol.
 
Lv44ES_Burner

Lv44ES_Burner

Well-Known Member
Member
Level 5
Joined
Dec 11, 2020
Messages
141
Trophies
0
Age
35
Location
Perdition's flames
XP
604
Country
United States
Yeah, I'm not clear how useful this is, especially after his follow-up tweet. Can someone explain if we're actually able to use this to hack a PS3 or its successors, or not, in an easier fashion? Furthermore, will such a hack work on all PS3 revisions, including the Slims and Super-Slims?

EDIT: I feel I should clarify for a bit that I could care less about piracy on the PS3, it's more having it hacked to begin with.
 
N

Nakamichi

Well-Known Member
Member
Level 9
Joined
Dec 10, 2021
Messages
384
Trophies
0
Age
36
XP
1,689
Country
Germany
Marc_LFD said:
Thermal paste? I heard that does wondera for PS3/PS4 consoles. However, I've never done it so would have to pay a professional for it.

Not sure if it'd be worth it after all.
Click to expand...
I assure you, its not at all difficult if you go slow and follow a good guide like those by ifixit.
The thermal paste used for ps4/ps3 etc wasnt great when it was brandnew and age has only made it worse.

A fresh application with a high-quality thermal paste isnt expensive and can make a world of difference.

...except on a ps5. that one uses liquid metal and thats already extremely good.
 
  • Like
Reactions: hippy dave and Marc_LFD
Marc_LFD

Marc_LFD

Well-Known Member
Member
Level 19
Joined
Nov 3, 2021
Messages
5,570
Trophies
1
Age
34
XP
8,980
Country
United States
Nakamichi said:
I assure you, its not at all difficult if you go slow and follow a good guide like those by ifixit.
The thermal paste used for ps4/ps3 etc wasnt great when it was brandnew and age has only made it worse.

A fresh application with a high-quality thermal paste isnt expensive and can make a world of difference.

...except on a ps5. that one uses liquid metal and thats already extremely good.
Click to expand...
Thanks.

I'm currently testing/using a PS4 Pro I bought around 5 months ago and it's very quiet.
 
N

Nakamichi

Well-Known Member
Member
Level 9
Joined
Dec 10, 2021
Messages
384
Trophies
0
Age
36
XP
1,689
Country
Germany
@Marc_LFD well, if its quiet i doubt there is any need, even if you could gain some improvements.

Just keep in mind that you have options available to you if it ever gets loud!
 
sley

sley

Well-Known Member
Member
Level 6
Joined
Feb 5, 2017
Messages
226
Trophies
0
Age
25
XP
870
Country
Germany
Awesome but sad that Sony was able to patch it, imagine running homebrew on a playstation system while still being able to go online.
 
  • Like
Reactions: TomRiddle

Site & Scene News

Go to forum More news

Popular threads in this forum

Wii U and 3DS online services shutting down today, but Pretendo is here to save the day

GBAtemp Exclusive  Introducing tempBOT AI - your new virtual GBAtemp companion and aide (April Fools)

Nintendo Switch firmware update 18.0.1 has been released

The first retro emulator hits Apple's App Store, but you should probably avoid it

Delta emulator now available on the App Store for iOS

MisterFPGA has been updated to include an official release for its Nintendo 64 core

Nintendo takes down Gmod content from Steam's Workshop

Editorial  Making Pokemon Emerald my own one tweak at a time - Scarlet's March of gaming

General chit-chat
Help Users
  • TwoSpikedHands @ TwoSpikedHands:
    Do I restart now using what i've learned on the EU version since it's a better overall experience? or do I continue with the US version since that is what ive been using, and if someone decides to play my hack, it would most likely be that version?
  • Sicklyboy @ Sicklyboy:
    @TwoSpikedHands, I'll preface this with the fact that I know nothing about the game, but, I think it depends on what your goals are. Are you trying to make a definitive version of the game? You may want to refocus your efforts on the EU version then. Or, are you trying to make a better US version? In which case, the only way to make a better US version is to keep on plugging away at that one ;)
  • Sicklyboy @ Sicklyboy:
    I'm not familiar with the technicalities of the differences between the two versions, but I'm wondering if at least some of those differences are things that you could port over to the US version in your patch without having to include copyrighted assets from the EU version
  • TwoSpikedHands @ TwoSpikedHands:
    @Sicklyboy I am wanting to fully change the game and bend it to my will lol. I would like to eventually have the ability to add more characters, enemies, even have a completely different story if i wanted. I already have the ability to change the tilemaps in the US version, so I can basically make my own map and warp to it in game - so I'm pretty far into it!
  • TwoSpikedHands @ TwoSpikedHands:
    I really would like to make a hack that I would enjoy playing, and maybe other people would too. swapping to the EU version would also mean my US friends could not legally play it
  • TwoSpikedHands @ TwoSpikedHands:
    I am definitely considering porting over some of the EU features without using the actual ROM itself, tbh that would probably be the best way to go about it... but i'm sad that the voice acting is so.... not good on the US version. May not be a way around that though
  • TwoSpikedHands @ TwoSpikedHands:
    I appreciate the insight!
  • The Real Jdbye @ The Real Jdbye:
    @TwoSpikedHands just switch, all the knowledge you learned still applies and most of the code and assets should be the same anyway
  • The Real Jdbye @ The Real Jdbye:
    and realistically they wouldn't

    be able to play it legally anyway since they need a ROM and they probably don't have the means to dump it themselves
  • The Real Jdbye @ The Real Jdbye:
    why the shit does the shitbox randomly insert newlines in my messages
  • Veho @ Veho:
    It does that when I edit a post.
  • Veho @ Veho:
    It inserts a newline in a random spot.
  • The Real Jdbye @ The Real Jdbye:
    never had that i don't think
  • Karma177 @ Karma177:
    do y'all think having an sd card that has a write speed of 700kb/s is a bad idea?
    trying to restore emunand rn but it's taking ages... (also when I finished the first time hekate decided to delete all my fucking files :wacko:)
  • The Real Jdbye @ The Real Jdbye:
    @Karma177 that sd card is 100% faulty so yes, its a bad idea
  • The Real Jdbye @ The Real Jdbye:
    even the slowest non-sdhc sd cards are a few MB/s
  • Psionic Roshambo @ Psionic Roshambo:
    https://www.youtube.com/watch?v=SjCivnt5t50
  • Karma177 @ Karma177:
    @The Real Jdbye it hasn't given me any error trying to write things on it so I don't really think it's faulty (pasted 40/50gb+ folders and no write errors)
  • DinohScene @ DinohScene:
    run h2testw on it
     +1
  • DinohScene @ DinohScene:
    when SD cards/microSD write speeds drop below a meg a sec, they're usually on the verge of dying
     +1
  • Psionic Roshambo @ Psionic Roshambo:
    Samsung SD format can sometimes fix them too
  • Purple_Heart @ Purple_Heart:
    yes looks like an faulty sd
  • Purple_Heart @ Purple_Heart:
    @Psionic Roshambo i may try that with my dead sd cards
     +1
  • Psionic Roshambo @ Psionic Roshambo:
    It's always worth a shot
  • TwoSpikedHands @ TwoSpikedHands:
    @The Real Jdbye, I considered that, but i'll have to wait until i can get the eu version in the mail lol
    TwoSpikedHands @ TwoSpikedHands: @The Real Jdbye, I considered that, but i'll have to wait until i can get the eu version in the...