Following the recent news that famous security engineer Andy Nguyen has managed to enable debug settings on his own PlayStation 5, we are now receiving claims that the well-known hacking group fail0verflow have been able to extract all symmetric PS5 root keys, including per-console root keys.

While not much information is yet known about the process, it's worth noting that although they are claiming to be able to read the keys for encrypted files, it is likely not possible at this point to re-sign modified files in a way that the system would accept them. However, this remains a very positive first step into gaining further understanding in to how the PlayStation 5 works.

Translation: We got all (symmetric) ps5 root keys. They can all be obtained from software - including per-console root key, if you look hard enough! https://t.co/ulbq4LOWW0

— fail0verflow (@fail0verflow) November 8, 2021

​

It is worth mentioning that fail0verflow are famously anti-piracy and once decided against releasing their Wii U exploit knowing it would result in software piracy.

Source

 

[godreborn]

btw, I explained how to get the root key for the ps4 in one of the posts in @KiiWii 's thread. it's not very hard really, just need to use pip from python to download two dependencies, (one requires a dependency from microsoft's website, but it will tell you what), then use a script file. you can also use orbisman, but afaik, it only works on 4.55 and 5.05. I did both, and they were identical, so either works. it's called the eap key on the ps4. e probably stands for encrypted just like eid root key on the ps3 stands for encrypted individual data.

 

[godreborn]

it's kinda buried in @KiiWii 's thread, since it sees a lot of action, but I wrote it on psx place. here's a link:

https://www.psx-place.com/threads/hdd-script-by-anonymous.30863/#post-311186

 

[djpannda]

Good luck finding one.
I'm trying to get one for like 6 months now...but retailers are permanently out of stock and resellers are selling them for like $1500 where I live....No thanks....

::Cough:::Wario64:::COUGH::

 

[Deleted member 668561]

They better have learned from geohot

 

[godreborn]

@Wario64

can you use telegram or nowinstock as well. I never put them in there, but I got the n64 controller notification. however, I had a feeling before I got it, so it wouldn't have mattered. thanks to @Hayato213 who sold me his second ps5 at cost as well as telling me about the oled switch on sale at best buy, got both, and they're sitting sandwiching my animal crossing switch.

 

[LeyendaV]

Rush to get one and don't update it.

 

[HellGhast]

damn it,
NOW I HAVE TO get a PS5...

Same here, I think the time to get a Ps5 is now before $ony patches any vulnerabilities, problem is where I buy my games and consoles have a waiting list and the price is crazy.

 

[sley]

Good news, still jealous about the fact that only Xbox got a dev mode seeing whats already possible with the power of the new consoles.

 

[ElSasori69]

Do you hear it... It's coming... ♫Yarr har fiddle dee dee♫

 

[Donnie-Burger]

They better have learned from geohot

Its actually backwards. Geogot didnt learn from them and thats why he got what he got.

It's happening: Webkit is half the battle. Lets see what drops on PS4 and see what carries over.

 

[Nagarjuna]

I'm out of the loop on Sony security, why do their consoles seem to get hacked so quickly? The Xbox One has made essentially zero progress on RCE (although this might be because of UWP), are Sony consoles just less secure or more popular? It seems like they have a history of easy exploits, I remember PS1 piracy was a big concern and the PSP homebrew scene was huge.

 

[Kioku]

Good luck finding one.
I'm trying to get one for like 6 months now...but retailers are permanently out of stock and resellers are selling them for like $1500 where I live....No thanks....

Just bought one from Best Buy.

 

[godreborn]

I'm out of the loop on Sony security, why do their consoles seem to get hacked so quickly? The Xbox One has made essentially zero progress on RCE (although this might be because of UWP), are Sony consoles just less secure or more popular? It seems like they have a history of easy exploits, I remember PS1 piracy was a big concern and the PSP homebrew scene was huge.

generally the goal is homebrew, not piracy or anything, and the xbox one and series x have a dev mode that makes it possible, so I guess that's the reason they're left alone.

 

[godreborn]

Just bought one from Best Buy.

if you set it up vertically, remember: the base goes on the back. it took me a while to figure that out when I was putting it together. the picture on the box and the drawings in the instructions are pretty terrible. lol

 

[godreborn]

the screw will only tighten if it's in right. it's kinda weird, I guess, but it's not very hard really as long as you know what to do. I never watched a video, so I was confused for a brief moment. it won't tighten if the base is on the front, plus it doesn't look right anyway.

 

[mattyxarope]

generally the goal is homebrew, not piracy or anything, and the xbox one and series x have a dev mode that makes it possible, so I guess that's the reason they're left alone.

Also the huge lack of exclusives for Xbox.

And Microsoft said that all games coming to Xbox must come to Windows.

So there is almost no interest in hacking Xbox.

 

[Marc_LFD]

The value of the Digital PS5s is about to increase, I guess.

 

[Guacaholey]

is it just me or is the PS scene the worst if it comes down to homebrew/hacking?
I feel like all they care about is pirating games and nothing else.

Good. The fact that Sony has had a massive design flaw in the last 3 generations of consoles that will stop you from playing your legally owned games means that it's more or less a necessity to be able to bypass the signature checks just to use stuff we paid for in time.

 

[AaronDee]

Moving quick as hell, If we get a CFW running i might have to track down a PS5

 

[zoogie]

I'm out of the loop on Sony security, why do their consoles seem to get hacked so quickly?

This is all opinion and not necessarily hard facts.

They have an old reputation of being a hardware-first company and treating their software people like second-class citizens. Don't know how much that still applies. Also, they tend to do their security programming in-house from JP headquarters and don't rely much on western peer review (except hackerone, but not everyone signs up for that). I suspect that may be somewhat of a company pride thing (Nintendo has been susceptible to this as well in the past).

They also have some bad security practices user-side like being able to install your own firmware from usb (I know this isn't a vuln in of itself, but it allows people to upgrade to vulnerable firmware versions instead of latest). Including debug mode in retail is also a bad idea.