One of the PlayStation scene's most notable figures, TheFlow (Andy Nguyen), is back at it again. He's discovered a major exploit that affects not just one PlayStation console, but three. A hackerone report by TheFlow sheds light on five vulnerabilities that range in effectiveness, allowing users to load payloads that can be used to exploit the PlayStation 3, PlayStation 4, and even the PlayStation 5. The exploit is referred to as bd-jb, or the Blu-ray Disc Java Sandbox Escape, and was featured during a panel at this year's hardwear.io security conference.

Below are 5 vulnerabilities chained together that allows an attacker to gain JIT capabilities and execute arbitrary payloads. The provided payload triggers a buffer overflow that causes a kernel panic. Please consider each of the vulnerabilities individually. AFAIK, this is the first exploit chain that is being submitted to you

According to Nguyen's report, a UDF driver can cause an overflow on both the PS4 and the PS5. An exploit chain, aka bd-jb, can then be loaded as the payload as a burned Blu-ray disc. The hack, in summary, will allow users to burn physical discs of game backups, and then play them on their consoles. This affects PlayStation 4 consoles below OFW 9.50, and PlayStation 5 systems that are below OFW 5.0.

With these vulnerabilities, it is possible to ship pirated games on bluray discs. That is possible even without a kernel exploit as we have JIT capabilities.

bd-jb: Blu-ray Disc Java Sandbox Escape affecting PS3, PS4, PS5. My talk at @hardwear_io will be uploaded in a few weeks. #hardwear_io https://t.co/gVs03Ie46q

— Andy Nguyen (@theflow0) June 10, 2022

TheFlow's panel that discusses the exploit in detail will be uploaded in "a few weeks". The full hackerone report and all of its technical details can be read about below.

Following the initial report, TheFlow made an update to his claims.

I wanted to clarify: Without a kernel exploit, you won't be able to run any pirated games (which would have worked on the PS4 only anyways), because we don't have enough RAM in the bd-j process and there are some other constraints. It was only a theoretical impact.

— Andy Nguyen (@theflow0) June 11, 2022

Source

 

[UnderJinx]

My guess is that someone will make a more user friendly jailbreak
from the Bd-Jb before the end of 2022. Maybe before the end of summer

 

[Nakamichi]

I really hope this leads to a hack for the unhackable PS3 systems.

Really want to mod my PS3 SuperSlim.

 

[Blavla]

Didn't realize Sony paid a bounty for his exploit discovery...

20 k

 

[KuntilanakMerah]

I really hope this leads to a hack for the unhackable PS3 systems.

Really want to mod my PS3 SuperSlim.

luckily i got cech 40xxx series

 

[ldeveraux]

is this playable yet on 9.00 jb and some bluray discs? Is it anywhere close to user friendly?

 

[KuntilanakMerah]

is this playable yet on 9.00 jb and some bluray discs? Is it anywhere close to user friendly?

if you own ps2 you know exactly how to boot through fmcb

 

[KuntilanakMerah]

i hope on the ps5 have the same method use disc to gain access to its root and then you can install homebrew exploit like on the ps3 hen / ps2 fmcb

 

[ldeveraux]

if you own ps2 you know exactly how to boot through fmcb

My PS2 had a modchip installed 20 years ago...

 

[KuntilanakMerah]

 

[magico29]

Ultraaaaaaaaaaaaaaaaaaaaaaaaaaa!!!

 

[LainaGabranth]

YESSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS

 

[DEMONGreninjaPG]

i dont even have a ps4,ps5 only a ps3 that i dont have access to right now

 

[teamlocust]

2 x ps5 disc edition , one at 3.20 and one at 4.50... planning to take the 4.50 online....

 

[Marc_LFD]

i dont even have a ps4,ps5 only a ps3 that i dont have access to right now

Make the best of it. Now, PS3 is an "old" console, but it has so many fantastic and delisted games you can't play on newer consoles (licensing issues).

 

[DEMONGreninjaPG]

Make the best of it. Now, PS3 is an "old" console, but it has so many fantastic and delisted games you can't play on newer consoles (licensing issues).

ikr i did have a ps4 but it was pawn im going to have to watch my chatting before i get banned

 

[KuntilanakMerah]

i remember having a good time playing white knight chronicles online on the ps3 system until they close online play