One of the PlayStation scene's most notable figures, TheFlow (Andy Nguyen), is back at it again. He's discovered a major exploit that affects not just one PlayStation console, but three. A hackerone report by TheFlow sheds light on five vulnerabilities that range in effectiveness, allowing users to load payloads that can be used to exploit the PlayStation 3, PlayStation 4, and even the PlayStation 5. The exploit is referred to as bd-jb, or the Blu-ray Disc Java Sandbox Escape, and was featured during a panel at this year's hardwear.io security conference.

Below are 5 vulnerabilities chained together that allows an attacker to gain JIT capabilities and execute arbitrary payloads. The provided payload triggers a buffer overflow that causes a kernel panic. Please consider each of the vulnerabilities individually. AFAIK, this is the first exploit chain that is being submitted to you

According to Nguyen's report, a UDF driver can cause an overflow on both the PS4 and the PS5. An exploit chain, aka bd-jb, can then be loaded as the payload as a burned Blu-ray disc. The hack, in summary, will allow users to burn physical discs of game backups, and then play them on their consoles. This affects PlayStation 4 consoles below OFW 9.50, and PlayStation 5 systems that are below OFW 5.0.

With these vulnerabilities, it is possible to ship pirated games on bluray discs. That is possible even without a kernel exploit as we have JIT capabilities.

bd-jb: Blu-ray Disc Java Sandbox Escape affecting PS3, PS4, PS5. My talk at @hardwear_io will be uploaded in a few weeks. #hardwear_io https://t.co/gVs03Ie46q

— Andy Nguyen (@theflow0) June 10, 2022

TheFlow's panel that discusses the exploit in detail will be uploaded in "a few weeks". The full hackerone report and all of its technical details can be read about below.

Following the initial report, TheFlow made an update to his claims.

I wanted to clarify: Without a kernel exploit, you won't be able to run any pirated games (which would have worked on the PS4 only anyways), because we don't have enough RAM in the bd-j process and there are some other constraints. It was only a theoretical impact.

— Andy Nguyen (@theflow0) June 11, 2022

Source

 

[godreborn]

from what I've heard, the latest ps5s ship with is 4.50 currently. not sure how old 5.00 is, but it's only up to like 5.10 right now iirc.

I wonder what FW my PS5 is on. I've had it for months and never taken it out of the box yet. Haha.

Yep, me too

 

[jurai]

New Firmware release on 3, 2, ...

These were patched already so

 

[jurai]

wait so this can only be used to play pirated games? no homebrew or anything?

It provides a listening daemon to send a payload, you could send homebrew if you had homebrew

 

[godreborn]

yeah, the ps5 is about four firmwares higher than 4.50, 5.00, 5.01, 5.02, and 5.10 iirc. and we're up to 9.60 on the ps4.

 

[gbadl]

"I wanted to clarify: Without a kernel exploit, you won't be able to run any pirated games (which would have worked on the PS4 only anyways), because we don't have enough RAM in the bd-j process and there are some other constraints. It was only a theoretical impact."

 

[diggeloid]

This is probably making Sony sweat, but you know what's really stupid? Dedicated security researchers like the flow would probably not be spending so much time and effort trying to exploit these consoles if Sony just opened it up and let people run homebrew straight up.

 

[linuxares]

"I wanted to clarify: Without a kernel exploit, you won't be able to run any pirated games (which would have worked on the PS4 only anyways), because we don't have enough RAM in the bd-j process and there are some other constraints. It was only a theoretical impact."

Everyone that kept a PS5 suddenly got sad

 

[godreborn]

This is probably making Sony sweat, but you know what's really stupid? Dedicated security researchers like the flow would probably not be spending so much time and effort trying to exploit these consoles if Sony just opened it up and let people run homebrew straight up.

that's probably what they should do. lots of different apps on the series x. maybe they'll do that with the ps6, then no one will care about exploiting the console, and opening it up to piracy.

 

[jahrs]

I feel like this is taking me back a decade when you had to use disc's to load game backups for like the wii

 

[master801]

I remember years ago when the Java blu-ray entry was just a big theory lol

 

[tommasi]

If he releases the exploit. The scene will be back on fire. Backup disks market will be alive again in a lot of countries!!

 

[Nincompoopdo]

I guess people will be selling backup copies of PS5 games now. Good to be back to the PS1 and PS2 days.

 

[linuxares]

People literally need to see what he wrote after this tweet...

 

[godreborn]

People literally need to see what he wrote after this tweet...

was thinking the same. people really jumped the gun on this one.

 

[alt_Human]

Everyone that kept a PS5 suddenly got sad

Not I. I wasn't planning on doing it anyway if it were possible. I won't give up online play and use of the PSN store for pirated discs. I've also been planning to hook my PS5 up for the first time the day the new PS Plus tiers launch in the US.

 

[linuxares]

was thinking the same. people really jumped the gun on this one.

As normal! But it do seem that PS4s can boot fixed disks

 

[godreborn]

Not I. I wasn't planning on doing it anyway if it were possible. I won't give up online play and use of the PSN store for pirated discs. I've also been planning to hook my PS5 up for the first time the day the new PS Plus tiers launch in the US.

sony sent me a message about that. I think it goes live on the same day as those covers get released, which is a week from today.

 

[alt_Human]

sony sent me a message about that. I think it goes live on the same day as those covers get released, which is a week from today.

I thought the tiers go live on the 13th.

 

[godreborn]

I thought the tiers go live on the 13th.

you may be right. I just don't recall for sure, just that sony sent me a message. I'm sticking to the base tier for right now, since streaming is impossible with a data cap.

 

[alt_Human]

you may be right. I just don't recall for sure, just that sony sent me a message. I'm sticking to the base tier for right now, since streaming is impossible with a data cap.

I only have the highest tier becasue I had 2 more years stacked and got in on the PS Now upgdade deal before they closed the loophole. I will have to see where everything stands in two years to see if I'll continue with Premium or not. I still have my modded PS3 so the PS3 streaming isn't a factor to me personally. Sucks you have a data cap. Aren't the PS1 and PS2 games downloadable?