We all love some high-end gaming, especially when the cost is little to nothing. One way to make that somehow possible is through jailbreaking. While it is looked down in many places, it is still legal in some areas, and people are doing it at an alarming rate.
Although many different devices can be jailbroken, we will discuss PlayStation 5 specifically. Despite the recent rumours that the console has been jailbroken, the reality is not exactly like that, and we at TopTierList are here to tell you why.
It's… beautiful.
The PlayStation 5 has been jailbroken. pic.twitter.com/54fvBGoQGw
— Lance McDonald (@manfightdragon) October 3, 2022
Jailbreaking
If you are unfamiliar with the process of jailbreaking, it exploits the flaws of an electronic device to install the applications and such that the manufacturers have made unavailable for that specific device. In simple words, it allows the owner of the device to have full access to the root of the operating system and can also access all features i.e. you can download pirated games.
Major Points
- The person who made the “PlayStation 5 jailbreak possible” himself listed jailbreaking as future work.
- Due to the limitations and the incomplete work, PlayStation 5 has not reached the point where we can genuinely call it jailbroken.
- Despite the rumors and mentions of it being jailbroken in many reports, the creator himself did not use any such word when explaining his work.
PlayStation 5 Is Not Jailbroken Yet
We at TopTierList saw the whole situation and found that it wasn’t quite complete as it should be, and naturally, we found the original creator and his work. GitHub user Cryptogenic posted the files and all relevant data in a post and further explained what it contains.
He used the PlayStation 5 kernel exploit based on TheFlow’s IPV6 Use-After-Free (UAF) that was reported on HackerOne. His strategy was primarily based on TheFlow’s BSD/PS4 PoC, with some changes to adapt it with PlayStation 5’s memory layout, as it is more scattered with adjacent pages rarely belonging to the same slab.
In addition, his post clearly mentioned that it “intended for developers to play with to reverse engineer some parts of the system.” The stability is very low for a jailbreak and needs further work and extensive research on the exploits to make it reach that state.
Limitations of His Work
There are quite a few limitations to this work. Here’s a list of them from Cryptogenic’s post.
- This exploit achieves read/write but not code execution. This is because we cannot currently dump kernel code for gadgets, as kernel .text pages are marked as eXecute Only Memory (XOM). Attempting to read kernel .text pointers will panic!
- As per the above + the hypervisor (HV) enforcing kernel write protection, this exploit also cannot install any patches or hooks into kernel space, which means no homebrew-related code for the time being.
- Clang-based fine-grained Control Flow Integrity (CFI) is present and enforced.
- Supervisor Mode Access Prevention/Execution (SMAP/SMEP) cannot be disabled due to the HV.
- The write primitive is somewhat constrained, as bytes 0x10-0x14 must be zero (or a valid network interface).
- On a successful run, exit the browser with the circle button, PS button panics for an unknown reason.
Due to the poor stability, this has been termed as an exploit by Cryptogenic, and you can see for yourself that the word jailbreak is used only once, which is for future work, which you can see below.
The Future Work Prioritized by Cryptogenic.Therefore, to call it jailbroken is a huge misunderstanding of how this works. We can be patient and show support to the creator so he can upload his future work on it, and maybe we will have an actual jailbreak shortly. These are just exploits, and their stability is at 30%, with many points of failure. If you want to use it for casual gaming, we don’t see how it can work.
Furthermore, the hypervisor has higher privileges and is not yet broken. So, it cannot currently read or patch the kernel code, hence no unsigned code execution. Maybe once the hypervisor is broken, we can finally call it jailbroken.
In Conclusion
To wrap it up, the creator of this jailbreak himself lists down the limitations, considering jailbreak as the future goal. Therefore we should not call it a jailbreak until he has finished his incomplete work. Although we say it is undone, his work till now is nothing but impressive and makes the possibility of future jailbreak highly likely.
Let us know your thoughts on this subject. Do you think PlayStation 5 jailbreak in this condition is playable? Or, if you are like us, when do you think it will finally be jailbroken? Let us know below, and we will share our thoughts with you!
Here is a Similar Read: Need For Speed Twitter Banner Revamped; Game Reveal Soon.