Released! PS5 kernel exploit + webkit vulnerability for firmware 4.03

Released!  PS5 kernel exploit + webkit vulnerability for firmware 4.03
Written by admin

Oh wow just a few hours later tweeting that this needs to be “ironed out” SpecterDev has now released its implementation of the PS5 IPV6 Kernel Exploit!

This version relies on it the webkit vulnerability as an entry point, meaning it will work on any PS5 (including PS5 Digital Edition) running firmware 4.03. Lower firmwares may work (although the exploit may need tweaking). Higher firmwares currently do not work (they are not vulnerable to the webkit exploit)

PS5 4.03 kernel exploit is here!

SpecterDev warns against this significant limitations this exploit. Above all:

  1. The exploit is quite unstable and in his experience it works about 30% of the time. If you try to run it, don’t give up, it may take multiple attempts before the exploit gets through
  2. Possibly more importantly, this exploit gives us read/write access but no execution! This means that at the moment there is no way to load and run binaries, everything is constrained within the framework of the ROP chain. However, the current implementation allows debug settings.

Specifically, from the exploit’s readme:

Currently included

  • Gets arbitrary read/write access and can run a simple RPC server for read/writes (or a dump server for large reads) (must edit your own address/port into the exploit file at lines 673-677 )
  • Activates the debug settings menu (note: you have to exit and re-enter the settings completely to see it).
  • Gets root privileges

Download and run

You can Download the hack here.

you will need python to run SpecterDev’s implementation and you will be running a web server on your local PC that your PS5 can access.

  1. Configure fakedns via dns.conf this point to the IP address of your PC
  2. Run Fake DNS: python -c dns.conf
  3. Run HTTPS server: python
  4. Go into advanced PS5 network settings and set the primary DNS to your PC’s IP address and leave the secondary as is
    1. Sometimes the manual still won’t load and requires a reboot, not sure why that’s really weird
  5. In the settings go to the user guide and accept the prompt for untrusted certificates, run it
  6. Optional: Run rpc/dump server scripts (Note: address/port must be replaced in binary form in Exploit.js)

This is an evolving story as more people will test and report on this hack in the coming days, so stay tuned!

Source: SpecterDev

About the author


Leave a Comment