Hacking group Fail0verflow has tweeted to claim they have access to the PS5 ‘root keys’, one of the key factors in being able to decrypt files from the system, potentially reverse-engineering the system software and opening it up for jailbreaking, homebrew development and, yes, piracy.
Translation: We got all (symmetric) ps5 root keys. They can all be obtained from software – including per-console root key, if you look hard enough! https://t.co/ulbq4LOWW0
— fail0verflow (@fail0verflow) November 8, 2021
Alongside the Root Key breakin, Google Security Engineer Andy Nguyen tweeted a screenshot from the PS5 system settings, featuring the Debug Settings menu that is typically only available to developers and engineers with access to specific dev kit devices.
— Andy Nguyen (@theflow0) November 7, 2021
Neither Fail0verflow nor Nguyen have disclosed details of how they have broken through Sony’s various security measures, though it’s clear that there are some core vulnerabilities in Sony’s software that can be taken advantage of. The two tweets indicate that there is a ticking clock before the PS5 is able to be modified to feature ‘jailbroken’ system software, and this is an incredibly serious issue for Sony to try and combat.
Fail0verflow is a group synonymous with PlayStation hacking. In early 2011, they and George ‘GeoHotz’ Hotz revealed that they had access to the PS3 ‘Private Keys’ which similarly allowed free access to the system’s files and the ability to modify the software. As a fundamental core part to the PS3’s security measures, it led to jailbreaking, allowing users to downgrade the firmware, run emulators, copy games from disc to hard drive, hack online games and for piracy to affect the system.
Sony can take several steps at this point, such as revising future iterations of the PS5 hardware to use different encryption methods, but typically when these kinds of things happen, the hardware that’s already released remains vulnerable. We’ve seen similar instances over the past decade, from fundamental vulnerabilities in Apple’s iPhone and iPad silicon that makes it impossible for them to block jailbreaks, to Fail0verflow hacking the PS4 and the original Nintendo Switch revision becoming a haven for those that want to run custom software and emulators – Nintendo updated the hardware to remove the vulnerabilities that allowed this in 2019.
The key (heh) factor in how this proliferates is that nobody will want to go to prison or be sued into oblivion for this. In 2011, GeoHotz was sued and reached an out of court settlement with Sony that included an agreement to never again hack their products. If anyone can be directly implicated in enabling and furthering piracy, that’s generally the tipping point for legal action.