PS5 Hacks: SpecterDev’s Hardwear.io presentation slides available

admin

The Hardwear.io folks have uploaded SpecterDev‘s slides for his recent presentation on PS5 exploits and security research. As expected, the presentation didn’t touch on any new exploit disclosure, but it does give a lot of crunchy details on the current state of PS5 security, PS5 hypervisor reverse engineering, as well as leads for future attack vectors.

SpecterDev’s presentation starts with the current status of PS4/PS5 hacking and knowledge of these devices, in particular describing how the PS5 improved its security compared to the previous generation of consoles. The hacker dives into interesting details, such as how Sony’s bug bounty have helped them fix lots of bugs before they become useable/critical, how ASLR and SMAP have been improved, how XOM mitigates ROP execution, etc…

rough explanation of XOM (*not* from Specter’s presentations)

The presentation also confirms that firmwares around 3.xx patched some critical vulnerabilities. Folks on 2.xx or below might want to stay on their low firmwares for the time being.

In case studies, SpecterDev describes how TheFloW‘s IPVC Race UAF exploit helps bypassing most of the mitigations put in place on the PS5, which allowed for the current Kernel exploit we know. However, he confirms that even when exploited, things remain tough on the PS5. He also confirms in these slides that flatz is the person who managed to get access to the Hypervisor code (how???)

PS5 Post Exploitation

This part is of course the most interesting one for people on PS5, and this is what the slides say about it:

Post-exploitation is where PS5 looks really different from PS4

  • Takes advantage of AMD Secure Virtualization (SVM)
    • AMD technology for hardware-backed virtualization
  • Hypervisor is a secure monitor and nannies the kernel
    • Intercepts various sensitive actions from the guest kernel
  • Basically Virtualization-Based Security for console
  • Idea is kernel code integrity cannot be broken without hypervisor
    bug/bypass
  • Kernel code execution is made more difficult
    • XOM cannot be disabled with arbitrary R/W directly
    • Limits gadgets
  • Hypervisor is a blackbox
    • Proprietary
    • Unreadable with kernel R/W
  • Thanks to @flat_z I was able to get hypervisor code to study

PS5 Hypervisor reverse engineering and future ideas

A large portion of the presentation goes into Specter’s findings while reverse engineering the PS5 Hypervisor. What I read, generally speaking is, “not good news”.

There is however a whole section for “attack ideas” that SpecterDev shares, which might give hope to some of us:

Future Research & Ideas – Data-Only Attacks

  • Hypervisor essentially limits us to data-only attacks
  • But control of data is still powerful
    • We can’t patch/hook code
      • … but we can hook data
  • Instead of patching PSP kernel API, we can try hijacking the mailbox
    • Spoof responses to load our own code
    • Haven’t had time to try this yet, but in theory should work
  • Might not be path of least resistance…

Future Research & Ideas – Hypervisor

  • Guest has a lot of potential vectors for VM escape
  • Obvious and easy ones are out
    • Control regs, EFER, page tables
  • But less obvious vectors can be explored
    • MSRs
    • IOMMU / HW attack + IOMMU hypercalls
    • Features / extended instructions HV doesn’t consider
    • Memory Mapped I/O (MMIO)
  • These kinds of bugs definitely exist 🙂
  • The hypervisor can’t protect everything
  • Trade-offs
    • Move more to HV = more attack surface
    • Also high performance penalty
  • HV is completely in-house
    • Less audited
    • Less mature
      • But a unique albeit formidable challenge is XOM

Download

You can check the presentation slides here.

Source: thanks to ar453a