Talk Title:

Byepervisor: How We Broke the PS5 Hypervisor

Abstract:

Although a kernel exploit for the PlayStation 5 (PS5) has been public for years, the hypervisor-based security architecture has largely succeeded in preventing reverse engineering of the system and maintaining kernel integrity across all firmware versions—until now.

We will explore methods used to circumvent the hypervisor, enabling custom code execution and system library decryption. Additionally, we will reveal two previously undisclosed vulnerabilities in hypervisor firmware versions up to 2.50, which can be exploited for a full hypervisor compromise and the bypass of eXecute Only Memory (XOM) protection. Furthermore, we will release scripts to assist in reverse engineering the system, which will be made publicly available following the presentation.

Speaker Bio:

SpecterDev is a security researcher who specializes in kernel exploitation, and is a previous speaker at hardwear.io. He started doing console research six years ago on the PlayStation 4, and has recently been focusing on the PlayStation 5 and the AMD Secure Processor on the side. He also co-hosts a weekly podcast and media channel called dayzerosec, which keeps up with and discusses various recent vulnerabilities, exploits, and research.