The PlayStation 5 (PS5) represents a significant leap in technological advancements, particularly in terms of its security measures, which have undergone substantial improvements compared to its predecessor, the PS4. Due to the lack of public documentation around its security hardening techniques, there exists some misunderstanding of the system's security infrastructure. This conference talk aims to shed light on the PS5's system architecture, focusing on Sony's efforts to impede reverse engineering and mitigate the impact of kernel memory corruption.
This presentation will delve into the intricacies of the PS5's security mechanisms, analyzing the evolving attack surface and ushering in of modern mitigations such as Supervisor Mode Access Prevention (SMAP), Supervisor Mode Execution Protection (SMEP), kernel Control Flow Integrity (kCFI), and eXecute Only Memory (XOM). Furthermore, we'll investigate the internal workings of the PS5's hypervisor, and analyze it's role in safeguarding the system against high-privileged attackers. We'll also talk about some how these mitigations can be worked around and highlight some avenues and ideas for future research.
SpecterDev is a security researcher who specializes in kernel exploitation against linux, mobile, and console. He started doing console research five years ago on the PlayStation 4, and has recently been focusing on the PlayStation 5 and the AMD Secure Processor on the side. He also co-hosts a weekly podcast and media channel called dayzerosec, which keeps up with and discusses various recent vulnerabilities, exploits, and research.