PlayStation 5 ROM keys have been leaked

the PlayStation 5 with its controller in the background — (Image credit: Getty Images)

The PlayStation 5’s ROM keys have allegedly been leaked, meaning anyone who can get their hands on the hex strings now has the hardware code that will allow jailbreakers to try decrypting and analyzing the console’s bootloader. According to The Cybersec Guru, this is an unpatchable problem for Sony, because these keys cannot be changed and are burned directly in the APU. The only way that the company can invalidate the leaked codes is to replace the chips on yet-to-be-manufactured units, meaning consoles that are already in the wild could possibly take advantage of future jailbreaks stemming from the use of these leaked codes.

When you turn on the PS5, its CPU runs the BootROM code that’s baked in the chip and uses the ROM keys to ensure that Bootloader is valid. Now that the ROM keys have been leaked (and assuming they are valid), a hacker could then decrypt and study the official bootloader and potentially use that as a starting point to understand how the PS5’s boot system works. Since the issue is at a hardware level, Sony would not be able to release an update that will stop consoles with the compromised chip from loading kernel-level exploits in the future, should one become available.

Note that this leak does not automatically mean that we will see jailbroken PS5s on the market right now, especially as Sony has other security measures that hackers need to bypass. However, the appearance of these codes means that one of the biggest security features of the console has likely already been compromised, making it easier for those working on creating custom firmware to have a deeper understanding of how the console works and use that knowledge to maybe build a modified (or even a totally different) operating system for it.

This isn’t the first time that Sony has had to deal with a security crisis with the popular PlayStation family. The PlayStation 3 was previously hit with a vulnerability when the company made a mistake with their cryptography on the console, allowing users to install homebrew software and allow piracy and cheating on popular titles. We also saw this with the Nintendo Switch, when a flaw in the Nvidia Tegra X1 chip that it used let tinkerers run Linux on the handheld.

Sony has yet to release a statement regarding the hack, but the company could release revised hardware in the near future to rectify the situation. Another solution is to issue a recall for all existing PlayStation 5 consoles on the market and replace their motherboard to change the hardware codes, but this is unlikely to happen as it’s either going to be too costly for the company or gamers would be unwilling to pay extra for a mistake that was ultimately not theirs.

Follow 3DTested on Google News, or add us as a preferred source, to get our latest news, analysis, & reviews in your feeds.

TOPICS

6 Comments Comment from the forums

ezst036

Valve and the Steam Deck/incoming Steam Machine are giving Microsoft a lot of headaches for reasons that are not relevant here.

On the other side,

I hope Valve's openness gives future (let's say PS6 and beyond) consoles from any company headaches as well. That these companies go through such trouble to lock the devices down against their own users is just pathetic. And don't even get me started on Nintendo's ridiculously litigious nature.

Valve's openness and respect for all of us is proving that there simply is not an either/or. We really can have it all and the world is ours: (1)Ease of use. (2)Lower prices. (3)Faster performance. (4)Unlimited configurability. (5)Total freedom.
Reply
tamalero

Does this means a path for PS4 emulator designers to start looking at the PS5 too?
Reply
wwenze1

ezst036 said:
Valve and the Steam Deck/incoming Steam Machine are giving Microsoft a lot of headaches for reasons that are not relevant here.

On the other side,

I hope Valve's openness gives future (let's say PS6 and beyond) consoles from any company headaches as well. That these companies go through such trouble to lock the devices down against their own users is just pathetic. And don't even get me started on Nintendo's ridiculously litigious nature.

Valve's openness and respect for all of us is proving that there simply is not an either/or. We really can have it all and the world is ours: (1)Ease of use. (2)Lower prices. (3)Faster performance. (4)Unlimited configurability. (5)Total freedom.
Console hardware is often sold at a loss. So it's like T-Mobile locking your phone that you bought cheaply from them.

Valve is just adopting a different model because of where they came from and what they are currently. Regardless of whether you're on Steam Machine, Windows or Linux, you're using Steam eventually. To them, the Steam Machine is no different from what Pixel 10 phones are to Google.

Gaming consoles have a different history. With early consoles, a 3rd party can make a cartridge that runs on Atari 2600. Heck, there are gaming accessories that when plugged to a competitor's console, can play Atari cartridges. The NES had unlicensed cartridges. (And why NES only allowed licensed cartridges to begin with has to do with the 1983 video game crash.) That crash shaped Nintendo's ideology such that even today they have a firm grip on the software. And we cannot blame them since it is earning loads of money from their target audience.
Reply
Notton

I'm all for unlocked hardware, but you should never pair that with selling the device at a loss.

Steam Machine is a PC, and a decently capable one at that. If it was priced at a hefty discount, 99% of the inventory will be snapped up by corporations who will then proceed to install Windows or their custom Linux on it and not touch the Steam store at all.

That's what happened to GPUs during the crypto craze, the NFT craze, and now the AI craze.
Does anyone remember Nvidia attempting to "lock" down the RTX 3060 hash rate? Yeah, it didn't work.
Reply
Vanderlindemedia

That the console gets hacked after it's expected lifespan, is always better then when it's released.
Reply
TerryLaze

Notton said:
I'm all for unlocked hardware, but you should never pair that with selling the device at a loss.

Steam Machine is a PC, and a decently capable one at that. If it was priced at a hefty discount, 99% of the inventory will be snapped up by corporations who will then proceed to install Windows or their custom Linux on it and not touch the Steam store at all.

That's what happened to GPUs during the crypto craze, the NFT craze, and now the AI craze.
Does anyone remember Nvidia attempting to "lock" down the RTX 3060 hash rate? Yeah, it didn't work.
That's a poor excuse, they can just set a restriction on how many units a single customer can buy, no corporation will go through the trouble to make thousands of individual purchases.
They already do this for the steamdeck, each account can only buy one, for a family this is a rather minor annoyance you just make a few accounts for your kids if you want to buy multiple units, but for a corporation this would be a no go.

Valve sells them at full price because it's just a marketing stunt for them, they don't need this thing to succeed to make or not make a next model, the word of mouth and publicity will be strong either way.
Reply

Show more comments