Skip to main content

PlayStation 4 hack confirmed: watch the Linux demo

UPDATE: "SteamOS on the PS4 should 'just work' once the driver issues are sorted out."

UPDATE 4/1/16 12:22pm: Fail0verflow's thoughts on its PS4 hack, why it ported Linux and how it found the required exploits on Sony's hardware are posted here. This is interesting:

Original story: Noted hackers fail0verflow - whose previous credits include PlayStation 3, Wii and Wii U hacks - have demonstrated a complete, low-level hack for PlayStation 4. The team hasn't just circumvented the system's security and booted unsigned code - a customised, work-in-progress version of Linux designed explicitly for PS4 is in development and is showcased in the video below.

A few morsels about the hardware make-up of the PlayStation 4 are also revealed - firstly that although the Sony hardware is based on PC technology, there are a lot of differences, necessitating over 7000 modifications (and counting) to the Linux kernel. The team notes that neither AMD or Sony seem to have given the console's APU a codename (fail0verflow have gone with Liverpool), but the machine's southbridge - responsible for communications with external peripherals - is known as Aeolia. Designed by Marvell, the southbridge varies significantly from PC architecture, leading the team to speculate that the developers were experimenting with their own version of the PCI protocol.

In putting together its Linux port - which is now publicly available though of little use to end-users - the team has made good progress in adapting the OS for the custom hardware, but notes that 3D acceleration and HDMI audio are still work-in-progress. On top of that, it seems that despite the actual hardware using a SATA interface, the PS4 itself appears to communicate with the hard drive via USB - a curious state of affairs. The Blu-ray drive does use the SATA AHCI standard, but is currently untested in the Linux build.

Fail0verflow's presentation, showing the PlayStation 4 fully exploited and running a customised version of the Linux operating system.Watch on YouTube

Fail0verflow is looking to release custom bootstrap code to get Linux running on the PS4, but is stopping short of releasing the actual exploit that gains low-level access to the hardware. "Bring your own exploit," the team says. "PS4 security is crappy enough that you don't need us for that."

The video gives away few hints about how this is actually done, but it does show Linux booting via the PlayStation 4's browser - and this in turn reveals that a keyboard is connected (which is promptly disconnected as the OS loads). Looking back at last month's exploit, it seems that gaining low-level access to the PlayStation 4 via its browser seems to be a common theme.

Back then, hackers had demonstrated that the PS4 system RAM could be dumped and that the hard drive's file system was accessible. Fail0verflow's work is far, far more advanced - the team hasn't just run unsigned code (any code that runs on PS4 usually requires encryption by Sony itself before it will run) but it has also reverse-engineered a good proportion of the PlayStation 4 hardware and has an intimate understanding of how it works.

In our last report, we suggested that piracy was a long way off based on what had been publicly revealed, but looking at the extent of the knowledge fail0verflow has accrued and its almost mocking dismissal of the PS4's security system, clearly that opinion needs to be reassessed. The big question is to what extent other hacking teams have managed to replicate the work (fail0verflow won't release its PS4 hack and never released its Wii U exploit, perhaps due to the piracy fallout of its PS3 work) and whether actual game code can be dumped, copied and booted. On top of that, questions also need to be asked about how quickly Sony can respond to any given breach to its security, and whether the exploits in question can be patched out via system software updates - or whether the vulnerabilities go deeper.

Read this next