This is the fourth part of a series chronicling Sony’s decades-long fight against piracy and cracking. This week we are looking into the PS4 modding scene.
A choice few patterns of defeat were uncovered in this PlayStation hackery series. For now, this is the final (full size console) episode, until the PS5 meets its own watery grave. If anything is to be taken away from this, the fall of a console, seemingly predictable when looking at those prior to it, always manages to surprise in its exact method. Like an octopus in an elaborately designed trap, you’d expect there to be no exits for it to consider. The ingenuity of the hacking community has continually shattered these expectations, as you’ll see in this rundown of the history of PS4 modding.
On the other hand, with three generations of tried and tested anti-modding techniques under the belt at the time, the third being a great success (more or less), Sony was on track and well-prepared to attempt their next most impenetrable gaming system.
Born in the USA
In November of 2013, Sony’s best shot at such a system, PlayStation 4, released in North America. Strangely, its Japan launch wasn’t until February of the following year, when Sony’s first priority with prior consoles had been its birthplace until this point. By the time the US hit 30 million sales, Japan had only just scraped a measly 8 and a half. Money talks.
Unlike every prior generation, Sony stuck with their existing disc storage technology (Blu-ray) rather than tempting fate again by jumping into new waters, perhaps because it was what saved the PS3 from a quick and embarrassing death.
Upgrades were plentiful, though. Dedicated RAM jumped from the PS3’s 256MB (256,000,000 bytes) of GDDR3 RAM to 8GB (8,000,000,000 bytes) of GDDR5 RAM. The GPU also left its predecessor for dust, vaulting from 400 Gigaflops to 1.84 Teraflops in speed. The PS4 was packing a x86 octa core semi-custom AMD APU, nicknamed Jaguar, clocking in at 1.6GHz (try reading that out loud 2x fast).
This is partly the reason why it took so long for game developers to meet hardware limitations. Even then, the PS4 Pro gave the existing technology a new lease of life at what should have been the console’s end-of-life.
Great Expectations
As the previous article explains, from the PS3 backward, a year without having your console cracked by the modding community was considered to be a success in the grand scheme of things. Security/anti-piracy measures had supposedly done a lot of maturing since the previous-gen, however, so expectations were high.
USB keys, memory card exploits, disc drive shenanigans and even Chipsus Christ Superstars were all but completely off the table. By that token, though, systems had gotten a whole lot more complex. More complexity naturally allows more room for human error. It also breeds modding boffinry.
Around eighteen months came and went without a whisper of PS4 modding, hacking or cracking on the Earth’s surface. But in the internet’s skooma dens (modding forums), some serious game plans were being cooked up. Modding boffinry became much more covert than it once was during this gen, mostly owing to the lack of hard-mods (chips etc.) and unpatchable exploits available.
That’s to say that console manufacturers had a lot more power over the ‘misuse’ of their systems than they did back in the good old days™. If you are to take full advantage of a console’s gaming capabilities today, multiplayer services which monitor your hardware (and software) are not an opt-in type deal.
If hard mods were discovered, all it took was an OTA security update to brick your system if they chose to (almost guaranteed). Even if you had found out that the jig was up before approving the update, kiss goodbye to online multiplayer because that required an update. That’s not to mention online perma-bans for running unsigned codes or pirated games. While those actions seem justified, even running Homebrew on a Switch will unleash Nintendo’s banhammer.
I’d Do Anything for a Secure OS (But I Won’t Make My Own)
If there was anything to be found in the way of exploits, it was highly unlikely to be a hardware flaw. Understandably, flaws were rife in the system software. Orbis, the PS4’s OS, was developed entirely using open source software, meaning the components of Orbis were widely in-use, their innerworkings: public knowledge. In late 2015, CTurt, in partnership with others in the PS4 modding community, discovered the PS4’s alleged first working exploit, known as BadIRET.
This exploit targeted the PS4’s open-source internet browser, causing data corruption which allowed for tampering. CTurt also helped to create The PS4 Webkit Playground. A PS4 Homebrew community was established shortly after. CTurt not only opened the door with this exploit, they added some serious functionality to the room behind it. Unfortunately, not long after this discovery was made an update patched up the vulnerability, closing off this tight-knit homebrew community in an old firmware revision for a while, though they continued working until old faithful CTurt co-discovered another exploit.
This was a targeted buffer overflow which, in short, overwhelmed the kernel’s allocated memory until incorrect results/a gap worth infiltrating appeared. Once again, a small percentage of users made their way through the door just as Sony locked it behind them with another OTA security update. As many weren’t aware, the work wasn’t making a huge difference in terms of numbers. CTurt bowed out of the race, hanging up their hat and announcing their retirement from the world of PS4 modding.
War. War Never Changes
By this time, luckily, others had been inspired to look for exploits themselves. Because the open-source software was in use on multiple platforms, it didn’t take long for more exploits to be discovered elsewhere. In 2017, another of the open-source components of the PS4’s OS, known as FreeBSD, had within it a wide-open VM (virtual machine) just waiting to be discovered. BPF (the Berkeley Packet Filter) was exactly that, intended to be a means of transferring data packets securely into the PS4’s kernel.
By misdirecting the filter with a specifically invalid command, it too opened the door for more users to haul themselves through to the promised lands before, again, the door slammed shut behind them and yet another OTA security update was pushed to the masses. There was a short reprisal of this exploit from the modding community when a workaround was discovered for the patch, followed swiftly by another patch update, to patch the patch that the update hadn’t patched. Your average user wouldn’t ever have questioned the vague ‘General Security Fixes’ changenotes header in the update information on their PS4. Because of the sheer speed of Sony’s responses to potential threats, only a very small community had managed to find out about and make the jump into the liberated nook of the PS4 system thus far.
I Have a Cunning Plan
Smarty pants modder TheFlow wisely informed users to stay on their firmware revision before getting to work on cracking the PS4’s security. In the end, he sold his kernel exploit, another entry point into the vulnerability laden open-source web browser, to Sony, who by this point were offering rewards for this kind of thing (genius). What Sony didn’t take into account was that all the users TheFlow had instructed not to make any updates to their PS4s now had an exploit with which to allow more users/devs onto the now mostly-deserted island of PS4 OS modding, Homebrew and piracy.
This is the main reason why not so many are aware of the PS4’s fall in the first place, as a patch was released to those who weren’t in the know. As updates can’t be reversed on the PS4, only consoles running old firmware are hackable.
Further exploits for the system are still in development, though the popularity and choices available due to the overall lack of resources and trails of abandoned projects leaves little to be desired. This is all thanks to Sony’s tactical nuking of just about every little threat to their otherwise bombproof system. This time, I must concede their success wasn’t anything to do with luck. *slow clap*
Thanks for reading our latest episode on PlayStation hackery, you can find the rest of the series here. Did you benefit from the work done by the PS4 modding and hacking community? Or is this all news to you? Do you think this newest gen of consoles will be unhackable? What does this mean for the modding community? Let us know in the comments!