PS5 YouTube Exploit - What we know so far - video Dailymotion

jalal khan

What we know so far about the new Y2JB (YouTube Jailbreak).  -------------------------------------------------------------------------------------------------------- Links:  Gezine Dev: https://x.com/gezine_dev  YouTube PoC: https://drive.google.com/file/d/1YTaB...  YouTube app versions: https://prosperopatches.com/PPSA01650   -------------------------------------------------------------------------------------------------------- Music Outro: Paul Flint - Sock It To Them -    • Paul Flint - Sock It To Them [NCS Release]   -------------------------------------------------------------------------------------------------------- Find my content on these other platforms: Odysee: https://odysee.com/@MODDEDWARFARE LBRY: https://lbry.tv/@MODDEDWARFARE BitChute: https://www.bitchute.com/channel/cZkN...

Transcript

00:00Hey how's it going guys welcome back to another PS5 video. So I thought in this video we'd go

00:04ahead and discuss the new YouTube exploit that is currently under development which is being

00:09affectionately known as Y2JB for YouTube jailbreak which is attempting to use the YouTube application

00:15to actually trigger a userland exploit which could then be used to jailbreak the PS5. It wouldn't

00:20allow us to jailbreak any higher firmwares just the same firmwares that we can currently jailbreak

00:25up to 10.01 currently. However what it would do is allow us a much easier way to jailbreak the

00:30console. We wouldn't need a blu-ray disc, we wouldn't need any of those Japanese games. We would

00:35also be able to use digital edition consoles and also consoles that don't have access to a disk drive

00:40like disk edition slims that did not have the drive already paired. We'd be able to use all of those

00:46to jailbreak the console so it'd pretty much be the same across the board for all PS5s whether you have

00:52a fat, slim or pro model. Whether it's a digital edition or a disk edition it would not matter

00:57they'd all be the same as long as it's on a low enough firmware which would be great. So that is

01:01the advantage of some kind of exploit like this through the YouTube application and in this video

01:06I'm just going to discuss what we can expect to see with this exploit, what we know so far

01:10because obviously it is still very much in development at this time. There could always be

01:15something that could come up that would prevent this from working but so far it is looking very

01:19promising with the current information that we have available to us right now. So this is all

01:24coming to us from Geji Ne, that is the developer that is working on this. Now there has already been

01:29a proof of concept that's been released and this is mainly just to test to see if the exploit is going

01:35to be viable on higher firmwares as well. So it's not the actual user land exploits yet, it's more of

01:40just a vulnerability that we can see if it's been triggered on the higher firmwares because of course

01:46the developer is working on firmware 6.02 but doesn't know if it's going to work on higher

01:51firmwares. Now this backup was created on I believe 6.02 which means you need to be on 6.2 or higher

01:57of a firmware on your PS5 to test this but if this does become a full exploit in the future

02:03it will work on older firmwares. The limitation of 6.02 or higher is just because the backup was

02:09created on that firmware right now but somebody on an older firmware could recreate the exploit,

02:14the POC on an older firmware and create their own backup and then you could restore it on older

02:19firmwares. So this limitation is not a limitation of the exploit, just the console that the backup

02:24was created on. So essentially this backup was released that includes the YouTube application

02:29as well as the necessary vulnerability that will be triggered when the YouTube application is launched

02:34and to know whether or not it's working you see if the YouTube application crashes a while after

02:39it's been launched. So to tell if it's working you launch the YouTube application after restoring

02:44that backup file and then when you launch it it will crash the YouTube application after the sign-in

02:50screen appears as you can see here. So that is what happens with that proof of concept and apparently

02:55people up to 10.0 and 10.01 have tested it and it is still working and that's the highest jailbreakable

03:02firmware so far which means we should be able to use this to load the latest jailbreak,

03:06the lapse kernel exploit all the way up to firmware 10.01 and it looks like it will probably work on

03:11higher firmwares too if we ever get any new kernel exploits for higher firmwares which is fantastic.

03:17So that's the situation so far, you can try the POC yourself if you want to test it on your own

03:21firmware, it's not really necessary since we already know pretty much what firmwares it works up to now

03:27but if you want to test it of course all you need to do is make a backup of your own PS5 to a USB

03:32drive using the backup and restore options. Use the backup method to create your own backup and

03:37then copy it somewhere safe on your computer and then you just copy the PS5 folder from the POC

03:42backup onto the root of the USB drive making sure the USB is in XFAT format and then you can plug that

03:49USB in and use the backup and restore options to restore that backup which will get the YouTube

03:54application installed with the proof of concept test audit so when you load the YouTube application

03:59it should crash the application after a few seconds to know that it's working but again it's not really

04:04necessary for most people to go out and do that because it's already been tested by other testers

04:09at this point. It's probably better to wait until we actually have a user land exploit implemented in

04:14this with a backup file for that that we could restore that could then be used to trigger the

04:19jailbreak which is not currently available yet. This is just a proof of concept test for now.

04:24So to recap the developments the first sign we got was this post showing a hello world html file

04:31being loaded before the PlayStation sign-in screen appears but the page was only loading for two

04:36seconds before it automatically closed. This was then bypassed in the next example showing a page

04:42being loaded with a timer that is continuing to run after the PlayStation sign-in screen appears

04:47so we don't need to actually bypass the PlayStation sign-in page to be able to access the full

04:52application as the app can be exploited without signing in to PSN without bypassing that section

04:59and not long after that we're now at the point where a vulnerability has been triggered that is

05:03actually causing the YouTube application to crash. So the idea behind this is that the YouTube

05:09application does not actually use the same web kit that the PlayStation 5 normally uses. The built-in

05:16browser is based on Apple's web kit and that's the one that has a lot of security patches that we've not

05:21been able to get a new web kit exploit for to be able to use the browser to jailbreak in quite a

05:27while since 5.50 on the PS5 but with the YouTube application it's actually using its own browser

05:33package that's based on Cobalt and some kind of Mozilla version it seems so it's using something

05:39completely different and we can also run older versions of the YouTube application. We can see on

05:45Prospero patches there's lots of different YouTube versions available for the PS5 going all the way back

05:51to version 1.002 which works all the way down to firmware 2.0 on the PS5. These older versions of the

05:59YouTube app are more likely to be vulnerable to more exploits that could be used to trigger a userland

06:05exploit. It looks like the version that GejiNet is using at the moment is actually version 1.003

06:11so not the oldest one on Prospero patches which is 002 but 003 seems to be the one which requires

06:184.03 there may be more vulnerabilities that are being used in version 003 than 002 so that might

06:26be why 4.03 is going to be the lowest firmware compatible here and the idea is that GejiNet can

06:33install one of these older YouTube applications onto a console that already has a jailbreak so that

06:38they can install it with the debug settings and then once it's installed they can apply whatever kind

06:44of exploit to it and then create a backup of the PS5 that can then be restored onto your console or my

06:50console to have a working version of the YouTube application that we can run that will then trigger

06:55a userland exploit which could then be used to trigger the kernel exploit and jailbreak the console.

07:01That is the general idea. Now there have been some more recent updates we can see here the PS4

07:06YouTube app apparently requires a license so it will not work on the PS4 so that kind of kills the idea

07:12of this translating over to the PlayStation 4 this may be a PS5 only option here. So that's all the

07:19information we have at the moment it is looking very promising but obviously you have to take things

07:23with a grain of salt we don't actually have a userland exploit implemented in this yet so we'll have to

07:29wait and see how things develop there could always be some unforeseen issue that prevents this from

07:33working so you know it's it's looking very promising so far but we just have to wait and see

07:38I don't want to guarantee anything yet until we actually have some kind of userland exploit that

07:43is built in here. There's other media applications also so if this one doesn't work out it's possible

07:48some other media applications might be more viable. Now another thing that was also posted by the

07:53developer I just want to mention here we can see YouTube PSN sign-in pop-up disable patch you need

07:58version 1.003 version of YouTube and the new items flow from lightning mods which is not available yet

08:04made this patch so I can debug easily. So this is not required for the exploits just to be clear

08:10the idea here is just to make it easier for the developer to try and work and develop this exploit

08:16they want to be able to just easily bypass the PlayStation sign-in it must make it easier for

08:21them to kind of test things and because of that they've developed an XML patch that can be applied

08:26through items flow to the YouTube application so that they can bypass that sign-in screen so this

08:31items flow patch is not required for the end user to actually run the exploit it's just making it

08:36easier for the developer to actually test things to try and create the exploit in the first place

08:41just to kind of clarify that as well. Anyway that's going to do it for this one just a quick video

08:46there so hope you guys enjoyed this one or found the information useful if you did please leave a like

08:49and subscribe and once again as always I'll hopefully see you guys in the next one.

PS5 YouTube Exploit - What we know so far

Category

Transcript

Be the first to comment

Recommended