{
	"id": "d9597a9c-e656-488a-a88e-d9266ac2fa3b",
	"created_at": "2026-04-06T00:15:20.688037Z",
	"updated_at": "2026-04-10T03:35:36.696495Z",
	"deleted_at": null,
	"sha1_hash": "0b793611bdb8d2279cd389f2168a5b99899db415",
	"title": "Hacking group says it has found encryption keys needed to unlock the PS5 [Updated]",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 34560,
	"plain_text": "Hacking group says it has found encryption keys needed to unlock\r\nthe PS5 [Updated]\r\nBy Kyle Orland\r\nPublished: 2021-11-08 · Archived: 2026-04-02 12:36:32 UTC\r\nHacking group Fail0verflow announced Sunday evening that it had obtained the encryption “root keys” for the\r\nPlayStation 5, an important first step in any effort to unlock the system and allow users to run homebrew software.\r\nThe tweeted announcement includes an image of what appears to be the PS5’s decrypted firmware files,\r\nhighlighting code that references the system’s “secure loader.” Analyzing that decrypted firmware could let\r\nFail0verflow (or other hackers) reverse engineer the code and create custom firmware with the ability to load\r\nhomebrew PS5 software (signed by those same symmetric keys to get the PS5 to recognize them as authentic).\r\n[Update (Nov. 9): Aside from the symmetric encryption/decryption keys that have apparently been discovered,\r\nseparate asymmetric keys are needed to validate any homebrew software to be seen as authentic by the system.\r\nThe private portion of those authentication keys does not seem to have been uncovered yet, and probably won’t be\r\nfound on the system itself. Still, the symmetric keys in question should prove useful for enabling further analysis\r\nof the PS5 system software and discovering other exploits that could lead to the execution of unsigned code. Ars\r\nregrets the error.]\r\nExtracting the PS5’s system software and installing a replacement both require some sort of exploit that provides\r\nread and/or write access to the PS5’s usually secure kernel. Fail0verflow’s post does not detail the exploit the\r\ngroup used, but the tweet says the keys were “obtained from software,” suggesting the group didn’t need to make\r\nany modifications to the hardware itself.\r\nSeparately this weekend, well-known PlayStation hacker theFlow0 tweeted a screenshot showing a “Debug\r\nSettings” option amid the usual list of PS5 settings. As console-hacking news site Wololo explains, this debug\r\nsetting was previously only seen on development hardware, where the GUI looks significantly different. But\r\nTheFlow0’s tweet appears to come from the built-in sharing function of a retail PS5, suggesting he has also used\r\nan exploit to enable the internal flags that unlock the mode on standard consumer hardware.\r\nSource: https://arstechnica.com/gaming/2021/11/uncovered-ps5-encryption-keys-are-the-first-step-to-unlocking-the-console/\r\nhttps://arstechnica.com/gaming/2021/11/uncovered-ps5-encryption-keys-are-the-first-step-to-unlocking-the-console/\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MISPGALAXY",
		"Malpedia"
	],
	"references": [
		"https://arstechnica.com/gaming/2021/11/uncovered-ps5-encryption-keys-are-the-first-step-to-unlocking-the-console/"
	],
	"report_names": [
		"uncovered-ps5-encryption-keys-are-the-first-step-to-unlocking-the-console"
	],
	"threat_actors": [
		{
			"id": "d90307b6-14a9-4d0b-9156-89e453d6eb13",
			"created_at": "2022-10-25T16:07:23.773944Z",
			"updated_at": "2026-04-10T02:00:04.746188Z",
			"deleted_at": null,
			"main_name": "Lead",
			"aliases": [
				"Casper",
				"TG-3279"
			],
			"source_name": "ETDA:Lead",
			"tools": [
				"Agentemis",
				"BleDoor",
				"Cobalt Strike",
				"CobaltStrike",
				"RbDoor",
				"RibDoor",
				"Winnti",
				"cobeacon"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "1a3a682c-7499-4954-ad98-da1485b78563",
			"created_at": "2024-09-20T02:00:04.591212Z",
			"updated_at": "2026-04-10T02:00:03.704068Z",
			"deleted_at": null,
			"main_name": "Fail0verflow",
			"aliases": [
				"Team Twiizer"
			],
			"source_name": "MISPGALAXY:Fail0verflow",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		}
	],
	"ts_created_at": 1775434520,
	"ts_updated_at": 1775792136,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/0b793611bdb8d2279cd389f2168a5b99899db415.pdf",
		"text": "https://archive.orkl.eu/0b793611bdb8d2279cd389f2168a5b99899db415.txt",
		"img": "https://archive.orkl.eu/0b793611bdb8d2279cd389f2168a5b99899db415.jpg"
	}
}