Sony PS5 ROM keys leaked – jailbreaking could be made easier with BootROM codes

Posted by gloxkiqcza 1/1/2026

Sony PS5 ROM keys leaked – jailbreaking could be made easier with BootROM codes(www.tomshardware.com)

284 points | 92 commentspage 2

nopurpose 1/1/2026|

given that there is no dev mode or ssh server running on a console, how do they even read low level binary code such as boot loader? Do they transplant memory chips?

bri3d 1/1/2026||

In this case, by using fault injection to induce a glitch into a test mode which bypasses secure boot and loads code from SPI, combined with a SPI emulator (and I2C to send the boot vectors).

https://m.youtube.com/watch?v=cVJZYT8kYsI

MSFT_Edging 1/1/2026||

Chip-off is a common way to retrieve the ROM of embedded devices. It often requires multiple chip-off reads and a reconstruction of the striped data across the chips.

Thaxll 1/1/2026||

I guess this is similar to TPM / secure boot on a pc?

bri3d 1/1/2026|

This is the same hardware as a PC, but TPM and UEFI “Secure Boot” happen way, way later in the boot process and aren’t present here; this is the hardware root of trust, in this case the AMD PSP boot firmware, which runs on an ARM system alongside the x86 cores. Intel’s version is called Boot Guard and runs on a combination of x86 sub-cores (TXE) and ME.

monocasa 1/2/2026||

Interestingly, I've heard on the grapevine that AMD PSP was originally from the hardware security in the Xbox One (ie. the third line of Xboxes), hence why it's an ARM core. And it's also another branch in the lineage that also includes the Pluton security module.

MuffinFlavored 1/1/2026||

As in, you can now craft your own "update" and sign the bootloader/entire package and it will flash?

edit:

> You still won't get a jailbroken PlayStation 5 with this leak, but it will make it easier for hackers to compromise the console's bootloader.

nope?

peddling-brink 1/1/2026|

> Now that the ROM keys have been leaked (and assuming they are valid), a hacker could then decrypt and study the official bootloader and potentially use that as a starting point to understand how the PS5’s boot system works.

This would just allow further study.

TheRealPomax 1/1/2026|

... you mean every PS still uses the same key?

t-3 1/1/2026||

I've been firmly convinced for a while now that Sony purposely doesn't discourage jailbreakers too strongly. They quietly win loyalty by being just a little friendlier than Nintendo.

downrightmike 1/1/2026|||

Odds are the Japanese leadership in charge of the hardware can't use a computer, so doesn't understand them.

Ref: https://www.pcmag.com/news/japans-cyber-security-minister-do...

monocasa 1/2/2026||

There's a bunch of keys. Some are in mask rom, and would be incredibly expensive to make different per console.