A developer named sleirsgoevy recently released the source code for PS5-FakeXen, an experimental project designed to run Linux on the PlayStation 5 by exploiting its hypervisor. Initially intended as a complex solution to bypass a supposed security feature (GMET), it turned out that simpler methods existed. The idea behind FakeXen is that the project was based on the assumption that the PS5’s hypervisor was using GMET (Guest Mode Execution Trap), a protection that blocks the execution of unauthenticated code. To circumvent this, the developer created a “Fake Xen” environment (a dummy hypervisor) to trick the system into running a modified Linux kernel.
However, upon analysis, it turned out that Sony had not enabled GMET, making this approach unnecessarily complex. Other, more straightforward methods are now available to run Linux on the console.
Technical operation: Linux Kernel: Based on version 6.12.8, compiled with Xen PV (paravirtualization) support.”Frankenkernel”: A fake BSD kernel containing the “gadgets” needed to initialize the environment.Debugging: Integrates a GDB stub to analyze the kernel in real time.
Required materials:– On QEMU: Launch via make qemu (requires a powerful CPU).- On PS5: Requires a UART connection (soldering on the “Titania” test pads).
Warnings & Limitations:– Not stable: May crash without maxcpus=1 in kernel settings.- Insecure: Possibly vulnerable to exploits from user space.- Educational purposes: The code is released “as is”, mainly for the archive, in case Sony fixes the hypervisor later.This project remains primarily a POC, demonstrating how researchers are testing different approaches to understanding the console’s protections. Simpler methods exist today, but PS5-FakeXen could serve as a fallback solution if Sony locks down its hypervisor in the future.
Source: FakeXen
Comments