Hacking Sony PlayStation Blu-ray Drives


Xbox 360 video game console had a number of widely known hacks for firmware of its optical disc drives. However, it was never the case with Blu-ray disc drives of Sony PlayStation video game consoles. In fact, up until recently there was no much information available on this subject publicly. In this presentation, I would like to share my journey of delving deep into internals and security of Sony PlayStation Blu-ray disc drives. As games are distributed within optical media, those embedded devices were intended to contain the best security possible. I will demonstrate a multiple hardware hacks and several software vulnerabilities that allowed me to dump firmware and get code execution on multiple models of Sony PlayStation Blu-ray disc drives.

In this presentation, I will share the following:

  1. I will provide in-depth analysis of vulnerabilities and their exploitation to achieve code execution on multiple models of Sony PlayStation Blu-ray disc drives
  2. I will discuss problems that I’ve encountered while reverse engineering the firmware and how I solved (some of) them
  3. I will talk about security features of Sony PlayStation Blu-ray disc drives
  4. I will explain what engineers did right and how achieving code execution on the drive doesn’t lead to full compromise of security


Boris Larin is a Senior Malware Analyst at Kaspersky where his main responsibility is detection of exploits. He found six zero-day exploits that were used in the wild just during one year and discovered a number of large supply chain attacks such as ASUS “Operation ShadowHammer” and a few others. Besides that some people also knows him by the handle oct0xor who was active in video game console hacking community since 2011. His latest write-ups about zero-day exploits and the inner workings of commonly exploited software can be found on Securelist.com.