eXecute Only Memory (XOM) is an effective mitigation for preventing Reverse Engineering (RE). The PS5 is one of the only (if not the only) x86-based system that utilizes it, as it was pioneered by ARM. It effectively prevents read accesses to certain memory regions or pages via the page tables. When a memory read operation is processed by the CPU, the Page Table Entry (PTE) is checked for the accessed address range, and if the XOM-bit is set, an exception is raised. This exception is then handled by the Hypervisor. On an uncompromised hypervisor, this results in a kernel panic. On PS5, XOM is present in both usermode and kernel.

Usermode XOM[edit | edit source]

On PS5 titles and system applications, XOM will be enforced, meaning that it is no longer possible to dump usermode modules without a kernel exploit or some other vulnerability. With kernel read/write access, it is possible to disable usermode XOM via flipping the bit on usermode Page Table Entries (PTEs). It is worth noting that you would also have to flush the Translation Lookaside Buffers (TLBs) for these changes to take effect.

Kernel XOM[edit | edit source]

The PS5 kernel uses XOM to protect its' own .text pages. Disabling XOM in the kernel will likely require compromising the hypervisor or circumventing with some form of hardware attack, as the page tables are shadowed with nested paging. This presents a chicken and egg problem, as compromising the hypervisor will be difficult without the ability to do any RE on the kernel.