Tutorial  Updated

PS5 Exploit Guide

PS5 HACK STATUS:

Recommended FW: 4.51 for etaHEN or HV exploit.
Highest Hypervisor exploit: 1.00-4.51 (FlatZ confirmed)
Highest Public Hypervisor exploit: 1.xx-2.50/2.70 (byepervisor by Specter dev)
Highest public kernel exploit: 5.50 UMTX
Highest private kernel exploit:
*7.61 UMTX*
KEX offsets found: 1.00-5.50
Highest webkit entry point: 5.XX
Mast1C0re entrypoint: up to 8.00 (7.61 for PS2 backups)
Highest BD-JB entrypoint: 7.61
Highest Lua entrypoint: 7.61
Homebrew Enabler: etaHEN (3.XX-4.5X) latest
HERE
PS5 backup loading: Itemzflow for 3.XX-4.5X HERE
PS4 backup loading: FPKG Enabler 2.XX-4.5X (rest mode & backports work, can crash).
PS5debug released:
HERE
PS5 trainers/cheats: Work
PS5 dumper: 3.XX-4.5X works with most games, use Itemzflow
(Dumps need rebuilding/cracking to avoid crashing)

UART:
HERE
Full chain exploit: 1.00-2.70 (byepervisor)
PSN access: NEVER
Latest OFW: 10.20 (23/10/24)
Latest beta OFW: 10.00 b2 (25/07/24)
OFW Updates:
HERE
Legit PKG Updates: HERE

https://github.com/PS5Dev/PS5-UMTX-Jailbreak/releases/tag/v1.2

UMTX 1.2 exploit works on 1.00-5.xx with WebKit:
https://zecoxao.github.io/umtx/ or https://es7in1.site/ (payloads not working on 5.xx yet)

UMTX 6.xx-7.61 will require a new webkit exploit for digital consoles

PS5 Itemzflow compatibility list:

Recommended hosts:
AL-AZIF WEB HOST:
DNS 1: 165.227.83.145
DNS 2: 192.241.221.79

https://cthugha.thegate.network/
https://ithaqua.thegate.network/

NOMADIC20000 HOST:
DNS 1: 62.210.38.117

(Leave DNS 2 blank)
http://es7in1.site/
https://zecoxao.github.io/ps5jb/

https://ps5jb.pages.dev/
https://sleirsgoevy.github.io/ps4jb2/ps5-403/index.html

PS5 game updates: https://psxpatches.com/

Summarised OFW/Model guide: HERE

1.XX-7.61 game compatibility list: HERE

Update OFW manually via USB by getting the firmware file from HERE and installing from <USB>:/PS5/UPDATE/PS5UPDATE.PUP

SYSTEM UPDATES:
7.61 SYS MD5: d5eca8b171a8d7df7ba225167f77e645 (ready for exploit)
6.50 SYS MD5: 98db854ba47a75dff0cb09355bca9025 (ready for exploit)
5.50 SYS MD5: edb3513ec531b2bd28f3a0b52a82a54f (exploited)
4.51 SYS MD5: 1330b7bf63bf5c93d809b1eb1f4e1f01 (exploited)
4.03 SYS MD5: 3716e4e6e0d223cd94cd4a8e5bd4fb94 (exploited)

RECOVERY UPDATES (wipes all data):

7.61 REC MD5: 932f24e934723050fe49561b67e95226 (ready for exploit)
6.50 REC MD5: 4305223c12bd6dda9b944c0ee49c94c0 (ready for exploit)
5.50 REC MD5: c939ac8b37e07bbc129816a61002d30a (exploited)
4.51 REC MD5: da78ca268da90a963d89b0f45db0f061 (exploited)
4.03 REC MD5: e6dcc800d8d1dcada4f2bcd6e7ff162c (exploited)


PS5 OFW 3.xx runs PS4 games up to 8.50
PS5 OFW 4.xx runs PS4 games up to 9.00

PS4 backported FPKGs work perfectly on PS5.

To determine your OFW version:
Go to settings > system > console information.

Version string info:
Year.Half (1st/2nd half of the year)-Major Version No.Minor Version No.Extended info-Further Info.Retail/Debug

21.02-04.03.00.00-00.00.00.0.1

First BD-J + Kernel access exploit provided by Sleirsgoevy (29/9/22)


Note: There are several USERLAND exploits, a couple of KERNEL exploits, and there is now a public HYPERVISOR exploits available for 1.xx-2.70 to complete the full exploit chain (23/10/24).

Recently Flatz confirmed he has developed his own HV exploit (1.xx-4.51 which is kept private) which was chained from a PS4 save game, and has successfully dumped PlayStation Secure Processor (27/07/23).


As of August 4th 2022: We can now install PS4/PS5 PKG games and updates (and by extension FPKGs) however official PKGs cannot be run unless you legitimately owned them previously digitally and have a licence for them on your current console, or if you own the disc (for update pkgs).

As of October 6th PS4 FPKG can be played on 4.03 OFW thanks to Sliersgoevy FPKG enabler!

Payload: https://gbatemp.net/download/4-03-fpkg-enabler-hen.38248/

As of October 21st PS4 FPKG can be played on 4.50 thanks to cheburek3000 porting offsets.

Payload: https://gbatemp.net/download/4-50-fpkg-enabler-hen.38279/

As of October 25th theflow0 fixes BD-J path traversal and native code execution for 7.61
https://x.com/theflow0/status/1717088032031982066?s=46&t=PIYQV4jmWEyCbVfx3Nx26g

As of November 4th ktuff is fixed for 4.51:

Payload: https://gbatemp.net/download/fpkg-enabler-4-51-hen.38306/

Nov 7th PS5 backups loaded via Itemzflow by Lightningmodz and Echostretch. Fully decrypted dumps require system files bundled into them in order to run without crashing with Libhijacker (no hen required), details here: https://gbatemp.net/threads/ps5-exploit-guide.613891/page-109#post-10290677

As of November 30th ps5debug has been released by SiSTR0: https://github.com/GoldHEN/ps5debug
Mirror: https://gbatemp.net/download/ps5debug.38333/

Dec 1st: first PS5 trainer (Dark Souls) is completed ready for the imminent release of REAPER Multi Trainer II by CTN.

Dec 25th: PS5 back up loading via ITEMZFLOW now released: https://pkg-zone.com/details/ITEM00001

As of Jan 2nd 2024 Sleirsgoevy has ported K-Stuff offsets for 3.xx firmwares.

As of Jan 4th 2024 LM had added 3.XX Kstuff to Itemzflow meaning 3.XX-4.51 is now supported for PS4/PS5 backups and dumping.


Oct 8th 2024: BD-JB + Kernel works on 7.61 thanks to user Hammer.
1: Never enable IDU mode.
If you do you will need to enter staff mode by holding L1 + L2 and tapping this combo: circle, cross, square, triangle, right D-Pad. Release L1 + L2 and you can access settings to exit IDU.

2: Try to stay on the lowest FW possible and wait it out for hacks on that firmware.

3: PS5 FPKGs cannot work as a hack for the a53 processor does not publicly exist to enable PS5 content as FPKG/PKG.

4: Installing legit game PKGs you do not own will not work, even if spoofed.

5: If you get stuck in a boot loop at the PS logo, this means the SNVS is corrupted (if hash check fails on boot this causes a “soft brick”).

It’s not “bricked”, just reinstall your current firmware RECOVERY PUP in safe mode!

USB: PS5 > UPDATE > PS5UPDATE.PUP

WEBKIT EXPLOIT:
Webkit > Kernel exploit chain for 3.00-4.51 via SpectreDev & ChendoChap:
https://github.com/Cryptogenic/PS5-4.03-Kernel-Exploit

https://github.com/ChendoChap/PS5-IPV6-Kernel-Exploit/tree/wip_branch

4.03 only: https://sleirsgoevy.github.io/ps4jb2/ps5-403/index.html

BD-JB EXPLOIT:
BD-JB > Kernel exploit chain for 4.51 via Sleirsgoevy:
https://github.com/sleirsgoevy/bd-jb/commit/159253464afde59c3007a706210bec65b91f38f3

PS2 CLASSICS EXPLOIT:
PS2 Classics > Userland via CTurt:
(Implementation by McCaulay)

Note: this is currently limited to swapping the loaded PS2 iso, or loading PS2 elf homebrew on PS5 (or PS4) for emulators or basic PS2 brew.

Mast1c0re PS2 exploit for PS2 homebrew:
https://cturt.github.io/mast1c0re.html

Mast1c0re part 2:
https://cturt.github.io/mast1c0re-2.html

Mast1c0re payload framework:
https://github.com/McCaulay/mast1c0re

Okrager save game exploit generator for Okage:
https://github.com/McCaulay/okrager

Mast1c0re payloader TCP Client GUI for PS5 6.50:
https://github.com/Master-s/PS4-PS5-Mast1c0re-Payloader/releases

TCP network ISO loader:
https://github.com/McCaulay/mast1c0re-ps2-network-elf-loader/releases

ExFat USB ISO loader:
https://github.com/McCaulay/mast1c0re-ps2-usb-game-loader/releases

4.03 PAYLOADS:
PS5 self dumper (Sleirsgoevy):
https://github.com/sleirsgoevy/ps4jb-payloads/tree/bd-jb/ps5-self-dumper

PS4 FPKG Enabler (Sleirsgoevy):
https://gbatemp.net/download/4-03-fpkg-enabler-hen.38248/

4.5X PAYLOADS:
(Coming soon)

MISC PAYLOADS + TOOLS:
PS5 version display payload by SiSTR0 (compiled by Logic-68):
https://github.com/logic-68/Portage_PS5Version_Mast1c0re/releases/tag/V1.0.0

Libhijacker (by Astrelsky):
https://github.com/astrelsky/libhijacker

60 FPS patches for Libhijacker (by illusion0001):
https://github.com/illusion0001/libhijacker
Console/exploit information:

PS5 SDK REPO:

https://github.com/PS5Dev

PS5 factory mode PUP installation path:
/usb/PROSPERO/UPDATE/PROSPEROUPDATE.PUP

You can install free/demo PKGS (legit pkgs) via debug pkg installer, providing you have all the files/json/licences required.

(Astro’s Playroom has no licences and can be installed and played from official pkgs and update up to 1.60)
 
Last edited by KiiWii,

kimitoboku101

Well-Known Member
Newcomer
Joined
Oct 7, 2021
Messages
47
Trophies
0
Age
26
XP
888
Country
Vietnam
Go back your PS5 and state the full system firmware. I am not familiar with version 4.05 and want to make sure that wasn't a typo.

On another note, are there any updates on decrypting PS4 content on the PS5on 4.51?
oh im sorry, so that have mistake for typo, my firmware is 4.05 =((((
full is a 21.02-04.50.00.05-00.0-0.00.0.1
 
  • Like
Reactions: schatzi24

noirmaru

Active Member
Newcomer
Joined
May 19, 2023
Messages
36
Trophies
0
Age
42
XP
302
Country
France
yess and this is jailbreakable
Correct. It is jailbreakabale, though I would update to 4.51 if I were you.

I recommend not connecting to the internet and to run the exploit locally on your PC connected via ethernet: https://github.com/idlesauce/PS5-Exploit-Host

It will work, though it will not succeed every time. Be patient and do not rush to press the next button to advance right away.
 

kimitoboku101

Well-Known Member
Newcomer
Joined
Oct 7, 2021
Messages
47
Trophies
0
Age
26
XP
888
Country
Vietnam
Correct. It is jailbreakabale, though I would update to 4.51 if I were you.

I recommend not connecting to the internet and to run the exploit locally on your PC connected via ethernet: https://github.com/idlesauce/PS5-Exploit-Host

It will work, though it will not succeed every time. Be patient and do not rush to press the next button to advance right away.
「I recommend not connecting to the internet 」is this for avoid update ? or anything else??
 

noirmaru

Active Member
Newcomer
Joined
May 19, 2023
Messages
36
Trophies
0
Age
42
XP
302
Country
France
「I recommend not connecting to the internet 」is this for avoid update ? or anything else??
Avoid accidental updates, avoid unreliable DNS, manage your privacy, prevent other users in your household fucking it up.

Especially to begin with, using the local exploit from your pc eliminated variables and you can monitor what is happening.

If you plan to regularly jailbreak and having an ethernet cable connected is inconvenient, it can be done with wifi. Many users buy a $5 esp32 mini computer from aliexpress to do this.
 
  • Like
Reactions: kimitoboku101

kimitoboku101

Well-Known Member
Newcomer
Joined
Oct 7, 2021
Messages
47
Trophies
0
Age
26
XP
888
Country
Vietnam
Avoid accidental updates, avoid unreliable DNS, manage your privacy, prevent other users in your household fucking it up.

Especially to begin with, using the local exploit from your pc eliminated variables and you can monitor what is happening.

If you plan to regularly jailbreak and having an ethernet cable connected is inconvenient, it can be done with wifi. Many users buy a $5 esp32 mini computer from aliexpress to do this.
thanks u i already have a EPS32 so that i will try,
but yesterday jailbreak fail and my ps5 need to factory reset, so that all the save game will be delete. Somethings like that usually happen ?
 

noirmaru

Active Member
Newcomer
Joined
May 19, 2023
Messages
36
Trophies
0
Age
42
XP
302
Country
France
thanks u i already have a EPS32 so that i will try,
but yesterday jailbreak fail and my ps5 need to factory reset, so that all the save game will be delete. Somethings like that usually happen ?
It has never happened to me, but I have occasionally seen it reported by other users.

It is possible it is related to being on 4.5 and the offsets are not properly set for that version. The most common versions are 4.03 and 4.51 so consider upgrading to 4.51 before proceeding.

Here is an esp32 project with the exploit to get you going: https://github.com/stooged/PS5-Server32
 

seanp

New Member
Newbie
Joined
May 8, 2024
Messages
4
Trophies
0
Age
43
XP
43
Country
United States
thanks u i already have a EPS32 so that i will try,
but yesterday jailbreak fail and my ps5 need to factory reset, so that all the save game will be delete. Somethings like that usually happen ?
my two cents is you should not run ps4 fpkg off usb. my experience is it will seem to work. but some sort of security gets triggered over time. i only play ps4 off ssd internal. Once i did that the exploit was stable for me.
 

lotnybartek

Well-Known Member
Newcomer
Joined
Jan 2, 2018
Messages
50
Trophies
1
Age
35
XP
442
Country
Poland
I disagree with this statement. I happen to follow on Twitter Jose Coixao aka. @notnotzecoxao and and I know the story about his “friend”.

But many people don't know anything about it because they just don't know where to look. The generally known information is that the PS5 will be harder to crack with PPPwn. And that's it.

Wololo has compiled all the information into an accessible article. There is nothing wrong with that. Remember that the scene absorbs any information like a sponge absorbs water - even when it is the most absurd.

That's not the case here, because the hope comes from one of the most famous people on the scene. If he claims that something is up - I believe him with VERY tiny grain of salt of course.
 

Axido

Maker of TRASLApp
Member
Joined
Feb 12, 2014
Messages
1,382
Trophies
3
Age
33
XP
4,692
Country
Germany
That's not the case here, because the hope comes from one of the most famous people on the scene. If he claims that something is up - I believe him with VERY tiny grain of salt of course.

You do you. I can wait until there's something ready to release, with or without these teases. If you need something to believe in or in this case want to believe in something for personal reasons, that's fine. Just as fine as Adam and me thinking of this as nothing to get hyped about for now, since the amount of actual information is quite sparse and vague.
 

ccfman2004

Well-Known Member
Member
Joined
Mar 5, 2008
Messages
2,955
Trophies
2
XP
3,709
Country
United States
You do you. I can wait until there's something ready to release, with or without these teases. If you need something to believe in or in this case want to believe in something for personal reasons, that's fine. Just as fine as Adam and me thinking of this as nothing to get hyped about for now, since the amount of actual information is quite sparse and vague.
It's also possible that they may not be allowed to share anything yet. For all we know it's TheFloW who's Jose Coixao "friend" and isn't allowed to go into further details until a certain date.

Everything can be hacked, it's just a matter of difficulty.
 

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
    Psionic Roshambo @ Psionic Roshambo: Micheal J Cox is running for mosquito control here lol his one sign says put Cox in your box +1