The Current State of PS5 Jailbreaks and Future Areas for Exploration

White_Raven_X · Mar 12, 2025

As of March 2025, the PlayStation 5 (PS5) hacking community continues to make significant progress in bypassing the system’s robust security measures. While no fully public, permanent jailbreak exists for the latest firmware versions, there are working implementations on earlier firmwares that allow users to enable homebrew, backup support, and debug settings. This article provides an in-depth examination of the current state of PS5 jailbreaks, the methods and tools currently available, key contributors to the scene, and potential future areas where vulnerabilities could be exploited.

Current State of PS5 Jailbreaks

1. The UMTX Exploit – Unlocking Kernel Access
In September 2024, a major breakthrough occurred when a kernel vulnerability was discovered within FreeBSD, the operating system on which the PS5 is built. This vulnerability, known as the UMTX exploit, allows arbitrary kernel read and write access a crucial step toward enabling more advanced exploits.
•Firmware Versions Affected: Up to 5.50
•Functionality Enabled:
-Debug settings access
-Kernel read and write permissions
-ELF payload loading (limited to lower firmwares)

2. SpecterDev’s Kernel Exploit Implementation
A well-known hacker in the PlayStation scene, SpecterDev, released an implementation of the UMTX exploit targeting PS5 firmware 1.xx and 2.xx. This exploit uses a WebKit vulnerability as an entry point, allowing partial system access.
•Key Features:
-Root privileges
-ELF loader over port 9021
-Read/write capabilities without full code execution (due to XOM)

3. Overcoming Kernel Restrictions – Prosper0GDB and kstuff
To address the limitations of the PS5’s XOM (Execute-Only Memory) and hypervisor protection, developer sleirsgoevy introduced Prosper0GDB and kstuff, tools that allow for runtime debugging and kernel instruction patching.
•Firmware Supported: 3.00 to 4.51
•Key Tools:
-Prosper0GDB: A runtime debugger enabling register and stack manipulation.
okstuff: A toolset that facilitates instruction patching during execution.

4. Homebrew and Backup Support – etaHEN and ItemzFlow
Building on kstuff, developer LightningMods released etaHEN, a homebrew enabler, and ItemzFlow, a GUI application allowing users to launch both PS5 and PS4 backups.
•Functions Enabled by etaHEN:
-Homebrew execution
-Backup support for PS5 and PS4 titles
-Enhanced system customization options

5. libhijacker – New Methods for Homebrew Execution
In June 2023, developer Astrelsky released libhijacker, an innovative method for executing homebrew. This technique manipulates the PS5’s Redis server to spawn a new daemon process capable of loading custom ELF payloads over the network.
•Advantages of libhijacker:
-Works independently of WebKit or Blu-ray exploits.
-Provides greater memory access for advanced payloads.

Key Contributors to PS5 Jailbreaking

Several developers and hackers have played pivotal roles in advancing the PS5 jailbreak scene:
•SpecterDev: Implemented the UMTX kernel exploit.
•sleirsgoevy: Created Prosper0GDB and kstuff for runtime manipulation.
•LightningMods: Developed etaHEN and ItemzFlow for homebrew and backup support.
•Astrelsky: Introduced libhijacker for more efficient ELF loading.
•Zecoxao: Provided exploit implementations and technical insights.
•Lance McDonald: Demonstrated early debug settings and potential exploit paths.

Sony’s Countermeasures

Sony actively monitors the jailbreak scene and consistently releases updates to patch vulnerabilities. One major countermeasure introduced in September 2024 restricts license restoration to currently installed games, limiting the ability to load external backups on jailbroken consoles.

Future Areas for PS5 Jailbreak Exploration

Despite the current progress, there remain several promising but underexplored areas for future jailbreak development. Here are some key avenues that researchers may focus on:

1. Blu-ray and UHD Disc Exploits
•Why It’s Promising:
Physical media, especially Ultra HD Blu-ray discs, involves complex parsing operations. Parsing errors could lead to memory corruption vulnerabilities.
•Potential Exploit Vectors:
-Malformed disc payloads triggering buffer overflows.
-Exploiting errors in the AACS 2.0 decryption system.

2. TempFS and Ephemeral Storage Manipulation
•Why It’s Promising:
The PS5 uses a temporary file system for diagnostics and error reporting. Improper handling of temporary data can expose vulnerabilities.
•Potential Exploit Vectors:
-Race conditions between TempFS and persistent storage.
-Injecting malicious logs to trigger kernel privilege escalation.

3. USB Device Exploitation
•Why It’s Promising:
External device interfaces like USB-C provide attack surfaces through data parsing and device emulation.
•Potential Exploit Vectors:
-Emulating malicious USB devices for privilege escalation.
-Manipulating USB debug modes typically hidden from users.

4. Hypervisor Attacks
•Why It’s Promising:
The PS5’s AMD Zen 2 CPU uses a hypervisor for virtual machine isolation. Weaknesses here could break through hardware-level security.
•Potential Exploit Vectors:
-IOMMU (Input-Output Memory) mapping errors.
-Manipulating virtual machine transitions via CPU faults.

5. PlayStation Network (PSN) Token Manipulation
•Why It’s Promising:
Session tokens used for authentication could be exploited if improperly validated.
•Potential Exploit Vectors:
-Replaying expired tokens for unauthorized access.
-Intercepting and modifying token validation mechanisms.

6. AMD PSP (Platform Security Processor) Attacks
•Why It’s Promising:
The PS5 relies on AMD’s PSP for encryption and secure boot. Cracking this would expose critical low-level operations.
•Potential Exploit Vectors:
-Timing attacks against PSP-enforced encryption.
-Analyzing firmware for secure boot vulnerabilities.

7. Hardware-Level Attacks (Glitching & Side-Channels)
•Why It’s Promising:
Voltage glitching and side-channel analysis can disrupt system processes, bypassing software-level protections.
•Potential Exploit Vectors:
-Inducing faults during secure boot via clock manipulation.
-Using power analysis to extract cryptographic keys.

Conclusion

The PS5 jailbreak scene is advancing rapidly, with new breakthroughs and tool developments emerging regularly. While current exploits focus on early firmware versions, future research into physical media vulnerabilities, hypervisor exploits, and hardware-based attacks could pave the way for a full jailbreak on newer PS5 firmwares.

The cat-and-mouse game between hackers and Sony is far from over, expect the community to continue pushing the boundaries of what’s possible on PlayStation 5.

Hack everything, Hack the world!

AlphaBravo · Mar 15, 2025

Great to have an overview of the ps5 scene with everything in one place. Hope this will be an active thread with news updates as development and progress continues. Thanks a bunch.

White_Raven_X · Mar 25, 2025

Since March 12th, 2025, the PlayStation 5 hacking community has witnessed notable developments:

BD-JB Userland Exploit Revision for Firmware 7.61: Security engineer TheFloW has revised the BD-JB PS5 exploit, enabling userland execution on PS5 consoles running firmware up to version 7.61. This revision allows for native code execution by modifying the bdjo.xml file, providing a pathway for further exploration into system vulnerabilities. Notably, this exploit was patched in firmware version 8.00.

FreeBSD Kernel Vulnerability in Firmware 7.61: Researchers have identified a significant vulnerability within the PS5's FreeBSD-based operating system, specifically affecting firmware version 7.61. This exploit involves a custom mode chain that permits the execution of unsigned code, potentially allowing for unauthorized game execution and system modifications. Sony addressed this vulnerability in firmware version 8.00, but systems running 7.61 and below remain susceptible.

PsFree WebKit Exploit Integration into QuickHEN Toolkit: Developer CelesteBlue has introduced PsFree, a WebKit exploit targeting PS5 firmware versions 1.00 to 5.50. Based on CVE-2022-22620, PsFree has been incorporated into the QuickHEN toolkit, an all-in-one solution designed to streamline the exploitation process. While still in beta, PsFree represents a significant advancement in PS5 hacking, offering a more stable and efficient method for executing unsigned code.

kstuff with PS5 firmware 7.01 marks a significant advancement in the jailbreak scene, enabling the execution of PS4 fake package (fpkg) files and decrypted PS5 game dumps. This functionality, demonstrated through the BD-J exploit, expands homebrew capabilities and content accessibility. Community discussions confirm its successful implementation, though some exploits for firmware 6.00 to 7.61 may require an active disc drive. As the PS5 hacking community continues refining these tools, kstuff 7.01 represents a crucial step toward broader system control and homebrew development.

These developments underscore the ongoing efforts within the PS5 hacking community to identify and leverage system vulnerabilities, even as Sony continues to implement countermeasures in subsequent firmware updates.

Hack everything, Hack the world!

White_Raven_X · Apr 2, 2025

PS5 Jailbreak Developments: April 2025 Update

Since our last major update, the PlayStation 5 (PS5) hacking community has continued to make significant strides in so little time in uncovering new exploits and refining existing jailbreak methods. Below is a detailed look at the most recent discoveries and advancements in the scene.

kstuff 7.01 – Expanded Compatibility
One of the most notable breakthroughs is the successful adaptation of kstuff to firmware 7.01. Previously functional on earlier firmware versions, this tool now allows PS4 fake package (fpkg) files and decrypted PS5 game dumps to be executed on PS5 consoles running firmware 7.01. This was achieved using a BD-J exploit, making homebrew applications and custom content more accessible to users on this firmware.

BD-JB Userland Exploit Revision (Firmware 7.61)
Renowned security researcher TheFloW has revised the BD-JB exploit, expanding its capabilities to allow userland execution on PS5 firmware 7.61. By modifying the bdjo.xml file, this exploit provides a stable pathway for running unsigned code, potentially opening doors for future kernel exploits. However, this method was patched in firmware 8.00, making it essential for interested users to remain on lower firmware versions.

FreeBSD Kernel Vulnerability on 7.61
Researchers recently identified a FreeBSD-based vulnerability affecting PS5 firmware 7.61. This exploit utilizes a custom mode chain to execute unsigned code, which could lead to broader system modifications. Sony has since addressed the issue in firmware 8.00, but those still on 7.61 may have an opportunity for further exploitation before it is patched at the hardware level.

PsFree WebKit Exploit Integrated into QuickHEN
Developer CelesteBlue introduced PsFree, a WebKit-based exploit designed for firmware 1.00 to 5.50, and successfully integrated it into the QuickHEN toolkit. This development enhances the efficiency and stability of the jailbreak process, offering a streamlined method to execute unsigned code and homebrew applications.

BD-J ELF Loader for Payload Injection
A new BD-J ELF Loader has been developed, making it easier to inject payloads via the Blu-ray Disc Java (BD-J) exploit. This method simplifies the process of running custom code on exploitable PS5 firmware versions, providing another alternative for homebrew enthusiasts.

Linux on PS5 – Unlocking More Potential
A recent breakthrough has allowed Linux to run on jailbroken PS5 consoles, significantly expanding their potential beyond gaming. By leveraging the BD-J exploit and FreeBSD vulnerabilities, developers have managed to boot custom Linux distributions, opening possibilities for advanced homebrew development, emulation, and even PC-like functionality on the PS5 hardware. While still in its early stages, this method shows promise for users interested in repurposing their consoles beyond Sony’s intended software limitations.

ESP Chip Offline Jailbreak Deployment
A new development in the scene involves the use of ESP8266 and ESP32 microcontroller chips to host and deploy PS5 jailbreak exploits without requiring an internet connection. By flashing an ESP chip with the appropriate exploit payloads, users can trigger the jailbreak directly from the device, making the process more reliable and convenient, particularly for users who wish to avoid online tracking. This method, which was previously used in the PS4 jailbreak scene, has gained traction among homebrew enthusiasts as a stable, persistent solution for running unsigned code on lower firmware versions. Currently, ESP chip deployment is known to be effective on firmware versions up to 5.51, though testing continues on later firmware versions.

Looking Ahead
With these recent discoveries, the PS5 jailbreak scene is evolving rapidly. The continued exploration of userland and kernel vulnerabilities, particularly in firmware 7.01 to 7.61, suggests that a full kernel exploit may be on the horizon. The integration of new payload loaders, Linux support, and offline ESP chip deployment further expands the possibilities for homebrew and system modifications.

As always, staying on lower firmware versions remains critical for those interested in potential future jailbreak releases. We will continue to monitor the scene for new developments and provide updates as they emerge.

No April Fools' jokes here—this is the real deal! But wouldn’t it be wild if Sony accidentally released an official jailbreak tool? Maybe next year!

Hack everything, Hack the world!

Henry1887 · Apr 2, 2025

What about the lua userland exploit?

White_Raven_X · Apr 3, 2025

Henry1887 said:
What about the lua userland exploit?

When I first covered the PS5 jailbreak scene, there was still a lot of ongoing research and development in the community. Sometimes, certain exploits are overlooked or not highlighted immediately because of their early stages or because they don't provide immediate access to full system control, such as in the case of the Lua userland exploit.

In the case of the Lua exploit, it didn't initially seem as promising for full jailbreak capabilities, especially since it didn't immediately grant full system-level access. It was also a newer discovery compared to some of the more established exploits at that time. However, over time, the Lua exploit has evolved, and its potential has become clearer, leading to its inclusion in the more recent updates.

It was not a deliberate oversight or a judgment about the exploit’s worth; it simply didn't come to the forefront during earlier research due to the rapid pace of developments and the focus on other more widely recognized exploits like BD-J and FreeBSD-based vulnerabilities.

Now that it's clearer how this exploit works and its relevance, it's definitely an important part of the PS5 jailbreak ecosystem and warrants attention. I appreciate your patience as i do some more research to bring more information on this exploit soon.

Hack everything, Hack the world!

Post automatically merged: Apr 3, 2025

Lua Userland Exploit

A recent discovery in the PS5 exploit scene involves the use of Lua scripting within certain system applications to achieve userland code execution. Lua, a lightweight and embeddable scripting language, has been identified in specific PS5 services, potentially providing an entry point for executing custom scripts without requiring deep system modifications.
By leveraging vulnerabilities in how Lua interacts with system permissions, researchers have successfully executed unsigned code in a restricted userland environment. While this method does not yet provide full kernel access, it is a promising avenue for developing homebrew applications and debugging tools without triggering Sony’s aggressive security countermeasures.

Some potential applications include:
-Running custom scripts for UI modifications.
-Interacting with network services for remote debugging.
-Expanding existing exploits by chaining Lua-based vulnerabilities with other known exploits (such as WebKit or BD-J).

Currently, the Lua userland exploit is confirmed to be compatible with firmware versions 6.00 through 10.20. That wasnt a typo....According to information from Wololo.net and other sources, the Lua Remote Loader exploit is compatible with PS5 firmware versions up to 10.20. Actually, the GitHub repository for the Remote Lua Loader project notes that the loader is not firmware-dependent and has been successfully tested on PS5 Pro firmware 10.40. Further research is being conducted to determine if Lua execution privileges can be escalated to gain deeper access to the PS5 system, potentially bridging the gap toward a more powerful exploit chain.

How to Use the Lua Loader Exploit:
To utilize the Lua userland exploit, users need to follow a multi-step process:
-Obtain a specific Japanese game that contains the vulnerable Artemis engine with Lua scripting capabilities.
-Run the ELF loader from a PC, which prepares the environment for the exploit.
-Execute the exploit to achieve userland code execution, allowing for homebrew and debugging functionalities.

While this method does not grant full system control, it serves as an essential step in expanding the capabilities of the PS5 exploit landscape.

Compatibles games:
Aerial Life (CUSA17122)
Aibeya (CUSA17068)
Aikagi 2 (CUSA19556)
Aikagi Kimi to Issho ni Pack (CUSA16229)
Aikano Yukizora no Triangle (CUSA19370)
Boku to Nurse no Kenshuu Nisshi (CUSA12049)
Boku to Joi no Shinsatsu Nisshi (CUSA18107)
Fuyu Kiss (CUSA29745)
Hamidashi Creative (CUSA27389)
Hamidashi Creative Demo (CUSA27390 requires the latest OFW to download from PSN)
Haruoto Alice (CUSA14324)
IxSHE Tell (CUSA17112)
IxSHE Tell Demo (CUSA17126)
Jinki Resurrection (CUSA25179)
Jinki Resurrection Demo (CUSA25180 requires the latest OFW to download from PSN)
Maid-san no Iru Kurashi (CUSA18106)
Nora Princess and Stray Cat Heart HD (CUSA13303: Rename save9999.dat into nora_01.dat)
Nora Princess and Strat Cat Heart 2 (CUSA13586)
Raspberry Cube (CUSA16074)
Winter Guest (CUSA11977)

Hack everything, Hack the world!

Henry1887 · Apr 4, 2025

White_Raven_X said:
When I first covered the PS5 jailbreak scene, there was still a lot of ongoing research and development in the community. Sometimes, certain exploits are overlooked or not highlighted immediately because of their early stages or because they don't provide immediate access to full system control, such as in the case of the Lua userland exploit.

In the case of the Lua exploit, it didn't initially seem as promising for full jailbreak capabilities, especially since it didn't immediately grant full system-level access. It was also a newer discovery compared to some of the more established exploits at that time. However, over time, the Lua exploit has evolved, and its potential has become clearer, leading to its inclusion in the more recent updates.

It was not a deliberate oversight or a judgment about the exploit’s worth; it simply didn't come to the forefront during earlier research due to the rapid pace of developments and the focus on other more widely recognized exploits like BD-J and FreeBSD-based vulnerabilities.

Now that it's clearer how this exploit works and its relevance, it's definitely an important part of the PS5 jailbreak ecosystem and warrants attention. I appreciate your patience as i do some more research to bring more information on this exploit soon.

Hack the world, hack everything!

Post automatically merged: Apr 3, 2025

Lua Userland Exploit

A recent discovery in the PS5 exploit scene involves the use of Lua scripting within certain system applications to achieve userland code execution. Lua, a lightweight and embeddable scripting language, has been identified in specific PS5 services, potentially providing an entry point for executing custom scripts without requiring deep system modifications.
By leveraging vulnerabilities in how Lua interacts with system permissions, researchers have successfully executed unsigned code in a restricted userland environment. While this method does not yet provide full kernel access, it is a promising avenue for developing homebrew applications and debugging tools without triggering Sony’s aggressive security countermeasures.

Some potential applications include:
-Running custom scripts for UI modifications.
-Interacting with network services for remote debugging.
-Expanding existing exploits by chaining Lua-based vulnerabilities with other known exploits (such as WebKit or BD-J).

Currently, the Lua userland exploit is confirmed to be compatible with firmware versions 6.00 through 10.20. That wasnt a typo....According to information from Wololo.net and other sources, the Lua Remote Loader exploit is compatible with PS5 firmware versions up to 10.20. Actually, the GitHub repository for the Remote Lua Loader project notes that the loader is not firmware-dependent and has been successfully tested on PS5 Pro firmware 10.40. Further research is being conducted to determine if Lua execution privileges can be escalated to gain deeper access to the PS5 system, potentially bridging the gap toward a more powerful exploit chain.

How to Use the Lua Loader Exploit:
To utilize the Lua userland exploit, users need to follow a multi-step process:
-Obtain a specific Japanese game that contains the vulnerable Artemis engine with Lua scripting capabilities.
-Run the ELF loader from a PC, which prepares the environment for the exploit.
-Execute the exploit to achieve userland code execution, allowing for homebrew and debugging functionalities.

While this method does not grant full system control, it serves as an essential step in expanding the capabilities of the PS5 exploit landscape.

Compatibles games:
-Raspberry Cube (CUSA16074)
-Aibeya (CUSA17068)
-Hamidashi Creative (CUSA27389)
-Hamidashi Creative Demo (CUSA27390)

Hack the world, hack everything!

The lua userland exploit works on every single firmware (so up to 11.00). The Umtx kernel exploit has also been ported to Lua so u can run it to allow you to be able to run other payloads like the elf loader or an ftp server (up to 7.61). This in turn allows you to run the kstuff payload(on versions where kstuff has been ported). So the Lua exploit is a pretty viable option as long as you have a console with a disc drive and a compatible game disc. For Digital Consoles (without disc drive) this exploit is only viable if you are currently on the latest firmware version.

Heres the Github Repo for the Remote Lua loader if you want to research more: https://github.com/shahrilnet/remote_lua_loader

White_Raven_X · Apr 5, 2025

Henry1887 said:
The lua userland exploit works on every single firmware (so up to 11.00). The Umtx kernel exploit has also been ported to Lua so u can run it to allow you to be able to run other payloads like the elf loader or an ftp server (up to 7.61). This in turn allows you to run the kstuff payload(on versions where kstuff has been ported). So the Lua exploit is a pretty viable option as long as you have a console with a disc drive and a compatible game disc. For Digital Consoles (without disc drive) this exploit is only viable if you are currently on the latest firmware version.

Heres the Github Repo for the Remote Lua loader if you want to research more: https://github.com/shahrilnet/remote_lua_loader

Thanks!

White_Raven_X · Apr 14, 2025

The PlayStation 5 hacking community continues to make significant strides, with recent advancements enhancing exploit compatibility, stability, and accessibility. This week's highlights include updates to kernel and userland exploits, new payload loaders, and tools facilitating offline jailbreaks.

UMTX2 & Baderlink’s Fast Host
The UMTX2 kernel exploit, developed by idlesauce, remains a cornerstone for PS5 jailbreaks on firmware versions 1.00 to 5.50. It integrates the PSFree 150b WebKit exploit and auto-loads John-tornblom's ELF loader, streamlining the payload deployment process. The exploit supports both webkit-only and full kernel modes, offering flexibility for various use cases.

Enhancing UMTX2's usability, Baderlink has introduced a rapid deployment host, significantly reducing the time required to initiate the exploit. This improvement benefits users seeking a more efficient jailbreak experience.

kstuff 7.01: Expanded Homebrew Support
The kstuff tool has been updated to support PS5 firmware 7.01, enabling the execution of PS4 fake package (fpkg) files and decrypted PS5 game dumps. This expansion, achieved through the BD-J exploit, broadens homebrew capabilities for users on this firmware version. However, it's important to note that this method was patched in firmware 8.00, so users aiming to utilize this exploit should remain on 7.01 or lower.

BD-JB & ELF Loader: Enhanced Payload Injection
Security researcher TheFloW has revised the BD-JB exploit, extending userland execution capabilities up to firmware 7.61. This revision allows for native code execution by modifying the bdjo.xml file, providing a pathway for further exploration into system vulnerabilities. Complementing this, a new BD-J ELF Loader simplifies the process of injecting payloads via the Blu-ray Disc Java (BD-J) exploit, facilitating custom code execution on compatible firmware versions.

FreeBSD Kernel Vulnerability & Linux Deployment
Researchers have identified a significant vulnerability within the PS5's FreeBSD-based operating system, specifically affecting firmware version 7.61. This exploit involves a custom mode chain that permits the execution of unsigned code, potentially allowing for unauthorized game execution and system modifications. Leveraging this vulnerability, developers have successfully booted custom Linux distributions on jailbroken PS5 consoles, opening possibilities for advanced homebrew development and emulation.

PsFree WebKit Exploit & QuickHEN Integration
Developer CelesteBlue has introduced PsFree, a WebKit-based exploit targeting PS5 firmware versions 1.00 to 5.50. Based on CVE-2022-22620, PsFree has been incorporated into the QuickHEN toolkit, an all-in-one solution designed to streamline the exploitation process. While still in beta, PsFree represents a significant advancement in PS5 hacking, offering a more stable and efficient method for executing unsigned code.

Lua Remote Loader: Userland Exploit for Higher Firmwares
The Lua Remote Loader continues to serve as a valuable userland exploit, particularly for firmware versions up to 10.20. By utilizing games built with the Artemis engine, such as Raspberry Cube, Aibeya, and Hamidashi Creative, users can execute Lua scripts on their PS5 consoles. This method, while not providing full kernel access, offers a platform for homebrew applications and further exploit development.

ESP8266/ESP32: Offline Exploit Deployment
A notable development involves the use of ESP8266 and ESP32 microcontroller chips to host and deploy PS5 jailbreak exploits without requiring an internet connection. By flashing an ESP chip with the appropriate exploit payloads, users can trigger the jailbreak directly from the device, enhancing reliability and convenience, especially for those wishing to avoid online tracking. This method, effective on firmware versions up to 5.51, is gaining traction among homebrew enthusiasts.

etaHEN Toolbox Public Beta — New Cheats Function
A significant enhancement in the PS5 homebrew scene is the public beta release of the etaHEN Toolbox, now featuring a built-in cheats function. This marks the first publicly available cheat engine-style tool for jailbroken PS5 consoles running compatible firmwares (primarily 1.00–5.50 via UMTX2 and etaHEN 2.0b).
The cheats function enables users to:
-Search, freeze, and modify in-game memory values.
-Apply pre-made cheat tables for supported games.
-Toggle infinite health, ammo, money, and other custom modifications in real-time.

While still in beta, early testers report solid compatibility with popular PS4 titles running via fpkg, and partial support for PS5 titles where memory addresses are accessible through userland.

This feature positions etaHEN Toolbox as not just a payload loader, but a more fully-featured modding toolkit for the community with developers actively refining its stability and expanding game support in future updates.

The PS5 jailbreak landscape is rapidly evolving, with the community's collaborative efforts leading to significant advancements. Users are advised to stay informed about firmware updates and exploit developments to maximize their console's potential while minimizing risks.

Hack everything, Hack the world!

White_Raven_X · Apr 26, 2025

I just wanted to clarify on several inaccuracies and oversimplifications regarding PS5 jailbreak methods, particularly concerning the Lua userland exploit, UMTX kernel exploit, and kstuff payload, which were written here by another user (#7).

Summary of Corrections:
The Lua userland exploit does not work on all firmware versions up to 11.00; its compatibility is confirmed up to 10.60.

The UMTX kernel exploit has been successfully integrated with Lua for firmware versions up to 7.61.

The kstuff payload is operational on firmware versions where it has been ported, specifically up to 7.61.

Utilizing the Lua exploit requires a PS5 with a disc drive and access to compatible game discs.

The exploit's viability on digital-only consoles is limited and not solely dependent on being on the latest firmware version.

Hack everything, Hack the world!

Henry1887 · Apr 30, 2025

White_Raven_X said:
I just wanted to clarify on several inaccuracies and oversimplifications regarding PS5 jailbreak methods, particularly concerning the Lua userland exploit, UMTX kernel exploit, and kstuff payload, which were written here by another user (#7).

Summary of Corrections:
The Lua userland exploit does not work on all firmware versions up to 11.00; its compatibility is confirmed up to 10.60.

The UMTX kernel exploit has been successfully integrated with Lua for firmware versions up to 7.61.

The kstuff payload is operational on firmware versions where it has been ported, specifically up to 7.61.

Utilizing the Lua exploit requires a PS5 with a disc drive and access to compatible game discs.

The exploit's viability on digital-only consoles is limited and not solely dependent on being on the latest firmware version.

Hack everything, Hack the world!

You are simply incorrect.
The Lua Userland exploit is firmware independent, as it only needs a vulnerable game and a modified save file to work.

The problem with digital ps5 consoles is that in order to run this Lua exploit you are limited to the digital demo of hamidashi. In order to install this demo you need to be on the latest firmware version, otherwise you cannot access the PSN store. So unless you somehow already had hamidashi installed you cannot set this exploit up on a console that's not on the latest firmware.

White_Raven_X · May 1, 2025

Henry1887 said:
You are simply incorrect.
The Lua Userland exploit is firmware independent, as it only needs a vulnerable game and a modified save file to work.

The problem with digital ps5 consoles is that in order to run this Lua exploit you are limited to the digital demo of hamidashi. In order to install this demo you need to be on the latest firmware version, otherwise you cannot access the PSN store. So unless you somehow already had hamidashi installed you cannot set this exploit up on a console that's not on the latest firmware.

Thank you for the clarification; you're absolutely right to emphasize that the Lua userland exploit itself is not firmware-bound in the traditional sense, as it relies on a vulnerable game's scripting environment and a crafted save file, not a system-level vulnerability tied to firmware version.

Where firmware becomes relevant is in the logistical execution of the exploit, especially on digital-only PS5 consoles. As you pointed out, Hamidashi Creative is currently the only viable digital delivery vector known, and it requires access to the PSN Store, which is only accessible on the latest firmware. So while the exploit is technically firmware-independent, its practical deployment on digital consoles is restricted by firmware-dependent PSN access.

This distinction is key:

-Disc-based consoles can simply load the required game from physical media, making the exploit viable across multiple firmware versions.

-Digital consoles must already have Hamidashi installed or be on the latest firmware to access it, creating a practical firmware dependency.

Thanks again for helping refine the details, your input is valuable to keeping the scene well-informed.

*In short: they were correcting the implication that the Lua exploit is firmware-limited, when in fact it’s the game delivery method (and Sony's restrictions on PSN access) that create the version-dependent obstacle.

Henry1887 · May 1, 2025

White_Raven_X said:
Thank you for the clarification; you're absolutely right to emphasize that the Lua userland exploit itself is not firmware-bound in the traditional sense, as it relies on a vulnerable game's scripting environment and a crafted save file, not a system-level vulnerability tied to firmware version.

Where firmware becomes relevant is in the logistical execution of the exploit, especially on digital-only PS5 consoles. As you pointed out, Hamidashi Creative is currently the only viable digital delivery vector known, and it requires access to the PSN Store, which is only accessible on the latest firmware. So while the exploit is technically firmware-independent, its practical deployment on digital consoles is restricted by firmware-dependent PSN access.

This distinction is key:

-Disc-based consoles can simply load the required game from physical media, making the exploit viable across multiple firmware versions.

-Digital consoles must already have Hamidashi installed or be on the latest firmware to access it, creating a practical firmware dependency.

Thanks again for helping refine the details, your input is valuable to keeping the scene well-informed.

*In short: they were correcting the implication that the Lua exploit is firmware-limited, when in fact it’s the game delivery method (and Sony's restrictions on PSN access) that create the version-dependent obstacle.

For some reason it sounds like I'm talking to ChatGPT or something.

White_Raven_X · May 2, 2025

Henry1887 said:
For some reason it sounds like I'm talking to ChatGPT or something.

It’s no secret that I use ChatGPT to help polish and organize my articles — mostly for editing, clarifying phrasing, or making sure I’m not overlooking something obvious. But the majority of the research, fact-checking, and source-gathering is done by me. I keep up with GitHub, GBAtemp, X, Wololo, and other scene sources daily, and I piece everything together manually before using AI as more of a final-draft assistant.

So yeah, while I definitely lean on tools like ChatGPT for support, the content and direction of the articles still come from my own digging and understanding of the jailbreak scene.

Hack everything, Hack the world!

White_Raven_X · May 10, 2025

May 2025 Update
The PlayStation 5 hacking community continues to evolve rapidly. Since our last April update, several important breakthroughs have emerged, some brand new, others notable revisions of existing tools and exploits. Here’s a detailed and accurate summary of the most current PS5 jailbreak landscape based on my latest research from Wololo.net, GitHub, GBAtemp, PSXHAX, and more.

New Kernel-Level Breakthroughs
“Lapse” Kernel Exploit (New)
A recently surfaced exploit called Lapse now offers kernel-level access up to firmware 10.01. Although full public documentation is still underway, initial results demonstrate stable payload execution. This marks the first public kernel exploit post-7.61 and could eventually rival UMTX2 in robustness and reach.

TheFloW's Private Kernel Vulnerability Disclosure (Mentioned Previously, New Details)
While TheFloW's vulnerability was mentioned earlier, new information now confirms its potential use up to firmware 10.40. It has not been weaponized into a public jailbreak yet, but the disclosure spurred increased code contributions across GitHub repositories.

Userland Exploits & Infrastructure Tools
BD-JB Exploit Updated (Ongoing, No Firmware Change)
No firmware expansion was observed since the last report, still valid up to firmware 7.61. However, more streamlined versions of BD-J loaders have been uploaded to GitHub, improving ELF injection success rates.

UMTX2 Exploit and Baderlink’s Host (Updated)
Still valid up to 5.50, but Baderlink’s fast web host received speed improvements for exploit delivery. The integration now includes a GUI launcher and automated payload trigger, minimizing manual steps and increasing reliability.

Updated Tools & Homebrew Enhancements
kstuff Extended Support (Updated)
Originally supporting up to 7.01, kstuff is now fully tested and stable up to 7.61, thanks to enhancements via the BD-J ELF loader. This allows decrypted PS5 content and fpkg execution on a wider range of firmware.

etaHEN 2.2B Public Beta (Updated)
The etaHEN beta continues to impress. Version 2.2B introduces a new cheats feature, enabling memory patches and runtime modifications across supported games. Firmware support remains up to 7.61. This is the first time cheats have been natively included in a public PS5 HEN.

Experimental Development
Linux on PS5 (Ongoing)
Linux booting via BD-J and FreeBSD vulnerabilities is still in early stages. Developers have now introduced limited GPU acceleration and improved compatibility with more Linux distros. This work remains most viable on firmware 6.50 to 7.61.
ESP8266/ESP32 Offline Hosting (Expanded Support)
While ESP chip usage was mentioned before, testing confirms stability up to firmware 5.51 using UMTX2. Baderlink’s ESP builds now support multi-payload hosting, FTP server injection, and more user-friendly interfaces, making them ideal for offline PS5 jailbreaks.

Lua Userland Updates
Compatibility Expansion: Originally confirmed only through firmware 7.61, recent reports from Wololo.net and community testers suggest Lua scripting-based userland is now viable up to firmware 10.20, depending on the exploited title.
ELF Loader Integration: The ELF loader can now be run after Lua initiates execution, provided users employ a Japanese version of the game Hamidashi Creative or the digital demo. This method does not work on Digital Editions unless the demo is pre-installed or you’re on the latest firmware.
Clarification: Lua is not a full jailbreak but an entry point to trigger further exploits, such as UMTX2 or kstuff payload chains, once other requirements are met.

Additional Discovery: Double Free Vulnerability
New threads on GBAtemp and GitHub mention a possible “double free” vulnerability present in certain BD-J processes and Lua memory management. While not fully weaponized, this kind of vulnerability is often a key to escalating from userland to kernel access, so this may become a critical link in future exploit chains.

Conclusion
The PS5 jailbreak scene remains vibrant, with major advances like Lapse, expanded Lua userland support, and the etaHEN cheats module leading the charge. Improvements to kstuff, UMTX2, and ESP chip deployments are refining the process and making it more accessible than ever, especially for those on mid-range firmware versions.

Stay tuned, stay offline if you're on jailbreakable firmware, and as always...

Hack everything, Hack the world

KiiWii · May 10, 2025

The double free vuln is now known as Lapse

White_Raven_X · May 10, 2025

KiiWii said:
The double free vuln is now known as Lapse

Think of it like this:

Double free = the nature of the bug (technical term).

Lapse = the exploit that leverages that bug (nickname or codename for the jailbreak).

So while "Lapse" is based on a double free vulnerability, it's not a renaming, it's just the name of the specific exploit chain developed to take advantage of it.

White_Raven_X · Jun 30, 2025

The PS5 homebrew and exploit community has seen several exciting developments since our last major roundup in May. From kernel-level enhancements to critical tooling improvements, here's everything worth knowing to stay ahead in the jailbreak scene.

Kernel Exploit Developments
“Lapse” Exploit – USB-Free Variant in Development
Following its debut in early May, the “Lapse” kernel exploit, based on a double-free vulnerability, remains one of the most promising paths to kernel-level access for firmware up to 10.01. Although no new stable public releases have dropped yet, insiders monitoring the development branch report testing on a USB-free version, which could simplify exploit delivery significantly in the near future.

TheFloW’s 10.40 Disclosure: Still Under Wraps
The anticipated exploit described by TheFloW (believed to target up to FW 10.40) hasn’t seen further public progress since initial mentions. However, it continues to be a major point of interest for researchers working to extend jailbreak support to newer firmware.

Tools & Payload Enhancements
etaHEN 2.2B Now Officially Released
The previously beta version of etaHEN 2.2B is now in stable release as of June 11. New features include:
Integrated cheat engine with GoldHEN-style repo syncing
Quick access via controller shortcuts
Autostart toggle for the toolbox
Improved memory and UI handling
This HEN is optimized for systems on firmware 1.00 to 5.50, making them among the most feature-rich jailbreak setups currently available.

kstuff Updated: Expanded Support & Easier Toggling
The kstuff tool, responsible for decrypting and running PS4/PS5 dumps and FPKGs, was updated mid-June to include:
-A new plugin toggle (enable/disable in one click)
-Updated offsets across all firmware branches from 3.00 to 7.61
-Better fpkg launching reliability, especially on 7.xx firmwares
These updates are critical for users running decrypted PS5 game dumps or testing homebrew tools beyond 5.50.

Payload Daemon Improvements
On June 27, major updates to the following daemon payloads were released:
-ELF Loader v0.20.2
-FTP Server v0.12.2
-Web Server v0.25
These bring significantly faster networking, better memory handling, and reduced crashing, especially when transferring large payloads or game dumps.

Lua Loader Expands to 10.40
The Lua-based userland exploit, originally discovered in game save handling via the Artemis SDK, has been successfully tested up to firmware 10.40, including on PS5 Pro models. This confirms that Lua remains firmware-independent in theory, with compatibility determined by access to specific vulnerable games or demos.
An expanded list of 15+ compatible games (primarily from the Japanese region) is now publicly available on GitHub.

UMTX2 Fast Host Gets Even Faster
Baderlink’s fast host for UMTX2 kernel exploits (used on firmwares up to 5.50) received several quality-of-life improvements:
-Themed GUI
-Payload auto-queue
-Launch times reduced to 4 seconds or less
-This host simplifies the process for new users and speeds up the jailbreak routine for experienced testers.

Still No Public Progress On…
Firmware Rollback or Downgrade Tools — No safe public method exists.
Secure Processor Access (A53) for true PS5 FPKGs, Still locked down.
New BD-JB Firmware Support — BD-JB remains capped at firmware 7.61.
Hardware Modding, No jumper/solder mod has been discovered for jailbreak gain.

Final Thoughts
While kernel access remains limited to older firmware versions, userland innovation and toolchain updates continue to push the scene forward. etaHEN, Lua loaders, and the promise of Lapse all represent serious building blocks for future jailbreaks.
If you’re fortunate enough to be on a lower firmware (≤7.61), don’t update. With more Lua titles surfacing and exploit chains improving, full-featured jailbreaks for 7.xx–10.xx systems may not be far behind.

Hack everything, Hack the world!

White_Raven_X · Jul 31, 2025

Since our last summary in June, the PS5 homebrew scene has remained active, with several notable updates across exploit stability, tooling improvements, and emerging compatibility fixes. Here’s everything you need to know to stay current:

Kernel-Level & Exploit Enhancements
Lapse Exploit, USB-Free Launch Fixes
The Lapse kernel exploit (for firmware up to 10.01) has now been stabilized for USB-free injection, allowing seamless exploit delivery on firmwares like 9.00–9.60 without requiring a physical loader device. This fix helps mitigate corrupt save errors observed earlier in July (sources: GBAtemp, Facebook community posts).

TheFloW’s 10.40 Disclosure Still Under NDA
No public progress has emerged regarding TheFloW’s disclosed vulnerability targeting FW 10.40. It remains private, with researchers continuing earlier analysis and waiting for exploit chains to bridge entry points.

Tools & Payload Updates
kstuff & PSFree Lapse Plug-in Fix
Community developers have released a plug-in patch that addresses savefile corruption issues with PSFree + Lapse combos on firmware ranges 9.00–9.60. This ensures more stable exploits via Lua loader even without USB support.

BD‑JB Guide Streamlining
Recent GBAtemp walkthroughs have updated the PS5 Exploit Guide, clarifying savefile copy flow and launcher steps for Lua chains through safe-mode exploits (especially when transferring *.dat files via USB).

Scene Visibility, Video Guides & Tutorials
Several new videos summarize and demonstrate the latest exploit setup:
-YouTube walkthroughs lay out step-by-step instructions for Lapse via Lua loader, showcasing firmware detection and plugin deployment.
-One video shows kstuff patches on firmwares 6.xx and 7.xx, confirming loader behavior improvements and group plugin toggles.

These visual aids confirm that team testers are seeing consistent success across multiple firmware builds, from 5.50 through 9.60.

Key Highlights & Community Notes
-USB-free Lapse workflows are now reliable for firmware 9.00–9.60, delivering smoother Lua exploitation.
-Corrupted savefile issues were successfully patched with updated plug-ins, confirming fixes in active use.
-GBAtemp and Reddit guides were streamlined, improving clarity for newcomers and reducing common exploit errors.
-Public testing videos validate current workflows, especially kstuff on firmware 6.xx–7.xx and Lua loader on higher builds.

What to Monitor Next
-A public release of the patched Lapse plugin for firmwares 9.00–9.60, fully integrating plugin support.
-Expansion of kstuff or alternative payload support for firmware 9.00+ as testers attempt deeper exploit chaining.
-Broader Lua compatibility for 10.02–10.01 via game-based exploits or firmware bypass.
-Any public code release or disclosure around TheFloW’s FW 10.40 vulnerability, a potential gateway to higher firmware jailbreaks.

Final Thoughts
The jailbreak scene remains cautiously optimistic, Lapse is now fully usable even without USB tools on mid-range firmware, and practical fixes like the plugin patch make the process more robust. Tools such as kstuff and etaHEN continue expanding their coverage, but firmwares beyond 10.01 remain unbroken.

If you’re on firmware ≤9.60, there’s real opportunity now to test Lua + Lapse chaining. But beyond that, the industry still awaits a breakthrough for firmware 10.20 and beyond.

Hack everything, Hack the world!

White_Raven_X · Sep 1, 2025

The PS5 homebrew and exploit community continues to make progress, with several notable updates since our last coverage. While a full jailbreak for the latest firmwares is still out of reach, the scene is advancing steadily in tools, payloads, and research.

kstuff Expanded to Firmware 8.00

The popular kstuff plugin, which allows decrypted PS4/PS5 dumps and FPKGs to run on exploited systems, has been updated to support firmware 8.00. This brings new offsets and improved reliability when running decrypted games. It remains an essential part of any modern PS5 exploit chain.

UMTX2 Exploit Curated for Stability

The UMTX2 kernel exploit (for firmwares 1.00 to 5.50) is now bundled in a curated chain with proper offsets and references to its original CVE. This makes it easier for newcomers to set up and run without relying on scattered scripts. Launch times are also faster, giving users a smoother experience.

BD-J Loaders and ISO Support

The BD-J (Blu-ray Java) exploit chain has received quality-of-life improvements. A simplified PS5 BD-J ISO package now allows users to launch payloads directly from disc images, making it more beginner-friendly. Tools like PS5-JAR-Loader and PS5-BDJ-HEN-Loader continue to be updated for better performance.

Lua Loader Confirmed Up to 10.40

The Lua-based userland loader has been tested successfully up to firmware 10.40, including on PS5 Pro models. A growing list of compatible games and demos, many region-specific, is now publicly available. This confirms that Lua exploits remain one of the few options available on higher firmwares.

etaHEN Cheats Mature

The cheat engine built into etaHEN has matured, with stable GoldHEN-style cheat syncing and expanded compatibility. This makes cheat management far easier, especially for users running PS4 titles on exploited PS5s.

Itemzflow 1.11 Released

The backup manager Itemzflow received its 1.11 update with quality and stability improvements. This includes better handling of large dumps and smoother navigation when browsing installed titles.

Research and Future Directions:

Work on the PS5’s ARM Cortex-A53 security co-processor continues. Dumps from the A53 boot chain have been shared by developers, giving researchers more insight into the PS5’s secure world. While no public breakthrough has yet been made, this remains one of the most important areas for achieving full PS5-native FPKG support in the future.

What Hasn’t Changed:
-No firmware rollback or downgrade method has been released.
-BD-J exploits remain limited to firmwares up to 7.61.
-No hardware mod (solder/jumper) exists that enables jailbreak access.
-A full PS5 kernel exploit beyond 8.00 has not been released.

Final Thoughts

The PS5 jailbreak scene remains in motion, with steady progress in loader stability, cheat support, and developer tooling. While a full exploit chain for the latest firmwares isn’t here yet, each update lays the groundwork for future breakthroughs. If you’re on 7.61 or lower, staying put continues to be the best advice.

Hack everything, Hack the world!

The Current State of PS5 Jailbreaks and Future Areas for Exploration

Hack everything, hack the world!

Well-Known Member

Hack everything, hack the world!

Hack everything, hack the world!

Member

Hack everything, hack the world!

Member

Hack everything, hack the world!

Hack everything, hack the world!

Hack everything, hack the world!

Member

Hack everything, hack the world!

Member

Hack everything, hack the world!

Hack everything, hack the world!

Editorial Team

Hack everything, hack the world!

Hack everything, hack the world!

Hack everything, hack the world!

Hack everything, hack the world!

Similar threads

Popular threads in this forum