Apologies for the delay this month, I was away for an extended holiday season and had a lot of catching up to do when I got back. The PS5 scene moved fast over the holiday season, with several new tools and updates appearing in a short time window.
Because of that, this roundup covers not only the end of December, but also early January 2026 developments that were simply too important to leave out. There’s been a lot of activity lately, and this post is meant to bring everyone fully up to speed in one place. There’s a lot to cover, so let’s get into it.
Since the November roundup, there have been several meaningful updates to existing exploits and tooling, as well as new developments that affect how users work (or will soon work) toward usable jailbreaks on newer firmware.
New Kernel-Level Developments
Poopsploit Kernel Exploit (Emerging Public Topic)
One of the most discussed recent developments in the scene is a kernel vulnerability referred to as “Poopsploit”, which is the community nickname for the NETC (ExploitNetControlI) kernel exploit attributed to developer TheFloW. This exploit has generated significant attention because it appears to be a true kernel-level vulnerability that could extend usable jailbreak capabilities beyond what was previously public. On PS4, Poopsploit (combined with BD-JB/GOLDHEN tooling) has been demonstrated running on firmware as high as 13.00, showing that the underlying bug is exploitable and real. For PS5, community chatter and tester reports suggest that Poopsploit may affect higher firmware versions (around the 12.00 range), and discussions indicate work toward making it chainable with userland entry points like Y2JB or BD-JB.
Importantly, there is currently NO widely released public payload or complete jailbreak workflow for PS5 using Poopsploit. What exists today is community discussion, early PoC testing, and hints from developers. As more testers experiment and tools are refined, Poopsploit remains one of the highest-priority vectors being watched for future jailbreak chains.
Y2JB (YouTube Jailbreak) - Full Jailbreak Chain in Practice
Y2JB continues to be the most widely discussed modern entry point and has evolved beyond a simple userland exploit in practical use. Running through the PS5 YouTube app, Y2JB triggers code execution on supported firmwares and, when paired with the Y2JB Autoloader and updated payloads, can automatically inject the full exploit chain.
With the Autoloader (such as the ps5_y2jb_autoloader project), users place their payload files, including kernel exploit scripts (like Lapse), etaHEN toolbox binaries, and kstuff payloads, into a USB or internal directory. When YouTube launches and Y2JB fires, the Autoloader reads the payload list and loads them in sequence, providing a near-automatic complete jailbreak experience. Users in the scene report that this method can bring up debug settings, load etaHEN, and run decrypted content without needing external payload senders in real-time.
In community testing, Autoloader setups have shown consistent success across firmware ranges where kernel exploits and compatible etaHEN/kstuff builds exist, making Y2JB one of the most usable practical jailbreak paths today so long as all chain components are present and configured correctly.
Netflix-N-Hack development continues quietly with incremental refinements.
Recent work has focused on more reliable multi-stage payload loading, expanded NVMe image handling, and improved access to certain debug settings late in the chain.
Netflix-N-Hack remains an important alternate entry point for users who cannot use disc-based exploits and where Y2JB is not ideal. Sources indicate that this exploit chain has been confirmed to function on firmwares from 4.03 all the way up to 9.60.
Lapse Kernel Exploit (Status)
Lapse, the double-free-based kernel exploit disclosed earlier in the year, remains one of the primary kernel vulnerabilities under active testing. Public chains and testing indicate practical use on firmwares up to around 10.01, where full exploit chains can be aligned.
Work continues on stabilizing and pairing Lapse with newer userland entries, but there is no confirmed public chain for firmwares above that range yet.
BD-JB and Legacy Chains
BD-JB remains the most dependable exploit path for firmware up to 7.61 on disc-based consoles. Loader ISOs and ELF delivery tools continue to mature, making this range especially stable for users who prefer disc-based jailbreaks.
UMTX2 & Older Chains
UMTX2 remains the standard kernel exploit for firmwares 1.00–5.50. While largely a legacy path, it remains fully functional and well-supported by modern host tooling.
kstuff - Core Component & How It Interacts With Other Jailbreaks
kstuff is one of the core homebrew toolkit components in the modern PS5 jailbreak ecosystem. Originally created by Sleirsgoevy and maintained by developers like Echo Stretch, kstuff provides the low-level patches that enable debug settings, homebrew features, bypasses, and entitlement checks once a kernel exploit and userland access are already in place. Early builds of kstuff added support for firmwares like 5.10 and 5.50, and recent versions (such as 1.6.4) expanded compatibility across the entire 3.00–9.60 range with progress toward support on 10.00–10.01 using version 1.6.6.
kstuff works as part of the larger payload stack and is typically loaded after a successful entry point (like Y2JB, Lua, BD-JB, or other exploits) and after any kernel exploit such as Lapse is triggered. When running under tools like the Y2JB Autoloader, kstuff is often included automatically along with etaHEN and other payloads. The Autoloader’s flexibility allows users to specify exactly which payloads (including kstuff.elf) are launched in sequence, and common practice places kstuff near or at the end of that list so that debug features and game support are established once the kernel and toolbox layers are active.
etaHEN Toolbox & Cheats
etaHEN development continues steadily, with recent builds improving stability, memory handling, and cheat integration. For users already running a kernel-enabled environment, etaHEN now provides a smoother day-to-day experience.
App Dumper 1.06B
App Dumper 1.06B adds improved automation for ELF preparation, fake signing, and backup packaging. This reduces the amount of manual PC-side work required to prepare PS5 backups for loaders such as Itemzflow and kstuff runners.
Experimental & Research Tracks:
Kernel PoC for ≤10.x
A public proof-of-concept based on TheFloW’s disclosed kernel vulnerability demonstrates controlled thread races and use-after-free behavior at known offsets. While not a full jailbreak chain, it represents meaningful progress toward mid-range firmware exploitation.
Lua Userland Exploit Updates
Lua save-based entry points remain in active use. Integrated loader tools now allow chaining to ELF loaders and kernel payloads where supported. Lua remains an important alternate entry, especially for users who prefer file-based exploits over app-based ones.
PS VR2 on Exploited Consoles
PS VR2 Compatibility on Jailbroken Consoles
Community testing indicates that PS VR2 hardware can work on jailbroken PS5 systems when the base PS5 firmware supports the VR2 hardware and appropriate jailbreak toolchains (such as etaHEN) are loaded. Reports from scene users show successful VR2 detection and initial use after loading etaHEN on firmwares like 9.60 and 10.01, suggesting that VR2 works on higher PS5 jailbreakable firmwares where the console itself naturally recognizes the headset.
Minimum functional support in practice appears to be roughly around the 6.xx firmware range and above once etaHEN is active, although results vary by firmware version combinations and headset firmware. It’s also noted that if the VR2 headset firmware is newer than the PS5 firmware, the system may request an update before allowing use, so matching firmware versions between the headset and console is important for successful operation.
Shadow Mount – Toward Native Game Mounting
Shadow Mount has become one of the most discussed experimental tools in recent weeks.
Rather than acting as a traditional game launcher, Shadow Mount is designed as a background mounting payload that attempts to make decrypted PS5 game dumps appear directly in the system’s normal game library, without relying on Itemzflow or manual mounting steps.
In practice, Shadow Mount hooks into the game mounting process once kernel access and decrypted dumps are available, attempts to present backups as if they were native installed titles, and reduces reliance on separate launchers in some setups.
It is important to note that Shadow Mount is still experimental. Reports indicate mixed reliability depending on firmware, dump format, and toolchain, with some titles showing lock icons or requiring manual intervention.
While not yet a universal replacement for Itemzflow or other loaders, Shadow Mount represents an important step toward a more native backup experience on exploited PS5 systems.
A53 / MP4 Secure Processor Research – Long-Term Work
The PS5’s secure subsystem includes an ARM Cortex-A53 core often referred to as the MP4 or A53 secure processor, responsible for secure boot, key handling, and protected system services.
In 2025, tools were released that allow dumping of the A53 firmware (a53.elf) from retail consoles, and multiple dumps are now publicly available. This work provides researchers with direct visibility into the code running on the secure processor.
These dumps are now being actively reverse-engineered to better understand secure boot flow, encryption and key handling, and trust boundaries between the kernel and secure world.
It is important to emphasize that this work has not yet produced a practical exploit or bypass. No public method exists today to run arbitrary code on the A53 or bypass its protections on retail hardware.
However, this research is widely considered foundational. A deeper understanding of the secure processor is likely necessary for any future advances in more complete FPkg support, deeper decryption, and long-term platform control.
This remains a long-term research track, not an imminent jailbreak vector.
What Works by Firmware Range
Firmware ≤ 5.50
UMTX2 + etaHEN remains the most complete chain.
Firmware 6.00–7.61
BD-JB remains the most stable disc-based exploit path.
Firmware 8.xx
kstuff-based environments are increasingly practical with kernel access.
Firmware 9.00–10.01
Y2JB userland + Lapse remains the most active combined approach.
Firmware 10.40+
Userland entries are available on many builds, but no public kernel exploit is yet available.
Firmware 11.00–12.00
No public kernel exploit. Userland access only; full jailbreak remains unavailable.
December 2025 and early January 2026 show the PS5 jailbreak scene in a phase of refinement rather than sudden breakthroughs. Userland entries are becoming more reliable, tooling is improving steadily, and experimental work is laying important groundwork for the future.
If you want a single, practical takeaway: lower firmware still provides the most complete jailbreak experience today, while higher firmware work remains active but experimental. Progress continues on multiple fronts, but universal late-firmware jailbreaks remain a work in progress.
Hack everything, Hack the world
