Tutorial  Updated

PS5 Exploit Guide

PS5 HACK STATUS:

Recommended FW: 4.03
Highest kernel exploit: 4.51
KEX offsets found: 3.00-4.51
Highest webkit entrypoint: 5.50
Mast1C0re entrypoint: 6.50 (PS2 brew)
BD-JB entrypoint: 7.61
HEN: etaHEN latest
HERE
PS5 backup loading: Itemzflow for 3.XX-4.5X HERE
PS4 backup loading: FPKG Enabler 3.XX-4.5X (rest mode & backports work, can crash).
Spoofing: 9.99
(Higher FW games won’t run without backport patch. Also breaks FW detection)

PS5debug released:
HERE
PS5 trainers/cheats: Work
PS5 dumper: 3.XX-4.5X works with most games, use Itemzflow
(Dumps need rebuilding/cracking to avoid crashing)

Full chain exploit: Not public (2.XX by FlatZ)
PSN access: NEVER
Latest FW: 9.00 (06/02/24)
OFW Updates:
HERE
Legit PKG Updates: HERE

PS5 Itemzflow compatibility list:

Recommended hosts:
AL-AZIF WEB HOST:
DNS 1: 165.227.83.145
DNS 2: 192.241.221.79

https://cthugha.thegate.network/
https://ithaqua.thegate.network/

NOMADIC20000 HOST:
DNS 1: 62.210.38.117

(Leave DNS 2 blank)
http://es7in1.site/
https://zecoxao.github.io/ps5jb/

https://ps5jb.pages.dev/
https://sleirsgoevy.github.io/ps4jb2/ps5-403/index.html

PS5 game updates: https://psxpatches.com/

Summarised OFW/Model guide: HERE

Update OFW manually via USB by getting the firmware file from HERE and installing from <USB>:/PS5/UPDATE/PS5UPDATE.PUP

4.51 SYS MD5: 1330b7bf63bf5c93d809b1eb1f4e1f01
4.50 SYS MD5: 74e80b800b90a6d01c4b2a25839b1ff5
4.03 SYS MD5: 3716e4e6e0d223cd94cd4a8e5bd4fb94
4.51 REC MD5: da78ca268da90a963d89b0f45db0f061
4.50 REC MD5: 934bbc448321fdc5b4f6e2984bbe1d1b
4.03 REC MD5: e6dcc800d8d1dcada4f2bcd6e7ff162c


PS5 OFW 3.xx runs PS4 games up to 8.50
PS5 OFW 4.xx runs PS4 games up to 9.00

PS4 backported FPKGs work perfectly on PS5.

To determine your OFW version:
Go to settings > system > console information.

Version string info:
Year.Half (1st/2nd half of the year)-Major Version No.Minor Version No.Extended info-Further Info.Retail/Debug

21.02-04.03.00.00-00.00.00.0.1

First BD-J + Kernel access exploit provided by Sleirsgoevy (29/9/22)

Note: Though there are three USERLAND exploits and one KERNEL exploit, there are no public HYPERVISOR exploits available to complete the full exploit chain. A hypervisor exploit was rumoured to be held in private that only works on <3.00 firmware, and recently Flatz confirmed he has developed his own 2.50 HV exploit (kept private) which was chained from a PS4 save game, and has successfully dumped PlayStation Secure Processor (27/07/23).

As of August 4th 2022: We can now install PS4/PS5 PKG games and updates (and by extension FPKGs) however official PKGs cannot be run unless you legitimately owned them previously digitally and have a licence for them on your current console, or if you own the disc (for update pkgs).

As of October 6th PS4 FPKG can be played on 4.03 OFW thanks to Sliersgoevy FPKG enabler!

Payload: https://gbatemp.net/download/4-03-fpkg-enabler-hen.38248/

As of October 21st PS4 FPKG can be played on 4.50 thanks to cheburek3000 porting offsets.

Payload: https://gbatemp.net/download/4-50-fpkg-enabler-hen.38279/

As of October 25th theflow0 fixes BD-J path traversal and native code execution for 7.61
https://x.com/theflow0/status/1717088032031982066?s=46&t=PIYQV4jmWEyCbVfx3Nx26g

As of November 4th ktuff is fixed for 4.51:

Payload: https://gbatemp.net/download/fpkg-enabler-4-51-hen.38306/

Nov 7th PS5 backups loaded via Itemzflow by Lightningmodz and Echostretch. Fully decrypted dumps require system files bundled into them in order to run without crashing with Libhijacker (no hen required), details here: https://gbatemp.net/threads/ps5-exploit-guide.613891/page-109#post-10290677

As of November 30th ps5debug has been released by SiSTR0: https://github.com/GoldHEN/ps5debug
Mirror: https://gbatemp.net/download/ps5debug.38333/

Dec 1st: first PS5 trainer (Dark Souls) is completed ready for the imminent release of REAPER Multi Trainer II by CTN.

Dec 25th: PS5 back up loading via ITEMZFLOW now released: https://pkg-zone.com/details/ITEM00001

As of Jan 2nd 2024 Sleirsgoevy has ported K-Stuff offsets for 3.xx firmwares.

As of Jan 4th 2024 LM had added 3.XX Kstuff to Itemzflow meaning 3.XX-4.51 is now supported for PS4/PS5 backups and dumping.
1: Never enable IDU mode.
If you do you will need to enter staff mode by holding L1 + L2 and tapping this combo: circle, cross, square, triangle, right D-Pad. Release L1 + L2 and you can access settings to exit IDU.

2: Try to stay on the lowest FW possible and wait it out for hacks.

If you are on 1.XX-2.XX do not update at all, it may take years but HV exploit exists in private for this firmware range.
If you are on 3.XX-4.02: the advice is to update to 4.03, but don’t be tempted to update to 4.51 yet.

3: PS5 FPKGs won’t work as HEN and HV/kernel patches do not publicly exist for PS5 content yet.

4: Installing legit game PKGs you do not own will not work, even if spoofed.

5: If you get stuck in a boot loop at the PS logo, this means the SNVS is corrupted (if hash check fails on boot this causes a “soft brick”).

It’s not “bricked”, just reinstall your current firmware RECOVERY PUP in safe mode!

USB: PS5 > UPDATE > PS5UPDATE.PUP

WEBKIT EXPLOIT:
Webkit > Kernel exploit chain for 3.00-4.51 via SpectreDev & ChendoChap:
https://github.com/Cryptogenic/PS5-4.03-Kernel-Exploit

https://github.com/ChendoChap/PS5-IPV6-Kernel-Exploit/tree/wip_branch

4.03 only: https://sleirsgoevy.github.io/ps4jb2/ps5-403/index.html

BD-JB EXPLOIT:
BD-JB > Kernel exploit chain for 4.51 via Sleirsgoevy:
https://github.com/sleirsgoevy/bd-jb/commit/159253464afde59c3007a706210bec65b91f38f3

PS2 CLASSICS EXPLOIT:
PS2 Classics > Userland via CTurt:
(Implementation by McCaulay)

Note: this is currently limited to swapping the loaded PS2 iso, or loading PS2 elf homebrew on PS5 (or PS4) for emulators or basic PS2 brew.

Mast1c0re PS2 exploit for PS2 homebrew:
https://cturt.github.io/mast1c0re.html

Mast1c0re part 2:
https://cturt.github.io/mast1c0re-2.html

Mast1c0re payload framework:
https://github.com/McCaulay/mast1c0re

Okrager save game exploit generator for Okage:
https://github.com/McCaulay/okrager

Mast1c0re payloader TCP Client GUI for PS5 6.50:
https://github.com/Master-s/PS4-PS5-Mast1c0re-Payloader/releases

TCP network ISO loader:
https://github.com/McCaulay/mast1c0re-ps2-network-elf-loader/releases

ExFat USB ISO loader:
https://github.com/McCaulay/mast1c0re-ps2-usb-game-loader/releases

4.03 PAYLOADS:
RET.BIN (Hello world payload by Zeco): https://www17.zippyshare.com/v/awY1gGiJ/file.html

FTP.BIN (by Zeco)
https://www102.zippyshare.com/v/244hmTgp/file.html

PS5 self dumper (Sleirsgoevy):
https://github.com/sleirsgoevy/ps4jb-payloads/tree/bd-jb/ps5-self-dumper

PS4 FPKG Enabler (Sleirsgoevy):
https://gbatemp.net/download/4-03-fpkg-enabler-hen.38248/

4.5X PAYLOADS:
(Coming soon)

MISC PAYLOADS + TOOLS:
PS5 version display payload by SiSTR0 (compiled by Logic-68):
https://github.com/logic-68/Portage_PS5Version_Mast1c0re/releases/tag/V1.0.0

Libhijacker (by Astrelsky):
https://github.com/astrelsky/libhijacker

60 FPS patches for Libhijacker (by illusion0001):
https://github.com/illusion0001/libhijacker
Console/exploit information:

PS5 SDK REPO:

https://github.com/PS5Dev

PS5 factory mode PUP installation path:
/usb/PROSPERO/UPDATE/PROSPEROUPDATE.PUP

You can install free/demo PKGS (legit pkgs) via debug pkg installer, providing you have all the files/json/licences required.

(Astro’s Playroom has no licences and can be installed and played from official pkgs and update up to 1.60)
 
Last edited by KiiWii,

KiiWii

Editorial Team
OP
Editorial Team
Joined
Nov 17, 2008
Messages
16,511
Trophies
3
Website
defaultdnb.github.io
XP
26,666
Country
United Kingdom
Directory structure of a PS5 game for reference:

C06A3314-E5E7-4E59-81D6-F648792FB835.png

Props @canaltechniqueza here

I'll explain how I did it!
1- get a hd format on ps5 as extended
2- move the content to the extended hd
3- connect the hd to the ps4 jailbreak
4- open ftp and you will see and be able to copy the files

 
Last edited by KiiWii,

KiiWii

Editorial Team
OP
Editorial Team
Joined
Nov 17, 2008
Messages
16,511
Trophies
3
Website
defaultdnb.github.io
XP
26,666
Country
United Kingdom
PS5 addresses to block to avoid updates:

duk01.ps5.update.playstation.net
fuk01.ps5.update.playstation.net
dus01.ps5.update.playstation.net
fus01.ps5.update.playstation.net
feu01.ps5.update.playstation.net
dau01.ps5.update.playstation.net
fau01.ps5.update.playstation.net
djp01.ps5.update.playstation.net
fjp01.ps5.update.playstation.net
sgst.prod.dl.playstation.net

Props Moddedwarfare :grog:
 

askanison42

Member
Newcomer
Joined
Oct 20, 2018
Messages
8
Trophies
0
Age
46
XP
61
Country
United States
I am kind if curious. I work in electronics repair for a company. A few months ago a PS banned unit rolled through. Would a PS5 even tho banned from PS be used for exploit purposes only?
 

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
  • Veho @ Veho:
    And possibly antifungals, I've heard what Juan does...
    +1
  • K3Nv2 @ K3Nv2:
    It's way past medicine cure at this point
  • Veho @ Veho:
    I'm not talking about her mental health.
  • Veho @ Veho:
    That's irreversible now.
  • K3Nv2 @ K3Nv2:
    The Juan affect on your mind
  • Xdqwerty @ Xdqwerty:
    kill juan
  • K3Nv2 @ K3Nv2:
    Nah just call Trump on him
    +1
  • BigOnYa @ BigOnYa:
    I've never understood that foot fetish of his, feet are just nasty!
    +1
  • Xdqwerty @ Xdqwerty:
    other body parts are better
  • K3Nv2 @ K3Nv2:
    Crows feet
  • BigOnYa @ BigOnYa:
    Camel Toes
  • Xdqwerty @ Xdqwerty:
    arms
  • Veho @ Veho:
    Armpits.
    +1
  • K3Nv2 @ K3Nv2:
    4th hole
    +2
  • HiradeGirl @ HiradeGirl:
    I already bought Clotrimazole for my armpits.
  • HiradeGirl @ HiradeGirl:
    Thanks.
  • HiradeGirl @ HiradeGirl:
    How are you doing today?
  • Xdqwerty @ Xdqwerty:
    kinda better
  • Xdqwerty @ Xdqwerty:
    but still not good
  • Xdqwerty @ Xdqwerty:
    I even got a stomachache a few half hours ago
  • Xdqwerty @ Xdqwerty:
    though the stomachache ended
  • Veho @ Veho:
    Stomachachachache.
  • Xdqwerty @ Xdqwerty:
    cha cha cha
    Xdqwerty @ Xdqwerty: cha cha cha