Tutorial  Updated

PS5 Exploit Guide

PS5 HACK STATUS:

Recommended FW: 4.51 for etaHEN or HV exploit.
Highest Hypervisor exploit: 1.00-4.51 (FlatZ confirmed)
Highest Public Hypervisor exploit: 1.xx-2.50/2.70 (byepervisor by Specter dev)
Highest public kernel exploit: 5.50 UMTX
Highest private kernel exploit:
*7.61 UMTX*
KEX offsets found: 1.00-5.50
Highest webkit entry point: 5.XX
Mast1C0re entrypoint: 7.61 (for PS2 backups)
Highest BD-JB entrypoint: 7.61
Highest Lua entrypoint: 7.61
Homebrew Enabler: etaHEN (3.XX-4.5X) latest
HERE
PS5 backup loading: Itemzflow for 3.XX-4.5X HERE
PS4 backup loading: FPKG Enabler 2.XX-4.5X (rest mode & backports work, can crash).
PS5debug released:
HERE
PS5 trainers/cheats: Work
PS5 dumper: 3.XX-4.5X works with most games, use Itemzflow
(Dumps need rebuilding/cracking to avoid crashing)

UART:
HERE
Full chain exploit: 1.00-2.70 (byepervisor)
PSN access: NEVER
Latest OFW: 10.20 (23/10/24)
Latest beta OFW: 10.00 b2 (25/07/24)
OFW Updates:
HERE
Legit PKG Updates: HERE

https://github.com/PS5Dev/PS5-UMTX-Jailbreak/releases/tag/v1.2

UMTX 1.2 exploit works on 1.00-5.xx with WebKit:
https://zecoxao.github.io/umtx/ or https://es7in1.site/ (payloads not working on 5.xx yet)

UMTX 6.xx-7.61 will require a new webkit exploit for digital consoles

PS5 Itemzflow compatibility list:

Recommended hosts:
AL-AZIF WEB HOST:
DNS 1: 165.227.83.145
DNS 2: 192.241.221.79

https://cthugha.thegate.network/
https://ithaqua.thegate.network/

NOMADIC20000 HOST:
DNS 1: 62.210.38.117

(Leave DNS 2 blank)
http://es7in1.site/
https://zecoxao.github.io/ps5jb/

https://ps5jb.pages.dev/
https://sleirsgoevy.github.io/ps4jb2/ps5-403/index.html

PS5 game updates: https://psxpatches.com/

Summarised OFW/Model guide: HERE

1.XX-7.61 game compatibility list: HERE

Update OFW manually via USB by getting the firmware file from HERE and installing from <USB>:/PS5/UPDATE/PS5UPDATE.PUP

SYSTEM UPDATES:
7.61 SYS MD5: d5eca8b171a8d7df7ba225167f77e645 (ready for exploit)
6.50 SYS MD5: 98db854ba47a75dff0cb09355bca9025 (ready for exploit)
5.50 SYS MD5: edb3513ec531b2bd28f3a0b52a82a54f (exploited)
4.51 SYS MD5: 1330b7bf63bf5c93d809b1eb1f4e1f01 (exploited)
4.03 SYS MD5: 3716e4e6e0d223cd94cd4a8e5bd4fb94 (exploited)

RECOVERY UPDATES (wipes all data):

7.61 REC MD5: 932f24e934723050fe49561b67e95226 (ready for exploit)
6.50 REC MD5: 4305223c12bd6dda9b944c0ee49c94c0 (ready for exploit)
5.50 REC MD5: c939ac8b37e07bbc129816a61002d30a (exploited)
4.51 REC MD5: da78ca268da90a963d89b0f45db0f061 (exploited)
4.03 REC MD5: e6dcc800d8d1dcada4f2bcd6e7ff162c (exploited)


OFW 1.xx runs PS4 games up to 7.50
OFW 2.xx runs PS4 games up to 8.03
OFW 3.xx runs PS4 games up to 8.52
OFW 4.xx runs PS4 games up to 9.04
OFW 5.xx runs PS4 games up to 9.60
OFW 6.xx runs PS4 games up to 10.50
OFW 7.xx runs PS4 games up to 11.00
OFW 8.xx/9.xx runs PS4 games up to 11.50

PS4 backported FPKGs work perfectly on PS5.

To determine your OFW version:
Go to settings > system > console information.

Version string info:
Year.Half (1st/2nd half of the year)-Major Version No.Minor Version No.Extended info-Further Info.Retail/Debug

21.02-04.03.00.00-00.00.00.0.1

First BD-J + Kernel access exploit provided by Sleirsgoevy (29/9/22)


Note: There are several USERLAND exploits, a couple of KERNEL exploits, and there is now a public HYPERVISOR exploits available for 1.xx-2.70 to complete the full exploit chain (23/10/24).

Recently Flatz confirmed he has developed his own HV exploit (1.xx-4.51 which is kept private) which was chained from a PS4 save game, and has successfully dumped PlayStation Secure Processor (27/07/23).


As of August 4th 2022: We can now install PS4/PS5 PKG games and updates (and by extension FPKGs) however official PKGs cannot be run unless you legitimately owned them previously digitally and have a licence for them on your current console, or if you own the disc (for update pkgs).

As of October 6th PS4 FPKG can be played on 4.03 OFW thanks to Sliersgoevy FPKG enabler!

Payload: https://gbatemp.net/download/4-03-fpkg-enabler-hen.38248/

As of October 21st PS4 FPKG can be played on 4.50 thanks to cheburek3000 porting offsets.

Payload: https://gbatemp.net/download/4-50-fpkg-enabler-hen.38279/

As of October 25th theflow0 fixes BD-J path traversal and native code execution for 7.61
https://x.com/theflow0/status/1717088032031982066?s=46&t=PIYQV4jmWEyCbVfx3Nx26g

As of November 4th ktuff is fixed for 4.51:

Payload: https://gbatemp.net/download/fpkg-enabler-4-51-hen.38306/

Nov 7th PS5 backups loaded via Itemzflow by Lightningmodz and Echostretch. Fully decrypted dumps require system files bundled into them in order to run without crashing with Libhijacker (no hen required), details here: https://gbatemp.net/threads/ps5-exploit-guide.613891/page-109#post-10290677

As of November 30th ps5debug has been released by SiSTR0: https://github.com/GoldHEN/ps5debug
Mirror: https://gbatemp.net/download/ps5debug.38333/

Dec 1st: first PS5 trainer (Dark Souls) is completed ready for the imminent release of REAPER Multi Trainer II by CTN.

Dec 25th: PS5 back up loading via ITEMZFLOW now released: https://pkg-zone.com/details/ITEM00001

As of Jan 2nd 2024 Sleirsgoevy has ported K-Stuff offsets for 3.xx firmwares.

As of Jan 4th 2024 LM had added 3.XX Kstuff to Itemzflow meaning 3.XX-4.51 is now supported for PS4/PS5 backups and dumping.


Oct 8th 2024: BD-JB + Kernel works on 7.61 thanks to user Hammer.
1: Never enable IDU mode.
If you do you will need to enter staff mode by holding L1 + L2 and tapping this combo: circle, cross, square, triangle, right D-Pad. Release L1 + L2 and you can access settings to exit IDU.

2: Try to stay on the lowest FW possible and wait it out for hacks on that firmware.

3: PS5 FPKGs cannot work as a hack for the a53 processor does not publicly exist to enable PS5 content as FPKG/PKG.

4: Installing legit game PKGs you do not own will not work, even if spoofed.

5: If you get stuck in a boot loop at the PS logo, this means the SNVS is corrupted (if hash check fails on boot this causes a “soft brick”).

It’s not “bricked”, just reinstall your current firmware RECOVERY PUP in safe mode!

USB: PS5 > UPDATE > PS5UPDATE.PUP

WEBKIT EXPLOIT:
Webkit > Kernel exploit chain for 3.00-4.51 via SpectreDev & ChendoChap:
https://github.com/Cryptogenic/PS5-4.03-Kernel-Exploit

https://github.com/ChendoChap/PS5-IPV6-Kernel-Exploit/tree/wip_branch

4.03 only: https://sleirsgoevy.github.io/ps4jb2/ps5-403/index.html

BD-JB EXPLOIT:
BD-JB > Kernel exploit chain for 4.51 via Sleirsgoevy:
https://github.com/sleirsgoevy/bd-jb/commit/159253464afde59c3007a706210bec65b91f38f3

PS2 CLASSICS EXPLOIT:
PS2 Classics > Userland via CTurt:
(Implementation by McCaulay)

Note: this is currently limited to swapping the loaded PS2 iso, or loading PS2 elf homebrew on PS5 (or PS4) for emulators or basic PS2 brew.

Mast1c0re PS2 exploit for PS2 homebrew:
https://cturt.github.io/mast1c0re.html

Mast1c0re part 2:
https://cturt.github.io/mast1c0re-2.html

Mast1c0re payload framework:
https://github.com/McCaulay/mast1c0re

Okrager save game exploit generator for Okage:
https://github.com/McCaulay/okrager

Mast1c0re payloader TCP Client GUI for PS5 6.50:
https://github.com/Master-s/PS4-PS5-Mast1c0re-Payloader/releases

TCP network ISO loader:
https://github.com/McCaulay/mast1c0re-ps2-network-elf-loader/releases

ExFat USB ISO loader:
https://github.com/McCaulay/mast1c0re-ps2-usb-game-loader/releases

4.03 PAYLOADS:
PS5 self dumper (Sleirsgoevy):
https://github.com/sleirsgoevy/ps4jb-payloads/tree/bd-jb/ps5-self-dumper

PS4 FPKG Enabler (Sleirsgoevy):
https://gbatemp.net/download/4-03-fpkg-enabler-hen.38248/

4.5X PAYLOADS:
(Coming soon)

MISC PAYLOADS + TOOLS:
PS5 version display payload by SiSTR0 (compiled by Logic-68):
https://github.com/logic-68/Portage_PS5Version_Mast1c0re/releases/tag/V1.0.0

Libhijacker (by Astrelsky):
https://github.com/astrelsky/libhijacker

60 FPS patches for Libhijacker (by illusion0001):
https://github.com/illusion0001/libhijacker
Console/exploit information:

PS5 SDK REPO:

https://github.com/PS5Dev

PS5 factory mode PUP installation path:
/usb/PROSPERO/UPDATE/PROSPEROUPDATE.PUP

You can install free/demo PKGS (legit pkgs) via debug pkg installer, providing you have all the files/json/licences required.

(Astro’s Playroom has no licences and can be installed and played from official pkgs and update up to 1.60)
 
Last edited by KiiWii,

lotnybartek

Well-Known Member
Newcomer
Joined
Jan 2, 2018
Messages
50
Trophies
1
Age
35
XP
458
Country
Poland
ps5-support-USB-ports-01-04nov20


So theoretical throughput is at a maximum level of 1250 megabytes / second.
 

Aftershock

Well-Known Member
Newcomer
Joined
Jun 15, 2012
Messages
55
Trophies
1
XP
424
Country
I have both sata ssd and nvme in a usb enclosure . For PS4 games there's virtually no difference, right?
Thats correct, the SATA will be just as quick for PS4 games. You will need to format the SSD as extended storage to use for PS4 games though. As far as I know there is no way to put on a normal exfat drive. There was a symlink tool back in the day on PS4 but I never used that. It would be interesting to know if you can point it to standard exfat drives. edit the app by stooged was called app2usb
 
Last edited by Aftershock,

ccfman2004

Well-Known Member
Member
Joined
Mar 5, 2008
Messages
2,965
Trophies
2
XP
3,754
Country
United States
Anyone have any issue plugging a PS4 Formatted USB external storage device into their PS5 while it is in jailbroken mode where the PS5 just crashes when you plug it in? If my PS5 is in retail mode I just get an error telling me to update my system.

On my PS4 in jailbroken mode it works just fine.
 

jammybudga777

Well-Known Member
Member
Joined
Aug 23, 2013
Messages
2,290
Trophies
1
Age
37
XP
2,319
Country
Anyone have any issue plugging a PS4 Formatted USB external storage device into their PS5 while it is in jailbroken mode where the PS5 just crashes when you plug it in? If my PS5 is in retail mode I just get an error telling me to update my system.

On my PS4 in jailbroken mode it works just fine.
Yes the same happened to me when I used my 6tb. I think for that to work you need to have an activated account on both ps4 and ps5. So instead I just formated it to the ps5 and started fresh
 

ccfman2004

Well-Known Member
Member
Joined
Mar 5, 2008
Messages
2,965
Trophies
2
XP
3,754
Country
United States
Yes the same happened to me when I used my 6tb. I think for that to work you need to have an activated account on both ps4 and ps5. So instead I just formatted it to the ps5 and started fresh
I do have an activated account on both systems. It's even the same account as I've used both systems on PSN before.
 

ccfman2004

Well-Known Member
Member
Joined
Mar 5, 2008
Messages
2,965
Trophies
2
XP
3,754
Country
United States
I was assuming that it would work. But I guess there is some other issues too it. Tbh I just restarted mine. It didn't take too long over the space of a week
I'm copying everything back to my 9.00 PS4 since it works there. Good thing I installed a 4TB SSD in it years ago. Then I can reformat it and try again. I can only assume that whatever the jailbreak stuff on the PS4 is doing to allow the drive to work without updating the PS4 system software isn't working on the PS5, yet.
 

KiiWii

Editorial Team
OP
Editorial Team
Joined
Nov 17, 2008
Messages
17,190
Trophies
3
Website
defaultdnb.github.io
XP
29,578
Country
United Kingdom
Anyone have any issue plugging a PS4 Formatted USB external storage device into their PS5 while it is in jailbroken mode where the PS5 just crashes when you plug it in? If my PS5 is in retail mode I just get an error telling me to update my system.

On my PS4 in jailbroken mode it works just fine.
8.50+ formatted drives need a kernel patch (this is done in GoldHEN on ps4) but it probably hasn’t been configured yet for ps5?

Are you on 4.51 PS5 and 9.00 PS4?
 

ccfman2004

Well-Known Member
Member
Joined
Mar 5, 2008
Messages
2,965
Trophies
2
XP
3,754
Country
United States
8.50+ formatted drives need a kernel patch (this is done in GoldHEN on ps4) but it probably hasn’t been configured yet for ps5?

Are you on 4.51 PS5 and 9.00 PS4?
9.00 PS4 and 4.50 PS5. I stupidly plugged the drive into a PS5 that had a later system software version.
 
  • Like
Reactions: KiiWii

ccfman2004

Well-Known Member
Member
Joined
Mar 5, 2008
Messages
2,965
Trophies
2
XP
3,754
Country
United States
GoldHEN features
  • External HDD Support
  • Official External HDD Format Support
I guess these may need porting to FPKGenabler/etahen?

Unless I’m missing something?
If I try plugging in my 4TB HDD external in my 9.00 PS4 while GoldHEN is active it works and the PS4 doesn't complain about needing a system update. On the PS5, if it's plugged in during boot up it will tell me I need to update the system software. While etahen is active the PS5 crashes the second I plug the external in.

Does GoldHEN allow me to use a 240GB external or less or is it still limited to 256GB and higher.
 

hemi426

Well-Known Member
Member
Joined
Mar 16, 2018
Messages
495
Trophies
0
Age
44
XP
2,588
Country
Belgium
If I try plugging in my 4TB HDD external in my 9.00 PS4 while GoldHEN is active it works and the PS4 doesn't complain about needing a system update. On the PS5, if it's plugged in during boot up it will tell me I need to update the system software. While etahen is active the PS5 crashes the second I plug the external in.

Does GoldHEN allow me to use a 240GB external or less or is it still limited to 256GB and higher.
Just asking but I have a 1tb ssd do I need to format it on PS5 or as exfat to play PS4 games
Post automatically merged:

Does anyone actually know? Extended storage works for ps4 fpkg
I would like to know how to run ps4 fpkg off a USB on ps5
 
Last edited by hemi426,
  • Like
Reactions: schatzi24

Aftershock

Well-Known Member
Newcomer
Joined
Jun 15, 2012
Messages
55
Trophies
1
XP
424
Country
Just asking but I have a 1tb ssd do I need to format it on PS5 or as exfat to play PS4 games
Post automatically merged:

Does anyone actually know? Extended storage works for ps4 fpkg
I would like to know how to run ps4 fpkg off a USB on ps5
You'll have to format as extended storage on the PS5 to fun Ps4 fpkg's mate. PS5 games you can run on exfat through itemsflow.
 

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
  • No one is chatting at the moment.
    K3Nv2 @ K3Nv2: Wut @Xdqwerty didn't say good night +2