Tutorial  Updated

PS5 Exploit Guide

PS5 HACK STATUS:

Recommended FW: 4.51 for etaHEN or HV exploit.
Highest Hypervisor exploit: 1.00-4.51 (FlatZ confirmed)
Highest Public Hypervisor exploit: 1.xx-2.50/2.70 (byepervisor by Specter dev)
Highest public kernel exploit: 5.50 UMTX
Highest private kernel exploit: *7.61 UMTX*
KEX offsets found: 1.00-5.50
Highest webkit entry point: 5.XX
Mast1C0re entrypoint: 7.61 (for PS2 backups)
Highest BD-JB entrypoint: 7.61
Highest Lua entrypoint: 7.61
Homebrew Enabler: etaHEN (3.XX-4.5X) latest HERE
PS5 backup loading: Itemzflow for 3.XX-4.5X HERE
PS4 backup loading: FPKG Enabler 2.XX-4.5X (rest mode & backports work, can crash).
PS5debug released: HERE
PS5 trainers/cheats: Work
PS5 dumper: 3.XX-4.5X works with most games, use Itemzflow
(Dumps need rebuilding/cracking to avoid crashing)
UART: HERE
Full chain exploit: 1.00-2.70 (byepervisor)
PSN access: NEVER
Latest OFW: 10.20 (23/10/24)
Latest beta OFW: 10.00 b2 (25/07/24)
OFW Updates: HERE
Legit PKG Updates: HERE

https://github.com/PS5Dev/PS5-UMTX-Jailbreak/releases/tag/v1.2

UMTX 1.2 exploit works on 1.00-5.xx with WebKit:
https://zecoxao.github.io/umtx/ or https://es7in1.site/ (payloads not working on 5.xx yet)

UMTX 6.xx-7.61 will require a new webkit exploit for digital consoles

PS5 Itemzflow compatibility list:
Recommended hosts:
AL-AZIF WEB HOST:
DNS 1: 165.227.83.145
DNS 2: 192.241.221.79

https://cthugha.thegate.network/
https://ithaqua.thegate.network/

NOMADIC20000 HOST:
DNS 1: 62.210.38.117
(Leave DNS 2 blank)
http://es7in1.site/
https://zecoxao.github.io/ps5jb/
https://ps5jb.pages.dev/
https://sleirsgoevy.github.io/ps4jb2/ps5-403/index.html

PS5 game updates: https://psxpatches.com/

Summarised OFW/Model guide: HERE

1.XX-7.61 game compatibility list: HERE

Update OFW manually via USB by getting the firmware file from HERE and installing from <USB>:/PS5/UPDATE/PS5UPDATE.PUP

SYSTEM UPDATES:
7.61 SYS MD5: d5eca8b171a8d7df7ba225167f77e645 (ready for exploit)
6.50 SYS MD5: 98db854ba47a75dff0cb09355bca9025 (ready for exploit)
5.50 SYS MD5: edb3513ec531b2bd28f3a0b52a82a54f (exploited)
4.51 SYS MD5: 1330b7bf63bf5c93d809b1eb1f4e1f01 (exploited)
4.03 SYS MD5: 3716e4e6e0d223cd94cd4a8e5bd4fb94 (exploited)

RECOVERY UPDATES (wipes all data):
7.61 REC MD5: 932f24e934723050fe49561b67e95226 (ready for exploit)
6.50 REC MD5: 4305223c12bd6dda9b944c0ee49c94c0 (ready for exploit)
5.50 REC MD5: c939ac8b37e07bbc129816a61002d30a (exploited)
4.51 REC MD5: da78ca268da90a963d89b0f45db0f061 (exploited)
4.03 REC MD5: e6dcc800d8d1dcada4f2bcd6e7ff162c (exploited)

PS5 OFW 1.xx runs PS4 games up to 7.50
PS5 OFW 2.xx runs PS4 games up to 8.00
PS5 OFW 3.xx runs PS4 games up to 8.50
PS5 OFW 4.xx runs PS4 games up to 9.00

PS4 backported FPKGs work perfectly on PS5.

To determine your OFW version:
Go to settings > system > console information.

Version string info:
Year.Half (1st/2nd half of the year)-Major Version No.Minor Version No.Extended info-Further Info.Retail/Debug

21.02-04.03.00.00-00.00.00.0.1

First BD-J + Kernel access exploit provided by Sleirsgoevy (29/9/22)


Note: There are several USERLAND exploits, a couple of KERNEL exploits, and there is now a public HYPERVISOR exploits available for 1.xx-2.70 to complete the full exploit chain (23/10/24).

Recently Flatz confirmed he has developed his own HV exploit (1.xx-4.51 which is kept private) which was chained from a PS4 save game, and has successfully dumped PlayStation Secure Processor (27/07/23).


As of August 4th 2022: We can now install PS4/PS5 PKG games and updates (and by extension FPKGs) however official PKGs cannot be run unless you legitimately owned them previously digitally and have a licence for them on your current console, or if you own the disc (for update pkgs).

As of October 6th PS4 FPKG can be played on 4.03 OFW thanks to Sliersgoevy FPKG enabler!

Payload: https://gbatemp.net/download/4-03-fpkg-enabler-hen.38248/

As of October 21st PS4 FPKG can be played on 4.50 thanks to cheburek3000 porting offsets.

Payload: https://gbatemp.net/download/4-50-fpkg-enabler-hen.38279/

As of October 25th theflow0 fixes BD-J path traversal and native code execution for 7.61
https://x.com/theflow0/status/1717088032031982066?s=46&t=PIYQV4jmWEyCbVfx3Nx26g

As of November 4th ktuff is fixed for 4.51:

Payload: https://gbatemp.net/download/fpkg-enabler-4-51-hen.38306/

Nov 7th PS5 backups loaded via Itemzflow by Lightningmodz and Echostretch. Fully decrypted dumps require system files bundled into them in order to run without crashing with Libhijacker (no hen required), details here: https://gbatemp.net/threads/ps5-exploit-guide.613891/page-109#post-10290677

As of November 30th ps5debug has been released by SiSTR0: https://github.com/GoldHEN/ps5debug
Mirror: https://gbatemp.net/download/ps5debug.38333/

Dec 1st: first PS5 trainer (Dark Souls) is completed ready for the imminent release of REAPER Multi Trainer II by CTN.

Dec 25th: PS5 back up loading via ITEMZFLOW now released: https://pkg-zone.com/details/ITEM00001

As of Jan 2nd 2024 Sleirsgoevy has ported K-Stuff offsets for 3.xx firmwares.

As of Jan 4th 2024 LM had added 3.XX Kstuff to Itemzflow meaning 3.XX-4.51 is now supported for PS4/PS5 backups and dumping.


Oct 8th 2024: BD-JB + Kernel works on 7.61 thanks to user Hammer.
1: Never enable IDU mode.
If you do you will need to enter staff mode by holding L1 + L2 and tapping this combo: circle, cross, square, triangle, right D-Pad. Release L1 + L2 and you can access settings to exit IDU.

2: Try to stay on the lowest FW possible and wait it out for hacks on that firmware.

3: PS5 FPKGs cannot work as a hack for the a53 processor does not publicly exist to enable PS5 content as FPKG/PKG.

4: Installing legit game PKGs you do not own will not work, even if spoofed.

5: If you get stuck in a boot loop at the PS logo, this means the SNVS is corrupted (if hash check fails on boot this causes a “soft brick”).

It’s not “bricked”, just reinstall your current firmware RECOVERY PUP in safe mode!

USB: PS5 > UPDATE > PS5UPDATE.PUP

WEBKIT EXPLOIT:
Webkit > Kernel exploit chain for 3.00-4.51 via SpectreDev & ChendoChap:
https://github.com/Cryptogenic/PS5-4.03-Kernel-Exploit

https://github.com/ChendoChap/PS5-IPV6-Kernel-Exploit/tree/wip_branch

4.03 only: https://sleirsgoevy.github.io/ps4jb2/ps5-403/index.html

BD-JB EXPLOIT:
BD-JB > Kernel exploit chain for 4.51 via Sleirsgoevy:
https://github.com/sleirsgoevy/bd-jb/commit/159253464afde59c3007a706210bec65b91f38f3

PS2 CLASSICS EXPLOIT:
PS2 Classics > Userland via CTurt:
(Implementation by McCaulay)

Note: this is currently limited to swapping the loaded PS2 iso, or loading PS2 elf homebrew on PS5 (or PS4) for emulators or basic PS2 brew.

Mast1c0re PS2 exploit for PS2 homebrew:
https://cturt.github.io/mast1c0re.html

Mast1c0re part 2:
https://cturt.github.io/mast1c0re-2.html

Mast1c0re payload framework:
https://github.com/McCaulay/mast1c0re

Okrager save game exploit generator for Okage:
https://github.com/McCaulay/okrager

Mast1c0re payloader TCP Client GUI for PS5 6.50:
https://github.com/Master-s/PS4-PS5-Mast1c0re-Payloader/releases

TCP network ISO loader:
https://github.com/McCaulay/mast1c0re-ps2-network-elf-loader/releases

ExFat USB ISO loader:
https://github.com/McCaulay/mast1c0re-ps2-usb-game-loader/releases

4.03 PAYLOADS:
PS5 self dumper (Sleirsgoevy):
https://github.com/sleirsgoevy/ps4jb-payloads/tree/bd-jb/ps5-self-dumper

PS4 FPKG Enabler (Sleirsgoevy):
https://gbatemp.net/download/4-03-fpkg-enabler-hen.38248/

4.5X PAYLOADS:
(Coming soon)

MISC PAYLOADS + TOOLS:
PS5 version display payload by SiSTR0 (compiled by Logic-68):
https://github.com/logic-68/Portage_PS5Version_Mast1c0re/releases/tag/V1.0.0

Libhijacker (by Astrelsky):
https://github.com/astrelsky/libhijacker

60 FPS patches for Libhijacker (by illusion0001):
https://github.com/illusion0001/libhijacker
Console/exploit information:

PS5 SDK REPO:
https://github.com/PS5Dev

PS5 factory mode PUP installation path:
/usb/PROSPERO/UPDATE/PROSPEROUPDATE.PUP

You can install free/demo PKGS (legit pkgs) via debug pkg installer, providing you have all the files/json/licences required.

(Astro’s Playroom has no licences and can be installed and played from official pkgs and update up to 1.60)

https://github.com/TheOfficialFloW/Presentations/blob/master/2022-hardwear-io-bd-jb.pdf

https://github.com/sleirsgoevy/bd-jb

https://github.com/psxdev/bd-jb (NOTE: File listing working up to 5.10)

/System mount payload elf for BD-J:
https://gbatemp.net/download/remount-system-with-write-permissions.37807/

https://github.com/john-tornblom/ps5-payload-sdk

https://github.com/john-tornblom/bdj-sdk/actions/workflows/bdjb.yml
 
Last edited by KiiWii,
  • Like
  • Love
  • Haha
Reactions: AlphaBravo, DaveLister, tchp123 and 59 others
Click to expand...
S

smf

Well-Known Member
Member
Level 16
Joined
Feb 23, 2009
Messages
6,743
Trophies
2
XP
6,102
Country
United Kingdom
AlphaBravo said:
Are you telling me I could have been playing a ps5 pro over half a year ago!? Sony be damned :P
Click to expand...
If it's any consolation. If they had started selling them at the rate they were manufacturing them, then they would all have ended up on ebay at 10k and you wouldn't have been able to buy one anyway.

edit:
My PS5 Pro is out for delivery....
 
Last edited by smf,
  • Like
Reactions: schatzi24 and KiiWii
AlphaBravo

AlphaBravo

Well-Known Member
Member
Level 5
Joined
Oct 9, 2018
Messages
117
Trophies
0
Age
42
XP
535
Country
United Kingdom
smf said:
If it's any consolation. If they had started selling them at the rate they were manufacturing them, then they would all have ended up on ebay at 10k and you wouldn't have been able to buy one anyway.
Click to expand...

£700 without disc drive feels like 10k at the moment. Just read the Eurogamer review on ps5 pro and despite being positive in part, I am struggling to justify spending £700. Now that review embargo is lifted by Sony, hope to see a lot more reviews and transformative results for both ps5 and PS4 games....
 
S

susi91

Well-Known Member
Member
Level 8
Joined
Sep 13, 2018
Messages
344
Trophies
1
XP
1,497
Country
Germany
Just bought a Pro at Amaz.
Shipping probably today... I hope I get one with 9.x. :unsure:
Going to skip the disk drive thing, guess we'll see a new webkit bug soon :wink:
 
F

FR0ZN

Well-Known Member
Member
Level 14
Joined
Nov 2, 2013
Messages
1,462
Trophies
3
Age
38
XP
4,336
Country
United States
Just got mine, preordered as soon as they became available in EU - it came on FW 9.60 :wacko:
I blurred some parts, if that doesn't suffice to identiy any manufacturing dates etc, let me know.
 

Attachments

  • 01.png
    01.png
    433.8 KB · Views: 1
  • 02.png
    02.png
    865.2 KB · Views: 1
  • 03.png
    03.png
    990 KB · Views: 1
  • 04.png
    04.png
    1 MB · Views: 1
  • Like
Reactions: madbrainx and Mc_Kuc
M

Mc_Kuc

Member
Newcomer
Level 2
Joined
Mar 6, 2024
Messages
20
Trophies
0
Age
31
XP
139
Country
Austria
KiiWii said:
Yeah, as I mentioned earlier a 9.05 has been found which indicates March/April manufacture date, which doesn’t align with the June thing.
Click to expand...
Whats the Serial Number?
Maybe they just forgot to update it and that is why the Serial does not match the FW. It should be S01-x143 or sth like that if FW 9.05 was out in march
 
S

smf

Well-Known Member
Member
Level 16
Joined
Feb 23, 2009
Messages
6,743
Trophies
2
XP
6,102
Country
United Kingdom
AlphaBravo said:
£700 without disc drive feels like 10k at the moment.
Click to expand...
£695 from EE

Though getting a drive now seems like an impossible task. At least with a drive you can buy used games. Which I think skews Sony's sales figures "look 90% of game sales are digital"... What about the physical games that are played and resold? "They don't exist"
 
  • Like
Reactions: AlphaBravo

Site & Scene News

Go to forum More news

Popular threads in this forum

Horizon Zero Dawn - 10$ upgrade, yes/no?

Bought sealed 2.7. Now what?

Alan Wake 2 boasts 30 fps on new powerful PS5 Pro!

Can I plug my PS4 External drive into my Jailbroken PS5 and play the games on it?

Ps5 EDM 001 ripped fan connector - no trace left for PWM - trace/solderpad on the other side of the board is also gone - PWM signal souce

bdm-030 short ?

Any possible way to dump current firmware to PUP?

Best PS5 MiniGolf/Golf Game?

General chit-chat
Help Users
  • No one is chatting at the moment.
  • Faust03 @ Faust03:
    I never watched it
  • K3Nv2 @ K3Nv2:
    It went to shit after they did sub genres
  • K3Nv2 @ K3Nv2:
    Now it's all episode 1 woke episode 2 more gay stuff episode 3 oh look a straight couple murder them
  • Faust03 @ Faust03:
    so it isn't worth watching then
  • K3Nv2 @ K3Nv2:
    Don't know could be great but season 2 was best
  • Faust03 @ Faust03:
    Ok
  • K3Nv2 @ K3Nv2:
    After multiple failed attempts of IVF, actress Anna Victoria Alcott wants nothing more than to start a family. As the buzz around her recent film grows, she fears that something may be targeting her - and her pursuit of motherhood
  • K3Nv2 @ K3Nv2:
    Just feels it's trying to stay too relevant
  • Faust03 @ Faust03:
    yeah
  • Faust03 @ Faust03:
    most tv shows are like that
  • K3Nv2 @ K3Nv2:
    https://youtu.be/4wWn3JUfrU4?si=ypf2JbTesjzaacaH lol Oprah
  • Faust03 @ Faust03:
    I either watch old movies or stupid youtube videos nowadays
  • K3Nv2 @ K3Nv2:
    My sinus colds finally lifting up so that's nice
     +1
  • K3Nv2 @ K3Nv2:
    https://www.facebook.com/share/r/1XUYQq393W/
  • Veho @ Veho:
    Murrikan Horror Story? How fitting.
  • Veho @ Veho:
    https://i.imgur.com/N6dO6iz.mp4
     +1
  • Psionic Roshambo @ Psionic Roshambo:
    What it feels like to chew five gum!
  • Veho @ Veho:
    No wonder it's not popular.
  • Veho @ Veho:
    https://www.youtube.com/watch?v=wuhCLma_5b4
  • Veho @ Veho:
    Can't find the old Fisherman's Friend ad with the original fish slap.
  • Veho @ Veho:
    German ads have the tagline "if they're too strong for you, you are too weak."
  • Veho @ Veho:
    48OFGzs.jpg
  • ZeroT21 @ ZeroT21:
    Small birb = small eggs
  • Veho @ Veho:
    Small eggs = smaller chicks.
  • Veho @ Veho:
    Have you seen button quail chicks? so smol
    Veho @ Veho: Have you seen button quail chicks? so smol