PS5 Hack Status:

FW Ranges:
2.XX = KEX+HV: PS4/5 backups, possible keys exploit (WK: 2.50 best / 2.7X max)
3.XX = KEX+HV+Linux: PS4/5 backups, possible keys exploit (WK/BD/LUA: 3.20 best / 3.21 max)
4.XX = KEX+HV+Linux: PS4/5 backups (WK/BD/LUA (Y2/NF/YARPE 4.03+): 4.50 best / 4.51 max)
5.XX = KEX+HV+Linux: PS4/5 backups (WK/BD/Y2/NF/LUA/YARPE: 5.50 best + max)
6.XX = KEX: PS4/5 backups (KEX+HV+Linux: 6.02 max) (BD/Y2/NF/LUA/YARPE: 6.02 for Linux / 6.50 max)
7.XX = KEX: PS4/5 backups, no HV (BD/Y2/NF/LUA/YARPE: 7.61 best + max)
8.XX-10.00 = KEX: PS4/5 backups, no HV (Y2/NF/LUA/YARPE)
10.01-12.70 = KEX: PS4/5 backups, no HV (Y2/NF/LUA/YARPE)
13.XX = No KEX/UL only (Y2/LUA/YARPE)

NOTE 1: Recommended firmware is subjective. Staying low is always recommended.
NOTE 2: Do not update too many major versions (e.g., 4.xx to 5.xx or 7.xx to 8.xx). Remain low unless all you want is backups.
NOTE 3: Do not update past 12.00. P2JB can take over an hour to exploit on FW up to 12.70.

Hypervisor (HV):
Highest known HV exploit: 6.02
Highest theoretical HV exploit: 7.XX
Highest HV exploit: 1.00-4.51 (Cragson/Jordy) / 3.00-6.02 (TheFlow)
*unreleased/unimplemented

Kernel (KEX):
Highest public Release: 12.70
Highest known: 12.70 (P2JB)
UMTX2: 1.00-7.61 (*WK to 5.50 / BDJB to 7.61)
Lapse: 1.00-10.01
Poopsploit: 4.03-12.00
P2JB: 9.00-12.70 (*Use Lapse up to 10.01)

Userland (UL):
LUA (Artemis): 2.00-LATEST (LUA exploit, + Lapse up to 10.01)
Y2JB: 4.03-13.40 (YouTube exploit, + Lapse: 10.01 / P2JB: 12.70)
NFNH: 4.03-12.XX (Netflix exploit, + Lapse: 10.01)
YARPE: 4.03-12.XX (Ren'Py exploit, + Lapse: 10.01 / P2JB: 12.70)
BD-JB: 1.00-7.61 (Blu-Ray exploit + UMTX2, *8.00-13.20 via UN BD-JB + Poops to 12.00)
Webkit: 1.00-5.50 (PSFREE +UMTX2) (*up to 13.XX coming soon)
Mast1C0re: 1.00-7.61 (Depreciated for LuaC0re)
LuaC0re: 1.00-12.70 (Poops: 4.03-12.00/P2JB: 9.00-12.70)

NOTE 1: A userland entry point (UL) chained to kernel exploit (KEX) is required to exploit your console.
NOTE 2: Digital consoles can now use Y2JB+Poops (4.03-12.00) / Y2JB+P2JB (9.00-12.70).

Useful Applications:
Kstuff Lite: 3.00-12.70 HERE
Kstuff Toggle: 3.00-12.00 HERE
PS5 App Dumper: 3.00-12.00 HERE
Dump Runner: 3.00-12.00 HERE
Dump Installer: 3.00-12.00 HERE
Backporting: Possible (backpork / Porkfolio)
PS4/PS5 DLC: Work with Kstuff Lite
Trophies: Work with Kstuff Lite
Compression: Works with Kstuff Lite
Homebrew Enabler: etaHEN (3.00-10.01) latest HERE
PS5 Backup manager: ItemzFlow Compatibility list: HERE
PS4 Backup Loading: Works (rest mode & backports work, can crash).
PS5 Debug NG: 3.XX-13.XX HERE
PS5 Remote Play: Works HERE & HERE
PS5 Trainers/Cheats: Work

UART: HERE
Linux: (3.00-6.02) HERE
Kldload (wip): 3.00-6.50 HERE
Full chain exploit: 1.00-4.51 (byepervisor) HERE (also built into etaHEN up to 2.7X)
PSN access: NEVER
Latest OFW: 13.40 (02/06/26)
Summarised OFW/Model guide: HERE
1.XX-7.61 compatibility list: HERE
PS5 SDK Repo: HERE
Legit PKG Updates: HERE or HERE
OFW Updates: HERE (history HERE)

Preparing Your Console:

It is recommended to either self-host offline or block these addresses in your router to avoid accidental updates or getting an update nag. Using the DNS method is no longer failsafe, as these are not guaranteed to be running 24/7.

Spoiler: Addresses to block to avoid updates:

dau01.ps5.update.playstation.net
dbr01.ps5.update.playstation.net
dcn01.ps5.update.playstation.net
deu01.ps5.update.playstation.net
dhk01.ps5.update.playstation.net
djp01.ps5.update.playstation.net
dkr01.ps5.update.playstation.net
dmx01.ps5.update.playstation.net
dru01.ps5.update.playstation.net
dsa01.ps5.update.playstation.net
dtw01.ps5.update.playstation.net
duk01.ps5.update.playstation.net
dus01.ps5.update.playstation.net
fau01.ps5.update.playstation.net
fbr01.ps5.update.playstation.net
fcn01.ps5.update.playstation.net
feu01.ps5.update.playstation.net
fhk01.ps5.update.playstation.net
fjp01.ps5.update.playstation.net
fkr01.ps5.update.playstation.net
fmx01.ps5.update.playstation.net
fru01.ps5.update.playstation.net
fsa01.ps5.update.playstation.net
ftw01.ps5.update.playstation.net
fuk01.ps5.update.playstation.net
fus01.ps5.update.playstation.net
hau01.ps5.update.playstation.net
hbr01.ps5.update.playstation.net
hcn01.ps5.update.playstation.net
heu01.ps5.update.playstation.net
hhk01.ps5.update.playstation.net
hjp01.ps5.update.playstation.net
hkr01.ps5.update.playstation.net
hmx01.ps5.update.playstation.net
hru01.ps5.update.playstation.net
hsa01.ps5.update.playstation.net
htw01.ps5.update.playstation.net
huk01.ps5.update.playstation.net
hus01.ps5.update.playstation.net
sgst.prod.dl.playstation.net
gs2.ww.prod.dl.playstation.net

Alternative DNS IP:
DNS 1: 172.245.146.114
(Leave DNS 2 blank)

Spoiler: System Update Information

To determine your OFW version:
Go to settings > system > console information.

Version string info:
Year.Half (1st/2nd half of the year)-Major Version No.Minor Version No.Extended info-Further Info.Retail/Debug

21.02-04.03.00.00-00.00.00.0.1

It is recommended to keep your console as low as possible to have access to better jailbreak stability and features. Stay as low as possible within the "Golden" firmware brackets that apply to your current firmware, see the top of this page.

(No jailbreak is ever guaranteed. No developer is obliged to release anything publicly)

WARNING:
Only update OFW manually via USB by getting the firmware file from HERE and installing from <USB>:/PS5/UPDATE/PS5UPDATE.PUP
(Updating with RECOVERY PUP will perform a factory format and will wipe your internal HDD)

KEY SYSTEM UPDATES:

12.70 SYS MD5: 707B15B07085500EB90205565751ECC3 (Exploited + KEX)
10.01 SYS MD5: 68A31944C1867BF9643798FD1C14998E (Exploited + KEX)
7.61 SYS MD5: D5ECA8B171A8D7DF7BA225167F77E645 (Exploited + KEX)
6.02 SYS MD5: 17b271DE081EB6EB25DBF70CB73EF9E8 (Exploited + KEX/HV/Linux)
5.50 SYS MD5: EDB3513EC531B2BD28F3A0B52A82A54F (Exploited + KEX/HV/Linux)
4.51 SYS MD5: 1330B7BF63BF5C93D809B1EB1F4E1F01 (Exploited + KEX/HV/Linux)
4.03 SYS MD5: 3716E4E6E0D223CD94CD4A8E5BD4FB94 (Exploited + KEX/HV/Linux)
3.20 SYS MD5: (F62F0D595D3F00C213D674D4DB2A7E44 (Exploited + KEX/HV/Linux)

PS5 factory mode PUP installation path:
/usb/PROSPERO/UPDATE/PROSPEROUPDATE.PUP

NOTE: Make a system back up before attempting any modifications.
On console: go to [Settings] > [System] > [System Software] > [Back Up and Restore] > [Back Up Your PS5]

Select Your Jailbreak:

WEBKIT:BD-JB:LUA:Y2JB:NFNH:YARPE:LuaC0re:BD-UN-JB:

1. 
   Information:
   Firmware 1.00-5.50 is required for webkit exploit.
   
   Enabling web browser:
   Open [Settings] > select [Users & Accounts] > select [YouTube] > click "Link" > click "use browser" > click "terms" (bottom right) > click google apps icon (top right) > select Google Search.
   
   Exploiting:
   Enter https://zecoxao.github.io/luasauce/ or https://github.com/kmeps4/PSFree into google > "Click Jailbreak" or wait for it to complete.
   
   Debug settings will be loaded, and the package installer can be found under [SETTINGS] > [DEBUG SETTINGS].
   
2. 
   Important:
   You will need a BD dive paired to your Slim/Pro console or an OG Phat model . Consoles must be on 1.00-7.61 to run this exploit.
   
   Recommended ISO: Viktorious AIO Auto BD-JB ISO for 4.XX-7.61
   
   Exploiting:
   1, Burn ISO to a blank BD-R or BD-RE > Insert into console > click on the [DISC PLAYER] icon.
   
   2, Highlight [PIPELINE RUNNER] > click option 2 [Normaljailbreak-etaHEN-UMTX1.pipe] to auto load etaHEN ready for ItemzFlow.
   
   ELF Loader uses PS5 IP: port 9021 / BIN loader uses 9020 / Jar loader uses port 9025
   
   Debug settings will be loaded, and the package installer can be found under [SETTINGS] > [DEBUG SETTINGS].
   
3. 
   Important:
   LUA entry point works from 2.00 to the latest OFW, but there is no KEX above 12.70 yet.
   (A compatible PS4 game is required to launch the exploit on PS5. See below)
   
   Your PS5 console must be activated to use save copying for PS4 games.
   
   1. Insert your game disc and, as soon as possible, make a save file within it.
   2. Copy the save files to USB, go to [SETTINGS] > [STORAGE] > [CONSOLE STORAGE] > [SAVE DATA] > [PS4 GAMES] > select the game save and copy to a USB drive.
   3. On PC, using a Google Drive account, make a new folder with the GAME ID of your game, and upload the savedata & savedata.bin files to that folder.
   4. Share the folder, set it to editor mode, share with anyone, and click "copy the link".
   5. Join the HTOS Discord group: HERE type "/decrypt", select "FALSE" for including SCE_SYS, paste or type in the Google Drive link, and press enter. The bot should begin mounting your save. (If it doesn't, paste in the link again.)
   6. Click "ENCRYPTED" to remove the Sony PFS layer. Download the generated files and extract the folder to your desktop (you should have 4 files in there and be named dec_savedata_CUSA[GAME ID]).
   7. Using REMOTE LUA LOADER, open the savedata folder, copy the 20 files within into your encrypted save folder on your desktop.
   8. Upload the encrypted save folder (now with 24 files in) to your Google Drive. It should be named "dec_savedata_CUSA[GAME ID]" where GAME ID is your games 5 digit number, and set it to editor mode, share with anyone, and then click "copy the link".
   9. Go back to the HTOS discord server, and type "/encrypt", hit "FALSE" for uploading individually, and "FALSE" to include SCE_SYS. Finally, hit shared_gd_link and paste in your link to the original save (4 files) folder. (If it doesn't, paste in the link again.)
   10. When this is done, paste the link to the decrypted save (24 files) folder, and the bot will encrypt the files.
   11. Resign the files by typing "/resign" followed by your account name on the console, or PSN ID associated with that account if using the latest OFW.
   12. Download the resigned files, extract the files to your USB drive and overwrite them into the savedata folder on your USB or external drive.
   13. Copy the saves back to your console [SETTINGS] > [SAVE DATA AND GAME/APP SETTINGS] > [SAVE DATA PS4] > [COPY OR DELETE FROM USB] > [COPY TO CONSOLE STORAGE] > select your game save folder from the USB drive and copy/overwrite old save data.
   14. Load LUA game again, and you should see the LUA LOADER screen.
   15. You can use "SEND_LUA.PY" to send the UMTX files to the loader.
   (NOTE: Some games require manual loading of save game)
   
   On firmware up to 7.61, you can now load UMTX/2 followed by etaHEN by sending the files to your console IP on PORT 9026.
   On firmware 8.00-LATEST, you can connect with the REMOTE LUA LOADER APP to send debug notifications or FTP on port 1337.
   
   LUA Loader: HERE or HERE
   
   Auto LUA Loader Fork: HERE
   
   Compatible LUA games:
   Aerial Life (CUSA17122)
   Aibeya (CUSA17068)
   Aikagi 2 (CUSA19556)
   Aikagi Kimi to Issho ni Pack (CUSA16229)
   Aikano Yukizora no Triangle (CUSA19370)
   Boku to Nurse no Kenshuu Nisshi (CUSA12049)
   Boku to Joi no Shinsatsu Nisshi (CUSA18107)
   Fuyu Kiss (CUSA29745)
   Hamidashi Creative (CUSA27389)
   Hamidashi Creative Demo (CUSA27390 requires the latest OFW to download from PSN)
   Haruoto Alice (CUSA14324)
   IxSHE Tell (CUSA17112)
   IxSHE Tell Demo (CUSA17126)
   Jinki Resurrection (CUSA25179)
   Jinki Resurrection Demo (CUSA25180 requires the latest OFW to download from PSN)
   Maid-san no Iru Kurashi (CUSA18106)
   Nora Princess and Stray Cat Heart HD (CUSA13303: Rename save9999.dat into nora_01.dat)
   Nora Princess and Strat Cat Heart 2 (CUSA13586)
   Raspberry Cube (CUSA16074)
   Winter Guest (CUSA11977)
   
   WARNING: using demos is free but can become corrupt, and you cannot upgrade your internal HDD either. If you lose the demo you can no longer use the exploit. Disc recommended.
   
   Incompatible LUA games:
   Dokyusei Remake Csver (CUSA47117)
   Dōkyūsei: Bangin' Summer - Home Edition Demo (CUSA47132)
   Kiss Trilogy (CUSA19341)
   Love Clear Demo (CUSA18109)
   Mikagami Sumika no Seifuku Katsudou (CUSA11481)
   Sen no Hatou, Arazone no Hime (CUSA09647)
   Tonari ni Kanojo no Iru Shiawase: Two Farce (CUSA09825)
   Tonari ni Kanojo no Iru Shiawase Summer Surprise (CUSA18998)
   
   Debug settings will be loaded, and the package installer can be found under [SETTINGS] > [DEBUG SETTINGS].
   
4. 
   Requirements:
   PS5 console must be on 4.30-12.70 and previously activated through PSN or fake activated to use the YouTube app, unless you're restoring a backup.
   (Note: restoring a backup will factory reset your console).
   
   Information:
   If updating and older installation, download the latest download0.dat > use FTP or PS5 Explorer to place it in the user/download/PPSA01650 folder.
   
   Preparation:
   Download the Y2JB_backup_X.X(4.03) if you're on 4.03-12.40, or the Y2JB_backup_X.X(12.20) if you're on 12.60 or higher from HERE
   On PC: format a USB 3.0 HDD to exFAT, and copy the PS5 folder from the backup to the root, and put the latest nanodnf.efl from nanoDNS to the root too.
   On console: go to [Settings] > [System] > [System Software] > [Back up and Restore] > [Restore] > select the y2JB back up & let it install (the console will reboot when complete).
   (Note: The exploit will now be accessible under the [MEDIA] tab)
   
   Exploiting:
   Going to [Settings] > [Network] > [Settings] > [Set up Internet Connection] > [Set up Manually] > set up a wireless or LAN connection > change [DNS Settings] to manual > change [Primary DNS] to 127.0.0.1 > click [Done] > open the [YouTube App].
   (Note: Ignore and internet connection issue warnings)
   
   Firmware up to 10.01 will use Lapse Kernel Exploit. Firmware 10.20-12.70 and above will use P2JB and could take up to an hour.
   
   You can send payloads using netcat GUI to PS5's IP Address & port 9021.
   
   You can swap the download0.dat to itzPLK version for auto loading and payload manager in future (payload manager accessible through browser on 127.0.0.1:8084)
   
   Debug settings will be loaded, and the package installer can be found under [SETTINGS] > [DEBUG SETTINGS].
   
5. 
   Requirements:
   PS5 console must be on 4.30-10.01 and previously activated through PSN or fake activated. You will need a 256GB external HDD (minimum).
   
   Preparation:
   Download balenaEtcher
   Download the latest Extended Storage or M.2 Image (select your m.2's capacity)
   
   EXTERNAL DRIVE METHOD (Netflix_PS5_EU_Ext.7z):
   1a, On PC: connect your 256GB (min) USB drive to your Windows/Mac/Linux PC > extract the image to your computer > open Etcher > click [Flash From File] & select the extracted image *.zip > click [Select Target] & choose the external drive > Click [Flash!] & allow it to complete.
   (Note: 256GB is the smallest drive you can use)
   
   2a, On console: click [Settings] > [Storage] > [USB Extended Storage] > [Games and Apps] > press X on [Netflix] > select [NETFLIX] under items to move > select [Move] > move to internal storage & allow it to complete.
   (Note: The exploit will now be accessible under the [MEDIA] tab)
   
   INTERNAL DRIVE METHOD (Netflix.XXXXGB.7z):
   1b, On PC: connect the M.2 to your Windows/Mac/Linux PC > extract the image to your computer > open Etcher > click [Flash From File] & select the extracted image *.zip > click [Select Target] & choose the external drive > Click [Flash!] & allow it to complete.
   (Note: 4TB will take 80 mins, 2TB 45 mins, 256GB 10 mins)
   
   2b, On console: Power off the console > insert the M.2 SSD > power on the console > click [Settings] > [Storage] > press X on [Netflix] > select [NETFLIX] under items to move > select [Move] > move to internal storage & allow it to complete.
   (Note: The exploit will now be accessible under the [MEDIA] tab).
   
   Exploiting:
   1a, for consoles 10.01 and below, on console: go to [Settings] > [Network] > [Settings] > [Set up Internet Connection] > [Set up Manually] > set up a wireless or LAN connection. Go to Proxy > change [Automatic] to [Manual] > enter Address: 172.105.156.37 & port: 42069 > click [Done] > open the [Netflix App].
   (Note: Ignore and internet connection issue warnings)
   
   1b, for consoles 10.20-12.70, COMING SOON.
   
   Debug settings will be loaded, and the package installer can be found under [SETTINGS] > [DEBUG SETTINGS].
   
6. 
   Important:
   YARPE works from 4.30 to 12.70 (9.00 - 12.07 via P2JB)
   (A compatible PS4 game is required to launch the exploit on PS5. See below)
   
   Requirements:
   PS5 console must be on 4.30-10.01 to use this exploit.
   
   Exploiting:
   coming soon
   
   Debug settings will be loaded, and the package installer can be found under [SETTINGS] > [DEBUG SETTINGS].
   
7. 
   Requirements:
   PS5 console must be on 4.30-12.70 to use this exploit. SWRR
   
   Exploiting:
   coming soon
   
   Debug settings will be loaded, and the package installer can be found under [SETTINGS] > [DEBUG SETTINGS].
   
8. 
   Important:
   This method modifies the BD-J stack to allows BD-JB entry point to be re-enabled on consoles up to 13.40, for conveninece only.
   
   Very Important:
   This method requires your console to be jailbroken by another method first to gain access to alter the files.
   
   https://github.com/Gezine/BD-UN-JB
   
   Preparation:
   Burn the ISO to a blank Blu Ray, insert it into the jailbroken console. Send the bdj_unpatch.elf to elfldr using netcat GUI to PS5's IP Address & port 9021 to unpatch BD-J.
   
   (NOTE: DO NOT REINSTALL/UPDATE FW, IT WILL WIPE THE PATCH AND LOSE BD-JB)
   

Once jailbroken it is recommended to run KSTUFF LITE and SHADOWMOUNTPLUS at minimum to get you up and running.
(ShadowMountPlus: is an automated background auto-mounter payload for jailbroken PS5 consoles. Detects, mounts, and installs game dumps from internal or external storage, with support for UFS, exFAT, PFS, and nested compressed PFS containers)

Additional Information:

Blocking Updated with nanoDNS:
Set primary DNS manually to 127.0.0.1. Send latest elf to BIN LOADER using netcat GUI to PS5's IP Address & port 9021.

PS4 GAME INFORMATION:
OFW 1.xx cannot run PS4 games.
OFW 2.xx runs PS4 games up to 8.03
OFW 3.xx runs PS4 games up to 8.52
OFW 4.xx runs PS4 games up to 9.04
OFW 5.xx runs PS4 games up to 9.60
OFW 6.xx runs PS4 games up to 10.50
OFW 7.xx runs PS4 games up to 11.00
OFW 8.xx/9.xx runs PS4 games up to 11.50
OFW 10.xx runs PS4 games up to 12.00
OFW 11.xx runs PS4 games up to 12.50
OFW 12.xx runs PS4 games up to 13.00

(Note: PS4 backported FPKGs also work perfectly on an exploited PS5 with Kstuff)

You can install free/demo PKGS (legit pkgs) via the debug pkg installer, provided you have all the files/json/licences required.
(Astro’s Playroom has no licences and can be installed and played from official pkgs and updated inline with your firmware)

Warnings:

1: Never enable IDU mode.
If you do, you will need to enter staff mode by holding L1 + L2 and tapping this combo: circle, cross, square, triangle, right D-Pad. Release L1 + L2, and you can access settings to exit IDU.

2: Try to stay on the lowest FW possible and wait for hacks on that firmware.

3: PS5 FPKGs do not work. A hack for the A53 processor does not publicly exist to enable installing PS5 content as FPKG/PKG.

4: Installing legit game PKGs you do not own will never work, even if spoofed.

5: If you get stuck in a boot loop at the PS logo, the SNVS is corrupted (if the hash check fails on boot, this causes a “soft brick”). It’s not “bricked”. Simply reinstall your current firmware RECOVERY PUP in safe mode from USB: PS5 > UPDATE > PS5UPDATE.PUP.

Archived Information

Spoiler

https://github.com/astrelsky/libhijacker

https://github.com/illusion0001/libhijacker

https://github.com/TheOfficialFloW/Presentations/blob/master/2022-hardwear-io-bd-jb.pdf

https://github.com/sleirsgoevy/bd-jb

https://github.com/psxdev/bd-jb

https://gbatemp.net/download/remount-system-with-write-permissions.37807/

https://github.com/john-tornblom/ps5-payload-sdk

https://github.com/john-tornblom/bdj-sdk/actions/workflows/bdjb.yml

 

[Adam512]

 

[FateNightroad]

 

[Wolf85]

With the ps4 we always had a webkit ready so you are right we used to wait for a kernel not for a webkit, now let's talk about this. The last webkit we have ( Psfree ) was patched in 2022 nearly 3 years ago, and then nothing after that we had a lot of bugs but they end up being useless for us. Theflow released pppwn up to 11.0 last year and it doesnt require a webkit, now we ask ourselves this : what if this vulnerability needed a webkit ? you think we would stay a year without a webkit for 11.0 ? No chance. Again this is just a theory on my part that I believe its tied to the ps4, if the webkit bug is not patched they aren't going to release it for the ps5 otherwise they wouldve already for the umtx kernel up to 7.61, so I think they wait to match it with the last kernel vulnerability of the ps4. If my theory is correct and we get a kernel for 12.00, a webkit will appear that its going to match that kernel so 12.00. OR this webkit thingy is starting to play with my head and I turned into a conspiracy theorist

You're still missing the process of it all.... the "webkit" is just the entry point for an exploit. Psfree as you mentioned was how they were able to get kernel access, if we had custom firmware there wouldn't be any need for any exploits because the software would be fully controllable by the user rather than the proprietor. Like windows pretends to be but Linux and other freebsd based operating systems more accurately emulate. Imagine if you bought the ps6 without any operating system and you could opt out of Sony's software in order to install your own. You wouldn't be able to connect to Sony servers but you could then just emulate your own. It's Kind of like buying a vehicle that onstar has locked out until you pay them to start the engine... it's all about greed and how it keeps our species from reaching the stars.

 

[madbrainx]

 

[elroche]

You're still missing the process of it all.... the "webkit" is just the entry point for an exploit. Psfree as you mentioned was how they were able to get kernel access, if we had custom firmware there wouldn't be any need for any exploits because the software would be fully controllable by the user rather than the proprietor. Like windows pretends to be but Linux and other freebsd based operating systems more accurately emulate. Imagine if you bought the ps6 without any operating system and you could opt out of Sony's software in order to install your own. You wouldn't be able to connect to Sony servers but you could then just emulate your own. It's Kind of like buying a vehicle that onstar has locked out until you pay them to start the engine... it's all about greed and how it keeps our species from reaching the stars.

you didn't understand my message, you are talking like I don't know what a webkit is or how we use it. Im not missing the process its simple really, we all know that webkit is a userland exploit that needs to be chained to a kernel so we get what we call a jailbreak.

You're still missing the process of it all.... the "webkit" is just the entry point for an exploit. Psfree as you mentioned was how they were able to get kernel access

Did I insinuate otherwise in my previous messages ? if yes then show me, because thats exactly what Im talking about, we dont have a webkit because psfree was patched in 2022 (5.50) thats the reason we are waiting for a webkit to use for 6.xx and 7.xx.
We got a kernel "umtx" late 2024 on the ps5 that supports up to "7.61", the scene knew about it years ago just by seeing a line of code or something, but only up to 5.50 have a webkit (psfree) so 6.xx and 7.xx must use other userlands like LUA and BDJ.

For my theory, I believe if theflow or anyone manages to find a kernel for ps4 12.00, that needs a webkit unlike 11.0, someone somewhere sitting on a webkit vulnerability might release it so we can have a 12.00 jailbreak. We never had this much time without discovering a webkit, we were spoiled with the ps4 that we didn't think we could have a hard time discovering a webkit vulnerability. Ps4 5.05, 6.72, 7xx and 9.00 needed a webkit unlike 11.0 "pppwn" so my theory is the fact that it didn't need one so the people sitting on a vulnerabily won't release it now. Long story short my theory is that the scene is tied to the ps4 not the ps5 for now

 

[Wolf85]

you didn't understand my message, you are talking like I don't know what a webkit is or how we use it. Im not missing the process its simple really, we all know that webkit is a userland exploit that needs to be chained to a kernel so we get what we call a jailbreak.


Did I insinuate otherwise in my previous messages ? if yes then show me, because thats exactly what Im talking about, we dont have a webkit because psfree was patched in 2022 (5.50) thats the reason we are waiting for a webkit to use for 6.xx and 7.xx.
We got a kernel "umtx" late 2024 on the ps5 that supports up to "7.61", the scene knew about it years ago just by seeing a line of code or something, but only up to 5.50 have a webkit (psfree) so 6.xx and 7.xx must use other userlands like LUA and BDJ.

For my theory, I believe if theflow or anyone manages to find a kernel for ps4 12.00, that needs a webkit unlike 11.0, someone somewhere sitting on a webkit vulnerability might release it so we can have a 12.00 jailbreak. We never had this much time without discovering a webkit, we were spoiled with the ps4 that we didn't think we could have a hard time discovering a webkit vulnerability. Ps4 5.05, 6.72, 7xx and 9.00 needed a webkit unlike 11.0 "pppwn" so my theory is the fact that it didn't need one so the people sitting on a vulnerabily won't release it now. Long story short my theory is that the scene is tied to the ps4 not the ps5 for now

Right, ps4 makes it easier to find those user land entry points, but you're missing the point that the user land exploits are the jailbreak. Which is just breaking out of the software prison that the system employs. This is the first step in giving the user read and write privileges to the system kernel. "Webkit" simple refers to the method of gaining higher. Privileges. With the ps4 there were easier ways to discover this user land vulnerabilities but with the ps5 that only affects the ps4 version of the software. The ps5 was actually first exploited with an internet protocol vulnerability, the webkit "psfree" was not discovered until a vulnerability in the system software itself was disclosed. There may be many methods to gain control of the hardware but they are only hyping up the webkit entry points due to the lack of disc drive for most systems. The entry points don't matter if they can't grant higher access and the quicker the better. The switch for example had a chip vulnerability that could bypass Nintendo checks to install custom firmware in the form of Emunand. Now imagine if someone could Crack the ps5 wide open with just jailbroken television and rest mode...I discovered that if you have your system in rest mode and then start it back up but switch the TV source manually it will go right back into rest mode so maybe we don't even need any webkit entry points. You seem to be making the claim that the webkit is the holy grail of jailbreaking when custom firmware is the highest goals..."Linux on ps6 day one"...

 

[elroche]

Right, ps4 makes it easier to find those user land entry points, but you're missing the point that the user land exploits are the jailbreak. Which is just breaking out of the software prison that the system employs. This is the first step in giving the user read and write privileges to the system kernel. "Webkit" simple refers to the method of gaining higher. Privileges. With the ps4 there were easier ways to discover this user land vulnerabilities but with the ps5 that only affects the ps4 version of the software. The ps5 was actually first exploited with an internet protocol vulnerability, the webkit "psfree" was not discovered until a vulnerability in the system software itself was disclosed. There may be many methods to gain control of the hardware but they are only hyping up the webkit entry points due to the lack of disc drive for most systems. The entry points don't matter if they can't grant higher access and the quicker the better. The switch for example had a chip vulnerability that could bypass Nintendo checks to install custom firmware in the form of Emunand. Now imagine if someone could Crack the ps5 wide open with just jailbroken television and rest mode...I discovered that if you have your system in rest mode and then start it back up but switch the TV source manually it will go right back into rest mode so maybe we don't even need any webkit entry points. You seem to be making the claim that the webkit is the holy grail of jailbreaking when custom firmware is the highest goals..."Linux on ps6 day one"...

Stop bro for the love of god READ what Im saying JESUS. I literally said : "we all know that webkit is a userland exploit that needs to be chained to a kernel so we get what we call a jailbreak". this is eactly what i said.
and you responded with :

but you're missing the point that the user land exploits are the jailbreak.

I feel like you are trolling me at this point. Who said the userlands are the jailbreak ? BECAUSE I CLEARLY SAID IT NEEDS TO BE CHAINED!!!. Focus for the love of god we have a kernel exploit up to 7.61, we need a webkit so the digital PS5 users can use it since they can't use BDJ. This is why everyone is waiting for the webkit so we can utilize the umtx kernel on digital ps5s

 

[Wolf85]

Stop bro for the love of god READ what Im saying JESUS. I literally said : "we all know that webkit is a userland exploit that needs to be chained to a kernel so we get what we call a jailbreak". this is eactly what i said.
and you responded with :

I feel like you are trolling me at this point. Who said the userlands are the jailbreak ? BECAUSE I CLEARLY SAID IT NEEDS TO BE CHAINED!!!. Focus for the love of god we have a kernel exploit up to 7.61, we need a webkit so the digital PS5 users can use it since they can't use BDJ. This is why everyone is waiting for the webkit so we can utilize the umtx kernel on digital ps5s

My point was that there is a difference between software exploits and hardware exploits... you need kernel access with software exploits, but with hardware exploits like the Tegra vulnerabilities you could simply bypass the need to gain kernel access. This is why ps5 uses 3 chips for authentication instead of just the processor chip. It mitigates all those ps4 vulnerabilities to be ps4 specific and while we can play some ps5 backups that are firmware specific we cannot use kernel access to run the newest games even though we can install them from disc after the kernel is exploited. Waiting for a new webkit exploit would not be necessary if there was a hardware based chip exploit like the switch has. That's all I was trying to say. You don't need userland chains with hardware exploits. What will they do if their internet chips stop working??? Wait for a new hardware based vulnerability of course.

 

[elroche]

My point was that there is a difference between software exploits and hardware exploits... you need kernel access with software exploits, but with hardware exploits like the Tegra vulnerabilities you could simply bypass the need to gain kernel access. This is why ps5 uses 3 chips for authentication instead of just the processor chip. It mitigates all those ps4 vulnerabilities to be ps4 specific and while we can play some ps5 backups that are firmware specific we cannot use kernel access to run the newest games even though we can install them from disc after the kernel is exploited. Waiting for a new webkit exploit would not be necessary if there was a hardware based chip exploit like the switch has. That's all I was trying to say. You don't need userland chains with hardware exploits. What will they do if their internet chips stop working??? Wait for a new hardware based vulnerability of course.

OK

 

[cragson]

Just updated Nihonium with a first basic hex viewer for memory of the PS5.
The frontend part of it is based on a Python Flask app, which means you can run this on any device that can run python.
So in theory you can now reverse engineer the memory of your PS5 from your browser on a Windows PC, Macbook, Mobile phone etc.

It is a very early version I finished today, so a lot of things aren't very polished but I hope it will be helpful to some of you.

Regards,
cragson

E: I can't link it here nor can I attach some preview images or my preview/setup video of youtube - sorry!

 

[zebrone]

What's mp4?

 

[KiiWii]

What's mp4?

A53 file structure.. so possible FPKG memes soon.

 

[wonic]

A53 file structure.. so possible FPKG memes soon.

Hi, hypothetically speaking if this chip is defeated, there would be no need for kstuff or etahen for versions 7.xx. I believe most people are waiting for these versions

 

[ccfman2004]

Hi, hypothetically speaking if this chip is defeated, there would be no need for kstuff or etahen for versions 7.xx. I believe most people are waiting for these versions

You still need etaHEN and kstuff to run PS4 fPKGs and PS4 homebrew stuff like Itemzglow, the Homebrew store, etc. Defeating the A53 chip may allow PS5 fPKGs.

 

[wonic]

You still need etaHEN and kstuff to run PS4 fPKGs and PS4 homebrew stuff like Itemzglow, the Homebrew store, etc. Defeating the A53 chip may allow PS5 fPKGs.

but in this case this fpkg ps5 would only be for versions 4xx and below, correct?

 

[AlphaBravo]

What's mp4?

Taken from twitter post. Was in Spanish.

TeRex777 said:
"mp4 handles package management (PKG), installation, decompression, and verification.

a53 (Secure Processor) handles security tasks, content validation, key management, and system integrity monitoring"

 

[Adam512]

I don't think anyone is working on ps5 fpkg

 

[AlphaBravo]

I don't think anyone is working on ps5 fpkg

 

[Adam512]

and?
this picture didn't change my opinion. In my opinion, just because someone made a simple dump doesn't mean they're working on ps5 fpkg.

It's better not to expect anything so you don't get disappointed.

I look at the screen again and it even says "someone still needs to find a bug"


in addition:
screenshots are from someone on the internet so I don't know if they actually wrote it on Discord but I believe they are true screenshots. I don't have Discord

---

---

---

 

[AlphaBravo]

and?
this picture didn't change my opinion. In my opinion, just because someone made a simple dump doesn't mean they're working on ps5 fpkg.

It's better not to expect anything so you don't get disappointed.

I look at the screen again and it even says "someone still needs to find a bug"


in addition:
screenshots are from someone on the internet so I don't know if they actually wrote it on Discord but I believe they are true screenshots. I don't have Discord

---

---

---

I think the attachment was self explanatory. No one was really talking much about Zeco a53 meme post so I assumed there wasn't much in it. Otherwise MW, Crump and whole of ps5 scene news would have been on fire. I don't have discord either but just posted what I happen to find. If it's wrong, someone can correct me