PS5 HACK STATUS:

Recommended FW: 4.03
Highest kernel exploit: 4.51
KEX offsets found: 3.00-4.51
Highest webkit entrypoint: 5.50
Mast1C0re entrypoint: 6.50 (PS2 brew)
BD-JB entrypoint: 7.61
HEN: etaHEN latest HERE
PS5 backup loading: Itemzflow for 3.XX-4.5X HERE
PS4 backup loading: FPKG Enabler 3.XX-4.5X (rest mode & backports work, can crash).
Spoofing: 9.99
(Higher FW games won’t run without backport patch. Also breaks FW detection)
PS5debug released: HERE
PS5 trainers/cheats: Work
PS5 dumper: 3.XX-4.5X works with most games, use Itemzflow
(Dumps need rebuilding/cracking to avoid crashing)
Full chain exploit: Not public (2.XX by FlatZ)
PSN access: NEVER
Latest OFW: 9.20 (24/04/24)
Latest beta OFW: 9.00 b4 (03/03/24)
OFW Updates: HERE
Legit PKG Updates: HERE

PS5 Itemzflow compatibility list:
Recommended hosts:
AL-AZIF WEB HOST:
DNS 1: 165.227.83.145
DNS 2: 192.241.221.79

https://cthugha.thegate.network/
https://ithaqua.thegate.network/

NOMADIC20000 HOST:
DNS 1: 62.210.38.117
(Leave DNS 2 blank)
http://es7in1.site/
https://zecoxao.github.io/ps5jb/
https://ps5jb.pages.dev/
https://sleirsgoevy.github.io/ps4jb2/ps5-403/index.html

PS5 game updates: https://psxpatches.com/

Summarised OFW/Model guide: HERE

Update OFW manually via USB by getting the firmware file from HERE and installing from <USB>:/PS5/UPDATE/PS5UPDATE.PUP

4.51 SYS MD5: 1330b7bf63bf5c93d809b1eb1f4e1f01
4.50 SYS MD5: 74e80b800b90a6d01c4b2a25839b1ff5
4.03 SYS MD5: 3716e4e6e0d223cd94cd4a8e5bd4fb94
4.51 REC MD5: da78ca268da90a963d89b0f45db0f061
4.50 REC MD5: 934bbc448321fdc5b4f6e2984bbe1d1b
4.03 REC MD5: e6dcc800d8d1dcada4f2bcd6e7ff162c

PS5 OFW 3.xx runs PS4 games up to 8.50
PS5 OFW 4.xx runs PS4 games up to 9.00

PS4 backported FPKGs work perfectly on PS5.

To determine your OFW version:
Go to settings > system > console information.

Version string info:
Year.Half (1st/2nd half of the year)-Major Version No.Minor Version No.Extended info-Further Info.Retail/Debug

21.02-04.03.00.00-00.00.00.0.1

First BD-J + Kernel access exploit provided by Sleirsgoevy (29/9/22)

Note: Though there are three USERLAND exploits and one KERNEL exploit, there are no public HYPERVISOR exploits available to complete the full exploit chain. A hypervisor exploit was rumoured to be held in private that only works on <3.00 firmware, and recently Flatz confirmed he has developed his own 2.50 HV exploit (kept private) which was chained from a PS4 save game, and has successfully dumped PlayStation Secure Processor (27/07/23).

Spoiler: Hacking Timeline

As of August 4th 2022: We can now install PS4/PS5 PKG games and updates (and by extension FPKGs) however official PKGs cannot be run unless you legitimately owned them previously digitally and have a licence for them on your current console, or if you own the disc (for update pkgs).

As of October 6th PS4 FPKG can be played on 4.03 OFW thanks to Sliersgoevy FPKG enabler!

Payload: https://gbatemp.net/download/4-03-fpkg-enabler-hen.38248/

As of October 21st PS4 FPKG can be played on 4.50 thanks to cheburek3000 porting offsets.

Payload: https://gbatemp.net/download/4-50-fpkg-enabler-hen.38279/

As of October 25th theflow0 fixes BD-J path traversal and native code execution for 7.61
https://x.com/theflow0/status/1717088032031982066?s=46&t=PIYQV4jmWEyCbVfx3Nx26g

As of November 4th ktuff is fixed for 4.51:

Payload: https://gbatemp.net/download/fpkg-enabler-4-51-hen.38306/

Nov 7th PS5 backups loaded via Itemzflow by Lightningmodz and Echostretch. Fully decrypted dumps require system files bundled into them in order to run without crashing with Libhijacker (no hen required), details here: https://gbatemp.net/threads/ps5-exploit-guide.613891/page-109#post-10290677

As of November 30th ps5debug has been released by SiSTR0: https://github.com/GoldHEN/ps5debug
Mirror: https://gbatemp.net/download/ps5debug.38333/

Dec 1st: first PS5 trainer (Dark Souls) is completed ready for the imminent release of REAPER Multi Trainer II by CTN.

Dec 25th: PS5 back up loading via ITEMZFLOW now released: https://pkg-zone.com/details/ITEM00001

As of Jan 2nd 2024 Sleirsgoevy has ported K-Stuff offsets for 3.xx firmwares.

As of Jan 4th 2024 LM had added 3.XX Kstuff to Itemzflow meaning 3.XX-4.51 is now supported for PS4/PS5 backups and dumping.

1: Never enable IDU mode.
If you do you will need to enter staff mode by holding L1 + L2 and tapping this combo: circle, cross, square, triangle, right D-Pad. Release L1 + L2 and you can access settings to exit IDU.

2: Try to stay on the lowest FW possible and wait it out for hacks.

If you are on 1.XX-2.XX do not update at all, it may take years but HV exploit exists in private for this firmware range.
If you are on 3.XX-4.02: the advice is to update to 4.03, but don’t be tempted to update to 4.51 yet.

3: PS5 FPKGs won’t work as HEN and HV/kernel patches do not publicly exist for PS5 content yet.

4: Installing legit game PKGs you do not own will not work, even if spoofed.

5: If you get stuck in a boot loop at the PS logo, this means the SNVS is corrupted (if hash check fails on boot this causes a “soft brick”).

It’s not “bricked”, just reinstall your current firmware RECOVERY PUP in safe mode!

USB: PS5 > UPDATE > PS5UPDATE.PUP

WEBKIT EXPLOIT:
Webkit > Kernel exploit chain for 3.00-4.51 via SpectreDev & ChendoChap:
https://github.com/Cryptogenic/PS5-4.03-Kernel-Exploit

https://github.com/ChendoChap/PS5-IPV6-Kernel-Exploit/tree/wip_branch

4.03 only: https://sleirsgoevy.github.io/ps4jb2/ps5-403/index.html

BD-JB EXPLOIT:
BD-JB > Kernel exploit chain for 4.51 via Sleirsgoevy:
https://github.com/sleirsgoevy/bd-jb/commit/159253464afde59c3007a706210bec65b91f38f3

PS2 CLASSICS EXPLOIT:
PS2 Classics > Userland via CTurt:
(Implementation by McCaulay)

Note: this is currently limited to swapping the loaded PS2 iso, or loading PS2 elf homebrew on PS5 (or PS4) for emulators or basic PS2 brew.

Spoiler: Mast1c0re files + links

Mast1c0re PS2 exploit for PS2 homebrew:
https://cturt.github.io/mast1c0re.html

Mast1c0re part 2:
https://cturt.github.io/mast1c0re-2.html

Mast1c0re payload framework:
https://github.com/McCaulay/mast1c0re

Okrager save game exploit generator for Okage:
https://github.com/McCaulay/okrager

Mast1c0re payloader TCP Client GUI for PS5 6.50:
https://github.com/Master-s/PS4-PS5-Mast1c0re-Payloader/releases

TCP network ISO loader:
https://github.com/McCaulay/mast1c0re-ps2-network-elf-loader/releases

ExFat USB ISO loader:
https://github.com/McCaulay/mast1c0re-ps2-usb-game-loader/releases

Spoiler: PS5 Payloads

4.03 PAYLOADS:
PS5 self dumper (Sleirsgoevy):
https://github.com/sleirsgoevy/ps4jb-payloads/tree/bd-jb/ps5-self-dumper

PS4 FPKG Enabler (Sleirsgoevy):
https://gbatemp.net/download/4-03-fpkg-enabler-hen.38248/

4.5X PAYLOADS:
(Coming soon)

MISC PAYLOADS + TOOLS:
PS5 version display payload by SiSTR0 (compiled by Logic-68):
https://github.com/logic-68/Portage_PS5Version_Mast1c0re/releases/tag/V1.0.0

Libhijacker (by Astrelsky):
https://github.com/astrelsky/libhijacker

60 FPS patches for Libhijacker (by illusion0001):
https://github.com/illusion0001/libhijacker

Console/exploit information:

PS5 SDK REPO:
https://github.com/PS5Dev

PS5 factory mode PUP installation path:
/usb/PROSPERO/UPDATE/PROSPEROUPDATE.PUP

You can install free/demo PKGS (legit pkgs) via debug pkg installer, providing you have all the files/json/licences required.

(Astro’s Playroom has no licences and can be installed and played from official pkgs and update up to 1.60)

Spoiler: General PS5 exploit Information

https://github.com/TheOfficialFloW/Presentations/blob/master/2022-hardwear-io-bd-jb.pdf

https://github.com/sleirsgoevy/bd-jb

https://github.com/psxdev/bd-jb (NOTE: File listing working up to 5.10)

/System mount payload elf for BD-J:
https://gbatemp.net/download/remount-system-with-write-permissions.37807/

https://github.com/john-tornblom/ps5-payload-sdk

https://github.com/john-tornblom/bdj-sdk/actions/workflows/bdjb.yml

 

[KiiWii]

Zeco teasing the first homebrew for ps5 via Astrelsky “soon”:



This is for 3.xx-4.xx OFW.

 

[incogNIT0]

Theoretically, should there be any difference between standard ps5 models and digital ones when it comes to hen or cfw?

 

[Tomato123]

Theoretically, should there be any difference between standard ps5 models and digital ones when it comes to hen or cfw?

There are exploits that require the Blu-ray drive. But I think focus is on trying to make the ones that don't require that work. It is still one less possible entry-point for digital.

 

[FR0ZN]

Fresh out the oven - I don't know if this is applicable on the PS5 / Xbox Series X|S SoCs or if it's even useful on those consoles.
But it's a hardware bug which is good news.

https://lock.cmpxchg8b.com/zenbleed.html

 

[KiiWii]

OFW 8.00 b1 is available for those in the program.

 

[Stoned]

 

[KiiWii]

Large:

 

[Seraphic]

Congrats, nice work!

 

[schatzi24]

Post automatically merged: Jul 27, 2023

TLDR:

The developer known as Flat_z has successfully obtained read access to the PS5 PSP (Platform Security Processor), which contains crucial components such as bootrom and key seeds. Additionally, he has verified he also developed an hypervisor exploit.

As of right now Flat_z has decided not to disclose his exploits or bugs at this time. However, leveraging the knowledge gained from this achievement, he aims to undertake the reverse engineering of secure modules and other relevant information. The ultimate goal is to enable the use of FPKG's (Fake PKGs) on the PS5 in the future.

If circumstances permit, Flat_z intends to provide a comprehensive write-up detailing the implementation of FPKG's for the PS5 console. However, it's important to note that there is currently no specified release date for this write-up, as he must prioritize other commitments before embarking on this endeavor.

For the time being, it is kindly requested that Flat_z not be approached with inquiries about release dates or repeated questions regarding the availability of his work. Your understanding and patience are greatly appreciated.

 

[Newhouse-Estates]

That was quick, knew he wouldn't let us down lol.

 

[acesmokemall]

If this is this the same exploit as Failoverflow then it should work on 4.03 PS5 FW cause 4.03 FW is where Failoverflow got secure boot loader anyway that's what it looks like ..But congrats to Flatz for this awesome achievement..

 

[Newhouse-Estates]

If this is this the same exploit as Failoverflow then it should work on 4.03 PS5 FW cause 4.03 FW is where Failoverflow got secure boot loader anyway that's what it looks like ..But congrats to Flatz for this awesome achievement..

FlatZ is on 2.50 IIRC but yes it should be fine with current exploits.

 

[kimitoboku101]

FlatZ is on 2.50 IIRC but yes it should be fine with current exploits.

oh maybe no chance for 4.5

 

[qamartheone]

oh maybe no chance for 4.5

dont worry..when it releases it should probably work upto 4.51

 

[acesmokemall]

oh maybe no chance for 4.5

Hi hopes ..I'm thinking it probably will work up to 4.51 ..

 

[schatzi24]

Hope HEN come to install PS4 Fpkgs

 

[acesmokemall]

Hi hopes ..I'm thinking it probably will work up to 4.51 ..

Could work up to the highest PS5FW ..But then we would need a new Kexploit ..I really think PS5 is gonna be blown wide open soon ..They can gain leverage over the PSP ..GAME OVER ..Zull talked about this awhile back..Time for PS5 pro and the beat goes on

Post automatically merged: Jul 28, 2023

FlatZ is on 2.50 IIRC but yes it should be fine with current exploits.

It's common sense no brainer

FlatZ is on 2.50 IIRC but yes it should be fine with current exploits.

It's common sense no brainer if it is the same exploit as failoverflow used it is blatantly shown it was on 4.03 Recovery FW where they secure boot loader ..Alot are saying it is the same exploit as Flatz ..Hmmmmmmm..Wonder if there are differences though..Time will tell ..High hopes

Post automatically merged: Jul 28, 2023

Could work up to the highest PS5FW ..But then we would need a new Kexploit ..I really think PS5 is gonna be blown wide open soon ..They can gain leverage over the PSP ..GAME OVER ..Zull talked about this awhile back..Time for PS5 pro and the beat goes on

Post automatically merged: Jul 28, 2023

It's common sense no brainer

It's common sense no brainer if it is the same exploit as failoverflow used it is blatantly shown it was on 4.03 Recovery FW where they secure boot loader ..Alot are saying it is the same exploit as Flatz ..Hmmmmmmm..Wonder if there are differences though..Time will tell ..High hopes

What is weird tho is how failoverflow got control did they have there own kernel exploit or did they know about the implementation of a PS5 kernel exploit based on TheFlow's IPV6 Use-After-Free..

Post automatically merged: Jul 28, 2023

Hope HEN come to install PS4 Fpkgs

HEN will probably be ps4 and ps5 flatz has gotten control over the main security of the ps5 ..

 

[Jstsxlittt]

Could work up to the highest PS5FW ..But then we would need a new Kexploit ..I really think PS5 is gonna be blown wide open soon ..They can gain leverage over the PSP ..GAME OVER ..Zull talked about this awhile back..Time for PS5 pro and the beat goes on

Post automatically merged: Jul 28, 2023

It's common sense no brainer

It's common sense no brainer if it is the same exploit as failoverflow used it is blatantly shown it was on 4.03 Recovery FW where they secure boot loader ..Alot are saying it is the same exploit as Flatz ..Hmmmmmmm..Wonder if there are differences though..Time will tell ..High hopes

Post automatically merged: Jul 28, 2023

What is weird tho is how failoverflow got control did they have there own kernel exploit or did they know about the implementation of a PS5 kernel exploit based on TheFlow's IPV6 Use-After-Free..

Post automatically merged: Jul 28, 2023

HEN will probably be ps4 and ps5 flatz has gotten control over the main security of the ps5 ..

There was a weird fw update for the ps4 and ps5 at the same time somewhere last week so I have high hopes it will be up to 7.40 or 6.50 since 6.50 already seems to be half vulnerable

 

[Lunatics]

I love seeing progress but I hate how everything seems to be tied to a ps4 save game exploit. How are we supposed to obtain the game if our systems cannot go online to get it? If we had not already purchased the random game and happened to have it, or updated the system to download it when it was announced, how would one be able to get their hands on it to take advantage of these or is it for a miniscule amount of users? Are these ps4 games something we can buy physically to use this exploit?

 

[qamartheone]

I love seeing progress but I hate how everything seems to be tied to a ps4 save game exploit. How are we supposed to obtain the game if our systems cannot go online to get it? If we had not already purchased the random game and happened to have it, or updated the system to download it when it was announced, how would one be able to get their hands on it to take advantage of these or is it for a miniscule amount of users? Are these ps4 games something we can buy physically to use this exploit?

read again,he used a DISC based ps4 game