PS5 Hack Status:

FW Ranges:
2.XX = HEN+Kstuff+HV = PS4/5 backups, possible keys exploit (WebKit: 2.50 best / 2.7X max)
3.XX = HEN+Kstuff+HV+Linux = PS4/5 backups, possible keys exploit (WK/BDJB/LUA: 3.20 best / 3.21 max)
4.XX = HEN+Kstuff+HV+Linux = PS4/5 backups (WK/Y2JB/BDJB/LUA: 4.50 best / 4.51 max)
5.XX = HEN+Kstuff+HV+Linux = PS4/5 backups (WK/Y2JB/BDJB/LUA: 5.50 best + max)
6.XX = HEN+Kstuff = PS4/5 backups, HV+Linux for 6.02 max (Y2JB/BDJB/LUA: 6.50 best + max)
7.XX = HEN+Kstuff = PS4/5 backups, no HV (Y2JB/BDJB/LUA: 7.61 best + max)
8.XX-10.01 = HEN+ Kstuff = PS4/5 backups, no HV (Y2JB/LUA)
10.20-12.00 = KEX + Kstuff = PS4/5 backups, no HV (LUA)
12.02-12.70 = KEX (P2JB/SWRR)
13.XX = No KEX/HEN/Kstuff/HV (LUA)

NOTE: Recommended firmware is subjective. Staying low is always suggested first & foremost. It is not recommended to update too many major versions (e.g., 4.xx to 5.xx or 7.xx to 8.xx) because you should remain low unless all you want is backups.

DO NOT UPDATE OVER 12.00!! P2JB can take over 3 hrs to trigger an exploit.

Hypervisor (HV):
Highest known HV exploit: 6.02
Highest theoretical HV exploit: 7.XX
Highest implemented HV exploit: 1.00-4.51 (Cragson PS5Hen) / 3.00-6.02 (TheFlow)
*unreleased/unimplemented

Kernel (KEX):
Highest public Release: 12.70
Highest known: 12.70 (P2JB)
UMTX2: 1.00-7.61
Lapse: 1.00-10.01
Poopsploit: 4.XX-12.00
P2JB: X.XX-12.70

Userland (UL):
LUA: 2.00-LATEST (LUA game exploit, chain Lapse up to 10.01)
Y2JB: 4.03-12.60 (YouTube exploit, + Lapse up to 10.01)
NFNH: 4.03-12.XX (Netflix exploit, + Lapse up to 10.01)
YARPE: 4.03-12.XX (Ren'Py exploit, + Lapse up to 10.01)
BD-JB: 1.00-7.61 (Blu Ray exploit + UMTX2, 8.00-12.40 via UN BD JB + Poopsploit)
Webkit: 1.00-5.50 (PSFREE +UMTX2) (up to 13.20 coming soon)
Mast1C0re: 1.00-7.61 (PS2 backups)
LuaC0re: 10.20-12.02 (Star Wars RR: + Poopsploit up to 12.00)

NOTE: A userland entry exploit (UL) chained to kernel exploit (KEX) is required at a bare minimum to exploit your console.

NOTE 2: Since 12.60/13.00 Sony has removed the YouTube and Netflix apps and has added 30 day expirations to downloaded software used for LuaC0re/Mast1C0re/RenPy etc.

Digital consoles will now need a new webkit userland to hack their consoles as of 19/04/2026)

Useful Applications:
Elf loader: 8.00/7.61 HERE (use with BD-J)
Kstuff: 3.00-10.01 (3.00-12.70 soon) HERE
Kstuff Lite: 3.00-12.70 HERE
Kstuff Toggle: 3.00-12.00 HERE
Dumping: Up to 8.00/7.61 (ItemzFlow / self decryptor) latest HERE
PS5 App Dumper: 3.00-12.00 HERE
Dump Runner: 3.00-12.00 HERE
Dump Installer: 3.00-11.60 HERE
Backporting: Possible (backpork / Porkfolio)
PS4/PS5 DLC: Work with kstuff (on retail disc games)
Homebrew Enabler: etaHEN (3.00-10.01) latest HERE
PS5 Backup Loading: Itemzflow HERE Compatibility list: HERE
PS4 Backup Loading: FPKG Enabler 3.XX-9.XX (rest mode & backports work, can crash).
PS5 Debug: Works HERE
PS5 Remote Play: Works HERE & HERE
PS5 Trainers/Cheats: Work (Built into itemzFlow)

UART: HERE
Linux: (3.00-6.02) HERE
Kldload (wip): 3.00-6.50 HERE
Full chain exploit: 1.00-4.51 (byepervisor) HERE (also built into etaHEN up to 2.7X)
PSN access: NEVER
Latest OFW: 13.20 (23/04/26)
Summarised OFW/Model guide: HERE
1.XX-7.61 compatibility list: HERE
PS5 SDK Repo: HERE
Legit PKG Updates: HERE or HERE
OFW Updates: HERE (history HERE)

Preparing Your Console:

It is recommended to either self-host offline or block these addresses in your router to avoid accidental updates or getting an update nag. Using the DNS method is no longer failsafe, as these are not guaranteed to be running 24/7.

Spoiler: Addresses to block to avoid updates:

dau01.ps5.update.playstation.net
dbr01.ps5.update.playstation.net
dcn01.ps5.update.playstation.net
deu01.ps5.update.playstation.net
dhk01.ps5.update.playstation.net
djp01.ps5.update.playstation.net
dkr01.ps5.update.playstation.net
dmx01.ps5.update.playstation.net
dru01.ps5.update.playstation.net
dsa01.ps5.update.playstation.net
dtw01.ps5.update.playstation.net
duk01.ps5.update.playstation.net
dus01.ps5.update.playstation.net
fau01.ps5.update.playstation.net
fbr01.ps5.update.playstation.net
fcn01.ps5.update.playstation.net
feu01.ps5.update.playstation.net
fhk01.ps5.update.playstation.net
fjp01.ps5.update.playstation.net
fkr01.ps5.update.playstation.net
fmx01.ps5.update.playstation.net
fru01.ps5.update.playstation.net
fsa01.ps5.update.playstation.net
ftw01.ps5.update.playstation.net
fuk01.ps5.update.playstation.net
fus01.ps5.update.playstation.net
hau01.ps5.update.playstation.net
hbr01.ps5.update.playstation.net
hcn01.ps5.update.playstation.net
heu01.ps5.update.playstation.net
hhk01.ps5.update.playstation.net
hjp01.ps5.update.playstation.net
hkr01.ps5.update.playstation.net
hmx01.ps5.update.playstation.net
hru01.ps5.update.playstation.net
hsa01.ps5.update.playstation.net
htw01.ps5.update.playstation.net
huk01.ps5.update.playstation.net
hus01.ps5.update.playstation.net
sgst.prod.dl.playstation.net
gs2.ww.prod.dl.playstation.net

Alternative DNS IP:
DNS 1: 172.245.146.114
(Leave DNS 2 blank)

Spoiler: System Update Information

To determine your OFW version:
Go to settings > system > console information.

Version string info:
Year.Half (1st/2nd half of the year)-Major Version No.Minor Version No.Extended info-Further Info.Retail/Debug

21.02-04.03.00.00-00.00.00.0.1

It is recommended to keep your console as low as possible to have access to better jailbreak stability and features. Stay as low as possible within the "Golden" firmware brackets that apply to your current firmware.

Current Examples:
2.00 could be updated to 2.50 maximum to retain Webkit/BD-JB/LUA HV + KEX + HEN.
4.00 could be updated to 4.51 maximum for WebKit/BD-JB/LUA + KEX + HEN + potential HV exploits.
5.00 could be updated to 5.50 maximum for WebKit/BD-JB/LUA + KEX + HEN.
6.XX-7.XX could be updated to 7.61 maximum for HEN using only BD-JB or LUA.
Digital/Pro users on 6.XX-LATEST cannot use BDJB or LUA without an activated console. Wekbit does not go beyond 5.50 for now.
Digital/Pro users or Disc console users on 8.XX-LATEST should consider waiting or selling/swapping consoles to get a lower firmware.
(No jailbreak is ever guaranteed. No developer is obliged to release anything publicly)

WARNING:
Only update OFW manually via USB by getting the firmware file from HERE and installing from <USB>:/PS5/UPDATE/PS5UPDATE.PUP

SYSTEM UPDATES:

12.00 SYS MD5: 79d3171ec4ef38ca27f8ff36a9940847 (Exploited - No HEN yet)
10.01 SYS MD5: 68a31944c1867bf9643798fd1c14998e (Exploited + HEN)
9.00 SYS MD5: e74ddccd3360941ca24475c13195e031 (Exploited + HEN)
8.00 SYS MD5: 7616128c57581d5e49b42d1b3f308232 (Exploited + HEN)
7.61 SYS MD5: d5eca8b171a8d7df7ba225167f77e645 (Exploited + HEN)
6.50 SYS MD5: 98db854ba47a75dff0cb09355bca9025 (Exploited + HEN)
5.50 SYS MD5: edb3513ec531b2bd28f3a0b52a82a54f Exploited + HEN)
4.51 SYS MD5: 1330b7bf63bf5c93d809b1eb1f4e1f01 (Exploited + HEN)
4.03 SYS MD5: 3716e4e6e0d223cd94cd4a8e5bd4fb94 (Exploited + HEN)

RECOVERY UPDATES (wipes HDD):
12.00 REC MD5: f993e4c35ed6659b516346941980de4b (Exploited - no HEN yet)
10.01 REC MD5: 5202be086fc726d881f722d46e4486c6 (Exploited + HEN)
9.00 REC MD5: 6fbbda82c325bb5d6ec0717c2223b5c0 (Exploited + HEN)
8.00 REC MD5: 6cbb7a2fa2ace926202bd6e71304fb06 (Exploited + HEN)
7.61 REC MD5: 932f24e934723050fe49561b67e95226 (Exploited + HEN)
6.50 REC MD5: 4305223c12bd6dda9b944c0ee49c94c0 (Exploited + HEN)
5.50 REC MD5: c939ac8b37e07bbc129816a61002d30a (Exploited + HEN)
4.51 REC MD5: da78ca268da90a963d89b0f45db0f061 (Exploited + HEN)
4.03 REC MD5: e6dcc800d8d1dcada4f2bcd6e7ff162c (Exploited + HEN)

PS5 factory mode PUP installation path:
/usb/PROSPERO/UPDATE/PROSPEROUPDATE.PUP

Select Your Jailbreak:

WEBKIT (1.00-5.50):BD-JB 1.00-7.61:LUA (2.00-LATEST):Mast1c0re (2.00-7.61):Y2JB (4.03-10.01):NFNH (4.03-10.01):YARPE (4.03-10.01):LuaC0re (12.00 REQUIRES SWRR):BD UN JB (REQUIRES JB'D CONSOLE):

1. 
   PSFREE 1.XX-5.XX: https://github.com/kmeps4/PSFree
   Recommended host: https://zecoxao.github.io/luasauce/ (UMTX2 + Webkit for 1.XX-5.XX)
   
   Recommended WebKit hosts:
   https://zecoxao.github.io/luasauce/
   (UTMX2 with Lua and WebKit for 1.xx-5.xx)
   https://zecoxao.github.io/umtx/ or https://es7in1.site/
   (UMTX 2 exploit works on 3.00-5.50 with PSFREE WebKit)
   
   Alternative hosts:
   https://zecoxao.github.io/ps5jb/
   https://ps5jb.pages.dev/
   https://sleirsgoevy.github.io/ps4jb2/ps5-403/index.html
   
2. 
   You will need a BD dive paired to your Slim/Pro console, or an OG Phat model on 1.00-7.61 to run this exploit.
   
   Viktorious AIO Auto BD-JB ISO for 4.XX-7.61: https://github.com/Viktorious-x/ps5-bdjb-modified-ISOs/releases
   (Alternative: UMTX Kernel exploit 7.61 JAR loader by Hammer83: https://github.com/hammer-83/ps5-jar-loader/releases)
   
   Burn ISO to a blank BD-R or BD-RE, put it into your console, and click on the [DISC PLAYER] icon.
   Highlight [PIPELINE RUNNER] then click option 2 [Normaljailbreak-etaHEN-UMTX1.pipe] to auto load etaHEN ready for ItemzFlow.
   Debug settings will be loaded, and the package installer can be found under [SETTINGS] > [DEBUG SETTINGS].
   ELF Loader will be running on your PS5 IP: port 9021
   
   
3. 
   Important:
   Up to 10.01 has a kernel exploit + HEN
   11.XX-12.70 has a kernel exploit but no HEN yet.
   LUA entry point works on the latest OFW, but there is no kernel or HEN yet.
   (A compatible PS4 game is required to launch the exploit on PS5. See below)
   
   Your PS5 console must be activated to use save copying for PS4 games.
   
   
   1. Insert your game disc and, as soon as possible, make a save file within it.
   2. Copy the save files to USB, go to [SETTINGS] > [STORAGE] > [CONSOLE STORAGE] > [SAVE DATA] > [PS4 GAMES] > select the game save and copy to a USB drive.
   3. On PC, using a Google Drive account, make a new folder with the GAME ID of your game, and upload the savedata & savedata.bin files to that folder.
   4. Share the folder, set it to editor mode, share with anyone, and click "copy the link".
   5. Join the HTOS Discord group: HERE type "/decrypt", select "FALSE" for including SCE_SYS, paste or type in the Google Drive link, and press enter. The bot should begin mounting your save. (If it doesn't, paste in the link again.)
   6. Click "ENCRYPTED" to remove the Sony PFS layer. Download the generated files and extract the folder to your desktop (you should have 4 files in there and be named dec_savedata_CUSA[GAME ID]).
   7. Using REMOTE LUA LOADER, open the savedata folder, copy the 20 files within into your encrypted save folder on your desktop.
   8. Upload the encrypted save folder (now with 24 files in) to your Google Drive. It should be named "dec_savedata_CUSA[GAME ID]" where GAME ID is your games 5 digit number, and set it to editor mode, share with anyone, and then click "copy the link".
   9. Go back to the HTOS discord server, and type "/encrypt", hit "FALSE" for uploading individually, and "FALSE" to include SCE_SYS. Finally, hit shared_gd_link and paste in your link to the original save (4 files) folder. (If it doesn't, paste in the link again.)
   10. When this is done, paste the link to the decrypted save (24 files) folder, and the bot will encrypt the files.
   11. Resign the files by typing "/resign" followed by your account name on the console, or PSN ID associated with that account if using the latest OFW.
   12. Download the resigned files, extract the files to your USB drive and overwrite them into the savedata folder on your USB or external drive.
   13. Copy the saves back to your console [SETTINGS] > [SAVE DATA AND GAME/APP SETTINGS] > [SAVE DATA PS4] > [COPY OR DELETE FROM USB] > [COPY TO CONSOLE STORAGE] > select your game save folder from the USB drive and copy/overwrite old save data.
   14. Load LUA game again, and you should see the LUA LOADER screen.
   15. You can use "SEND_LUA.PY" to send the UMTX files to the loader.
   (NOTE: Some games require manual loading of save game)
   
   On firmware up to 7.61, you can now load UMTX/2 followed by etaHEN by sending the files to your console IP on PORT 9026.
   On firmware 8.00-LATEST, you can connect with the REMOTE LUA LOADER APP to send debug notifications or FTP on port 1337.
   
   LUA Loader: HERE or HERE
   
   Auto LUA Loader Fork: HERE
   
   Compatible LUA games:
   Aerial Life (CUSA17122)
   Aibeya (CUSA17068)
   Aikagi 2 (CUSA19556)
   Aikagi Kimi to Issho ni Pack (CUSA16229)
   Aikano Yukizora no Triangle (CUSA19370)
   Boku to Nurse no Kenshuu Nisshi (CUSA12049)
   Boku to Joi no Shinsatsu Nisshi (CUSA18107)
   Fuyu Kiss (CUSA29745)
   Hamidashi Creative (CUSA27389)
   Hamidashi Creative Demo (CUSA27390 requires the latest OFW to download from PSN)
   Haruoto Alice (CUSA14324)
   IxSHE Tell (CUSA17112)
   IxSHE Tell Demo (CUSA17126)
   Jinki Resurrection (CUSA25179)
   Jinki Resurrection Demo (CUSA25180 requires the latest OFW to download from PSN)
   Maid-san no Iru Kurashi (CUSA18106)
   Nora Princess and Stray Cat Heart HD (CUSA13303: Rename save9999.dat into nora_01.dat)
   Nora Princess and Strat Cat Heart 2 (CUSA13586)
   Raspberry Cube (CUSA16074)
   Winter Guest (CUSA11977)
   
   WARNING: using demos is free but can become corrupt, and you cannot upgrade your internal HDD either. If you lose the demo you can no longer use the exploit.Disc recommended.
   
   Incompatible LUA games:
   Dokyusei Remake Csver (CUSA47117)
   Dōkyūsei: Bangin' Summer - Home Edition Demo (CUSA47132)
   Kiss Trilogy (CUSA19341)
   Love Clear Demo (CUSA18109)
   Mikagami Sumika no Seifuku Katsudou (CUSA11481)
   Sen no Hatou, Arazone no Hime (CUSA09647)
   Tonari ni Kanojo no Iru Shiawase: Two Farce (CUSA09825)
   Tonari ni Kanojo no Iru Shiawase Summer Surprise (CUSA18998)
   
4. 
   PS2 Classics > Userland via CTurt:
   (Implementation by McCaulay)
   Note: this is currently limited to swapping the loaded PS2 iso, or loading PS2 elf homebrew on PS5 (or PS4) for emulators or basic PS2 brew.
   
   Mast1c0re PS2 exploit for PS2 homebrew:
   https://cturt.github.io/mast1c0re.html
   
   Mast1c0re part 2:
   https://cturt.github.io/mast1c0re-2.html
   
   Mast1c0re payload framework:
   https://github.com/McCaulay/mast1c0re
   
   Okrager save game exploit generator for Okage:
   https://github.com/McCaulay/okrager
   
   Mast1c0re payloader TCP Client GUI for PS5 6.50:
   https://github.com/Master-s/PS4-PS5-Mast1c0re-Payloader/releases
   
   TCP network ISO loader:
   https://github.com/McCaulay/mast1c0re-ps2-network-elf-loader/releases
   
   ExFat USB ISO loader:
   https://github.com/McCaulay/mast1c0re-ps2-usb-game-loader/releases
   
5. 
   coming soon
   
6. 
   coming soon
   
7. 
   coming soon
   
8. 
   coming soon
   
9. 
   This method modifies the BD-J stack to allows BDJB to be re-enabled on your higher firmware console up to 12.40.
   
   This requires your console to be hacked via another method first to gain access to alter the files.
   (For example 12.00 needs SWRR disc to hack it first)
   
   https://github.com/Gezine/BD-UN-JB
   
   DO NOT REINSTALL FW, IT WILL WIPE THE PATCH AND LOSE BD-JB
   

Additional Information:

PS4 GAME INFORMATION:
OFW 1.xx cannot run PS4 games.
OFW 2.xx runs PS4 games up to 8.03
OFW 3.xx runs PS4 games up to 8.52
OFW 4.xx runs PS4 games up to 9.04
OFW 5.xx runs PS4 games up to 9.60
OFW 6.xx runs PS4 games up to 10.50
OFW 7.xx runs PS4 games up to 11.00
OFW 8.xx/9.xx runs PS4 games up to 11.50
OFW 10.xx runs PS4 games up to 12.00
OFW 11.xx runs PS4 games up to 12.50
OFW 12.xx runs PS4 games up to 13.00

(Note: PS4 backported FPKGs also work perfectly on an exploited PS5 with Kstuff)

You can install free/demo PKGS (legit pkgs) via the debug pkg installer, provided you have all the files/json/licences required.
(Astro’s Playroom has no licences and can be installed and played from official pkgs and updated inline with your firmware)

Warnings:

1: Never enable IDU mode.
If you do, you will need to enter staff mode by holding L1 + L2 and tapping this combo: circle, cross, square, triangle, right D-Pad. Release L1 + L2, and you can access settings to exit IDU.

2: Try to stay on the lowest FW possible and wait for hacks on that firmware.

3: PS5 FPKGs do not work. A hack for the A53 processor does not publicly exist to enable installing PS5 content as FPKG/PKG.

4: Installing legit game PKGs you do not own will never work, even if spoofed.

5: If you get stuck in a boot loop at the PS logo, the SNVS is corrupted (if the hash check fails on boot, this causes a “soft brick”). It’s not “bricked”. Simply reinstall your current firmware RECOVERY PUP in safe mode from USB: PS5 > UPDATE > PS5UPDATE.PUP.

Archived Information

Spoiler

https://github.com/astrelsky/libhijacker

https://github.com/illusion0001/libhijacker

https://github.com/TheOfficialFloW/Presentations/blob/master/2022-hardwear-io-bd-jb.pdf

https://github.com/sleirsgoevy/bd-jb

https://github.com/psxdev/bd-jb

https://gbatemp.net/download/remount-system-with-write-permissions.37807/

https://github.com/john-tornblom/ps5-payload-sdk

https://github.com/john-tornblom/bdj-sdk/actions/workflows/bdjb.yml

 

[Adam512]

 

[FateNightroad]

 

[Wolf85]

With the ps4 we always had a webkit ready so you are right we used to wait for a kernel not for a webkit, now let's talk about this. The last webkit we have ( Psfree ) was patched in 2022 nearly 3 years ago, and then nothing after that we had a lot of bugs but they end up being useless for us. Theflow released pppwn up to 11.0 last year and it doesnt require a webkit, now we ask ourselves this : what if this vulnerability needed a webkit ? you think we would stay a year without a webkit for 11.0 ? No chance. Again this is just a theory on my part that I believe its tied to the ps4, if the webkit bug is not patched they aren't going to release it for the ps5 otherwise they wouldve already for the umtx kernel up to 7.61, so I think they wait to match it with the last kernel vulnerability of the ps4. If my theory is correct and we get a kernel for 12.00, a webkit will appear that its going to match that kernel so 12.00. OR this webkit thingy is starting to play with my head and I turned into a conspiracy theorist

You're still missing the process of it all.... the "webkit" is just the entry point for an exploit. Psfree as you mentioned was how they were able to get kernel access, if we had custom firmware there wouldn't be any need for any exploits because the software would be fully controllable by the user rather than the proprietor. Like windows pretends to be but Linux and other freebsd based operating systems more accurately emulate. Imagine if you bought the ps6 without any operating system and you could opt out of Sony's software in order to install your own. You wouldn't be able to connect to Sony servers but you could then just emulate your own. It's Kind of like buying a vehicle that onstar has locked out until you pay them to start the engine... it's all about greed and how it keeps our species from reaching the stars.

 

[madbrainx]

 

[elroche]

You're still missing the process of it all.... the "webkit" is just the entry point for an exploit. Psfree as you mentioned was how they were able to get kernel access, if we had custom firmware there wouldn't be any need for any exploits because the software would be fully controllable by the user rather than the proprietor. Like windows pretends to be but Linux and other freebsd based operating systems more accurately emulate. Imagine if you bought the ps6 without any operating system and you could opt out of Sony's software in order to install your own. You wouldn't be able to connect to Sony servers but you could then just emulate your own. It's Kind of like buying a vehicle that onstar has locked out until you pay them to start the engine... it's all about greed and how it keeps our species from reaching the stars.

you didn't understand my message, you are talking like I don't know what a webkit is or how we use it. Im not missing the process its simple really, we all know that webkit is a userland exploit that needs to be chained to a kernel so we get what we call a jailbreak.

You're still missing the process of it all.... the "webkit" is just the entry point for an exploit. Psfree as you mentioned was how they were able to get kernel access

Did I insinuate otherwise in my previous messages ? if yes then show me, because thats exactly what Im talking about, we dont have a webkit because psfree was patched in 2022 (5.50) thats the reason we are waiting for a webkit to use for 6.xx and 7.xx.
We got a kernel "umtx" late 2024 on the ps5 that supports up to "7.61", the scene knew about it years ago just by seeing a line of code or something, but only up to 5.50 have a webkit (psfree) so 6.xx and 7.xx must use other userlands like LUA and BDJ.

For my theory, I believe if theflow or anyone manages to find a kernel for ps4 12.00, that needs a webkit unlike 11.0, someone somewhere sitting on a webkit vulnerability might release it so we can have a 12.00 jailbreak. We never had this much time without discovering a webkit, we were spoiled with the ps4 that we didn't think we could have a hard time discovering a webkit vulnerability. Ps4 5.05, 6.72, 7xx and 9.00 needed a webkit unlike 11.0 "pppwn" so my theory is the fact that it didn't need one so the people sitting on a vulnerabily won't release it now. Long story short my theory is that the scene is tied to the ps4 not the ps5 for now

 

[Wolf85]

you didn't understand my message, you are talking like I don't know what a webkit is or how we use it. Im not missing the process its simple really, we all know that webkit is a userland exploit that needs to be chained to a kernel so we get what we call a jailbreak.


Did I insinuate otherwise in my previous messages ? if yes then show me, because thats exactly what Im talking about, we dont have a webkit because psfree was patched in 2022 (5.50) thats the reason we are waiting for a webkit to use for 6.xx and 7.xx.
We got a kernel "umtx" late 2024 on the ps5 that supports up to "7.61", the scene knew about it years ago just by seeing a line of code or something, but only up to 5.50 have a webkit (psfree) so 6.xx and 7.xx must use other userlands like LUA and BDJ.

For my theory, I believe if theflow or anyone manages to find a kernel for ps4 12.00, that needs a webkit unlike 11.0, someone somewhere sitting on a webkit vulnerability might release it so we can have a 12.00 jailbreak. We never had this much time without discovering a webkit, we were spoiled with the ps4 that we didn't think we could have a hard time discovering a webkit vulnerability. Ps4 5.05, 6.72, 7xx and 9.00 needed a webkit unlike 11.0 "pppwn" so my theory is the fact that it didn't need one so the people sitting on a vulnerabily won't release it now. Long story short my theory is that the scene is tied to the ps4 not the ps5 for now

Right, ps4 makes it easier to find those user land entry points, but you're missing the point that the user land exploits are the jailbreak. Which is just breaking out of the software prison that the system employs. This is the first step in giving the user read and write privileges to the system kernel. "Webkit" simple refers to the method of gaining higher. Privileges. With the ps4 there were easier ways to discover this user land vulnerabilities but with the ps5 that only affects the ps4 version of the software. The ps5 was actually first exploited with an internet protocol vulnerability, the webkit "psfree" was not discovered until a vulnerability in the system software itself was disclosed. There may be many methods to gain control of the hardware but they are only hyping up the webkit entry points due to the lack of disc drive for most systems. The entry points don't matter if they can't grant higher access and the quicker the better. The switch for example had a chip vulnerability that could bypass Nintendo checks to install custom firmware in the form of Emunand. Now imagine if someone could Crack the ps5 wide open with just jailbroken television and rest mode...I discovered that if you have your system in rest mode and then start it back up but switch the TV source manually it will go right back into rest mode so maybe we don't even need any webkit entry points. You seem to be making the claim that the webkit is the holy grail of jailbreaking when custom firmware is the highest goals..."Linux on ps6 day one"...

 

[elroche]

Right, ps4 makes it easier to find those user land entry points, but you're missing the point that the user land exploits are the jailbreak. Which is just breaking out of the software prison that the system employs. This is the first step in giving the user read and write privileges to the system kernel. "Webkit" simple refers to the method of gaining higher. Privileges. With the ps4 there were easier ways to discover this user land vulnerabilities but with the ps5 that only affects the ps4 version of the software. The ps5 was actually first exploited with an internet protocol vulnerability, the webkit "psfree" was not discovered until a vulnerability in the system software itself was disclosed. There may be many methods to gain control of the hardware but they are only hyping up the webkit entry points due to the lack of disc drive for most systems. The entry points don't matter if they can't grant higher access and the quicker the better. The switch for example had a chip vulnerability that could bypass Nintendo checks to install custom firmware in the form of Emunand. Now imagine if someone could Crack the ps5 wide open with just jailbroken television and rest mode...I discovered that if you have your system in rest mode and then start it back up but switch the TV source manually it will go right back into rest mode so maybe we don't even need any webkit entry points. You seem to be making the claim that the webkit is the holy grail of jailbreaking when custom firmware is the highest goals..."Linux on ps6 day one"...

Stop bro for the love of god READ what Im saying JESUS. I literally said : "we all know that webkit is a userland exploit that needs to be chained to a kernel so we get what we call a jailbreak". this is eactly what i said.
and you responded with :

but you're missing the point that the user land exploits are the jailbreak.

I feel like you are trolling me at this point. Who said the userlands are the jailbreak ? BECAUSE I CLEARLY SAID IT NEEDS TO BE CHAINED!!!. Focus for the love of god we have a kernel exploit up to 7.61, we need a webkit so the digital PS5 users can use it since they can't use BDJ. This is why everyone is waiting for the webkit so we can utilize the umtx kernel on digital ps5s

 

[Wolf85]

Stop bro for the love of god READ what Im saying JESUS. I literally said : "we all know that webkit is a userland exploit that needs to be chained to a kernel so we get what we call a jailbreak". this is eactly what i said.
and you responded with :

I feel like you are trolling me at this point. Who said the userlands are the jailbreak ? BECAUSE I CLEARLY SAID IT NEEDS TO BE CHAINED!!!. Focus for the love of god we have a kernel exploit up to 7.61, we need a webkit so the digital PS5 users can use it since they can't use BDJ. This is why everyone is waiting for the webkit so we can utilize the umtx kernel on digital ps5s

My point was that there is a difference between software exploits and hardware exploits... you need kernel access with software exploits, but with hardware exploits like the Tegra vulnerabilities you could simply bypass the need to gain kernel access. This is why ps5 uses 3 chips for authentication instead of just the processor chip. It mitigates all those ps4 vulnerabilities to be ps4 specific and while we can play some ps5 backups that are firmware specific we cannot use kernel access to run the newest games even though we can install them from disc after the kernel is exploited. Waiting for a new webkit exploit would not be necessary if there was a hardware based chip exploit like the switch has. That's all I was trying to say. You don't need userland chains with hardware exploits. What will they do if their internet chips stop working??? Wait for a new hardware based vulnerability of course.

 

[elroche]

My point was that there is a difference between software exploits and hardware exploits... you need kernel access with software exploits, but with hardware exploits like the Tegra vulnerabilities you could simply bypass the need to gain kernel access. This is why ps5 uses 3 chips for authentication instead of just the processor chip. It mitigates all those ps4 vulnerabilities to be ps4 specific and while we can play some ps5 backups that are firmware specific we cannot use kernel access to run the newest games even though we can install them from disc after the kernel is exploited. Waiting for a new webkit exploit would not be necessary if there was a hardware based chip exploit like the switch has. That's all I was trying to say. You don't need userland chains with hardware exploits. What will they do if their internet chips stop working??? Wait for a new hardware based vulnerability of course.

OK

 

[cragson]

Just updated Nihonium with a first basic hex viewer for memory of the PS5.
The frontend part of it is based on a Python Flask app, which means you can run this on any device that can run python.
So in theory you can now reverse engineer the memory of your PS5 from your browser on a Windows PC, Macbook, Mobile phone etc.

It is a very early version I finished today, so a lot of things aren't very polished but I hope it will be helpful to some of you.

Regards,
cragson

E: I can't link it here nor can I attach some preview images or my preview/setup video of youtube - sorry!

 

[zebrone]

What's mp4?

 

[KiiWii]

What's mp4?

A53 file structure.. so possible FPKG memes soon.

 

[wonic]

A53 file structure.. so possible FPKG memes soon.

Hi, hypothetically speaking if this chip is defeated, there would be no need for kstuff or etahen for versions 7.xx. I believe most people are waiting for these versions

 

[ccfman2004]

Hi, hypothetically speaking if this chip is defeated, there would be no need for kstuff or etahen for versions 7.xx. I believe most people are waiting for these versions

You still need etaHEN and kstuff to run PS4 fPKGs and PS4 homebrew stuff like Itemzglow, the Homebrew store, etc. Defeating the A53 chip may allow PS5 fPKGs.

 

[wonic]

You still need etaHEN and kstuff to run PS4 fPKGs and PS4 homebrew stuff like Itemzglow, the Homebrew store, etc. Defeating the A53 chip may allow PS5 fPKGs.

but in this case this fpkg ps5 would only be for versions 4xx and below, correct?

 

[AlphaBravo]

What's mp4?

Taken from twitter post. Was in Spanish.

TeRex777 said:
"mp4 handles package management (PKG), installation, decompression, and verification.

a53 (Secure Processor) handles security tasks, content validation, key management, and system integrity monitoring"

 

[Adam512]

I don't think anyone is working on ps5 fpkg

 

[AlphaBravo]

I don't think anyone is working on ps5 fpkg

 

[Adam512]

and?
this picture didn't change my opinion. In my opinion, just because someone made a simple dump doesn't mean they're working on ps5 fpkg.

It's better not to expect anything so you don't get disappointed.

I look at the screen again and it even says "someone still needs to find a bug"


in addition:
screenshots are from someone on the internet so I don't know if they actually wrote it on Discord but I believe they are true screenshots. I don't have Discord

---

---

---

 

[AlphaBravo]

and?
this picture didn't change my opinion. In my opinion, just because someone made a simple dump doesn't mean they're working on ps5 fpkg.

It's better not to expect anything so you don't get disappointed.

I look at the screen again and it even says "someone still needs to find a bug"


in addition:
screenshots are from someone on the internet so I don't know if they actually wrote it on Discord but I believe they are true screenshots. I don't have Discord

---

---

---

I think the attachment was self explanatory. No one was really talking much about Zeco a53 meme post so I assumed there wasn't much in it. Otherwise MW, Crump and whole of ps5 scene news would have been on fire. I don't have discord either but just posted what I happen to find. If it's wrong, someone can correct me