PS5 Hack Status:

FW Ranges:
2.XX = HEN+Kstuff+HV = PS4/5 backups, possible keys exploit (WebKit: 2.50 best / 2.7X max)
3.XX = HEN+Kstuff+HV+Linux = PS4/5 backups, possible keys exploit (WK/BDJB/LUA: 3.20 best / 3.21 max)
4.XX = HEN+Kstuff+HV+Linux = PS4/5 backups (WK/Y2JB/BDJB/LUA: 4.50 best / 4.51 max)
5.XX = HEN+Kstuff+HV+Linux = PS4/5 backups (WK/Y2JB/BDJB/LUA: 5.50 best + max)
6.XX = HEN+Kstuff = PS4/5 backups, HV+Linux for 6.02 max (Y2JB/BDJB/LUA: 6.50 best + max)
7.XX = HEN+Kstuff = PS4/5 backups, no HV (Y2JB/BDJB/LUA: 7.61 best + max)
8.XX-10.01 = HEN+ Kstuff = PS4/5 backups, no HV (Y2JB/LUA)
10.20-12.00 = KEX + Kstuff = PS4/5 backups, no HV (LUA)
12.02-12.70 = KEX (P2JB/SWRR)
13.XX = No KEX/HEN/Kstuff/HV (LUA)

NOTE: Recommended firmware is subjective. Staying low is always suggested first & foremost. It is not recommended to update too many major versions (e.g., 4.xx to 5.xx or 7.xx to 8.xx) because you should remain low unless all you want is backups.

DO NOT UPDATE OVER 12.00!! P2JB can take over 3 hrs to trigger an exploit.

Hypervisor (HV):
Highest known HV exploit: 6.02
Highest theoretical HV exploit: 7.XX
Highest implemented HV exploit: 1.00-4.51 (Cragson PS5Hen) / 3.00-6.02 (TheFlow)
*unreleased/unimplemented

Kernel (KEX):
Highest public Release: 12.70
Highest known: 12.70 (P2JB)
UMTX2: 1.00-7.61
Lapse: 1.00-10.01
Poopsploit: 4.XX-12.00
P2JB: X.XX-12.70

Userland (UL):
LUA: 2.00-LATEST (LUA game exploit, chain Lapse up to 10.01)
Y2JB: 4.03-12.60 (YouTube exploit, + Lapse up to 10.01)
NFNH: 4.03-12.XX (Netflix exploit, + Lapse up to 10.01)
YARPE: 4.03-12.XX (Ren'Py exploit, + Lapse up to 10.01)
BD-JB: 1.00-7.61 (Blu Ray exploit + UMTX2, 8.00-12.40 via UN BD JB + Poopsploit)
Webkit: 1.00-5.50 (PSFREE +UMTX2) (up to 13.20 coming soon)
Mast1C0re: 1.00-7.61 (PS2 backups)
LuaC0re: 10.20-12.02 (Star Wars RR: + Poopsploit up to 12.00)

NOTE: A userland entry exploit (UL) chained to kernel exploit (KEX) is required at a bare minimum to exploit your console.

NOTE 2: Since 12.60/13.00 Sony has removed the YouTube and Netflix apps and has added 30 day expirations to downloaded software used for LuaC0re/Mast1C0re/RenPy etc.

Digital consoles will now need a new webkit userland to hack their consoles as of 19/04/2026)

Useful Applications:
Elf loader: 8.00/7.61 HERE (use with BD-J)
Kstuff: 3.00-10.01 (3.00-12.70 soon) HERE
Kstuff Lite: 3.00-12.70 HERE
Kstuff Toggle: 3.00-12.00 HERE
Dumping: Up to 8.00/7.61 (ItemzFlow / self decryptor) latest HERE
PS5 App Dumper: 3.00-12.00 HERE
Dump Runner: 3.00-12.00 HERE
Dump Installer: 3.00-11.60 HERE
Backporting: Possible (backpork / Porkfolio)
PS4/PS5 DLC: Work with kstuff (on retail disc games)
Homebrew Enabler: etaHEN (3.00-10.01) latest HERE
PS5 Backup Loading: Itemzflow HERE Compatibility list: HERE
PS4 Backup Loading: FPKG Enabler 3.XX-9.XX (rest mode & backports work, can crash).
PS5 Debug: Works HERE
PS5 Remote Play: Works HERE & HERE
PS5 Trainers/Cheats: Work (Built into itemzFlow)

UART: HERE
Linux: (3.00-6.02) HERE
Kldload (wip): 3.00-6.50 HERE
Full chain exploit: 1.00-4.51 (byepervisor) HERE (also built into etaHEN up to 2.7X)
PSN access: NEVER
Latest OFW: 13.20 (23/04/26)
Summarised OFW/Model guide: HERE
1.XX-7.61 compatibility list: HERE
PS5 SDK Repo: HERE
Legit PKG Updates: HERE or HERE
OFW Updates: HERE (history HERE)

Preparing Your Console:

It is recommended to either self-host offline or block these addresses in your router to avoid accidental updates or getting an update nag. Using the DNS method is no longer failsafe, as these are not guaranteed to be running 24/7.

Spoiler: Addresses to block to avoid updates:

dau01.ps5.update.playstation.net
dbr01.ps5.update.playstation.net
dcn01.ps5.update.playstation.net
deu01.ps5.update.playstation.net
dhk01.ps5.update.playstation.net
djp01.ps5.update.playstation.net
dkr01.ps5.update.playstation.net
dmx01.ps5.update.playstation.net
dru01.ps5.update.playstation.net
dsa01.ps5.update.playstation.net
dtw01.ps5.update.playstation.net
duk01.ps5.update.playstation.net
dus01.ps5.update.playstation.net
fau01.ps5.update.playstation.net
fbr01.ps5.update.playstation.net
fcn01.ps5.update.playstation.net
feu01.ps5.update.playstation.net
fhk01.ps5.update.playstation.net
fjp01.ps5.update.playstation.net
fkr01.ps5.update.playstation.net
fmx01.ps5.update.playstation.net
fru01.ps5.update.playstation.net
fsa01.ps5.update.playstation.net
ftw01.ps5.update.playstation.net
fuk01.ps5.update.playstation.net
fus01.ps5.update.playstation.net
hau01.ps5.update.playstation.net
hbr01.ps5.update.playstation.net
hcn01.ps5.update.playstation.net
heu01.ps5.update.playstation.net
hhk01.ps5.update.playstation.net
hjp01.ps5.update.playstation.net
hkr01.ps5.update.playstation.net
hmx01.ps5.update.playstation.net
hru01.ps5.update.playstation.net
hsa01.ps5.update.playstation.net
htw01.ps5.update.playstation.net
huk01.ps5.update.playstation.net
hus01.ps5.update.playstation.net
sgst.prod.dl.playstation.net
gs2.ww.prod.dl.playstation.net

Alternative DNS IP:
DNS 1: 172.245.146.114
(Leave DNS 2 blank)

Spoiler: System Update Information

To determine your OFW version:
Go to settings > system > console information.

Version string info:
Year.Half (1st/2nd half of the year)-Major Version No.Minor Version No.Extended info-Further Info.Retail/Debug

21.02-04.03.00.00-00.00.00.0.1

It is recommended to keep your console as low as possible to have access to better jailbreak stability and features. Stay as low as possible within the "Golden" firmware brackets that apply to your current firmware.

Current Examples:
2.00 could be updated to 2.50 maximum to retain Webkit/BD-JB/LUA HV + KEX + HEN.
4.00 could be updated to 4.51 maximum for WebKit/BD-JB/LUA + KEX + HEN + potential HV exploits.
5.00 could be updated to 5.50 maximum for WebKit/BD-JB/LUA + KEX + HEN.
6.XX-7.XX could be updated to 7.61 maximum for HEN using only BD-JB or LUA.
Digital/Pro users on 6.XX-LATEST cannot use BDJB or LUA without an activated console. Wekbit does not go beyond 5.50 for now.
Digital/Pro users or Disc console users on 8.XX-LATEST should consider waiting or selling/swapping consoles to get a lower firmware.
(No jailbreak is ever guaranteed. No developer is obliged to release anything publicly)

WARNING:
Only update OFW manually via USB by getting the firmware file from HERE and installing from <USB>:/PS5/UPDATE/PS5UPDATE.PUP

SYSTEM UPDATES:

12.00 SYS MD5: 79d3171ec4ef38ca27f8ff36a9940847 (Exploited - No HEN yet)
10.01 SYS MD5: 68a31944c1867bf9643798fd1c14998e (Exploited + HEN)
9.00 SYS MD5: e74ddccd3360941ca24475c13195e031 (Exploited + HEN)
8.00 SYS MD5: 7616128c57581d5e49b42d1b3f308232 (Exploited + HEN)
7.61 SYS MD5: d5eca8b171a8d7df7ba225167f77e645 (Exploited + HEN)
6.50 SYS MD5: 98db854ba47a75dff0cb09355bca9025 (Exploited + HEN)
5.50 SYS MD5: edb3513ec531b2bd28f3a0b52a82a54f Exploited + HEN)
4.51 SYS MD5: 1330b7bf63bf5c93d809b1eb1f4e1f01 (Exploited + HEN)
4.03 SYS MD5: 3716e4e6e0d223cd94cd4a8e5bd4fb94 (Exploited + HEN)

RECOVERY UPDATES (wipes HDD):
12.00 REC MD5: f993e4c35ed6659b516346941980de4b (Exploited - no HEN yet)
10.01 REC MD5: 5202be086fc726d881f722d46e4486c6 (Exploited + HEN)
9.00 REC MD5: 6fbbda82c325bb5d6ec0717c2223b5c0 (Exploited + HEN)
8.00 REC MD5: 6cbb7a2fa2ace926202bd6e71304fb06 (Exploited + HEN)
7.61 REC MD5: 932f24e934723050fe49561b67e95226 (Exploited + HEN)
6.50 REC MD5: 4305223c12bd6dda9b944c0ee49c94c0 (Exploited + HEN)
5.50 REC MD5: c939ac8b37e07bbc129816a61002d30a (Exploited + HEN)
4.51 REC MD5: da78ca268da90a963d89b0f45db0f061 (Exploited + HEN)
4.03 REC MD5: e6dcc800d8d1dcada4f2bcd6e7ff162c (Exploited + HEN)

PS5 factory mode PUP installation path:
/usb/PROSPERO/UPDATE/PROSPEROUPDATE.PUP

Select Your Jailbreak:

WEBKIT (1.00-5.50):BD-JB 1.00-7.61:LUA (2.00-LATEST):Mast1c0re (2.00-7.61):Y2JB (4.03-10.01):NFNH (4.03-10.01):YARPE (4.03-10.01):LuaC0re (12.00 REQUIRES SWRR):BD UN JB (REQUIRES JB'D CONSOLE):

1. 
   PSFREE 1.XX-5.XX: https://github.com/kmeps4/PSFree
   Recommended host: https://zecoxao.github.io/luasauce/ (UMTX2 + Webkit for 1.XX-5.XX)
   
   Recommended WebKit hosts:
   https://zecoxao.github.io/luasauce/
   (UTMX2 with Lua and WebKit for 1.xx-5.xx)
   https://zecoxao.github.io/umtx/ or https://es7in1.site/
   (UMTX 2 exploit works on 3.00-5.50 with PSFREE WebKit)
   
   Alternative hosts:
   https://zecoxao.github.io/ps5jb/
   https://ps5jb.pages.dev/
   https://sleirsgoevy.github.io/ps4jb2/ps5-403/index.html
   
2. 
   You will need a BD dive paired to your Slim/Pro console, or an OG Phat model on 1.00-7.61 to run this exploit.
   
   Viktorious AIO Auto BD-JB ISO for 4.XX-7.61: https://github.com/Viktorious-x/ps5-bdjb-modified-ISOs/releases
   (Alternative: UMTX Kernel exploit 7.61 JAR loader by Hammer83: https://github.com/hammer-83/ps5-jar-loader/releases)
   
   Burn ISO to a blank BD-R or BD-RE, put it into your console, and click on the [DISC PLAYER] icon.
   Highlight [PIPELINE RUNNER] then click option 2 [Normaljailbreak-etaHEN-UMTX1.pipe] to auto load etaHEN ready for ItemzFlow.
   Debug settings will be loaded, and the package installer can be found under [SETTINGS] > [DEBUG SETTINGS].
   ELF Loader will be running on your PS5 IP: port 9021
   
   
3. 
   Important:
   Up to 10.01 has a kernel exploit + HEN
   11.XX-12.70 has a kernel exploit but no HEN yet.
   LUA entry point works on the latest OFW, but there is no kernel or HEN yet.
   (A compatible PS4 game is required to launch the exploit on PS5. See below)
   
   Your PS5 console must be activated to use save copying for PS4 games.
   
   
   1. Insert your game disc and, as soon as possible, make a save file within it.
   2. Copy the save files to USB, go to [SETTINGS] > [STORAGE] > [CONSOLE STORAGE] > [SAVE DATA] > [PS4 GAMES] > select the game save and copy to a USB drive.
   3. On PC, using a Google Drive account, make a new folder with the GAME ID of your game, and upload the savedata & savedata.bin files to that folder.
   4. Share the folder, set it to editor mode, share with anyone, and click "copy the link".
   5. Join the HTOS Discord group: HERE type "/decrypt", select "FALSE" for including SCE_SYS, paste or type in the Google Drive link, and press enter. The bot should begin mounting your save. (If it doesn't, paste in the link again.)
   6. Click "ENCRYPTED" to remove the Sony PFS layer. Download the generated files and extract the folder to your desktop (you should have 4 files in there and be named dec_savedata_CUSA[GAME ID]).
   7. Using REMOTE LUA LOADER, open the savedata folder, copy the 20 files within into your encrypted save folder on your desktop.
   8. Upload the encrypted save folder (now with 24 files in) to your Google Drive. It should be named "dec_savedata_CUSA[GAME ID]" where GAME ID is your games 5 digit number, and set it to editor mode, share with anyone, and then click "copy the link".
   9. Go back to the HTOS discord server, and type "/encrypt", hit "FALSE" for uploading individually, and "FALSE" to include SCE_SYS. Finally, hit shared_gd_link and paste in your link to the original save (4 files) folder. (If it doesn't, paste in the link again.)
   10. When this is done, paste the link to the decrypted save (24 files) folder, and the bot will encrypt the files.
   11. Resign the files by typing "/resign" followed by your account name on the console, or PSN ID associated with that account if using the latest OFW.
   12. Download the resigned files, extract the files to your USB drive and overwrite them into the savedata folder on your USB or external drive.
   13. Copy the saves back to your console [SETTINGS] > [SAVE DATA AND GAME/APP SETTINGS] > [SAVE DATA PS4] > [COPY OR DELETE FROM USB] > [COPY TO CONSOLE STORAGE] > select your game save folder from the USB drive and copy/overwrite old save data.
   14. Load LUA game again, and you should see the LUA LOADER screen.
   15. You can use "SEND_LUA.PY" to send the UMTX files to the loader.
   (NOTE: Some games require manual loading of save game)
   
   On firmware up to 7.61, you can now load UMTX/2 followed by etaHEN by sending the files to your console IP on PORT 9026.
   On firmware 8.00-LATEST, you can connect with the REMOTE LUA LOADER APP to send debug notifications or FTP on port 1337.
   
   LUA Loader: HERE or HERE
   
   Auto LUA Loader Fork: HERE
   
   Compatible LUA games:
   Aerial Life (CUSA17122)
   Aibeya (CUSA17068)
   Aikagi 2 (CUSA19556)
   Aikagi Kimi to Issho ni Pack (CUSA16229)
   Aikano Yukizora no Triangle (CUSA19370)
   Boku to Nurse no Kenshuu Nisshi (CUSA12049)
   Boku to Joi no Shinsatsu Nisshi (CUSA18107)
   Fuyu Kiss (CUSA29745)
   Hamidashi Creative (CUSA27389)
   Hamidashi Creative Demo (CUSA27390 requires the latest OFW to download from PSN)
   Haruoto Alice (CUSA14324)
   IxSHE Tell (CUSA17112)
   IxSHE Tell Demo (CUSA17126)
   Jinki Resurrection (CUSA25179)
   Jinki Resurrection Demo (CUSA25180 requires the latest OFW to download from PSN)
   Maid-san no Iru Kurashi (CUSA18106)
   Nora Princess and Stray Cat Heart HD (CUSA13303: Rename save9999.dat into nora_01.dat)
   Nora Princess and Strat Cat Heart 2 (CUSA13586)
   Raspberry Cube (CUSA16074)
   Winter Guest (CUSA11977)
   
   WARNING: using demos is free but can become corrupt, and you cannot upgrade your internal HDD either. If you lose the demo you can no longer use the exploit.Disc recommended.
   
   Incompatible LUA games:
   Dokyusei Remake Csver (CUSA47117)
   Dōkyūsei: Bangin' Summer - Home Edition Demo (CUSA47132)
   Kiss Trilogy (CUSA19341)
   Love Clear Demo (CUSA18109)
   Mikagami Sumika no Seifuku Katsudou (CUSA11481)
   Sen no Hatou, Arazone no Hime (CUSA09647)
   Tonari ni Kanojo no Iru Shiawase: Two Farce (CUSA09825)
   Tonari ni Kanojo no Iru Shiawase Summer Surprise (CUSA18998)
   
4. 
   PS2 Classics > Userland via CTurt:
   (Implementation by McCaulay)
   Note: this is currently limited to swapping the loaded PS2 iso, or loading PS2 elf homebrew on PS5 (or PS4) for emulators or basic PS2 brew.
   
   Mast1c0re PS2 exploit for PS2 homebrew:
   https://cturt.github.io/mast1c0re.html
   
   Mast1c0re part 2:
   https://cturt.github.io/mast1c0re-2.html
   
   Mast1c0re payload framework:
   https://github.com/McCaulay/mast1c0re
   
   Okrager save game exploit generator for Okage:
   https://github.com/McCaulay/okrager
   
   Mast1c0re payloader TCP Client GUI for PS5 6.50:
   https://github.com/Master-s/PS4-PS5-Mast1c0re-Payloader/releases
   
   TCP network ISO loader:
   https://github.com/McCaulay/mast1c0re-ps2-network-elf-loader/releases
   
   ExFat USB ISO loader:
   https://github.com/McCaulay/mast1c0re-ps2-usb-game-loader/releases
   
5. 
   coming soon
   
6. 
   coming soon
   
7. 
   coming soon
   
8. 
   coming soon
   
9. 
   This method modifies the BD-J stack to allows BDJB to be re-enabled on your higher firmware console up to 12.40.
   
   This requires your console to be hacked via another method first to gain access to alter the files.
   (For example 12.00 needs SWRR disc to hack it first)
   
   https://github.com/Gezine/BD-UN-JB
   
   DO NOT REINSTALL FW, IT WILL WIPE THE PATCH AND LOSE BD-JB
   

Additional Information:

PS4 GAME INFORMATION:
OFW 1.xx cannot run PS4 games.
OFW 2.xx runs PS4 games up to 8.03
OFW 3.xx runs PS4 games up to 8.52
OFW 4.xx runs PS4 games up to 9.04
OFW 5.xx runs PS4 games up to 9.60
OFW 6.xx runs PS4 games up to 10.50
OFW 7.xx runs PS4 games up to 11.00
OFW 8.xx/9.xx runs PS4 games up to 11.50
OFW 10.xx runs PS4 games up to 12.00
OFW 11.xx runs PS4 games up to 12.50
OFW 12.xx runs PS4 games up to 13.00

(Note: PS4 backported FPKGs also work perfectly on an exploited PS5 with Kstuff)

You can install free/demo PKGS (legit pkgs) via the debug pkg installer, provided you have all the files/json/licences required.
(Astro’s Playroom has no licences and can be installed and played from official pkgs and updated inline with your firmware)

Warnings:

1: Never enable IDU mode.
If you do, you will need to enter staff mode by holding L1 + L2 and tapping this combo: circle, cross, square, triangle, right D-Pad. Release L1 + L2, and you can access settings to exit IDU.

2: Try to stay on the lowest FW possible and wait for hacks on that firmware.

3: PS5 FPKGs do not work. A hack for the A53 processor does not publicly exist to enable installing PS5 content as FPKG/PKG.

4: Installing legit game PKGs you do not own will never work, even if spoofed.

5: If you get stuck in a boot loop at the PS logo, the SNVS is corrupted (if the hash check fails on boot, this causes a “soft brick”). It’s not “bricked”. Simply reinstall your current firmware RECOVERY PUP in safe mode from USB: PS5 > UPDATE > PS5UPDATE.PUP.

Archived Information

Spoiler

https://github.com/astrelsky/libhijacker

https://github.com/illusion0001/libhijacker

https://github.com/TheOfficialFloW/Presentations/blob/master/2022-hardwear-io-bd-jb.pdf

https://github.com/sleirsgoevy/bd-jb

https://github.com/psxdev/bd-jb

https://gbatemp.net/download/remount-system-with-write-permissions.37807/

https://github.com/john-tornblom/ps5-payload-sdk

https://github.com/john-tornblom/bdj-sdk/actions/workflows/bdjb.yml

 

[AtelierRyza]

You can do it by installing pkg file also.

How can you install pkg file without debug settings available?

 

[Rasa39]

His finding is out of scope of hackerone, since the games affected by LUA exploit are developed by third party entities, not Sony.

So, that also includes the Y2JB now too doesn't it, since it's third party...well, shot themselves in the foot with that one huh, I wonder if that's why for ps5 they didn't bother adding licences to the media apps for ps5.

Kinda scummy really though, like do you want to secure your console or not? Devs are not gonna care at all to conceal an exploit they find and later ask for disclosure, if they know there isn't gonna be a pay out at all...unless they wanna wait to check for higher firmware compatibility etc.

I'm sure their investors will be over the moon if any of this hard work can be used to exploit next-gen consoles, when Sony turns around and says "uh yeah but we don't pay for bugs on third party apps so, with no incentive for collaboration from these developers...we just wait for them to release publicly, then panic trying to patch it out"

I bet they are going crazy with security on the PS6 with 2 huge third party enabled exploits that are mostly firmware agnostic.

Shit they might even switch to those new fancy nvidia APU's that are on the horizon.

 

[lufeig]

So, that also includes the Y2JB now too doesn't it, since it's third party...well, shot themselves in the foot with that one huh, I wonder if that's why for ps5 they didn't bother adding licences to the media apps for ps5.

Kinda scummy really though, like do you want to secure your console or not? Devs are not gonna care at all to conceal an exploit they find and later ask for disclosure, if they know there isn't gonna be a pay out at all...unless they wanna wait to check for higher firmware compatibility etc.

I'm sure their investors will be over the moon if any of this hard work can be used to exploit next-gen consoles, when Sony turns around and says "uh yeah but we don't pay for bugs on third party apps so, with no incentive for collaboration from these developers...we just wait for them to release publicly, then panic trying to patch it out"

I bet they are going crazy with security on the PS6 with 2 huge third party enabled exploits that are mostly firmware agnostic.

Shit they might even switch to those new fancy nvidia APU's that are on the horizon.

being out of scope of hackerone doesn't mean sony won't fix the bug.

it means they won't pay a dev for discovering a bug not caused by their own software, which I consider very plausible according to the rules.

 

[Emris93]

How can you install pkg file without debug settings available?

Oh, you will need the backup, so yes, this will erase the entire console unfortunately.

 

[Rasa39]

being out of scope of hackerone doesn't mean sony won't fix the bug.

it means they won't pay a dev for discovering a bug not caused by their own software, which I consider very plausible according to the rules.

Oh yeah I understand that, I just mean it seems in their best interest to include those types of fixes within hackerone, even if they end up giving lower payouts or different types of incentives etc.

I guess they'd probably just sue the company if it was gonna cause Sony so much grief, say in this instance, blaming google for "allowing" an exploitable version of their app to be submitted to the psn network. But I'm no big city lawyer now so I'm just blabbing.

 

[HS2005]

You can do it by installing pkg file also.

And how would you install the PKG that has been released on a non-jailbroken PS5?

 

[UnderJinx]

And how would you install the PKG that has been released on a non-jailbroken PS5?

He already explained that 2 posts ago

 

[lufeig]

Oh yeah I understand that, I just mean it seems in their best interest to include those types of fixes within hackerone, even if they end up giving lower payouts or different types of incentives etc.

I guess they'd probably just sue the company if it was gonna cause Sony so much grief, say in this instance, blaming google for "allowing" an exploitable version of their app to be submitted to the psn network. But I'm no big city lawyer now so I'm just blabbing.

me too! lol

 

[autumns]

here’s everything y’all need to know about Y2JB:

1. it hasn’t been released yet. the backup gezine posted just crashes the app to test if the vulnerable code works correctly on all firmwares, which it does.

2. when the exploit does release there will be 2 ways to use it. the first is if you already have a JB and want to preserve your data, you can install the affected youtube pkg and then add the exploit files over FTP. the second is if you cannot FTP, you’ll have to use a backup and wipe your console. there is unfortunately no way around that right now. yes, you could get the youtube app by using external storage but you can’t add the exploit without FTP.

3. the patch gezine posted to bypass the psn pop-up is not related to the exploit, the exploit will run automatically even without this patch. they just developed the patch to make debugging less annoying for them and decided to share it in case you want to use the youtube app normally.

4. if you want to prepare your console and you already have JB, you can install the youtube 1.000.003 pkg from prospero-patches as this is probably the update the exploit will use. you will need to add the exploit over FTP when it is released. when downloading from prospero-patches you need to merge the sc file and the pkg file, look up a tutorial on youtube (lol).

5. if you want to prepare your console and you don’t have JB already just wait. you will need a special backup with the exploit built-in created by gezine which doesn’t exist yet. there is no reason to install a backup right now as you’ll need to overwrite it when the exploit does drop, and if you have an activated console it’s worth waiting on the off-chance they find a way to install the exploit without wiping the console when it releases.

6. the reason people are very confident that youtube will lead to a userland exploit is that each update can be installed on any console with no license, and each update comes with a specific build of a browser built in. the 1.000.003 update is built on a 5 year old chrome-based browser with dozens of known exploits. we have a working POC of one bug from 2021 already working which is what we’re testing. but even if this particular bug doesn’t end up panning out for one reason or another, there are dozens of other known bugs in this version of the browser to try. and if there are no exploitable bugs in 1.000.003 there are 5 other updates from the past 5 years that each have their own set of dozens of possible exploits. the attack surface here is huge and with enough time it’s practically guaranteed that one of the known exploits for this browser will work with the stripped down version in the youtube app. it’s almost as if we could just downgrade the ps5 browser to one that we know has exploits whenever we want. that’s why it’s so crazy good.

 

[solitaire4eva]

All this cause of a big billionaire dollar company screwed over a legit by the book developer.

Also I have been saying it as "Ge-zeen", like magazine, brit innit...

I swear I thought they were talking about somebody else cause just like you he been "Ge-Zeen" in my head for longest time!

 

[CyberMarco]

Following the tutorial for LUA, I can't get the following to work:

• 5. Join the HTOS Discord group: HERE type "/decrypt", select "FALSE" for including SCE_SYS, paste or type in the Google Drive link, and press enter. The bot should begin mounting your save. (If it doesn't, paste in the link again.)
• 6. Click "ENCRYPTED" to remove the Sony PFS layer. Download the generated files and extract the folder to your desktop (you should have 4 files in there and be named dec_savedata_CUSA[GAME ID]).

I don't get any ''ENCRYPTED'' option to click. Only Download, that let's me download a .zip file (dec_savedata_CUSA17112_MxfcqjHK40.zip)

PS5 Phat FW 9.40, with activated PSN account

 

[madbrainx]

@CyberMarco try this one:
https://gbatemp.net/threads/ps5-exploit-guide.613891/post-10675109

 

[Wolf85]

LOL I said like two months ago, this was gonna happen. I just got my Lua game working like a week or two ago and now this. Well at least I only paid $34 for it. Now its worth 3 Fiddy. $3.50

Tree fiddy. Lol

Post automatically merged: Oct 4, 2025

here’s everything y’all need to know about Y2JB:

1. it hasn’t been released yet. the backup gezine posted just crashes the app to test if the vulnerable code works correctly on all firmwares, which it does.

2. when the exploit does release there will be 2 ways to use it. the first is if you already have a JB and want to preserve your data, you can install the affected youtube pkg and then add the exploit files over FTP. the second is if you cannot FTP, you’ll have to use a backup and wipe your console. there is unfortunately no way around that right now. yes, you could get the youtube app by using external storage but you can’t add the exploit without FTP.

3. the patch gezine posted to bypass the psn pop-up is not related to the exploit, the exploit will run automatically even without this patch. they just developed the patch to make debugging less annoying for them and decided to share it in case you want to use the youtube app normally.

4. if you want to prepare your console and you already have JB, you can install the youtube 1.000.003 pkg from prospero-patches as this is probably the update the exploit will use. you will need to add the exploit over FTP when it is released. when downloading from prospero-patches you need to merge the sc file and the pkg file, look up a tutorial on youtube (lol).

5. if you want to prepare your console and you don’t have JB already just wait. you will need a special backup with the exploit built-in created by gezine which doesn’t exist yet. there is no reason to install a backup right now as you’ll need to overwrite it when the exploit does drop, and if you have an activated console it’s worth waiting on the off-chance they find a way to install the exploit without wiping the console when it releases.

6. the reason people are very confident that youtube will lead to a userland exploit is that each update can be installed on any console with no license, and each update comes with a specific build of a browser built in. the 1.000.003 update is built on a 5 year old chrome-based browser with dozens of known exploits. we have a working POC of one bug from 2021 already working which is what we’re testing. but even if this particular bug doesn’t end up panning out for one reason or another, there are dozens of other known bugs in this version of the browser to try. and if there are no exploitable bugs in 1.000.003 there are 5 other updates from the past 5 years that each have their own set of dozens of possible exploits. the attack surface here is huge and with enough time it’s practically guaranteed that one of the known exploits for this browser will work with the stripped down version in the youtube app. it’s almost as if we could just downgrade the ps5 browser to one that we know has exploits whenever we want. that’s why it’s so crazy good.

How does the external storage method work, do you transfer the app from one ps5 to another using external drive? I suppose if that's the case they both have to be on the same firmware correct? I have the lua demos on my psn 12.02 but my main jailbreak ps5 is on 2.50. I will try to use the lower firmwares system to install the affected app and see if I can use that external drive to transfer to the updated system, haven't tried that yet, but I know that the external drive from my updated system wants to update the jailbreak system when plugged in. I will just have to do some experimenting.

 

[solitaire4eva]

Tree fiddy. Lol

Post automatically merged: Oct 4, 2025

How does the external storage method work, do you transfer the app from one ps5 to another using external drive? I suppose if that's the case they both have to be on the same firmware correct? I have the lua demos on my psn 12.02 but my main jailbreak ps5 is on 2.50. I will try to use the lower firmwares system to install the affected app and see if I can use that external drive to transfer to the updated system, haven't tried that yet, but I know that the external drive from my updated system wants to update the jailbreak system when plugged in. I will just have to do some experimenting.

I heard the minimal FW requirement was 4.03 when the exploited version was released.

 

[ccfman2004]

The affected YT app version requires 4.03 or higher.

 

[Wolf85]

Well I got the app to install on my 2.50 but I can't get into the storage option on the system to move it to external, I will try ftp

I suppose I should also try the crash test file.

 

[BobaFett_UK]

Jeeze what have I missed since my last log on here. YouTube? I’m still patiently waiting for my over priced Lua game to arrive from PlayAsia

Talking of which I thought I’d play around with my 11.6 system when a Hamidashi demo. Used the instructions on the beginning of this thread. When I started the demo again on the PS5 I hit a screen which said Lua loading (or something like that) and pressed the OK button. Then just a blank screen. Nothing. Pressed the PS button and all I could see was the bottom menu then got back to the Home Screen. Checked in settings and couldn’t see any hen status.

 

[AlphaBravo]

Not to fussed about Gezine nick. Just call him "G Money" now. Not fussed about selling my LUA game. Was one of the first batch of supported games. Will keep as a Keepsake, memory of this fascinating chapter in ps5 scene where the floodgates started to open. I said many times that 2025 would be a great year. Will there be time for Hen2 though? Only Flatz knows...

 

[Rasa39]

Not to fussed about Gezine nick. Just call him "G Money" now. Not fussed about selling my LUA game. Was one of the first batch of supported games. Will keep as a Keepsake, memory of this fascinating chapter in ps5 scene where the floodgates started to open.

Yeah not sure if I'll bother selling it either, probably should but...I still have my boxed gateway 3DS cards so... Plus I sold cubic ninja for £8 (It was my first 3ds game cos it was the cheapest one I could afford, had no idea what it was gonna turn into), turns out my timing sucks for selling at high value lol.

I did make sure to get the platinum trophy for Jinki, just so people know I'm definitely playing it as a weeb...nothing else...

 

[PhantonXX360]

I'm yet to see a firmware more ignored than 3.00, everything requires 4.03, I've been holding the wave for 2 years now, I don't think I can take it anymore, even if I had HV, what would change? Whoever is on 2xx is worse off than me.

Post automatically merged: Oct 4, 2025

I heard the minimal FW requirement was 4.03 when the exploited version was released.

Why are you in which one? I'm in 3.00

Post automatically merged: Oct 4, 2025

Well I got the app to install on my 2.50 but I can't get into the storage option on the system to move it to external, I will try ftp

I suppose I should also try the crash test file.

How long have you been at 2.50, friend? Will you continue?