Hacking [Release] PS-Phive! (For PS4 FW 9.00) Exploit Host Menu

Leeful

GBAtemp Member
OP
Developer
Joined
Sep 4, 2015
Messages
1,903
Trophies
1
XP
7,068
Country
United Kingdom
Here is my PS-Phive! Exploit Host Menu for PS4 firmware 9.00
PS-Phive! For PS4 9.00.png

PS-Phive! v3 is now live.:)

Please note, from now on any new versions of PS-Phive! will not be hosted from github because of problems using https and the GoldHEN BinLoader server.

To make things simple the latest version will always be available at:
prb123.ir/ps-phive

All previous versions will also be available at:
prb123.ir/ps-phive/v1
prb123.ir/ps-phive/v2

etc...

v3 Release Notes:
You can now easily use your ESP32-S2 device in 2 different ways. [ESP MODE] or [ESP MODE2]

[ESP MODE] = The regular way where your PS4 is connected directly to the ESP access point.
[ESP MODE2] = Your PS4 is connected to your home internet connection (WiFi or LAN) via AlAzif's DNS settings and your ESP device is connected to your Home WiFi connection.

Using [ESP MODE2] will allow you to have internet access on your PS4 which is not possible if you use the regular [ESP MODE]

v2 Release Notes:
  • Support added for ESP32-S2 users when using the PS-Phive! ESP32S2 bin. (See "ESP32-S2 User Instructions")
  • Uses the same menu for manual USB users and ESP32-S2 auto USB users. The menu will detect if you are using an ESP32-S2 and adapt accordingly.
  • Added another 8 GTA V Mod Menus.
  • Added 6 Red Dead Redemption 2 Mod Menus.
  • Added 'Disable ASLR' payload with the ability to set it to auto load with GoldHEN. (useful for people who use an older version of GoldHEN)

v1 Release Notes:
Rather than just port the old 6.72 to 9.00 I decided to also try and make some improvements to it.

Features:
  • Option to AutoLoad GoldHEN straight after the kernel exploit has run. [Press L1 when GoldHEN is selected]
  • Option to choose which GoldHEN version you want to use as the default GoldHEN. [Press R1 when GoldHEN is selected]
  • You can load as many payloads as you like one after the other without having to re-open the menu after each payload.
  • The menu will automatically load payloads via the standard webit method or via the GoldHEN BinLoader Server if that is running.

ESP32-S2 User Instructions: [ESP MODE]
Please note that it is important to follow the steps below in the correct order.

1. Download and flash the PS-Phive! ESP32-S2 bin file to your ESP32-S2 device using NodeMCU PyFlasher. (link below)

2. Install the PS-Phive! menu on your PS4 by either using the PC SelfHost files (links below) or by going to prb123.ir/ps-phive in your PS4 browser. (Make sure to clear the browser webdata and cookies first!)

3. When the PS-Phive! menu has finished installing on your PS4, exit the browser, plug in your ESP32-S2 and setup a new Internet connection on your PS4: Use Wi-Fi > Easy > PS-Phive! > password: 12345678

4. After the Set Up Internet Connection is complete press back and go to View Connection Status
and make sure that it has connected and you have an IP address and a valid Signal Strength..

All Done. You can now go back to the browser and use the PS-Phive! menu.

*If you are having trouble getting it working correctly see this post for some tips.

ESP32-S2 User Instructions: [ESP MODE2]
1. Setup using the [ESP MODE] instructions first.

2. Enter the ESP setting page by quickly repeatedly pressing X before the "Running Webkit Exploit" appears.

3. Enter the SSID and password of your Home WiFi Connection, check the "Connect To Home WiFi:" box and click the "SAVE SETTINGS" button.

4. After the settings have been saved and the ESP has rebooted you should see an "ESP IP = xx.xx.xx.xx" and a Signal Strength of the connection under the "Home WiFi Connection" title.
If the ESP does not reboot correctly, re-enter the esp settings page and try again until you see an "ESP IP = and a Signal Strength %.

5. Connect your PS4 to your home internet connection (WiFi or LAN) using AlAzif's DNS settings and re-open the browser.

If everthing is working correctly you should see that it says [ESP MODE2] in the browser title.


Online Host addresses for the PS4 Browser:
v3:
prb123.ir/ps-phive

or
prb123.ir/ps-phive/v3

v2:
prb123.ir/ps-phive/v2

v1:
prb123.ir/ps-phive/v1

PC SelfHOST files:
v3:
http://prb123.ir/ps-phive/PS-Phive!_v3_PC_SelfHost_Files.zip


ESP32-S2 bin file download:
v3.0:
http://prb123.ir/ps-phive/PS-Phive!_ESP32-S2_bin_v3.0.zip


ESP32-S2 bin Changelog:
v3.0:
  • The kernel exploit stage is now fully automated. You can change the wait time for the USB exploit in the ESP settings page.
  • Added a fix for if you enter the wrong home WiFi SSID details.
  • Added a signal strength indicator to the esp settings page for if you connect your ESP to your home WiFi.


v2.0:
  • Added the option to put your ESP32-S2 into sleep mode after a certain amount of time.(default=20 minutes) You can change this time or turn off the feature from the esp settings page.
  • If you connect your ESP32-S2 to your home WiFi network you can see what the IP address of it is next to the WiFi Connection heading section of the config page.


v1.0:
  • Initial release.



Promo Video (v1):

Big shout out to @Prb for making the promo video, testing the menu and trying to keep me sane while I was putting this together. :)
 
Last edited by Leeful,

Wr0zen

Member
Newcomer
Joined
Apr 12, 2022
Messages
14
Trophies
0
Age
27
Location
Tennessee
XP
115
Country
United States
Absolute legend! I wish I had half the skill you do sir! People have been asking for this for a while. Thank you for everything.
Post automatically merged:

Someone is already requesting that I do a User Guide version of this but I won't even consider it without your permission.
 
Last edited by Wr0zen,
  • Like
Reactions: KiiWii and Leeful

Leeful

GBAtemp Member
OP
Developer
Joined
Sep 4, 2015
Messages
1,903
Trophies
1
XP
7,068
Country
United Kingdom
😉 I already added it to show files\pl_Disableaslr.bin on main after orbis no need to add it if you don't want to.
If you have loaded GoldHEN there is no need for a disable ASLR payload because it will already be disabled.

You always know if ASLR has been disabled because you wil see that the webkit always loads a lot quicker and it usually loads in the same amount of time, every time.

The best way to test this is to use a more simplified menu like my 9v5 menu.
After a clean boot you wil know that the webkit exploit time can vary a lot. Sometimes if can load quickly but usually its around 20 seconds. After GoldHEN has been loaded you will see that the webkit loads in 4-5 seconds every time.
This is because ASLR has been disabled.

You can test this out with the PS-Phive! menu also but because it is more complex than a simple menu it causes the webkit to take a little longer to load but it will always load in under 10 seconds after GoldHEN has loaded because ASLR has been disabled.

Absolute legend! I wish I had half the skill you do sir! People have been asking for this for a while. Thank you for everything.
Someone is already requesting that I do a User Guide version of this but I won't even consider it without your permission.
No problem mate. You have my permission to make a userguide version if you want. Thanks for asking first. :)
 
Last edited by Leeful,

Leeful

GBAtemp Member
OP
Developer
Joined
Sep 4, 2015
Messages
1,903
Trophies
1
XP
7,068
Country
United Kingdom
@Leeful Thanks but on at least GH 2.0b and 2.0B2 it's not disabled. Just in case I want to use those Old ones with Aslr disabled.😆
Ah, yes. I had a feeling it might have not been included in some of the older version.
I'll add a payload when I do the next update. :)

When I was building this I did at one point include a ASLR patch I wrote that automatically applied it during the kernel patch process but in the end I removed it because I was noticing that it was causing the sucess rate to drop.
I might look into it again.
 

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
  • SylverReZ @ SylverReZ:
    @Xdqwerty, So did you use the MIDI with a different soundfont or you made it from scratch?
  • Xdqwerty @ Xdqwerty:
    MIDI with different soundfont
    +1
  • Xdqwerty @ Xdqwerty:
    The Mario 64 soundfont is the most unique one i have downloaded
    +1
  • Xdqwerty @ Xdqwerty:
    That one and the PC 98 soundfont
    +1
  • SylverReZ @ SylverReZ:
    The PC-98 uses a Yamaha YM2608, so the instruments from the sound chip you mean.
  • Xdqwerty @ Xdqwerty:
    Yea i meant that
    +1
  • Xdqwerty @ Xdqwerty:
    iirc it's the same soundchip as the Sega genesis
  • SylverReZ @ SylverReZ:
    @Xdqwerty, That's a YM2612 for the Genesis.
    +1
  • Xdqwerty @ Xdqwerty:
    It sounds similar tho
  • SylverReZ @ SylverReZ:
    They do. They both use a six-channel FM synthesis.
  • Xdqwerty @ Xdqwerty:
    And some master system games support fm synthesis
    +1
  • Xdqwerty @ Xdqwerty:
    Like wonder boy 2
    +1
  • Xdqwerty @ Xdqwerty:
    Speaking of wonder boy, i didnt know adventure Island was actually the first game of the wonder boy series
  • SylverReZ @ SylverReZ:
    @Xdqwerty, Me neither.
  • Xdqwerty @ Xdqwerty:
    And then adventure Island became its own series
    +1
  • SylverReZ @ SylverReZ:
    Never knew this was ever a thing. Nice piece of history there.
    +1
  • Xdqwerty @ Xdqwerty:
    The wonder boy series is kinda confusing
  • Xdqwerty @ Xdqwerty:
    Just look at this:
  • SylverReZ @ SylverReZ:
    Okay
  • Xdqwerty @ Xdqwerty:
    Okay it's not that confusing
    +1
  • Xdqwerty @ Xdqwerty:
    But there are like 2 wonder boy 3
    +1
  • SylverReZ @ SylverReZ:
    Two Wonder Boy 3s?
  • Xdqwerty @ Xdqwerty:
    Yea
    Xdqwerty @ Xdqwerty: Yea