PS4 Exploit Guide

[admin]

WORK IN PROGRESS CHANGES BEING MADE: USE "DEPRECIATED" SECTION AT BOTTOM FOR OLD GUIDES!

With this guide you will be running exploits in just a couple of steps. It is important that you read and understand a few key points before you update or jailbreak in order to best decide which steps you will follow. Please take a few minutes to read through the Exploit Stability, Quick Info, and Important Notes sections at the very least before proceeding to the jailbreaking section.

EXPLOIT STABILITY:​

LATEST EXPLOIT:
6.72/7.5X/8.XX-11.00 (Kernel) PPPwn
(No webkit required!)

PREVIOUS EXPLOITS:
9.00 (Stable Webkit/Kernel) pOOBs4
8.XX (Stable Webkit/Kernel) pOOBs4
7.5X (Unstable Web/Semi Stable Kernel)
7.02 (Unstable Webkit/Semi Stable Kernel)
6.72 (Semi Stable Webkit/Kernel)
5.05 (Stable Webkit/Kernel)

Mast1c0re: working on 10.70 (strictly PS2 homebrew only)

7.XX-11.00 PPPwn:

https://github.com/TheOfficialFloW/PPPwn

PPPwn is a kernel remote code execution exploit for PlayStation 4 upto FW 11.00. This is a proof-of-concept exploit for CVE-2006-4304 that was reported responsibly to PlayStation.

Supported versions are:

• FW 6.72
• FW 7.00 / 7.01 / 7.02
• FW 7.50 / 7.51 / 7.55
• FW 8.00 / 8.01 / 8.03
• FW 8.50 / 8.52
• FW 9.00
• FW 9.03 / 9.04
• FW 9.50 / 9.60
• FW 10.00 / 10.01
• FW 10.50 / 10.70 / 10.71
• FW 11.00

The exploit only prints PPPwned on your PS4 as a proof-of-concept. In order to launch Mira or similar homebrew enablers, the stage2.binpayload needs to be adapted.

GoldHEN Stage2.bin: https://github.com/SiSTR0/PPPwn

This loader only supports payloads with a kernel entrypoint.
The custom version of stage2 first looks for the payload in the root directory of the USB drive, and if found, it is copied to the internal HDD at this path: /data/GoldHEN/payloads/goldhen.bin. The internal payload is then loaded and is no longer needed on the external USB drive.
At the moment, only firmware versions 9.00 and 11.00 are supported. Soon, versions 10.00/10.01 will also be supported.

GoldHEN 2.4b18.2: https://ko-fi.com/s/ef128b9879

BD-JB 9.04 (Stable Userland)

QUICK INFO:​

RESTORE FPKG IN DB: WORKS (UP TO 9.00 - USE APOLLO)
LATEST HEN (5.00-11.00): GOLDHEN
2.4b18
BEST HEN FOR EMU FPKGS: GOLDHEN 2.1.2
REST MODE: WORKS (GOLDHEN)
LINUX OS: WORKS
EXTENDED STORAGE: WORKS
EXPLOIT CACHING: WORKS
PSVR SPOOF: WORKS (GOLDHEN)
CONSOLE REGION: REGION FREE
REMOTE PLAY: WORKS (REN)
XLINK KAI/XBSLINK: WORKS
NOBD UPDATE: WORKS (4.74-9.03)
CEX2SEMIDEX: PARTIALLY WORKING
FW REVERT: REQ YOUR OWN SFLASH0 BACK UP (OR SYSCON POINTER MODIFIED TO PARTITION WHERE PREVIOUS OFW INSTALLED)
PS NETWORK ACCESS: NEVER
DOWNGRADE: NOT YET
>11.00 GAME/UPDATE: ONLY IF DECRYPTED BY PRIVATE EXPLOIT
LATEST OFW: 12.02 (30/01/25)
(NOTE: 8.50+ FORMATTED EXTENDED STORAGE HDD’S WON'T WORK ON <8.50 CONSOLES WITHOUT GOLDHEN)
LATEST OFW BETA: 11.50 B3 (21/02/24)
HIGHEST PUBLIC WEBKIT: 9.00 (13/12/21)
BD-JB: 9.04 USERLAND (10/06/22)
LUA Entry Point: WORKS 1.xx-12.02
BO3 LAN: http://174.101.97.40/ SOURCE: HERE

RECOMMENDED HOSTS:​

AL-AZIF WEB HOST:
DNS 1: 165.227.83.145
DNS 2: 192.241.221.79

https://cthugha.thegate.network/
https://ithaqua.thegate.network/
(USE WITHPAYLOAD GUEST)

NOMADIC20000 HOST:
DNS 1: 62.210.38.117
(Leave DNS 2 blank)

X-PROJECT (5.05): HERE
PS-PHWOAR (5.05): HERE
PS-PHIVE (6.72): HERE
EXPLOIT MENU (5.05/6.72/9.00): HERE


IMPORTANT NOTES:

• *.PUP SOFTWARE "DOWNGRADERS" ARE FAKE!
• DO NOT ASK FOR PIRACY OR SDK LINKS: IT IS AGAINST FORUM RULES!
• ONLY GAMES THAT HAVE BEEN DUMPED & DECRYPTED CAN BE PLAYED
• PKG's (FROM SONY'S SERVERS OR ANYWHERE ELSE) ARE NOT PLAYABLE WITHOUT THE LEGIT RIF
• UPDATE PKG's FROM SONY SERVER CAN BE INSTALLED, BUT TO THE A LEGIT GAME (DISC/DIGITAL)
• SAVES BACKED UP (FTP OR DB/SG PAYLOAD) CAN ONLY BE RESTORED TO THE SAME USER/CONSOLE(TRY APOLLO INSTEAD)
• IF THE BD IS BROKEN & YOU CAN NOT UPDATE YOU WILL SEE "E-801809A8" ERROR. (5.00 WILL BRICK IF TRYING TO UPDATE!! 4.74-7.5X CONSOLES SHOULD USE https://orbis.repair/)
• PUP UPDATE/RECOVERY FILES MUST BE PLACED IN USB:/PS4/UPDATE/PS4UPDATE.PUP
• 5.07 AND NOBD USERS: KEEP A CLONE OF YOUR PS4 HDD TO AVOID BRICKING!
• DO NOT USE ONLINE DNS IF YOU HAVE LEGIT PSN CONTENT ON YOUR CONSOLE: IT WON'T BLOCK SONY 100% & CAN DEACTIVATE IT

IDU exit combo:
HOLD: L1 + L2 + R1 + R2 + D-Pad UP + Options button for 15 seconds.

BEGIN HERE:​

YOU WILL NEED:

• A PS4 running <=9.00 FW
• A USB (2.0 or 3.0) HDD formatted as exFAT 64GB or bigger is recommended for the biggest games, but at minimum, you can use a 2GB stick just for 5.05/6.72/7.02/7.55 update/recovery update)
• An internet connection or a PC/Mobile Phone/Raspberry Pi on the same network as your PS4

NOTES:

• If you have a PS4 console running 5.01 or lower, follow the below section to upgrade to 5.05 via USB. If you have a PS4 above 5.50FW you should aim to update to the next closest firmware that supports jailbreaking: 6.72/7.02/7.55, or lastly 9.00. The lower the better!
• If whilst on 5.05 or below you have ever run Update Blocker payload: you must use Update Unblocker first or FTP into your PS4 (port 1337) and delete the PS4UPDATE.PUP.temp.net and the PS4UPDATE.PUP folders in the /update folder.
• If you are on 1.00-8.52 and have a pending update, then update via SAFE MODE
  To enter SAFE MODE, shut down your PS4, hold power to turn it back on and keep holding until you hear the second beep. Now update via option [3 Update System Software]
• If you are on 5.05/6.72/7.02/7.55/9.00 and have a pending update try this: FTP in and delete the PS4UPDATE.PUP file in the /update folder, run update blocker, change your DNS to the ones at the top of this guide, reboot. If this doesn't work a full factory format will be required to remove the pending update nag.

Safely Update PS4 to 5.05/6.72/7.02/7.55/9.00 via USB:

On PC: Format your stick to EXFAT using any suitable formatting tool.
(or on PS4: [Settings] > [Devices] > [USB Storage Devices] > [YOUR DEVICE] > [Options] > [Format as exFAT]).
Make a folder on the root of your USB stick called [PS4], inside that a folder called [UPDATE], and put the [PS4UPDATE.PUP] for your chosen firmware in there (PUP's are found below).
MD5 CHECK ANY PUP FILES BEFORE INSTALLATION! - HERE
Remove the USB from your computer and plug in to the PS4
On PS4: Remove any discs, go to [Settings] > [System Software Update] and update via USB.

CHOOSE YOUR JAILBREAK:

5.05​

1. 
   You will need:
   
   5.05 PUP: HERE (MD5: f86d4f9d2c049547bd61f942151ffb55)
   
   Netcat GUI 1.2: HERE
   (Unzipped *.EXE MD5: 5212C2A6844D26D4DB8660D04A9DC1EC)
   
   GoldHen Latest: HERE
   (2.2 5.05 MD5: B6BB9C43B48C376430148C7BADE9A957)
   
   Recommended Tutorial (BASIC ONLINE METHOD):
   
   Go to [Settings] > [Network] > [Set up Internet Connection] > [LAN / WIFI] (your choice) > [CUSTOM]
   Set IP as AUTOMATIC, and set DHCP as DO NOT SPECIFY.
   Set one DNS to: 165.227.83.145, set the other to: 192.241.221.79 (This prevents system updates).
   Back out of network test with CIRCLE.
   Go to [Settings] > [Network] > [View Connection Status] to get your IP address ready for further on.
   Open the browser or user guide and you should see AlAzif's exploit host.
   Run BIN LOADER for 5.05 > send the latest GOLDHEN *.BIN to your PS4's IP address and port 9020 using Netcat GUI.
   
   NOTE: ALT HOSTS/METHODS COMING SOON!

Recommended Host Menu:

You can also use @Leeful & @Prb 's Exploit Menu Essentials for 5.05/6.72/9.00:

Host + Trainer: http://prb123.ir/index.html
Trainer only: http://prb123.ir/leefultrainer/index.html
Thread: HERE


Or @Leeful ’s PS-Phive for 9.00: https://leeful.github.io/ps-phive/v1/index.html

Thread: HERE

(Remember: 9.00 will always require a USB dongle, this cannot be bypassed!)

Congratulations, you have just learned how to run kernel exploits and HEN on your 5.05-9.00 console!

Note: remember to enable rest mode application suspending to allow HEN to remain through rest mode.
([Settings] > [Power Saving] > [Set Features] > [Keep Applications Suspended])

---

This will hold current payload information for safety:

Spoiler: Payload Index

Payload	Firmware	MD5	Description
App2USB	3.50-9.00	549A2BE7FC7FBCC1E14AFEF062DC4DB7	Move shit
App Dumper	3.50-9.00	EBED2F459A1A840AD218B01EB2BADE1B	Dump shit
Back up	3.50-9.00	F8ADC869A100189267CD54586895901F	Back up shit
Disable ASLR	3.50-9.00	F0353086EB4A944662C314932B348AD8	Disable shit
Disable Updates	3.50-9.00	DFAC9CBC9F1F3278B2FFB2ED0D6968C2	Disable shit
Enable Browser	3.50-9.00	B9C04AADA04829BDC01F591F2BDFEC44	Enable shit
Enable Updates	3.50-9.00	4529482169283CFD032C53FFCE90A20B	Enable shit
Exit IDU	3.50-9.00	2CAFA6F5BEEDCB0A07642F6FE1A082B3	Exit shit
Fan Threshold	3.50-9.00	265C4E44B983F2FA8000F08929863E45	Fan shit
FTP	3.50-9.00	E9F3F16CF7ED13478A3B732B8197AECB	FTP shit
History Blocker	3.50-9.00	D7BFB64E665FE50F879983F996322EB3	Block shit
Kernel Dumper	3.50-9.00	A2F5CF292DD335D328D8AA5EED027FE9	Dump shit
Mira Loader	9.00	DE63CC60E7B1BC9CF0AE140B3731BD20	Load shit
Mira Loader Elf	9.00	EB1069434D61A71ADB6A02ED7D29631B	Elf shit
Module Dumper	3.50-9.00	0525A7A8BA80972A14BE7FBBBC7DEB97	Dump shit
Perma UART	3.50-9.00	586764ABE951D39D743655798401857A	UART shit
Restore	3.50-9.00	CC5B37A107E56FF1B532EE0CE3DE8423	Restore shit
Rif Renamer	3.50-9.00	C57645F7A90B1EA27C1D91FF92F55D83	Rename shit
Todex	3.50-9.00	7198DFACE6CD5509BEAA61F1A5BE795C	Todex shit

https://github.com/Scene-Collective/ps4-payload-repo
3.50-9.00: https://anonfiles.com/78k6Ee0cva

This will hold current homebrew info:

Spoiler: Homebrew Index

Homebrew	Firmware	Author	Link
Apollo Save Tool	5.05-9.00	Bucanero	https://github.com/bucanero/apollo-ps4
PS4 Cheater	5.05-9.00	ctn123	https://github.com/ctn123/PS4_Cheater

DONATIONS WELCOME: ko-fi.com/kiiwiiaioguide