PS4:FAQ: Difference between revisions

From ConsoleMods Wiki
Jump to navigation Jump to search
mNo edit summary
 
(12 intermediate revisions by 3 users not shown)
Line 8: Line 8:
=== What is jailbreaking? ===
=== What is jailbreaking? ===
Jailbreaking is, on a basic level, a term used when the console gets exploited to unlock various levels of the firmware that allows the access to many features previously accessible on a DevKit/TestKit (used by game developers and testers) to a consumer or to add additional functionality.
Jailbreaking is, on a basic level, a term used when the console gets exploited to unlock various levels of the firmware that allows the access to many features previously accessible on a DevKit/TestKit (used by game developers and testers) to a consumer or to add additional functionality.
=== What is the status of a PS4 jailbreak? ===
1.76, 4.05, 4.55, 5.05/5.07, 6.72, 7.02, 7.55, 9.00 and 11.00 have been fully exploited and implemented.(11.02,11.52 and 12.00 have no jailbreak) Exploits on some of these firmwares have been ported to “fill in” the gaps in releases. Most, if not all, firmwares between 4.05 and 11.00 can currently be jailbroken, the ones listed here are the “major” releases.
=== How do I know if a console has a jailbroken/exploitable firmware version? ===
* Starting with January 2021, any brand new PS4 Pro and OG PS4 (fat) console are guaranteed to be on 8.03 or lower. PS4 Slims, while they are technically still being made by Sony, have a 60/40 chance to be on 8.50 or lower.
* Second hand devices will all have different current firmware and an attempt to contact the seller about the current firmware should be made.
=== How can I downgrade, if I’m not on an exploitable PS4? ===
Downgrading is NOT possible with just firmware installs on normal PS4s, only on TestKits and DevKits.
There is a way to revert to a previous firmware ONLY IF the user has made backups of the sflash, Syscon, and HDD, and requires soldering skills. Alternatively, you can downgrade to the immediate prior firmware to your current one, this also requires soldering.
* ''Why? Can’t I just swap HDDs, or put a lower firmware on USB and install it via Safe Mode?''
** NO. The firmware is not just stored on the internal HDD. Part of the firmware is stored in a read-only encrypted soldered chip on the PS4’s motherboard that also keeps track on the installed firmware and restricts the install of a lower firmware.
The reason is to ensure the user stays on latest firmware, and it also makes the firmware experience faster and easier than normal.
=== Is it worth it to stay on a lower firmware? ===
* If you are on a non-exploited firmware and some day want to be able to run homebrew, it is recommended to stay on the lowest version possible. If you have the money to spare to buy a second console, that would be an option. If you are on an exploitable firmware it is best to stay on the lowest major release with some exceptions (the stable recommended firmwares are 5.05, 6.72 and 9.00). The higher you go, the harder it is to get the exploits to work. Do note, jailbreaks can be updated in the future.
=== Can I install Custom Firmware (CFW) on my console? ===
As of right now, there is no CFW for the PS4. It is extremely unlikely that CFW will make an appearance on PS4 in the same way it existed on PS3. As in the past with other devices, the keys which allowed creation of CFW were either leaked (Nintendo) or improperly generated (PS3/PSP).


=== What can I do with a jailbroken PS4? ===
=== What can I do with a jailbroken PS4? ===
Line 13: Line 35:
* Install and play your game backups/disc games without needing a disc/license/PSN account.
* Install and play your game backups/disc games without needing a disc/license/PSN account.
* Access emulators to play your favorite classic games.
* Access emulators to play your favorite classic games.
* Access various homebrew and other fan-made tweaks to your favorite games such as useful applications, fan translations, emulators, 60FPS patches, etc.
* Access various homebrew and other fan-made tweaks to your favorite games such as useful applications, emulators, 60FPS patches, etc.
* Make and install custom UI tweaks such as custom dynamic or static themes, removing and hiding useless apps from the homescreen, changing system sounds, etc.
* Access and install a fully featured Linux distro.
* Access and install a fully featured Linux distro to turn your PS4 into a PC.
* Access mods for your games.


=== What can’t I do with a jailbroken PS4? ===
=== What can’t I do with a jailbroken PS4? ===
While the advantages are plenty, you will lose some functionality such as:
While the advantages are plenty, you will lose some functionality such as:
* Online play on most games. You can play online on some games by using custom servers, but that is more a bonus than something you should expect.
* Online play on most games. You can play online on some games by using tunneling software such as [[XLink Kai|XLink Kai]], or using custom servers.
* All PSN features such as messaging, online trophy syncing, various PS Plus features such as online save data upload and other features that are dependent on PSN such as Spotify.
* All PSN features such as messaging, online trophy syncing, various PS Plus features such as online save data upload and other features that are dependent on PSN such as Spotify.
* Depending on the release date of the jailbreak, firmware and games, some newer games will not be available. Some games can be backported to work on older firmwares, but with mixed results.
* Depending on the release date of the jailbreak, firmware and games, some newer games will not be available. Some games can be backported to work on older firmwares, but with mixed results.
* Jailbreaking, regardless of firmware version, is NOT permanent/persistent after reboot or shutdown. Do not compare it to PS3 or Vita, a permanent CFW is impossible on PS4 currently.
* Jailbreaking, regardless of firmware version, is NOT permanent/persistent after reboot or shutdown, compared to PS3 and Vita with a CFW. A persistent CFW is impossible on PS4 currently. The exploit runs in memory.


=== How can I downgrade, if I’m not on a exploitable PS4? ===
=== Can I spoof my firmware version in order to play online with a lower firmware? ===
Downgrading is NOT possible with just firmware installs on normal PS4’s, only on TestKits and DevKits.
You can not access the PlayStation Network without being on the current firmware. In the past, PSProxy has allowed you to do this, however it no longer works.
 
There is a way to revert to a previous firmware ONLY IF the user has made backups of the sflash, syscon, and HDD and requires soldering skill.


* ''Why? Can’t I just swap HDDs, or put a lower firmware on USB and install it via Safe Mode?''
=== Firmware required for games and backporting ===
** NO. The firmware is not just stored on the internal HDD. Part of the firmware is stored in a read-only encrypted soldered chip on the PS4’s motherboard that also keeps track on the installed firmware and restricts the install of a lower firmware. The reason, is to ensure the user stays on latest firmware and it also makes the firmware experience faster and easier than normal.
Retail/FPKG games and their updates have a minimum firmware version that they can run on although FPKGS usually have backports which means they can run on lower firmware than the retail games.
* Backports patch the minimum required firmware version to allow it to run on lower firmware.


=== Why are newer games not available on latest jailbroken firmwares? ===
==== Why are newer games not available on latest jailbroken firmwares? ====
Game backups can be made by either dumping or by knowing a unique, very hard to guess, decryption key. Most backups are made by dumping.
Game backups can be made by either dumping or by knowing a unique, very hard to guess, decryption key. Most backups are made by dumping.


Line 39: Line 60:
As for the decryption keys, you will rarely see game backups being made from this method. This method might be better for updates, on which, a fpkg version of the update can be made with the decryption key, as some games will have the same key for both main game and updates.
As for the decryption keys, you will rarely see game backups being made from this method. This method might be better for updates, on which, a fpkg version of the update can be made with the decryption key, as some games will have the same key for both main game and updates.


=== What is the status of a PS4 jailbreak? ===
==== Can I play games that require a higher firmware version than what I have? ====
1.76, 4.05, 4.55, 5.05/5.07, 6.72, 7.02, 7.55, 9.00 and 11.00 have been fully exploited and implemented. Exploits on some of these firmwares have been ported to “fill in” the gaps in releases. Most, if not all, firmwares between 4.05 and 11.00 can currently be jailbroken, the ones listed here are the “major” releases.
Yes, you can for instance play backups made on a 6.72 exploited system on a 5.05 by applying specific patches to the pkg files. See [https://defaultdnb.github.io/ this list made by kiwi/defaultdnb] to check what minimum firmware requirement a game needs. For updates, see [https://orbispatches.com/ OrbisPatches] to check what minimum firmware requirement a game update needs.
 
=== From a programming perspective, what is required to gain full system access? ===
In simple terms, you need an exploit in userland (where an application or game can execute code) and an exploit in the kernel (the core of the customized FreeBSD operating system). Userland exploits so far have all been using the PS4 web browser (WebKit), though userland could be exploited through other system apps such as a photo viewer, video viewer, or game save. Kernel exploits rely on finding a vulnerability in the operating system functions, called Syscalls, in order to allow you to execute code on the operating system level.
 
=== What is Goldhen? ===
*The hen in Goldhen stands for Homebrew Enabler
 
*Homebrew Enabler allows you to install community made applications and utilities like and install game dumps in FPKG format along with updates and dlc.
 
*Homebrew Store > a homebrew-oriented store front-end which lets users download and install apps and homebrew games directly onto the PS4 where you can also download the homebrew apps mentioned bellow or visit the website PKG-Zone
 
*Apollo Save Tool > Automatic Save-mounting (GoldHEN or ps4debug required), Offline Account activation, Save editing utility
 
*PS4 Cheats Manager > A Homebrew appplication that allows you to load cheats,patches and plugins for games into the Integrated Cheat Menu
 
*Itemzflow Game Manager > Itemzflow is a Free and Open source PS4 home menu alternative Itemzflow expands the beyond limits of Sony's ShellUI as it allows you to launch games back up games,updates, dlc etc.
 
=== Jailbreaks and how they work ? ===
* NOTICE. No jailbreak is currently available that is persistent after a reboot.
*In the context of the PS4, exploits allow you to run arbitrary/unsigned code by exploiting weaknesses in the system and gaining userland access to execute code in the console with the same permissions as an average app or for a full jailbreak to run Homebrew like Goldhen a kernel vulnerability is also needed.
 
*Webkit exploits which are loaded solely through the PS4 Browser. The active ones range 5.05, to 7.55, currently have kernel access, there are some currently on higher firmware but they do not lead to kernel access at this time(besides when being chained with the 9.00, kernel exploit below).
 
*The 9.00, kernel exploit pOOBs4 directly gains kernel access the exploit is only implemented for firmware 9.00, this exploit is unlike previous ones which were purely software based. Triggering the vulnerability requires plugging in a specially formatted USB device at just the right time or by using a small single-board computer like a Raspberry Pi zero or a Esp32 low-power system on a chip microcontroller with integrated Wi-Fi additionally it has been chained with a WebKit Exploit PSfree for better performance.
 
* The PPPwn kernel exploit.
**PPPwn is a kernel remote code execution exploit which uses a malicious PPPoE server to cause denial-of-service or potentially remote code execution in kernel context on the PS4/PS5.
**This exploit is the first to cover a large range of firmware versions 7.00, to 11.00, on the PS4.
**To run the PPPwn exploit you need an external device like a Desktop Computer, Laptop,Raspberry Pi,Router,Specific Routers, Luckfox Pico, Specific LG Smart TV's, etc.
**TLDR: Exploits come before Goldhen/Mira.
 
==== How are Jailbreaks ran on the PS4 and which firmware should i stay on? ====
 
===== 5.05 =====
* The 5.05 jailbreak is ran solely from the Browser/User Guide and has very good performance all around and it is highly recommended to stay on it.
** Although you may need to wait a bit longer for backports to come to you it is worth the wait as the higher you go in firmware the less stable things get. A lot are already available.
 
===== 6.72 =====
* The 6.72 jailbreak is also ran solely from the PS4 Browser/User Guide just like on 5.05 but it has slightly worse overall performance than it has had some improvements and is it is recommended to stay on it.
** Although you may need to wait a bit longer for backports to come to you it is worth the wait as the higher you go in firmware the less stable things get. A lot are already available.
 
===== 7.02 WIP  =====
*WIP
 
===== 7.50-7.55 =====
* This jailbreak like the previous ones is also loaded solely from the Browser/User Guide.
* The jailbreak on this small range of firmware is extremely unstable to load in the first place among other things. It is highly recommended NOT to stay on it and to update to 9.00 after reading it's method of running if you have access to a spare USB Drive or are able to purchase a small device. More below....
** Although you may need to wait a bit longer for backports. A lot are already available.


=== Are developers afraid of lawsuits like ones seen in the PS3 scene? ===
===== 9.00 pOOBs4 =====
Starting with the PS4, Sony officially began a bug bounty program on HackerOne for any security researcher to submit exploits to PS4, PS5, PSN, and other related services directly. As a result, exploit developers will be compensated and can request disclosure, making exploit finding and releasing legal and encouraged. Likely, we will not see a lawsuit like what had happened with GeoHot and Graf_Chokolo.
* The 9.00 jailbreak is ran from the PS4 Browser/User Guide
* With the additional requirement of needing a USB Drive flashed with a special image to it and plugging and unplugging it from the PS4 at a certain point. This causes the USB to be dedicated to this part of the jailbreak but alternatives are available.
* Using an ESP32-S2 (or above must have USB emulation support) or a Raspberry Pi Zero (or above must have USB emulation support) you can self host a webhost and load Goldhen and other payloads through it along with it automating the USB Drive part of the jailbreak.
** pOOBs4 has been paired with a webkit exploit for better performance.
** The USB Drive can have extremely small space sub 1GB.
** Connecting to a self hosted device does not give you real internet access but only local network access on the device running it.
** Backports arrive reasonably fast and a lot are already available.


=== When was the first time the PS4 was jailbroken? ===
===== PPPwn Usage =====
On December 6th, 2015, a user by the name of CTurt published information about an exploit in the 1.76 firmware kernel that allows users to break out of the FreeBSD jail that the PS4 uses to contain processes. By the end of the month, the group Fail0verflow demonstrated that they could execute code by successfully running a modified version of Linux on the system. We have since seen several full exploit releases on higher firmwares.
* PPPwn on any of the listed fimrwares below is ran from a separate external device like a Desktop Computer, Laptop, Raspberry Pi, Specific Routers, Luckfox Pico, Specific LG Smart TV's, etc.
* You connect your device of choice to the PS4 via ethernet and launch the jailbreak. Wifi is not an option. Additionally if your PS4 ethernet port is damaged you need to repair it first as no adapter is available that can forward an ethernet connection to the PS4.
* A small USB Drive is required to initially load Goldhen or PS4HEN VTX.
** You can use a USB to ethernet adapter on the device hosting the jailbreak process but not all adapters are compatible.
** Backports usually arrive to 11.00 first as it is the latest jailbreakable firmware but 9.00 is quickly done next.


=== How do I know if a console has an jailbroken/exploitable firmware version? ===
===== 7.00-9.00 PPPwn =====
Starting with January 2021, any brand new PS4 Pro and OG PS4 (fat) console are guaranteed to be on 8.03 or lower. PS4 Slims, while they are technically still being made by Sony, have a 60/40 chance to be on 8.50 or lower.
* Although PPPwn functions on as low as 7.00 it is recommended to instead update to 9.00 and utilize it's jailbreak pOOBs4.
** 7.00 to 9.00 you will have to use PS4HEN VTX and alternative but trusted Homebrew enabler which lacks some features like a cheat menu, built in firmware blocking and an FTP and Binloader server.
** Backports will be a mix depending on your firmware.


=== How do I jailbreak my system? ===
===== 9.03-9.60 PPPwn =====
Refer to [https://florinsdistortedvision.github.io/orbisunjailed/Jailbreak/ this guide by florinsdistortedvision] or [https://gbatemp.net/threads/aio-ps4-exploit-guide.497858/ this guide by KiiWii].
* While on any of the firmwares between 9.03 and 9.60 it is recommended to stay on them or update only up to 9.60 for Goldhen support.
====== The reason to stay on 9.03-9.60 ======
* It is to retain the ability to use PSfree a webkit exploit this means if a Kernel exploit other than PPPwn is found on this range of firmware a potentially easier jailbreak can achieved.
** Backports arrive reasonably fast and a lot are already available.


=== Can I install Custom Firmware (CFW) on my console? ===
===== 10.00-11.00 PPPwn =====
It is extremely unlikely that CFW will make an appearance on PS4 in the same way it existed on PS3. As in the past with other devices, the keys which allowed creation of CFW were either leaked (Nintendo) or improperly generated (PS3/PSP).
* While on any of these firmwares you can either stay on them or update only up to 11.00 they all have Goldhen support.
** Backports arrive reasonably fast and a lot are already available.


=== I'm good at programming, how can I contribute? ===
=== How do I disable automatic updates? ===
If you do have the technical knowledge and a exploitable PS4, check out [https://cturt.github.io/ps4.html this page] and [https://cturt.github.io/dlclose-overflow.html this page] to learn how to use the exploits to gain kernel-level access, then search for new ones in more recent firmware. You can find more scene-related help on the [http://www.psdevwiki.com/ps4/Main_Page PS4 Developers Wiki]. If you are looking to contribute by making homebrew, check out the [https://github.com/OpenOrbis open orbis project] on github. You can also watch [https://www.youtube.com/playlist?list=PLQTqNN5XQm3xf2pih1LoZNPx4HngfJQrV this video series] which helps explain how to use open orbis.
Disabling Updates: You can disable automatic updates by navigating to Settings → System → Automatic Downloads and Uploads, and uncheck “System Software Update Files” and “Install Automatically”. It may also be a good idea to turn off Internet connection while in stand-by mode under Settings → Power Save Settings → Set Functions Available in Rest Mode and uncheck “Stay Connected to the Internet”; or just disable the Internet altogether.


=== From a programming perspective, what is required to gain full system access? ===
=== How do I update to a newer version? ===
In simple terms, you need an exploit in userland (where an application or game can execute code) and an exploit in the kernel (the core of the customized FreeBSD operating system). Userland exploits so far have all been using the PS4 web browser (WebKit), though userland could be exploited through other system apps such as a photo viewer, video viewer, or game save. Kernel exploits rely on finding a vulnerability in the operating system functions, called Syscalls, in order to allow you to execute code on the operating system level.
Download the relevant update file [https://darthsternie.net/ps4-firmwares/ here] or [https://darksoftware.xyz/PS4/FWlist here], copy it to a USB drive with the file structure PS4>UPDATE>UPDATE.pup, boot into safe mode, then update your console with the downloaded .pup.  


=== What is the difference between Mira and HEN (GoldHEN)? ===
=== What is the difference between Mira and HEN (GoldHEN)? ===
Line 68: Line 153:
GoldHEN does this main task with a handful of other features. It is more lightweight than Mira and is therefore more stable on firmwares above 6.72. You can see its list of features [https://twitter.com/Joonie86/status/1373703769259532291 here]
GoldHEN does this main task with a handful of other features. It is more lightweight than Mira and is therefore more stable on firmwares above 6.72. You can see its list of features [https://twitter.com/Joonie86/status/1373703769259532291 here]


=== Can I spoof my firmware version in order to play online with a lower firmware? ===
=== The PS4 system game structure ===
You can not access the PlayStation Network without being on the current firmware. You can use Linux and access Steam, that may be some consolation. In the past, PSproxy has allowed you to do this.
*The product code is distinct to a region, and the common codes you’ll see are CUSA, PCAS, and PLAS.
**R1 USA-CUSA
**R2 Europe-CUSA
**R3 Asia-PLAS, PCAS
 
*The product code is followed by a 5 digit unique number identifier.
 
* The Title ID is the Product code along with the unique numerical identifier of the game.
**For example Minecraft USA is CUSA00744 while Minecraft EU is CUSA00265
**Another example Resident Evil 2, USA is CUSA09193 while Asia is PLAS10335
 
*Game files on the PS4 are considered Apps by the system and are located on the HDD inside the /user/app directory in folders reflecting their Title ID.
 
*Game Updates files on the PS4 are considered Patches by the system and are located on the HDD inside the /user/patch directory in folders reflecting their Title ID.


=== Is [insert game title] playable on [insert your firmware] firmware? ===
*Game DLC files on the ps4 are considered Add-on Content by the system and are located on the HDD inside the /user/addcont directory in folders reflecting their Title ID.
See [https://defaultdnb.github.io/ this list made by kiwi/defaultdnb]


=== Can I play games that require a higher firmware version than what I have? ===
*Additionally Screenshots and Videos are in /user/av_content/
Yes, you can for instance play backups made on a 6.72 exploited system on a 5.05 by applying specific patches to the pkg files. See [https://defaultdnb.github.io/ this list made by kiwi/defaultdnb] to check what minimum firmware requirement a game needs. For updates, see [https://orbispatches.com/ OrbisPatches] to check what minimum firmware requirement a game update needs.


=== Is it worth it to stay on a lower firmware? ===
=== Are developers afraid of lawsuits like ones seen in the PS3 scene? ===
* If you are on a non-exploited firmware and some day want to be able to run homebrew, it is recommended to stay on the lowest version possible. If you have the money to spare to buy a second console, that would be an option. If you are on an exploitable firmware it is best to stay on the lowest major release with some exceptions (the stable recommended firmwares are 5.05, 6.72 and 9.00). The higher you go, the harder it is to get the exploits to work. Do note, jailbreaks can be updated in the future.
Starting with the PS4, Sony officially began a bug bounty program on HackerOne for any security researcher to submit exploits to PS4, PS5, PSN, and other related services directly. As a result, exploit developers will be compensated and can request disclosure, making exploit finding and releasing legal and encouraged. Likely, we will not see a lawsuit like what had happened with GeoHot and Graf_Chokolo.


=== How do I update to a newer version? ===
=== I'm good at programming, how can I contribute? ===
Download the relevant update file [https://darthsternie.net/ps4-firmwares/ here] or [https://darksoftware.xyz/PS4/FWlist here], copy it to a USB drive, then update your console with the downloaded .pup. For further instructions, see [https://www.playstation.com/en-us/support/hardware/reinstall-playstation-system-software-safe-mode/ here].
If you do have the technical knowledge and a exploitable PS4, check out [https://cturt.github.io/ps4.html this page] and [https://cturt.github.io/dlclose-overflow.html this page] to learn how to use the exploits to gain kernel-level access, then search for new ones in more recent firmware. You can find more scene-related help on the [http://www.psdevwiki.com/ps4/Main_Page PS4 Developers Wiki]. If you are looking to contribute by making homebrew, check out the [https://github.com/OpenOrbis open orbis project] on github. You can also watch [https://www.youtube.com/playlist?list=PLQTqNN5XQm3xf2pih1LoZNPx4HngfJQrV this video series] which helps explain how to use open orbis.


=== How do I disable automatic updates? ===
=== When was the first time the PS4 was jailbroken? ===
Disabling Updates: You can disable automatic updates by navigating to Settings → System → Automatic Downloads and Uploads, and uncheck “System Software Update Files” and “Install Automatically”. It may also be a good idea to turn off Internet connection while in stand-by mode under Settings → Power Save Settings → Set Functions Available in Rest Mode and uncheck “Stay Connected to the Internet”; or just disable the Internet altogether.
On December 6th, 2015, a user by the name of CTurt published information about an exploit in the 1.76 firmware kernel that allows users to break out of the FreeBSD jail that the PS4 uses to contain processes. By the end of the month, the group Fail0verflow demonstrated that they could execute code by successfully running a modified version of Linux on the system. We have since seen several full exploit releases on higher firmwares.


=== What other websites can I visit for PS4 information or resources? ===
=== What other websites can I visit for PS4 information or resources? ===
Line 90: Line 186:
* [http://wololo.net/ Wololo.net]
* [http://wololo.net/ Wololo.net]
* [http://www.psx-place.com/ PSX-Place.com]
* [http://www.psx-place.com/ PSX-Place.com]
* [https://playstationhax.xyz/ PlaystationHax.xyz]
* [https://sce.party/ SCE.Party]
* [http://www.psdevwiki.com/ps4/Main_Page PS4 Developer Wiki]
* [http://www.psdevwiki.com/ps4/Main_Page PS4 Developer Wiki]
* [http://www.consolehax.com ConsoleHax.com (Dutch)]
* [http://www.consolehax.com ConsoleHax.com (Dutch)]
* [https://gbatemp.net/threads/aio-ps4-exploit-guide.497858/ KiiWii's AIO PS4 Exploit Guide Thread on GBATemp]
* [https://gbatemp.net/forums/sony-playstation-4.251/ GBAtemp.com]
* [https://pkg-zone.com Homebrew pkg downloads]
* [https://pkg-zone.com Homebrew pkg downloads]



Latest revision as of 14:01, 27 December 2024

Exclamation-circle-fill.svgNote that, there are many scam sites that claim that custom firmware (CFW), downgrading, online jailbreaks, retail game unlockers, and online cheats are possible.

Questions and Answers

What is Orbis?

Orbis is PS4’s code name used internally by Sony when it was in development. Orbis is also the name of the native operating system of the PlayStation 4, a fork of FreeBSD version 9.0, released on January 12, 2012.

What is jailbreaking?

Jailbreaking is, on a basic level, a term used when the console gets exploited to unlock various levels of the firmware that allows the access to many features previously accessible on a DevKit/TestKit (used by game developers and testers) to a consumer or to add additional functionality.

What is the status of a PS4 jailbreak?

1.76, 4.05, 4.55, 5.05/5.07, 6.72, 7.02, 7.55, 9.00 and 11.00 have been fully exploited and implemented.(11.02,11.52 and 12.00 have no jailbreak) Exploits on some of these firmwares have been ported to “fill in” the gaps in releases. Most, if not all, firmwares between 4.05 and 11.00 can currently be jailbroken, the ones listed here are the “major” releases.

How do I know if a console has a jailbroken/exploitable firmware version?

  • Starting with January 2021, any brand new PS4 Pro and OG PS4 (fat) console are guaranteed to be on 8.03 or lower. PS4 Slims, while they are technically still being made by Sony, have a 60/40 chance to be on 8.50 or lower.
  • Second hand devices will all have different current firmware and an attempt to contact the seller about the current firmware should be made.

How can I downgrade, if I’m not on an exploitable PS4?

Downgrading is NOT possible with just firmware installs on normal PS4s, only on TestKits and DevKits.

There is a way to revert to a previous firmware ONLY IF the user has made backups of the sflash, Syscon, and HDD, and requires soldering skills. Alternatively, you can downgrade to the immediate prior firmware to your current one, this also requires soldering.

  • Why? Can’t I just swap HDDs, or put a lower firmware on USB and install it via Safe Mode?
    • NO. The firmware is not just stored on the internal HDD. Part of the firmware is stored in a read-only encrypted soldered chip on the PS4’s motherboard that also keeps track on the installed firmware and restricts the install of a lower firmware.

The reason is to ensure the user stays on latest firmware, and it also makes the firmware experience faster and easier than normal.

Is it worth it to stay on a lower firmware?

  • If you are on a non-exploited firmware and some day want to be able to run homebrew, it is recommended to stay on the lowest version possible. If you have the money to spare to buy a second console, that would be an option. If you are on an exploitable firmware it is best to stay on the lowest major release with some exceptions (the stable recommended firmwares are 5.05, 6.72 and 9.00). The higher you go, the harder it is to get the exploits to work. Do note, jailbreaks can be updated in the future.

Can I install Custom Firmware (CFW) on my console?

As of right now, there is no CFW for the PS4. It is extremely unlikely that CFW will make an appearance on PS4 in the same way it existed on PS3. As in the past with other devices, the keys which allowed creation of CFW were either leaked (Nintendo) or improperly generated (PS3/PSP).

What can I do with a jailbroken PS4?

After a successful jailbreak, you can:

  • Install and play your game backups/disc games without needing a disc/license/PSN account.
  • Access emulators to play your favorite classic games.
  • Access various homebrew and other fan-made tweaks to your favorite games such as useful applications, emulators, 60FPS patches, etc.
  • Access and install a fully featured Linux distro.
  • Access mods for your games.

What can’t I do with a jailbroken PS4?

While the advantages are plenty, you will lose some functionality such as:

  • Online play on most games. You can play online on some games by using tunneling software such as XLink Kai, or using custom servers.
  • All PSN features such as messaging, online trophy syncing, various PS Plus features such as online save data upload and other features that are dependent on PSN such as Spotify.
  • Depending on the release date of the jailbreak, firmware and games, some newer games will not be available. Some games can be backported to work on older firmwares, but with mixed results.
  • Jailbreaking, regardless of firmware version, is NOT permanent/persistent after reboot or shutdown, compared to PS3 and Vita with a CFW. A persistent CFW is impossible on PS4 currently. The exploit runs in memory.

Can I spoof my firmware version in order to play online with a lower firmware?

You can not access the PlayStation Network without being on the current firmware. In the past, PSProxy has allowed you to do this, however it no longer works.

Firmware required for games and backporting

Retail/FPKG games and their updates have a minimum firmware version that they can run on although FPKGS usually have backports which means they can run on lower firmware than the retail games.

  • Backports patch the minimum required firmware version to allow it to run on lower firmware.

Why are newer games not available on latest jailbroken firmwares?

Game backups can be made by either dumping or by knowing a unique, very hard to guess, decryption key. Most backups are made by dumping.

Sony implemented a minimum firmware for both games and updates to games, forcing the user to update to launch the content. To dump a game, the user must have the game running, thus why a dump is not possible.

As for the decryption keys, you will rarely see game backups being made from this method. This method might be better for updates, on which, a fpkg version of the update can be made with the decryption key, as some games will have the same key for both main game and updates.

Can I play games that require a higher firmware version than what I have?

Yes, you can for instance play backups made on a 6.72 exploited system on a 5.05 by applying specific patches to the pkg files. See this list made by kiwi/defaultdnb to check what minimum firmware requirement a game needs. For updates, see OrbisPatches to check what minimum firmware requirement a game update needs.

From a programming perspective, what is required to gain full system access?

In simple terms, you need an exploit in userland (where an application or game can execute code) and an exploit in the kernel (the core of the customized FreeBSD operating system). Userland exploits so far have all been using the PS4 web browser (WebKit), though userland could be exploited through other system apps such as a photo viewer, video viewer, or game save. Kernel exploits rely on finding a vulnerability in the operating system functions, called Syscalls, in order to allow you to execute code on the operating system level.

What is Goldhen?

  • The hen in Goldhen stands for Homebrew Enabler
  • Homebrew Enabler allows you to install community made applications and utilities like and install game dumps in FPKG format along with updates and dlc.
  • Homebrew Store > a homebrew-oriented store front-end which lets users download and install apps and homebrew games directly onto the PS4 where you can also download the homebrew apps mentioned bellow or visit the website PKG-Zone
  • Apollo Save Tool > Automatic Save-mounting (GoldHEN or ps4debug required), Offline Account activation, Save editing utility
  • PS4 Cheats Manager > A Homebrew appplication that allows you to load cheats,patches and plugins for games into the Integrated Cheat Menu
  • Itemzflow Game Manager > Itemzflow is a Free and Open source PS4 home menu alternative Itemzflow expands the beyond limits of Sony's ShellUI as it allows you to launch games back up games,updates, dlc etc.

Jailbreaks and how they work ?

  • NOTICE. No jailbreak is currently available that is persistent after a reboot.
  • In the context of the PS4, exploits allow you to run arbitrary/unsigned code by exploiting weaknesses in the system and gaining userland access to execute code in the console with the same permissions as an average app or for a full jailbreak to run Homebrew like Goldhen a kernel vulnerability is also needed.
  • Webkit exploits which are loaded solely through the PS4 Browser. The active ones range 5.05, to 7.55, currently have kernel access, there are some currently on higher firmware but they do not lead to kernel access at this time(besides when being chained with the 9.00, kernel exploit below).
  • The 9.00, kernel exploit pOOBs4 directly gains kernel access the exploit is only implemented for firmware 9.00, this exploit is unlike previous ones which were purely software based. Triggering the vulnerability requires plugging in a specially formatted USB device at just the right time or by using a small single-board computer like a Raspberry Pi zero or a Esp32 low-power system on a chip microcontroller with integrated Wi-Fi additionally it has been chained with a WebKit Exploit PSfree for better performance.
  • The PPPwn kernel exploit.
    • PPPwn is a kernel remote code execution exploit which uses a malicious PPPoE server to cause denial-of-service or potentially remote code execution in kernel context on the PS4/PS5.
    • This exploit is the first to cover a large range of firmware versions 7.00, to 11.00, on the PS4.
    • To run the PPPwn exploit you need an external device like a Desktop Computer, Laptop,Raspberry Pi,Router,Specific Routers, Luckfox Pico, Specific LG Smart TV's, etc.
    • TLDR: Exploits come before Goldhen/Mira.

How are Jailbreaks ran on the PS4 and which firmware should i stay on?

5.05
  • The 5.05 jailbreak is ran solely from the Browser/User Guide and has very good performance all around and it is highly recommended to stay on it.
    • Although you may need to wait a bit longer for backports to come to you it is worth the wait as the higher you go in firmware the less stable things get. A lot are already available.
6.72
  • The 6.72 jailbreak is also ran solely from the PS4 Browser/User Guide just like on 5.05 but it has slightly worse overall performance than it has had some improvements and is it is recommended to stay on it.
    • Although you may need to wait a bit longer for backports to come to you it is worth the wait as the higher you go in firmware the less stable things get. A lot are already available.
7.02 WIP
  • WIP
7.50-7.55
  • This jailbreak like the previous ones is also loaded solely from the Browser/User Guide.
  • The jailbreak on this small range of firmware is extremely unstable to load in the first place among other things. It is highly recommended NOT to stay on it and to update to 9.00 after reading it's method of running if you have access to a spare USB Drive or are able to purchase a small device. More below....
    • Although you may need to wait a bit longer for backports. A lot are already available.
9.00 pOOBs4
  • The 9.00 jailbreak is ran from the PS4 Browser/User Guide
  • With the additional requirement of needing a USB Drive flashed with a special image to it and plugging and unplugging it from the PS4 at a certain point. This causes the USB to be dedicated to this part of the jailbreak but alternatives are available.
  • Using an ESP32-S2 (or above must have USB emulation support) or a Raspberry Pi Zero (or above must have USB emulation support) you can self host a webhost and load Goldhen and other payloads through it along with it automating the USB Drive part of the jailbreak.
    • pOOBs4 has been paired with a webkit exploit for better performance.
    • The USB Drive can have extremely small space sub 1GB.
    • Connecting to a self hosted device does not give you real internet access but only local network access on the device running it.
    • Backports arrive reasonably fast and a lot are already available.
PPPwn Usage
  • PPPwn on any of the listed fimrwares below is ran from a separate external device like a Desktop Computer, Laptop, Raspberry Pi, Specific Routers, Luckfox Pico, Specific LG Smart TV's, etc.
  • You connect your device of choice to the PS4 via ethernet and launch the jailbreak. Wifi is not an option. Additionally if your PS4 ethernet port is damaged you need to repair it first as no adapter is available that can forward an ethernet connection to the PS4.
  • A small USB Drive is required to initially load Goldhen or PS4HEN VTX.
    • You can use a USB to ethernet adapter on the device hosting the jailbreak process but not all adapters are compatible.
    • Backports usually arrive to 11.00 first as it is the latest jailbreakable firmware but 9.00 is quickly done next.
7.00-9.00 PPPwn
  • Although PPPwn functions on as low as 7.00 it is recommended to instead update to 9.00 and utilize it's jailbreak pOOBs4.
    • 7.00 to 9.00 you will have to use PS4HEN VTX and alternative but trusted Homebrew enabler which lacks some features like a cheat menu, built in firmware blocking and an FTP and Binloader server.
    • Backports will be a mix depending on your firmware.
9.03-9.60 PPPwn
  • While on any of the firmwares between 9.03 and 9.60 it is recommended to stay on them or update only up to 9.60 for Goldhen support.
The reason to stay on 9.03-9.60
  • It is to retain the ability to use PSfree a webkit exploit this means if a Kernel exploit other than PPPwn is found on this range of firmware a potentially easier jailbreak can achieved.
    • Backports arrive reasonably fast and a lot are already available.
10.00-11.00 PPPwn
  • While on any of these firmwares you can either stay on them or update only up to 11.00 they all have Goldhen support.
    • Backports arrive reasonably fast and a lot are already available.

How do I disable automatic updates?

Disabling Updates: You can disable automatic updates by navigating to Settings → System → Automatic Downloads and Uploads, and uncheck “System Software Update Files” and “Install Automatically”. It may also be a good idea to turn off Internet connection while in stand-by mode under Settings → Power Save Settings → Set Functions Available in Rest Mode and uncheck “Stay Connected to the Internet”; or just disable the Internet altogether.

How do I update to a newer version?

Download the relevant update file here or here, copy it to a USB drive with the file structure PS4>UPDATE>UPDATE.pup, boot into safe mode, then update your console with the downloaded .pup.

What is the difference between Mira and HEN (GoldHEN)?

Mira and HEN/GoldHEN are both payloads that share the same main purpose. They modify the firmware of a ps4 to give the user more control over their console. Namely, they give the user access to debug settings, allow game backups to played, and allow homebrew to run. Since the release of GoldHEN, general users should be using GoldHEN, while homebrew devs might need to use Mira.

GoldHEN does this main task with a handful of other features. It is more lightweight than Mira and is therefore more stable on firmwares above 6.72. You can see its list of features here

The PS4 system game structure

  • The product code is distinct to a region, and the common codes you’ll see are CUSA, PCAS, and PLAS.
    • R1 USA-CUSA
    • R2 Europe-CUSA
    • R3 Asia-PLAS, PCAS
  • The product code is followed by a 5 digit unique number identifier.
  • The Title ID is the Product code along with the unique numerical identifier of the game.
    • For example Minecraft USA is CUSA00744 while Minecraft EU is CUSA00265
    • Another example Resident Evil 2, USA is CUSA09193 while Asia is PLAS10335
  • Game files on the PS4 are considered Apps by the system and are located on the HDD inside the /user/app directory in folders reflecting their Title ID.
  • Game Updates files on the PS4 are considered Patches by the system and are located on the HDD inside the /user/patch directory in folders reflecting their Title ID.
  • Game DLC files on the ps4 are considered Add-on Content by the system and are located on the HDD inside the /user/addcont directory in folders reflecting their Title ID.
  • Additionally Screenshots and Videos are in /user/av_content/

Are developers afraid of lawsuits like ones seen in the PS3 scene?

Starting with the PS4, Sony officially began a bug bounty program on HackerOne for any security researcher to submit exploits to PS4, PS5, PSN, and other related services directly. As a result, exploit developers will be compensated and can request disclosure, making exploit finding and releasing legal and encouraged. Likely, we will not see a lawsuit like what had happened with GeoHot and Graf_Chokolo.

I'm good at programming, how can I contribute?

If you do have the technical knowledge and a exploitable PS4, check out this page and this page to learn how to use the exploits to gain kernel-level access, then search for new ones in more recent firmware. You can find more scene-related help on the PS4 Developers Wiki. If you are looking to contribute by making homebrew, check out the open orbis project on github. You can also watch this video series which helps explain how to use open orbis.

When was the first time the PS4 was jailbroken?

On December 6th, 2015, a user by the name of CTurt published information about an exploit in the 1.76 firmware kernel that allows users to break out of the FreeBSD jail that the PS4 uses to contain processes. By the end of the month, the group Fail0verflow demonstrated that they could execute code by successfully running a modified version of Linux on the system. We have since seen several full exploit releases on higher firmwares.

What other websites can I visit for PS4 information or resources?

Here are some sites:

Definitions

Term Definition
Custom Firmware (CFW) Firmware modified to add in extra features not present in original firmware (OFW). These modifications can be permanently installed or temporarily added in real time in memory.
Original Firmware (OFW) Stock firmware released by Sony.
Kernel The core of the operating system. Obtaining kernel-level code execution allows for great freedom and ability to run homebrew.
PKG An installation “package” file that can be run from the XMB to install software on the PS4.
GP4 A file that is a blueprint to generate PKGs.
Signing The process of setting a PKG file such that it appears to the PS4 as a normal, officially allowed package. All PSN games, updates, etc. are signed, and must be so for the PS4 to allow them to install.
Internet Relay Chat (IRC) A popular form of real-time Internet text messaging (chat) or synchronous conferencing. It is mainly designed for group communication in discussion forums, called channels, but also allows one-to-one communication via private message as well as chat and data transfer (including file sharing).
SEN / PSN Sony Entertainment Network, also known as the PlayStation Network (PSN) is the online PlayStation service.
Syscall An operating system function. There is a limited number of these which can be called from an application or game.
Userland The security level at which games and applications run to prevent major system modification.
XMB Xross Media Bar - Graphical Interface User designed as a cross. Used on the OS on PSX, PSP, and PS3 and other Sony Products.