PS4:Standard Jailbreak

This page will walk you updating your console to an appropriate firmware (if needed) and enabling homebrew.

Determining your Firmware

• Jailbreaking can only be achieved on a firmware lower than latest.
• To determine your firmware, navigate to Settings > System > System Information on your PS4.
• Take note of your firmware. If you're on 11.00 or anything lower you can continue.

What firmware is the best?

To keep it short, different firmwares will need different exploits, thus can lead to various levels of stability and success rates. Please do keep in mind that they can be updated in the future.

If you are on:

• <5.05 - either keep it for archiving purposes or update to 5.05 or 9.00.
• 5.05 - it’s considered the gold firmware because of its stability and success rate. Either stay on it or update to 9.00 (note that you will need to backport most of your new games in order to play them)
• 6.72 - stay on it or update to 9.00
• 7.02 & 7.5x (7.50, 7.51 & 7.55) - stay on it or update to 9.00
• 8.0x & 8.50 - update to 9.00
• 9.00 - stay or update to 11.00
• 11.00 - currently the latest exploitable firmware

Updating to desired firmware

• On the darthsternie website Retail/Official Firmwares are update files that let you update from for example firmware 8.50 to 9.00
• On the darthsternie website Recovery Firmwares are firmware reinstalation/recovery files that wipe the console of all user data this option is used when replacing the HDD and in either case you can stay on the same firmware you are currently on.

1. Download the 9.00 Retail Firmware (or your desired version) file onto your PC by visiting one of the following sites. Do not get beta firmwares.
   • DKS - PS4 Official Firmwares - Recommended because of the faster download speeds.
   • PS4 Firmwares - Darthsternie's Firmware Archive - No account or CAPTCHA required, but slower download speeds.
   • If you want to start fresh and reset the console, you will need to download a recovery update file. These will always be around 1 GB in size.
   • If you want to update an existing console, do not use a recovery file an only use a normal firmware update. They will be around 500 MB or less in size.
2. Unpack your archive and or rename the file to PS4UPDATE.PUP (must be in all caps).
3. Prepare a USB stick drive by formatting it to FAT32 or exFAT and creating a folder on the root of the drive named PS4 and another folder inside PS4 named UPDATE. Copy PS4UPDATE.PUP into the UPDATE folder. The final structure should look like this: PS4 > UPDATE > PS4UPDATE.PUP.
4. Plug the USB stick into an empty slot on your PS4.
5. Boot into PS4's recovery settings by turning off the PS4 and holding the PS4 power button until it beeps 2 times. Recovery mode should look like this:
   • 
6. Once in Safe mode choose option 3. Update System Software
7. In the following menu choose option 1. Update from USB Storage Device
8. Press YES, NEXT or ACCEPT to any additional options.
9. The PS4 will now install the firmware on the HDD.
10. REMOVE ANY ETHERNET CABLE AND/OR SKIP WI-FI SETUP. Keep everything offline during and after setting up your PS4.
11. After setup, navigate to Settings > System > Automatic Downloads > Uncheck Featured Content, System Software Update Files, Allow Restart and Application Update Files.

Replacing/Upgrading internal storage

• or factory resetting while updating.
• After replacing your internal storage (Guides for replacing PS4 internal storage)
  • NOTICE! Do not download firmware from the PlayStation website. In this situation only refer to the hardware replacement details in the guide.

1. On the darthsternie website Retail/Official Firmwares are update files that let you update from for example firmware 8.50 to 9.00
2. On the darthsternie website Recovery Firmwares are firmware reinstalation/recovery files that wipe the console of all user data this option is used when replacing the HDD and in either case you can stay on the same firmware you are currently on.
3. Download the 9.00 Recovery Firmware (or your desired version) file onto your PC by visiting one of the following sites. Do not get beta firmwares.
   • DKS - PS4 Official Firmwares - Recommended because of the faster download speeds.
   • PS4 Firmwares - Darthsternie's Firmware Archive - No account or CAPTCHA required, but slower download speeds.
   • If you want to update an existing console, do not use a recovery file an only use a normal firmware update. They will be around 500 MB or less in size.
4. Unpack your archive and or rename the file to PS4UPDATE.PUP (must be in all caps).
5. Prepare a USB stick drive by formatting it to FAT32 or exFAT and creating a folder on the root of the drive named PS4 and another folder inside PS4 named UPDATE. Copy PS4UPDATE.PUP into the UPDATE folder. The final structure should look like this: PS4 > UPDATE > PS4UPDATE.PUP.
6. Plug the USB stick into an empty slot on your PS4.
7. Boot into PS4's recovery settings by turning off the PS4 and holding the PS4 power button until it beeps 2 times. Recovery mode should look like this:
   • 
8. Once in Safe mode choose option 7. Initialize PS4 (Reinstall System Software)
9. Press YES, NEXT or ACCEPT to any additional options.
10. The PS4 will now install the firmware on the HDD.
11. REMOVE ANY ETHERNET CABLE AND/OR SKIP WI-FI SETUP. Keep everything offline during and after setting up your PS4.
12. After setup, navigate to Settings > System > Automatic Downloads > Uncheck Featured Content, System Software Update Files, Allow Restart and Application Update Files.

Enabling Homebrew 5.05-9.00

• Internet Settings (Ignore for PPPwn)

If you are using the PPPwn method, avoid this section as it needs a different configuration detailed in the PPPwn instructions.

Navigate to Settings > Network > Check Connect to the Internet, then Set Up Internet Connection and:

• Connection: Wi-Fi or LAN cable
• Set Up: Custom
• IP Address: Automatic
• DHCP Host Name: Do Not Specify
• DNS Settings: Manual
• Primary DNS: 62.210.38.117 - Explanation: This DNS will redirect you to a jailbreak website.
• MTU Settings: Automatic
• Proxy Server: Do Not Use
  • Note: For some people, their Internet Provider will block DNS’s, thus not allowing you to use the 2 DNS Addresses. If you are one of those people, please use the ALTERNATIVE GUIDE.

5.05, 6.72, 7.02, 7.50 & 7.55

1. Navigate to Settings > User's Guide/Helpful Info > User Guide. The website loaded should be an exploit host instead of the user guide.
2. Select Karo.
3. Select Goldhen for your firmware version.
   • Goldhen505 for 5.05, Goldhen755 for 7.55, etc.
   • If it is the first time the page is loaded, it will be cached, and will have to be manually reloaded once prompted.
4. Wait for the exploit to trigger. If you see the "GoldHEN loaded" message, you have jailbroken the PS4.
   • If you see "Not enough memory", select OK.
5. Exit the user-guide by holding the back button.
6. For recommendations on what to do next, see Recommended Setup.

Firmware 9.00 (pOObs4)

1. Download Rufus and pOOBs4/exfathax.img exfathax.img on your PC. Plug a USB drive to your PC.
2. In Rufus > Device (select your USB stick) > Boot Section: Disk or ISO image and select exfathax.img > Start. Note that this will erase the USB drive.
3. Back on the PS4, navigate to Settings > User's Guide/Helpful Info > User Guide. The website loaded should be an exploit host instead of the user guide.
4. Select Karo.
5. Select Goldhen900.
   • If it is the first time the page is loaded, it will be cached, and will have to be manually reloaded once prompted.
6. Do not move your mouse cursor and have patience. If you see "Not enough memory", select OK and continue until you see this screen:
   • 
   • When you see this message insert the USB drive formatted with Rufus, wait until "This USB storage device's filesystem is unsupported" appears and disappears, then press OK.
7. If successful, a "Jailbreak Done" prompt should appear, remove the USB drive from the PS4, then press OK.
8. If you see the "GoldHEN loaded" message, you have jailbroken the PS4:
   
9. Exit the user-guide by holding the back button.
10. For recommendations on what to do next, see Recommended Setup.

Troubleshooting 5.05-9.00

• An error "Not enough memory" appears.
  • It's a common error. Keep pressing OK until you pass it.
• The PS4 just shutdown/rebooted itself.
  • Another common error. Do not worry, remove the USB drive if on 9.00 and keep trying the same procedure starting with User Guide.
• I rebooted the PS4, and now I can't launch my games/apps.
  • Jailbreaking is not persistent/permanent and as a result you need to re-jailbreak your PS4 every time you reboot/shut down your PS4. As a alternative, you can put your PS4 on rest mode and you don't need to re-jailbreak.
• Will my PS4 die from doing this?
  • No, even forced reboots won't kill your PS4.

Enabling Homebrew 9.00, 9.60, 10.00, 10.01, & 11.00 (PPPwn)

PPPwn GUI (Windows)

• Download and Extract the zip file to a folder on your desktop.

• Installing Dependencies for C++ version
  • Download and install npcap 1.80 if running on older hardware try 1.79 and below.

• Installing Dependencies For Python version
  • Download and install npcap 1.80 if running on older hardware try 1.79 and below.
  • Download and install Python make sure to add it to path and install as admin.
  • Then run the following commands in a CMD window
  • python -m ensurepip --default-pip
  • pip install scapy

• Setting up the PS4 internet connection
  • On your PS4

1. Go to Settings and then Network
2. Select Set Up Internet connection and choose Use a LAN Cable
3. Choose Custom setup and choose PPPoE for IP Address Settings
4. Put in anything as Username and Password it is recommended for it to be 1 letter that's the same in both fields for better compatibility.
5. Choose Automatic for DNS Settings and MTU Settings
6. Choose Do not use for Proxy Server
7. Go back and be ready to press on Test internet connection

• Putting the goldhen or VTX payload on a usb
  • Format a usb drive to exFAT
  • Find the folder for your firmware and from inside of it copy the goldhen.bin file onto your usb drive for Goldhen
  • Find the folder for your firmware and from inside of it copy the payload.bin file onto your usb drive For VTX
  • Then plug the usb into your PS4

• GUI running C++

1. Choose your ethernet interface

• To find it you can look in
  • Settings>Network & Internet>Ethernet on the left menu>Then Click on the connection name scroll down and fine the Description

1. Select the firmware version your PS4 is on
2. PPPwn version C++ is the default option
3. Usually not using the old IPV6 version is recommended but if your console experiences crashes with no progress past Stage 2 tick it to use the old IPV6
4. You can tweak the Num settings in all 3 fields based on the instructions above. Or leave them blank to use the defaults.
5. You can press the Run PPPwn button and on your PS4 press on Test internet connection

• For recommendations on what to do next, see PS4:Recommended Setup

• How to use the new options Corrupt Num, Pin Num and Spray Num

1. Corrupt Num

• Corrupt Num increases the is the amount of overflow packets sent to the PS4. Enter in hex OR decimal. (Default: 0x1 or 1) The recommended HEX values are 0x1 0x2, 0x4, 0x6, 0x8, 0x10, 0x14, 0x20, 0x30, 0x40 but you are free to test and find out what works best for your console.
• Occasionally values too high may cause console crashes work back down to something stable.

1. Pin Num

• No information about it helping but available if you'd like to try. Enter in hex OR decimal. (Default: 0x1000 or 4096)

1. Spray Num

• When spray is higher the scan range is larger. Enter in hex OR decimal. (Default: 0x1000 or 4096)
• The recommended HEX values are 0x1000, 0x1050, 0x1100, 0x1150, 0x1200, 0x1250 but you are free to test and find out what works best for your console.

• GUI running Python

1. Choose your ethernet interface

• To find it you can look in
  • Settings>Network & Internet>Ethernet on the left menu>Then Click on the connection name scroll down and fine the Description

1. Select the firmware version your PS4 is on
2. To select the Python version click on the dropdown menu and choose Python
3. Python does not have the option to use the old IPV6.
4. Python does not have support for tweaking the Num values left blank or with writing in it will not result in errors or additions to the command.
5. You can press the Run PPPwn button and on your PS4 press on Test internet connection

• For recommendations on what to do next, see PS4:Recommended Setup

PPPwn Raw C++ Rewrite method (Windows)

The C++ method is faster on old and new hardware and benefits of an auto retry and integrated interface listing command.

1. Download and install Npcap1.80 (You may need to try older versions of Npcap if you encounter issues)
2. Download for x86 PPPwn-C++ or x86_64 PPPwn-C++ and unpack it in a folder
3. You will also need stage1 and stage2 files that you can get from this GitHub
4. Place the stage1 folder and stage2 folder for your firmware in the same folder as the unpacked pppwn file.
5. Then download Goldhen and place the goldhen.bin that is inside the 7z file on a USB Drive formatted in EXFAT or FAT32 then connect it to your PS4
6. Connect your PC and PS4 via ethernet so the ethernet adapter becomes active.
7. Open a cmd window and cd to the folder where the pppwn file is and type in the following command:
   • pppwn list
8. Find your ethernet adapter name on to the right then to the left here will be line of numbers and letters inside of {} >example \Device\NPF_{9F25F85D-3755-46A6-93B3-9173DFCB1632} copy it.
9. Example> \Device\NPF_{9F25F85D-3755-46A6-93B3-9173DFCB1632}
10. You can go to the PS4 and apply the following internet settings.
11. On your PS4
    • Go to Settings and then Network
    • Select Set Up Internet connection and choose Use a LAN Cable
    • Choose Custom setup and choose PPPoE for IP Address Settings
    • Put in g as Username and Password
    • Choose Automatic for DNS Settings and MTU Settings
    • Choose Do not use for Proxy Server
    • Go back and be ready to press on Test internet connection
12. Back in the cmd window you can now run the following command by adding your ethernet adapter name to the example below and changing the firmware version to your own:
    • pppwn --interface \Device\NPF_{9F25F85D-3755-46A6-93B3-9173DFCB1632} --fw 1100 --stage1 "stage1/stage1.bin" --stage2 "stage2/stage2.bin" --timeout 10 --auto-retry
13. Then press Test internet connection on the PS4
14. If the the script becomes stuck restart the process.
15. For recommendations on what to do next, see PS4:Recommended Setup

PPPwn Raw Python method (Windows)

1. Download and install Npcap1.80 (You may need to try older versions of Npcap if you encounter issues)
2. Download and install Python and make sure to ADD TO PATH and run as Admin then restart your PC.
3. Open a CMD Window and paste the following commands.
   • python -m ensurepip --default-pip
   • pip install scapy
4. Then download pppwn.py and offsets.py. You will also need stage1 and stage2 files that you can get from this GitHub
5. Place the stage1 folder and stage2 folder for your firmware in the same folder as pppwn.py, offsets.py.
6. Then download Goldhen and place the goldhen.bin that is inside the 7z file on a USB Drive formatted in EXFAT or FAT32 then connect it to your PS4.
7. Connect your PC and PS4 via ethernet so the ethernet adapter becomes active.
8. Open a Windows PowerShell window and run this command.
9. Get-NetAdapter | Select-Object Name, InterfaceDescription, InterfaceGuid
10. Your ethernet adapters will be listed find the one with the corresponding name to your ethernet port(you can check in your connection settings or with ipconfig in a cmd window)
11. To the far right of its name will be a line of numbers and letters inside of {} >example {9F25F85D-3755-46A6-93B3-9173DFCB1632} copy it along with the {}.
12. Add this to it \Device\NPF_
13. Example> \Device\NPF_{9F25F85D-3755-46A6-93B3-9173DFCB1632}
14. You can go to the PS4 and apply the following internet settings:
    • Navigate to Settings > Network > Check Connect to the Internet, then Set Up Internet Connection
    • Select Set Up Internet connection and choose Use a LAN Cable
    • Choose Custom setup and choose PPPoE for IP Address Settings
    • Put in g as Username and Password
    • Choose Automatic for DNS Settings and MTU Settings
    • Choose Do not use for Proxy Server
    • Go back and be ready to press on Test internet connection
15. Go back to a cmd window and cd into the folder from Step 8.
16. In the open cmd window you can now run the following command with your ethernet adapter id from step 9-13 and the firmware version > example bellow.
    • pppwn.py --interface=\Device\NPF_{9F25F85D-3755-46A6-93B3-9173DFCB1632} --fw=1100
17. Then press on Test internet connection on the PS4
18. If Scanning for corrupted object fails press CTRL+C then run the command from step 16 again.
19. For recommendations on what to do next, see PS4:Recommended Setup

Troubleshooting PPPwn 9.00, 9.60, 10.00, 10.01, & 11.00

• The PS4 just shutdown/rebooted itself.
  • A common error. Do not worry turn on the console and try again (you may need to press the power button on the console twice)
• I rebooted the PS4, and now I can't launch my games/apps.
  • Jailbreaking is not persistent/permanent and as a result you need to re-jailbreak your PS4 every time you reboot/shut down your PS4. As a alternative, you can put your PS4 on rest mode and you don't need to re-jailbreak.
• Will my PS4 die from doing this?
  • No, even forced reboots won't kill your PS4.

Windows Desktop side troubleshooting.

• • Troubleshooting on windows is not straightforward but you can try the following things.
  • Confirm your ethernet adapter is NOT bridged with anything.
  • Try changing the Npcap version to an older one.
  • Confirm your ethernet adapter is functional by going into device manager and looking at "network adapters" if there are any issues try reinstalling your adapter driver.
  • If using Python version make sure Python , Pip and Scapy are installed.
  • Try a different windows device as sometimes no matter what you do issues cannot be resolved without reinstalling windows.
  • If using a USB to Ethernet adapter the adapter may just not be compatible.

PS4 side troubleshooting.

• • Failed to get IP when pressing on "Test Internet Connection" Usually a PC side issue look above for troubleshooting or check your PS4 internet settings by looking below.
• PS4 Connection Troubleshooting
  • Go to Settings and then Network
  • Select Set Up Internet connection and choose Use a LAN Cable
  • Choose Custom setup and choose PPPoE for IP Address Settings
  • Put in anything as Username and Password it is recommended for it to be 1 letter that's the same in both fields for better compatibility.
  • Choose Automatic for DNS Settings and MTU Settings
  • Choose Do not use for Proxy Server
  • Go back and be ready to press on Test internet connection
  • Sometimes if you get no IP or are stuck on "[*] Waiting for PADI..." you need to redo these settings and test again.

Putting the goldhen or VTX payload on a usb

• • Format a usb drive to exFAT
  • Copy the goldhen.bin file into the root of your usb drive for Goldhen
  • Copy the payload.bin file into the root of your usb drive for VTX
  • Then plug the usb into your PS4

Stage0 issues

• Stuck on "[*] Waiting for PADI..." Make sure you are calling the correct ethernet interface.

• Stuck on "[*] Waiting for PADI..." Make sure the PS4 and PC(or other device) are connected via ethernet.

• Stuck on "[*] Waiting for PADI..." Make sure the PS4 internet settings are correctly set up and go to Settings>Network and press on "Test Internet Connection"

• Stuck on "[*] Waiting for PADR..." If using a usb to ethernet adapter it may not be compatible or simply try restarting the exploit process.

• Stuck on any of the below simply try restarting the exploit process.
  • [+] pppoe_softc: 0xffffabd634beba00
  • [+] Target MAC: xx:xx:xx:xx:xx:xx
  • [+] Source MAC: 07:ba:be:34:d6:ab
  • [+] AC cookie length: 0x4e0
  • [] Sending PADO...
  • [] Sending PADS...
  • [] Waiting for LCP configure request...
  • [] Sending LCP configure ACK...
  • [] Sending LCP configure request...
  • [] Waiting for LCP configure ACK...
  • [] Waiting for IPCP configure request...
  • [] Sending IPCP configure NAK...
  • [] Waiting for IPCP configure request...
  • [] Sending IPCP configure ACK...
  • [] Sending IPCP configure request...
  • [] Waiting for IPCP configure ACK...
  • [*] Waiting for interface to be ready...
  • [+] Target IPv6: fe80::2d9:d1ff:febc:83e4
  • [+] Heap grooming... done or xx%
• simply try restarting the exploit process.

Stage1 issues

• Any issues here usually result in a kernel panic=console shutting down.
• Console shutdown at "[*] Waiting for IPCP configure ACK..." happens occasionally on its own but if it persists try changing to a different IPV6 for the exploit settings usually marked by "old" or "Stable".
• Console persistently shutting down at "[*] Waiting for IPCP configure ACK..." or "[+] Scanning for corrupted object..." try changing the Npcap version to an older one if on Windows.
• If on a Mac try a windows device......
• If stuck here no matter what try using the Python implementation of this jailbreak or a different device.

Stage2 issues

• If persistently stuck on the below
  • [+] STAGE 2: KASLR defeat
  • [*] Defeating KASLR...
  • [+] pppoe_softc_list: 0xffffffff884de578
  • [+] kaslr_offset: 0x3ffc000

• Any issues here usually result in a kernel panic=console shutting down.

• Troubleshooting from Stage1 also applies here.

• Console shutdown happens occasionally on its own but if it persists try changing to a different IPV6 for the exploit settings usually marked by "old" or "Stable".

• If on a Mac try a windows device...... or if already on windows try changing the Npcap version to an older one.

• If stuck here no matter what try using the Python implementation of this jailbreak or a different device.

Stage3 issues

• Any issues here usually result in a kernel panic=console shutting down.
  • [+] STAGE 3: Remote code execution
  • [] Sending LCP terminate request...
  • [] Waiting for PADI...
  • [+] pppoe_softc: 0xffffabd634beba00
  • [+] Target MAC: xx:xx:xx:xx:xx:xx
  • [+] Source MAC: 97:df:ea:86:ff:ff
  • [+] AC cookie length: 0x511
  • [] Sending PADO...
  • [] Waiting for PADR...
  • [] Sending PADS...
  • [] Triggering code execution...
  • [] Waiting for stage1 to resume...
  • [] Sending PADT...
  • [] Waiting for PADI...
  • [+] pppoe_softc: 0xffffabd634be9200
  • [+] Target MAC: xx:xx:xx:xx:xx:xx
  • [+] AC cookie length: 0x0
  • [] Sending PADO...
  • [] Waiting for PADR...
  • [] Sending PADS...
  • [] Waiting for LCP configure request..
  • [] Sending LCP configure ACK...
  • [] Sending LCP configure request...
  • [] Waiting for LCP configure ACK...
  • [] Waiting for IPCP configure request...
  • [] Sending IPCP configure NAK...
  • [] Waiting for IPCP configure request...
  • [] Sending IPCP configure ACK...
  • [] Sending IPCP configure request...
  • [] Waiting for IPCP configure ACK...
• Console shutdown happens occasionally on its own but if it persists try changing to a different IPV6 for the exploit settings usually marked by "old", "Stable", "new" or "beta".
• If issues persist recheck all your files and etc.
• The script will also tell you if you have chosen incorrect firmware files and it usually results in a kernel panic on the PS4.

Stage4 issues

• If you get
  • [+] STAGE 4: Arbitrary payload execution
  • [*] Sending stage2 payload...
  • [+] Done!
• But only get the "PPPwned" message then there is an issue with the payload on the USB or HDD.
• Reformat the USB to EXFAT and put "goldhen.bin" or "payload.bin" Goldhen or VTX Hen respectively.
• If no matter what you do the bin file does not load either factory reset the console or replace the HDD or try from a different device.
• Additionally you may get some random errors here and there they are usually because of incorrect interface, incorrect files (result in kernel panic), incorrect firmware selection or occasionally incomplete dependencies.
• The script will also tell you if you have chosen incorrect firmware files and it usually results in a kernel panic on the PS4.
• Misc issues Stage0: to Stage4:
• You may get some random errors here and there they are usually because of incorrect interface, incorrect files (resluts in kernel panic), incorrect firmware sellection or ocasionally incomplete dependencies.