PS4:Standard Jailbreak

This page will walk you updating your console to an appropriate firmware (if needed) and enabling homebrew.

Determining your Firmware

• Jailbreaking can only be achieved on a firmware lower than latest.
• To determine your firmware, navigate to Settings > System > System Information on your PS4.
• Take note of your firmware. If you're on 11.00 or anything lower you can continue.

What firmware is the best?

To keep it short, different firmwares will need different exploits, thus can lead to various levels of stability and success rates. Please do keep in mind that they can be updated in the future.

If you are on:

• <5.05 - either keep it for archiving purposes or update to 5.05 or 9.00.
• 5.05 - it’s considered the gold firmware because of its stability and success rate. Either stay on it or update to 9.00 (note that you will need to backport most of your new games in order to play them)
• 6.72 - stay on it or update to 9.00
• 7.02 & 7.5x (7.50, 7.51 & 7.55) - stay on it or update to 9.00
• 8.0x & 8.50 - update to 9.00
• 9.00 - stay or update to 11.00
• 11.00 - currently the latest exploitable firmware

Updating to desired firmware

• On the darthsternie website Retail/Official Firmwares are update files that let you update from for example firmware 8.50 to 9.00
• On the darthsternie website Recovery Firmwares are firmware reinstalation/recovery files that wipe the console of all user data this option is used when replacing the HDD and in either case you can stay on the same firmware you are currently on.

1. Download the 9.00 Retail Firmware (or your desired version) file onto your PC by visiting one of the following sites. Do not get beta firmwares.
   • DKS - PS4 Official Firmwares - Recommended because of the faster download speeds.
   • PS4 Firmwares - Darthsternie's Firmware Archive - No account or CAPTCHA required, but slower download speeds.
   • If you want to start fresh and reset the console, you will need to download a recovery update file. These will always be around 1 GB in size.
   • If you want to update an existing console, do not use a recovery file an only use a normal firmware update. They will be around 500 MB or less in size.
2. Unpack your archive and or rename the file to PS4UPDATE.PUP (must be in all caps).
3. Prepare a USB stick drive by formatting it to FAT32 or exFAT and creating a folder on the root of the drive named PS4 and another folder inside PS4 named UPDATE. Copy PS4UPDATE.PUP into the UPDATE folder. The final structure should look like this: PS4 > UPDATE > PS4UPDATE.PUP.
4. Plug the USB stick into an empty slot on your PS4.
5. Boot into PS4's recovery settings by turning off the PS4 and holding the PS4 power button until it beeps 2 times. Recovery mode should look like this:
   • 
6. Once in Safe mode choose option 3. Update System Software
7. In the following menu choose option 1. Update from USB Storage Device
8. Press YES, NEXT or ACCEPT to any additional options.
9. The PS4 will now install the firmware on the HDD.
10. REMOVE ANY ETHERNET CABLE AND/OR SKIP WI-FI SETUP. Keep everything offline during and after setting up your PS4.
11. After setup, navigate to Settings > System > Automatic Downloads > Uncheck Featured Content, System Software Update Files, Allow Restart and Application Update Files.

Replacing/Upgrading internal storage

• or factory resetting while updating.
• After replacing your internal storage (Guides for replacing PS4 internal storage)
  • NOTICE! Do not download firmware from the PlayStation website. In this situation only refer to the hardware replacement details in the guide.

1. On the darthsternie website Retail/Official Firmwares are update files that let you update from for example firmware 8.50 to 9.00
2. On the darthsternie website Recovery Firmwares are firmware reinstalation/recovery files that wipe the console of all user data this option is used when replacing the HDD and in either case you can stay on the same firmware you are currently on.
3. Download the 9.00 Recovery Firmware (or your desired version) file onto your PC by visiting one of the following sites. Do not get beta firmwares.
   • DKS - PS4 Official Firmwares - Recommended because of the faster download speeds.
   • PS4 Firmwares - Darthsternie's Firmware Archive - No account or CAPTCHA required, but slower download speeds.
   • If you want to update an existing console, do not use a recovery file an only use a normal firmware update. They will be around 500 MB or less in size.
4. Unpack your archive and or rename the file to PS4UPDATE.PUP (must be in all caps).
5. Prepare a USB stick drive by formatting it to FAT32 or exFAT and creating a folder on the root of the drive named PS4 and another folder inside PS4 named UPDATE. Copy PS4UPDATE.PUP into the UPDATE folder. The final structure should look like this: PS4 > UPDATE > PS4UPDATE.PUP.
6. Plug the USB stick into an empty slot on your PS4.
7. Boot into PS4's recovery settings by turning off the PS4 and holding the PS4 power button until it beeps 2 times. Recovery mode should look like this:
   • 
8. Once in Safe mode choose option 7. Initialize PS4 (Reinstall System Software)
9. Press YES, NEXT or ACCEPT to any additional options.
10. The PS4 will now install the firmware on the HDD.
11. REMOVE ANY ETHERNET CABLE AND/OR SKIP WI-FI SETUP. Keep everything offline during and after setting up your PS4.
12. After setup, navigate to Settings > System > Automatic Downloads > Uncheck Featured Content, System Software Update Files, Allow Restart and Application Update Files.

Enabling Homebrew 5.05-9.00

• Internet Settings (Ignore for PPPwn)

If you are using the PPPwn method, avoid this section as it needs a different configuration detailed in the PPPwn instructions.

Navigate to Settings > Network > Check Connect to the Internet, then Set Up Internet Connection and:

• Connection: Wi-Fi or LAN cable
• Set Up: Custom
• IP Address: Automatic
• DHCP Host Name: Do Not Specify
• DNS Settings: Manual
• Primary DNS: 62.210.38.117 - Explanation: This DNS will redirect you to a jailbreak website.
• MTU Settings: Automatic
• Proxy Server: Do Not Use
  • Note: For some people, their Internet Provider will block DNS’s, thus not allowing you to use the 2 DNS Addresses. If you are one of those people, please use the ALTERNATIVE GUIDE.

5.05, 6.72, 7.02, 7.50 & 7.55

1. Navigate to Settings > User's Guide/Helpful Info > User Guide. The website loaded should be an exploit host instead of the user guide.
2. Select Karo.
3. Select Goldhen for your firmware version.
   • Goldhen505 for 5.05, Goldhen755 for 7.55, etc.
   • If it is the first time the page is loaded, it will be cached, and will have to be manually reloaded once prompted.
4. Wait for the exploit to trigger. If you see the "GoldHEN loaded" message, you have jailbroken the PS4.
   • If you see "Not enough memory", select OK.
5. Exit the user-guide by holding the back button.
6. For recommendations on what to do next, see Recommended Setup.

Firmware 9.00 (pOObs4)

1. Download Rufus and pOOBs4/exfathax.img exfathax.img on your PC. Plug a USB drive to your PC.
2. In Rufus > Device (select your USB stick) > Boot Section: Disk or ISO image and select exfathax.img > Start. Note that this will erase the USB drive.
3. Back on the PS4, navigate to Settings > User's Guide/Helpful Info > User Guide. The website loaded should be an exploit host instead of the user guide.
4. Select Karo.
5. Select Goldhen900.
   • If it is the first time the page is loaded, it will be cached, and will have to be manually reloaded once prompted.
6. Do not move your mouse cursor and have patience. If you see "Not enough memory", select OK and continue until you see this screen:
   • 
   • When you see this message insert the USB drive formatted with Rufus, wait until "This USB storage device's filesystem is unsupported" appears and disappears, then press OK.
7. If successful, a "Jailbreak Done" prompt should appear, remove the USB drive from the PS4, then press OK.
8. If you see the "GoldHEN loaded" message, you have jailbroken the PS4:
   
9. Exit the user-guide by holding the back button.
10. For recommendations on what to do next, see Recommended Setup.

Troubleshooting 5.05-9.00

• An error "Not enough memory" appears.
  • It's a common error. Keep pressing OK until you pass it.
• The PS4 just shutdown/rebooted itself.
  • Another common error. Do not worry, remove the USB drive if on 9.00 and keep trying the same procedure starting with User Guide.
• I rebooted the PS4, and now I can't launch my games/apps.
  • Jailbreaking is not persistent/permanent and as a result you need to re-jailbreak your PS4 every time you reboot/shut down your PS4. As a alternative, you can put your PS4 on rest mode and you don't need to re-jailbreak.
• Will my PS4 die from doing this?
  • No, even forced reboots won't kill your PS4.

Enabling Homebrew 9.00, 9.60, 10.00, 10.01, & 11.00 (PPPwn)

PPPwn Raw C++ Rewrite method (Windows)

The C++ method is faster on old and new hardware and benefits of an auto retry and integrated interface listing command.

1. Download and install Npcap1.79 (You may need to try older versions of Npcap if you encounter issues)
2. Download for x86 PPPwn-C++ or x86_64 PPPwn-C++ and unpack it in a folder
3. You will also need stage1 and stage2 files that you can get from this GitHub
4. Place the stage1 folder and stage2 folder for your firmware in the same folder as the unpacked pppwn file.
5. Then download Goldhen and place the goldhen.bin that is inside the 7z file on a USB Drive formatted in EXFAT or FAT32 then connect it to your PS4
6. Connect your PC and PS4 via ethernet so the ethernet adapter becomes active.
7. Open a cmd window and cd to the folder where the pppwn file is and type in the following command:
   • pppwn list
8. Find your ethernet adapter name on to the right then to the left here will be line of numbers and letters inside of {} >example \Device\NPF_{9F25F85D-3755-46A6-93B3-9173DFCB1632} copy it.
9. Example> \Device\NPF_{9F25F85D-3755-46A6-93B3-9173DFCB1632}
10. You can go to the PS4 and apply the following internet settings.
11. On your PS4
    • Go to Settings and then Network
    • Select Set Up Internet connection and choose Use a LAN Cable
    • Choose Custom setup and choose PPPoE for IP Address Settings
    • Put in g as Username and Password
    • Choose Automatic for DNS Settings and MTU Settings
    • Choose Do not use for Proxy Server
    • Go back and be ready to press on Test internet connection
12. Back in the cmd window you can now run the following command by adding your ethernet adapter name to the example below and changing the firmware version to your own:
    • pppwn --interface \Device\NPF_{9F25F85D-3755-46A6-93B3-9173DFCB1632} --fw 1100 --stage1 "stage1/stage1.bin" --stage2 "stage2/stage2.bin" --timeout 10 --auto-retry
13. Then press Test internet connection on the PS4
14. If the the script becomes stuck restart the process.
15. For recommendations on what to do next, see PS4:Recommended Setup

PPPwn Raw Python method (Windows)

1. Download and install Npcap1.79 (You may need to try older versions of Npcap if you encounter issues)
2. Download and install Python and make sure to ADD TO PATH and run as Admin then restart your PC.
3. Open a CMD Window and paste the following commands.
   • python -m ensurepip --default-pip
   • pip install scapy
4. Then download pppwn.py and offsets.py. You will also need stage1 and stage2 files that you can get from this GitHub
5. Place the stage1 folder and stage2 folder for your firmware in the same folder as pppwn.py, offsets.py.
6. Then download Goldhen and place the goldhen.bin that is inside the 7z file on a USB Drive formatted in EXFAT or FAT32 then connect it to your PS4.
7. Connect your PC and PS4 via ethernet so the ethernet adapter becomes active.
8. Open a Windows PowerShell window and run this command.
9. Get-NetAdapter | Select-Object Name, InterfaceDescription, InterfaceGuid
10. Your ethernet adapters will be listed find the one with the corresponding name to your ethernet port(you can check in your connection settings or with ipconfig in a cmd window)
11. To the far right of its name will be a line of numbers and letters inside of {} >example {9F25F85D-3755-46A6-93B3-9173DFCB1632} copy it along with the {}.
12. Add this to it \Device\NPF_
13. Example> \Device\NPF_{9F25F85D-3755-46A6-93B3-9173DFCB1632}
14. You can go to the PS4 and apply the following internet settings:
    • Navigate to Settings > Network > Check Connect to the Internet, then Set Up Internet Connection
    • Select Set Up Internet connection and choose Use a LAN Cable
    • Choose Custom setup and choose PPPoE for IP Address Settings
    • Put in g as Username and Password
    • Choose Automatic for DNS Settings and MTU Settings
    • Choose Do not use for Proxy Server
    • Go back and be ready to press on Test internet connection
15. Go back to a cmd window and cd into the folder from Step 8.
16. In the open cmd window you can now run the following command with your ethernet adapter id from step 9-13 and the firmware version > example bellow.
    • pppwn.py --interface=\Device\NPF_{9F25F85D-3755-46A6-93B3-9173DFCB1632} --fw=1100
17. Then press on Test internet connection on the PS4
18. If Scanning for corrupted object fails press CTRL+C then run the command from step 16 again.
19. For recommendations on what to do next, see PS4:Recommended Setup

Troubleshooting PPPwn 9.00, 9.60, 10.00, 10.01, & 11.00

• The PS4 just shutdown/rebooted itself.
  • A common error. Do not worry turn on the console and try again (you may need to press the power button on the console twice)
• I rebooted the PS4, and now I can't launch my games/apps.
  • Jailbreaking is not persistent/permanent and as a result you need to re-jailbreak your PS4 every time you reboot/shut down your PS4. As a alternative, you can put your PS4 on rest mode and you don't need to re-jailbreak.
• Will my PS4 die from doing this?
  • No, even forced reboots won't kill your PS4.

Windows Desktop side troubleshooting.

• • Troubleshooting on windows is not straightforward but you can try the following things.
  • Confirm your ethernet adapter is NOT bridged with anything.
  • Try changing the Npcap version to an older one.
  • Confirm your ethernet adapter is functional by going into device manager and looking at "netword adapters" if there are any issues try reinstalling your adapter driver.
  • If using Python version make sure Python , Pip and Scapy are installed.
  • Try a different windows device as sometimes no matter what you do issues cannot be resolved without reinstalling windows.

PS4 side troubleshooting.

• • Failed to get IP when pressing on "Test Internet Connection" Usually a PC side issue look above for troubleshooting or check your PS4 internet settings by looking below.
• PS4 Connection Troubleshooting
  • Go to Settings and then Network
  • Select Set Up Internet connection and choose Use a LAN Cable
  • Choose Custom setup and choose PPPoE for IP Address Settings
  • Put in anything as Username and Password it is recommended for it to be 1 letter that's the same in both fields for better compatibility.
  • Choose Automatic for DNS Settings and MTU Settings
  • Choose Do not use for Proxy Server
  • Go back and be ready to press on Test internet connection
  • Sometimes if you get no IP or are stuck on "[*] Waiting for PADI..." you need to redo these settings and test again.

Putting the goldhen or VTX payload on a usb

• • Format a usb drive to exFAT
  • Copy the goldhen.bin file into the root of your usb drive for Goldhen
  • Copy the payload.bin file into the root of your usb drive for VTX
  • Then plug the usb into your PS4

Stage0 issues

• Stuck on "[*] Waiting for PADI..." Make sure you are calling the correct ethernet interface.

• Stuck on "[*] Waiting for PADI..." Make sure the PS4 and PC(or other device) are connected via ethernet.

• Stuck on "[*] Waiting for PADI..." Make sure the PS4 internet settings are correctly set up and go to Settings>Network and press on "Test Internet Connection"

• Stuck on "[*] Waiting for PADR..." If using a usb to ethernet adapter it may not be compatible or simply try restarting the exploit proccess.

• Stuck on any of the below simply try restarting the exploit proccess.
  • [+] pppoe_softc: 0xffffabd634beba00
  • [+] Target MAC: xx:xx:xx:xx:xx:xx
  • [+] Source MAC: 07:ba:be:34:d6:ab
  • [+] AC cookie length: 0x4e0
  • [] Sending PADO...
  • [] Sending PADS...
  • [] Waiting for LCP configure request...
  • [] Sending LCP configure ACK...
  • [] Sending LCP configure request...
  • [] Waiting for LCP configure ACK...
  • [] Waiting for IPCP configure request...
  • [] Sending IPCP configure NAK...
  • [] Waiting for IPCP configure request...
  • [] Sending IPCP configure ACK...
  • [] Sending IPCP configure request...
  • [] Waiting for IPCP configure ACK...
  • [*] Waiting for interface to be ready...
  • [+] Target IPv6: fe80::2d9:d1ff:febc:83e4
  • [+] Heap grooming... done or xx%
• simply try restarting the exploit process.

Stage1 issues

• Any issues here usually result in a kernel panic=console shutting down.
• Console shutdown at "[*] Waiting for IPCP configure ACK..." happens ocasionally on its own but if it persists try changin to a different IPV6 for the exploit settings usually marked by "old" or "Stable".
• Console persistently shutting down at "[*] Waiting for IPCP configure ACK..." or "[+] Scanning for corrupted object..." try changing the Npcap version to an older one if on Windows.
• If on a Mac try a windows device......

Stage2 issues

• If persistently stuck on the below
  • [+] STAGE 2: KASLR defeat
  • [*] Defeating KASLR...
  • [+] pppoe_softc_list: 0xffffffff884de578
  • [+] kaslr_offset: 0x3ffc000

• Any issues here usually result in a kernel panic=console shutting down.

• Console shutdown happens ocasionally on its own but if it persists try changin to a different IPV6 for the exploit settings usually marked by "old" or "Stable".

• If on a Mac try a windows device...... or if already on windows try changing the Npcap version to an older one.

Stage3 issues

• Any issues here usually result in a kernel panic=console shutting down.
  • [+] STAGE 3: Remote code execution
  • [] Sending LCP terminate request...
  • [] Waiting for PADI...
  • [+] pppoe_softc: 0xffffabd634beba00
  • [+] Target MAC: xx:xx:xx:xx:xx:xx
  • [+] Source MAC: 97:df:ea:86:ff:ff
  • [+] AC cookie length: 0x511
  • [] Sending PADO...
  • [] Waiting for PADR...
  • [] Sending PADS...
  • [] Triggering code execution...
  • [] Waiting for stage1 to resume...
  • [] Sending PADT...
  • [] Waiting for PADI...
  • [+] pppoe_softc: 0xffffabd634be9200
  • [+] Target MAC: xx:xx:xx:xx:xx:xx
  • [+] AC cookie length: 0x0
  • [] Sending PADO...
  • [] Waiting for PADR...
  • [] Sending PADS...
  • [] Waiting for LCP configure request..
  • [] Sending LCP configure ACK...
  • [] Sending LCP configure request...
  • [] Waiting for LCP configure ACK...
  • [] Waiting for IPCP configure request...
  • [] Sending IPCP configure NAK...
  • [] Waiting for IPCP configure request...
  • [] Sending IPCP configure ACK...
  • [] Sending IPCP configure request...
  • [] Waiting for IPCP configure ACK...
• Console shutdown happens occasionally on its own but if it persists try changing to a different IPV6 for the exploit settings usually marked by "old", "Stable", "new" or "beta".
• If issues persist recheck all your files and etc.

Stage4 issues

• If you get
  • [+] STAGE 4: Arbitrary payload execution
  • [*] Sending stage2 payload...
  • [+] Done!
• But only get the "PPPwned" message then there is an issue with the payload on the USB or HDD.
• Reformat the USB to EXFAT and put "goldhen.bin" or "payload.bin" Goldhen or VTX Hen respectively.
• If no matter what you do the bin file does not load either factory reset the console or replace the HDD.
• Additionally you may get some random errors here and there they are usually because of incorrect interface, incorrect files (result in kernel panic), incorrect firmware selection or occasionally incomplete dependencies.