Using a PS2 Game to Jailbreak the PS4

jalal khan

How to use a PS2 game to Jailbreak the PlayStation 4. -------------------------------------------------------------------------------------------------------- Links:  Laps3c0re: https://github.com/iMrDJAi/laps3c0re/...  GoldHEN: https://ko-fi.com/s/bd655acbdb  USB Loader: https://www.mediafire.com/file/wov0l3...  Network Loader: https://www.mediafire.com/file/m045kr...  Rufus: https://rufus.ie/en/  Payload Sender: https://github.com/McCaulay/mast1c0re...  -------------------------------------------------------------------------------------------------------- Timestamps: 0:00 - Intro 1:15 - Requirements 3:06 - USB Setup 4:56 - Save Setup 6:13 - Building Save with Jailbroken PS4 9:42 - Building Save with Discord Bot 10:45 - Jailbreaking PS4 12:27 - Network Loader example -------------------------------------------------------------------------------------------------------- Music Outro: Paul Flint - Sock It To Them -    • Paul Flint - Sock It To Them [NCS Release]   -------------------------------------------------------------------------------------------------------- Find my content on these other platforms: Odysee: https://odysee.com/@MODDEDWARFARE LBRY: https://lbry.tv/@MODDEDWARFARE BitChute: https://www.bitchute.com/channel/cZkN...

Transcript

00:00Hey, how's it going guys? Welcome back to another PS4 Jailbreak video.

00:03So today we've got something special, the triumphant return of the MasterCore exploit.

00:08So the original MasterCore exploit uses a vulnerability in the game Okage Shadow King

00:13to load PS2 Elf files, which could then be used to sideload PlayStation 2 games on the PS4 and PS5.

00:20That was the original use case of this exploit,

00:23but now we can actually use it to jailbreak the PS4 using the new LapseCore version,

00:27which is by D-Link Turtle, that uses this exploit to load the Lapse Kernel exploit to jailbreak the PS4.

00:35And it's pretty similar to the Lua exploit with the Japanese games,

00:38where you use this game Okage Shadow King to load a modified save file that then exploits the console.

00:44Now the issue with this is that if you actually want to use this to jailbreak your console,

00:48you do have to have a licensed copy of this game Okage Shadow King on your console

00:53and be on an old enough firmware that is supported.

00:56So don't be under any kind of illusion here.

00:58This exploit is not going to be one that is going to affect many people.

01:02It's only really going to be useful for a very tiny portion of people

01:05who still have a copy of this game licensed on their consoles.

01:09It is a very niche exploit for that reason,

01:11but still something that I think is interesting and worth covering here on the channel.

01:15So in terms of what's needed for this, we need the actual LapseCore project here.

01:19Lapse plus MasterCore equals LapseCore.

01:21So as you can see, it supports firmwares currently from 9.00 up to 11.00,

01:27although other higher firmwares are on the to-do list up to 12.02.

01:31So it should hopefully work up to 12.02 in a future release.

01:35But for now, it's only up to 11.00 firmwares that are supported.

01:40And the PS5 is also on the to-do list because the PS5 is also affected by this exploit.

01:45So it may get ported to the PS5 at some point in the future.

01:48So anyway, if we head into the releases section,

01:50we can go ahead and download the LapseCore zip file here.

01:53And of course, we also need to download the GoldHen payload

01:56that we're going to be executing with this exploit to jailbreak our console.

02:00Again, you can just enter 0 here if you just want to get the download,

02:03if you don't want to leave a donation.

02:05Obviously, I encourage donations, but otherwise,

02:07if you just want the download, you can enter 0 and click get now

02:10and you'll still be able to get it downloaded.

02:12So once we have that copied over to our computer,

02:14we also need the save file that we're also going to load onto the game

02:20so that it can load the save file that runs the exploit.

02:22So there's two versions of the save file.

02:24There's the USB loader.

02:25These are from Macaulay, the original developer behind this exploit.

02:29So you've got his USB elf loader and the network loader.

02:33The network loader lets you send the payloads over the network to execute.

02:36And of course, the USB loader loads them off a USB drive,

02:39which is what I'm going to use

02:41because I think that is generally the easier option.

02:43So if we open up the Lapscore zip file and go into the bin folder,

02:47we have the different elf files to load the exploit

02:50on the various different supported firmwares.

02:52So my PS4 is on 10.01 firmware right now.

02:55So that's the elf file that I'm going to extract to my desktop.

02:58That's the one I'm going to use.

03:00So pick the elf file that corresponds to your PS4's firmware version

03:03and we should be good there.

03:05So in order to get the USB drive in the correct format,

03:08we're going to use Rufus software to format the USB.

03:11It's very important that we get the USB drive

03:14in the MBR partition scheme master boot record

03:17because if it's GPT, it will not work.

03:20Even if it's formatted in the correct format,

03:22the USB loader will not detect the elf files on the USB drive

03:26if it's not using master boot record.

03:29So we need to make sure that it's set.

03:30So we can use Rufus for this.

03:32So if we open up Rufus and we've got our device here,

03:35if I list USB hard drives,

03:36it will show all of the USB drives,

03:38including external drives as well, external hard drives.

03:42So we're going to select our USB drive up here,

03:44select boot selection on non-bootable,

03:46and then make sure the partition scheme is MBR.

03:49That is the requirement.

03:51And then also that the file system is set to XFAT,

03:54not FAT32 for this.

03:56It needs to be XFAT.

03:57And then we can go ahead and click start and reformat.

04:00Again, warning, all data on the device will be erased.

04:02So make sure you back up any data on the USB drive

04:05before you reformat it.

04:06And then we can click OK to reformat the drive.

04:09And that will set it to the correct partition scheme and format.

04:13So once that's done,

04:13we can open up the USB drive itself here,

04:16delete these files that Rufus creates.

04:19And then we can simply take our Goldhen payload.

04:22So open this up in 7-zip,

04:23extract goldhen.bin to the root of the USB drive.

04:26And also we need to create an ELFs folder

04:29in the root of the USB drive as well,

04:32not inside any folders.

04:33So it needs to be ELF in uppercase characters.

04:36And then the S is a lowercase character.

04:39I believe it is case sensitive.

04:41So go ahead and enter that in there

04:43and then open up that folder

04:44and copy your payload, your ELF file,

04:47your PS2 ELF file that loads the jailbreak

04:49for your firmware version

04:50and copy it into that folder.

04:53And that's how you get the USB prepared

04:54to load the exploit.

04:56OK, but we still need to get the modified save file

04:58installed on our console

05:00that can then use the game to run the exploit.

05:03So that is the next task.

05:05So what we're going to do is,

05:06first of all, run the game

05:07and get it loaded

05:08so that we can create a base save file.

05:11So I'm just going to create a new save on this game.

05:14To begin with,

05:15it starts off with a bunch of dialogue

05:17that you have to skip through.

05:18So just skip through all the initial dialogue

05:20at the beginning.

05:21Once you're able to freely move around,

05:24we're going to exit out of the kitchen here

05:26and then head upstairs to this room.

05:28And then if you go through this door,

05:30head to the end of the corridor

05:31and then go through this door.

05:33And that will take you to the area

05:35that you can save your game

05:37and just select from the option

05:38to create a new save

05:40and select the first save option.

05:42And that will create a new base save for the game

05:45that we're going to replace

05:46with our exploit save.

05:47So what we're going to do at this point

05:49is just close out of the game,

05:51head over to the settings,

05:52go to application, save data management,

05:54make sure you have your USB drive connected.

05:57And we're going to, of course,

05:57go to save data in system storage,

06:00copy to USB storage,

06:01and then select the save file

06:03that we just created

06:04to copy it over to the USB.

06:07So go ahead and do that

06:08and allow it to copy the save

06:09and that will get it copied over to the USB drive.

06:12Now there's a few different ways

06:13that we can get the save file installed.

06:15We can either use another jailbroken PS4

06:17with the Apollo save tool,

06:19or we can use the free Discord save box.

06:21I'm just going to use currently

06:23another PS4 to do this

06:24because it's faster.

06:26So in order to use another jailbroken PS4

06:28to create the save for you,

06:29there's a few requirements.

06:30Obviously that PS4 needs to be

06:32running the jailbreak

06:33and have access to the Apollo save tool application here.

06:36And you also want to make sure

06:37that the account that you're using on this PS4

06:40is activated with the same account ID

06:43as the account that is on the other PS4

06:46that you're creating the save file for.

06:48In my case, that is user4.

06:49So with that, we should be ready to go.

06:53So if it is activated with the same account ID,

06:55when you plug in your USB drive

06:57and you go to USB saves,

06:59the save that you copied to the USB

07:00from the other PS4 should show up in here

07:02if it is activated with the correct account ID.

07:05So we're going to select it with X

07:07and then select the option

07:08to copy save game to HDD

07:10to copy it to the hard drive.

07:12Once that's done,

07:13we can press circle twice

07:14to head back out to the main menu

07:16and then go into the HDD save section

07:18and then you should see the save file showing up in here.

07:21So we'll press X on it

07:23and then we will copy it back to the USB drive.

07:25And this will actually copy the decrypted save file

07:28to the USB drive

07:29so that we can swap out the save with our modified one.

07:33So now we can just plug in that USB drive

07:35back into our computer.

07:36So plugging the USB drive back into the computer,

07:39we've got our PS4 folder

07:40and then we have the Apollo folder

07:42which contains our decrypted version of the save file.

07:45And we have this vmc0.card file

07:47which is the file that we need to replace.

07:50So we've got the MasterCore exploit save

07:52for the network version and the USB version.

07:55The USB elf loader is the one we're using here in this video

07:58so I'm going to go ahead and open up that one.

08:00And we've got our PS4 folder

08:02and then all of the different firmwares that are supported.

08:05So you just select the folder

08:06that corresponds to your PS4 firmware version.

08:09In my case, I'm actually using a 10.01 system

08:12so I believe I just use the 10.0.

08:15So I'll go ahead and grab this vmc0.card

08:18and then just drag it into the decrypted folder

08:21and replace the file in the destination

08:23to get the modified save file copied over there.

08:26And then all we need to do

08:27is simply turn that back into an encrypted save

08:30by plugging in that USB drive back into the PS4,

08:33the jailbroken PS4 with the Apollo save tool.

08:36And then on the Apollo save tool,

08:38we'll go back into USB saves,

08:40we'll press square to refresh

08:41and we should now see a second version show up

08:44that does not have the padlock symbol on it.

08:47So that's the one you want to select.

08:48That's the decrypted version of the save that we replaced.

08:51And then we're going to copy that to the HDD

08:53and then that gets the save installed on this PS4.

08:58And now we just need to transfer the encrypted version

09:00of the save back to the USB drive

09:02by closing out of the Apollo save tool,

09:04heading into settings,

09:05going down to application save data management,

09:07save data in system storage and copy to USB storage device,

09:12select the save file for the game and copy it over.

09:15And that will get the encrypted version

09:18of the save copied over there.

09:20And then finally, the last thing we need to do

09:22is just copy the save file from the USB drive

09:25to the PS4 that we're actually trying to jailbreak with this.

09:29So we just plug that USB drive into the other PS4,

09:32go to application save data management again,

09:35save data in USB storage this time

09:37and copy it to the system storage of that PS4.

09:40And that gets our modified save file copied over.

09:42Of course, the other option is to use

09:44the free Discord save bots like the HTOS Discord server,

09:48which I'll leave a link to down in the video description.

09:50You can join that server and head to the HTO section

09:53and then simply find a save bot that is active.

09:56And then you can click get started or create instance

09:59and that will go ahead and create a new thread.

10:01And then you can use the forward slash decrypt command

10:03to decrypt the save file that you basically upload to Google Drive.

10:07And then once you get the decrypted save data,

10:10you can swap it out and then simply re-upload

10:13the decrypted save data to Google Drive

10:15and then use the encrypt command on the save bot

10:18to encrypt the save file using that decrypted save

10:20by providing a link to the original save file

10:23along with a link to the decrypted save.

10:25And then obviously also upload the SCE system contents as well.

10:30And then that will go ahead and re-encrypt the save file.

10:33So that's another way that you can do it

10:34using free Discord save bots

10:36without having to have another jailbroken PS4.

10:39So that's a couple of ways that you can get

10:40the modified decrypted save

10:42turned into a working save for your console.

10:45So let's go ahead and give this a try.

10:46So we're going to run Okage Shadow King.

10:48We'll tell it to update later.

10:50So the save file does not trigger on launch of the game.

10:57It triggers when you go to restore your current progress.

11:01So if we press the start button,

11:02we select restore game

11:03and this should then run the remote loader.

11:06Now, sometimes this does crash,

11:08but in this case it works.

11:10There we go.

11:10So it now says,

11:11do you want to load the MasterCore Lapse PS4 10.01.elf,

11:15which of course is D-Link Turtle's ELF file

11:17that then runs the jailbreak.

11:19So I'm going to say yes to run it

11:20and we'll see what happens.

11:22Okay, this time it was actually pretty fast here.

11:24We actually get the PP pwned message showing up

11:26and then the payload transferred

11:28from the USB to the hard drive

11:30and then executed.

11:31And we now have Gold 10 successfully loaded

11:33using the MasterCore exploit.

11:35Payload successfully loaded now showing up.

11:37So we do in fact have this working.

11:40Our 10.01 system has been jailbroken using this game

11:43rather than, you know, any of the other methods.

11:46We can actually jailbreak using this LapseCore exploit.

11:49Another indication that the exploit is loaded

11:51is that your controller will start lighting up

11:53like a Christmas tree.

11:55Although once you exit the game,

11:56it will go back to normal.

11:58So if I go ahead and exit now,

11:59you can see we've got our Gold 10 cheats menu showing up

12:02and we can close out of the application

12:04and it should be good.

12:05So we're not crashing anymore,

12:07which was one of the issues with the original version

12:09is that it was unstable.

12:11That stability seems to have been resolved now

12:13and we're no longer crashing.

12:14So yeah, we're actually stable running Gold 10

12:17with this exploit.

12:19And as you can see,

12:20we've got the Gold 10 menu loaded.

12:21So we have fully jailbroken our PS4 on 10.01 firmware

12:24using the LapseCore exploit from D-Link Turtle.

12:27Okay, so now let's take a quick look

12:29at the network loader.

12:30So I've gone ahead and swapped out the save file

12:32for the network loader version of this exploit.

12:36So if we go ahead and wait till this loads up,

12:39we can press the start button.

12:41I'll restore game.

12:43And when I select restore game,

12:44instead of loading from the USB,

12:46we'll get waiting for a PS2 ELF payload.

12:50So that's waiting on the network.

12:51So on my computer,

12:52I can just use the MasterCore ELF loader,

12:55which will be linked in the description.

12:57We can just run this program

12:58and then we select the file,

13:00which is gonna be our Lapse ELF file.

13:03So I have to select it here.

13:04So I'll go ahead and select it right here and open it.

13:08And then finally,

13:09we also need to enter the IP address of our PS4.

13:12So 192.168.137.80 in this case.

13:17And we'll go ahead and click load.

13:18And when I click the load button here,

13:20what will happen on the PS4

13:22is it should try and load that ELF file.

13:24So there it goes, it executed it.

13:26And now it is basically running the exploit

13:28or attempting to run the exploit.

13:30Pretty cool project by D-Link Turtle,

13:32allowing us to actually use this old X

13:34to actually run the jailbreak.

13:36If you still happen to have a copy

13:38of Okage Shadow King licensed on your PS4

13:41and you're on a compatible firmware,

13:43you should be good to go.

13:45Hopefully other firmwares as well in the future.

13:47So yeah, anyway,

13:48just wanted to cover that real quick.

13:49So hope you guys enjoyed this video

13:50or found the information useful.

13:52If you did, please leave a like and subscribe as always.

13:54And I'll hopefully see you guys in the next one.

13:56I'll see you guys in the next one.

14:14You

Category

Transcript

Be the first to comment

Recommended