- 2 days ago
PS4/PS5 Jailbreak update: Lapse 7.00 to 9.60 support through the web browser, Lua & Lapse gets some new features for 12.02 and more.
--------------------------------------------------------------------------------------------------------
Links:
Al-Azif Lapse: https://github.com/Al-Azif/psfree-lapse
Nazky's Host: https://github.com/Nazky/PSFree
Lapse with FTP and Kernel Dumper:
https://github.com/egycnq/LUA-Lapse
https://x.com/egycnq/status/193193725...
Remote Lua Loader: https://github.com/shahrilnet/remote_...
PS5_Lua_Menu:
https://github.com/itsPLK/ps5_lua_men...
--------------------------------------------------------------------------------------------------------
Timestamps:
0:00 - PS4 Lapse 9.60
4:20 - PS4 Lapse 12.02 Update
8:16 - More Lua games added
8:59 - PS5 kstuff porting on 8.00+
9:24 - PS5 Lua Payload Menu
--------------------------------------------------------------------------------------------------------
Music
Outro: Paul Flint - Sock It To Them - • Paul Flint - Sock It To Them [NCS Release]
--------------------------------------------------------------------------------------------------------
Find my content on these other platforms:
Odysee: https://odysee.com/@MODDEDWARFARE
LBRY: https://lbry.tv/@MODDEDWARFARE
BitChute: https://www.bitchute.com/channel/cZkN...
--------------------------------------------------------------------------------------------------------
Links:
Al-Azif Lapse: https://github.com/Al-Azif/psfree-lapse
Nazky's Host: https://github.com/Nazky/PSFree
Lapse with FTP and Kernel Dumper:
https://github.com/egycnq/LUA-Lapse
https://x.com/egycnq/status/193193725...
Remote Lua Loader: https://github.com/shahrilnet/remote_...
PS5_Lua_Menu:
https://github.com/itsPLK/ps5_lua_men...
--------------------------------------------------------------------------------------------------------
Timestamps:
0:00 - PS4 Lapse 9.60
4:20 - PS4 Lapse 12.02 Update
8:16 - More Lua games added
8:59 - PS5 kstuff porting on 8.00+
9:24 - PS5 Lua Payload Menu
--------------------------------------------------------------------------------------------------------
Music
Outro: Paul Flint - Sock It To Them - • Paul Flint - Sock It To Them [NCS Release]
--------------------------------------------------------------------------------------------------------
Find my content on these other platforms:
Odysee: https://odysee.com/@MODDEDWARFARE
LBRY: https://lbry.tv/@MODDEDWARFARE
BitChute: https://www.bitchute.com/channel/cZkN...
Category
🎮️
GamingTranscript
00:00Hey how's it going guys welcome back to another PS4 and PS5 jailbreak news update. With PS4 we
00:05now have 9.60 support with the lapse exploit running from the web browser which is properly
00:10working now loading GoldHen completely and this is thanks to of course AlAziv updating the repo
00:16including 9.60 support. Also 7.00 to 9.60 support is now included in AlAziv's repo so that even
00:24encompasses older firmwares like if you're still on 7.55 using that really unstable kernel export
00:30you'll be able to use lapse in future which will be more stable and run faster and then also of
00:35course the vulnerability scope says it goes all the way back to 6.00 so we can also expect support
00:41going all the way back to 6.00 which would also encompass previous jailbreaks like 6.72 where you
00:47would have the option to run the lapse exploit instead of the current exploit that you're using
00:51on that firmware. 9.60 was not able to use the USB method so the only way of jailbreaking 9.60 beforehand
00:58was to use the PPPone exploit with another device. Obviously you could use the jailbreak dongles
01:04to jailbreak the console that way. That was kind of the most convenient way of jailbreaking those
01:09firmwares up until now but now of course we can do it entirely through the web browser. So it's also
01:14important to note that the black screen slash save issue is still a problem at the moment with this
01:19version even with these other versions being ported. So what I would obviously recommend is not
01:25using this as your primary method of jailbreaking right now. Only use this for testing as it is
01:30still work in progress and that issue will need to be resolved before we can kind of switch to this
01:35permanently. So now what's happened is we've had other exploit developers who have taken the updates
01:41from AlAziv and have included those updates into their own hosts to make it compatible with 9.60 and
01:47load GoldHen automatically. So all of that is now included. The one I like to use at the moment is
01:51Nasky's host. So just to demonstrate this I went ahead and updated my PS4 that was on 9.00 up to
01:579.60. Not that I recommend doing this. I only did that because it's my revertible PS4 that can switch
02:03different firmwares and I can revert to older firmwares if I need to. So as you can see I went
02:08ahead and updated this to 9.60. So of course we can just connect to the internet and go to
02:12nasky.github.io forward slash PS3 to access the online version of the host and it should load up right
02:19there. Now if you do not want to connect to the internet to access it or if you want to get the
02:24latest build directly from the repo you can instead host it locally on your computer. So I just downloaded
02:30and installed the Node.js installer and then simply open up a command prompt or PowerShell window on
02:36your computer and then type in npm install http-server-g and then that will install the
02:44http-server-module for Node.js. So at that point you can just download the code for whichever version
02:50of the exploits you want. In this case I'm using nasky's version so I can just download the code
02:55and then just extract it to the desktop of my computer and then from there if I go into that
02:59folder to the same location that has the index.html file I can just right click in that location open
03:05up a terminal window and then simply type in http-server to run the web server in that location
03:11which will make the exploit host available at my computer's IP address on the network and from
03:16there I'll be able to access the exploit host locally instead of connecting to it over the
03:20internet. But obviously if you want a quick way to access it you can just go to nasky.github.io
03:24forward slash ps3 and access it over the internet instead. It will go ahead and cache the site for
03:30offline use first and wait for that to complete and then you can just refresh the page and you can see
03:35here it's showing that 9.60 is compatible. So from here I can just click the button to run
03:41the jailbreak and again all I have to do is wait a couple of seconds because it does have the same
03:46stability improvements that Chameleon's version had implemented for 9.00 so that's been carried
03:52over to these newer versions so it jailbreaks it super fast in just a couple of seconds and we have
03:57Goldhen running on 9.60 and the same should apply for other 9.x firmwares 9.03 9.50 you'll be able to
04:06get this up and running without requiring any additional devices. So of course 9.60 is the last
04:11firmware version on the PS4 that works with the PS3 webkit exploit allowing us to load this from
04:17the web browser. In order to load the lapse exploit on higher firmwares we need to use the
04:21Lua exploit unfortunately until a new webkit exploit is discovered for a higher firmware
04:26and then we might be able to you know load higher firmwares using the web browser in future
04:30but for now the only thing we have above 9.60 is the Lua exploit with the modified save files
04:36to be able to jailbreak firmwares up to 12.02. So speaking of which we also do have an update for
04:4212.02 on the PS4 using the Lua exploit coming to us from Mohamed Adel or EGYCNQ who was behind
04:49or one of the developers I believe behind the Syscon writer for the PS4. So he says I've been playing
04:54around for the past few days with something totally new and I wanted to share what came out of this
04:58Lua plus Laps a modified version of the original Laps.Lua script currently supports PS4 11.0 and
05:0412.02 added a sandbox escape kernel dumping to USB automate K-based detection and full FTP access.
05:12So we did not have any post exploitation steps with the Laps exploit when loaded through Lua
05:16up until now now it will dump the kernel with this version to a USB drive if you have a USB plugged in
05:22when you load it and it will also escape the sandbox so that you can get root FTP access. So just to
05:27show this here if we head over to the repo here we've got the Laps.Lua file you can just go to
05:32the code download as a zip file and extract that Lua file. So you can see here it is a Lua plus Laps
05:38PS4 post exploitation framework and if we scroll down it says it has been successfully tested on
05:4311.0 and 12.02. So all we really need to do here is launch our game on the PS4 that has the remote Lua
05:51loader added to it and that will get the save file loaded. Once the remote Lua loader is listening
05:56we can go ahead and switch over to our computer here we can download of course this particular
06:01Lua file here download the zip file and then extract it to the payloads folder with your remote
06:06Lua loader payloads. What I'm going to do is just rename it to Laps underscore new so I don't overwrite
06:11the original Laps Lua file from the remote Lua loader and I'll copy it into that payloads folder
06:16then I can just right click and open a terminal window and if you have Python installed you can just
06:21type in Python the send Lua dot py script and then of course the IP address of your PS4 along with the
06:27port number 9026 and then the name of the Lua file that you're sending in this case it's going to be
06:32our lapse underscore new dot Lua and then when we send that file we can see it executes the kernel
06:38exploit as normal but when it gets to the post exploitation step it's now dumping the kernel to
06:44my USB drive. So it is successfully doing some post exploitation dumping the kernel and once that's
06:50successful it should be all good and if we want to get root FTP access to the file system we can just
06:55send the FTP server script so again entering the same command and then just changing the Lua file to
07:01the FTP underscore server we can send that file and that will run the FTP server on the PS4 at which
07:08point we can then connect using an FTP client so I'm going to use FileZilla of course and I'll just
07:12enter the PS5's IP address in the host box and port 1337 and then if we quick connect you can see that
07:19we do in fact get connected and we have access to the full file system whereas normally if you just send
07:24the FTP payload without loading this particular lapse.lua right now it would just give you sandboxed FTP
07:30which only gives you access to you know the currently running application the directories within the
07:36sandbox and not anything outside of that but because we ran the Lua exploit and it's doing the sandbox escape
07:41now with post exploitation it now gives us full root access to the file system so we can access all of the
07:48files on our PS4 here so that's what we have at the moment of course we're just waiting for hopefully
07:53a bin loader to come out fairly soon and then that will essentially allow us to properly jailbreak the
07:58PS4 up to 12.02 because we'll be able to send the bin loader and then load something like henvtx
08:03up to 12.02 so we can run fake packages and essentially get the console jailbroken so getting
08:09much closer now to that being a reality so there we go that is another thing that's been added there for
08:14the PlayStation 4. Now some updates to the remote Lua loader itself here we also have a couple more
08:19games that have been added recently so we've got the Fuyu Kiss game which I covered in my previous
08:24update but we also have the demo version of it that's also been added and we now have Nora Princess
08:30and Crying Cat 2 so it's not the same one as before we already had Nora Princess and Stray Cat
08:36Heart HD but this is a different one here so Crying Cat 2 so a different game so that is another game
08:43that's been added I believe the winter guest game I talked about before is also being worked on
08:47so hopefully that one will be added soon as well and we may get a lot more games added hopefully in
08:52the near future so there's a couple of new games being added there that you can try and get your
08:56hands on to be able to load the Lua exploit. We also have a confirmation from Echo Stretch
09:01that K-Stuff is now in the works for 8.00 plus so they're currently trying to grab all of the
09:07offsets to get K-Stuff ported so we might start to see you know the PS5 getting support for being
09:13you know your PS5 game dumps and PS4 fake packages hopefully in the not too distant future
09:18here as it is now being worked on so 7.61 may not be the latest jailbreakable firmware for very long
09:24not only that but there's been an update for the existing jailbreaks that use the Lua exploit with
09:29this new PS5 Lua menu from NudgeDeck so what this allows you to do is it gives you a payload selector
09:36after running the jailbreak so that you can then load whatever payload you want post exploit which is
09:42something that we've obviously had with the web browser method which is super convenient but not
09:46with the Lua exploit up until now so now we can select whatever payloads we want after jailbreaking
09:51all you have to do is download the file here from the repo so download the PS5 Lua menu.lua
09:57you can send this using the remote Lua loader or you can update your auto loader if you're using the
10:03itsplk version that auto loads a payload then essentially you can just take this Lua file
10:07copy it to the remote Lua loader folder on the root of a USB drive and then simply edit the auto
10:13load text file to load the PS5 Lua menu instead of a payload and then once you have that configured you
10:20can plug that USB into your PS5 you can also of course copy it to the data folder on the hard drive
10:25with PS5 Explorer or FTP if you want to load it from there and then when you run your Lua game it
10:31will run the exploit as normal once it's successfully jailbroken it will suddenly open up a web page here
10:37with the payloads that you can select so you can see ETA HEN is already available in here
10:42but if you want to add more additional payloads here you can actually go over to this manage option
10:48and then it gives you a QR code that you can scan on your phone which will open up the web page
10:52on your phone or of course on your computer you can just go to the IP address of your PS5
10:58with port number 8084 so if we do that on our computer here and we just go to the IP address
11:03with 8084 there and it will take us to the management page and then from here obviously
11:08you need to be on a device that's connected to the same network as your PS5 here but what you
11:13can then do is select the option to download and then you can select any payloads that you want to
11:17download and it will download them automatically to the data folder on the PS5 so you'll be able
11:22to load them using this menu on the PS5 itself so all we have to do here is simply just select
11:28what payloads we want like the web server payload you know k stuff any other payloads that you want
11:33here now this actually doesn't have a huge selection of payloads but we'll just download the main ones
11:38that we want here I'd probably recommend going over to the UMTX repo from Idolsauce and basically
11:44downloading Idolsauce's host there downloading the code which contains a payload folder with all of the
11:49payloads that are available with the web browser version of the exploit I can extract those out to my
11:53computer and then just select the upload option in the web menu here to upload whichever extra
11:59payloads I want from there like the PS5 and debug payload for instance and you can get them added
12:04there so you can add payloads upload them from your computer or just download them from the internet
12:09onto the PS5 directly and then if we switch back over to our PS5 here you can see we still only have
12:15ETA hen showing up right now but if I go into the management option and then switch back again that will
12:20refresh it and then from there we can see all of the payloads that I downloaded and uploaded from my
12:25computer are now available to select and we can select something like I don't know FTP and that
12:30will run the offloader and then load the payload that we selected so so once again we're getting more
12:34improvements to the Lua exploit to make it more convenient to use and kind of bring it up to the
12:40same level as the web browser exploit in terms of convenience obviously the Lua exploit is never going
12:45to be as convenient as the web browser exploit given the fact that you have to have one of those games
12:49that is supported and then of course getting the save file on there is also quite tricky sometimes
12:54but anyway it's good to see that we are getting improvements here for the Lua exploit ongoing
12:58so yeah anyway that's going to do it for this update here so hope you guys enjoyed this video
13:02or found the information useful if you did please leave a like and subscribe and as always
13:06I'll hopefully see you guys in the next video
13:08So
13:15you
13:17you
13:21you
Recommended
15:51
14:16
8:20
11:59
14:33
10:38
Be the first to comment