- 2 days ago
Category
🎮️
GamingTranscript
00:00Hey how's it going guys, welcome back to another PS4 and PS5 jailbreak news update.
00:04We've had lots of topics that have been building up over the past week to troll through,
00:08so let's go ahead and get straight into it shall we? So starting with of course
00:12the Lapse Exploit Chameleon's version for 9.00, we had a pretty big stability improvement,
00:18so performance fix here that was added a few days ago, and now this has made a huge difference to
00:24stability when loading the exploit on the browser on 9.00 on your PS4, so when I go to load it,
00:31it should basically eliminate or at least greatly reduce the amount of unhandled rejection errors
00:37that we used to get when loading the exploit, which would happen quite frequently. I haven't
00:41had a single one, I tested it running it three times in a row, and each time it loaded the exploit
00:46successfully. Not only that, but it now runs the exploit a lot faster, so you're not waiting as
00:51long for it to actually, you know, finish running the kernel exploit and then load Gold 10. It now
00:56happens much much faster, so a big improvement to speed and reliability on the exploit, so that is a
01:02huge improvement that's been made there as well. Now again, it's still not recommended really to
01:07use this yet because it still has the issue of certain games having black screen problems and
01:12some save data corruption issues, so still not recommended to use this overall until that is
01:17fully fixed, but you know, as soon as that's fixed, this would be the go-to option now given how fast
01:22it runs, and again, not requiring any additional devices like another device to send the exploit or
01:27using a USB drive like the previous methods. Now it is only for 9.00 right now, but Chameleon
01:32has stated the intention to update it to higher firmwares to start getting firmwares like 9.03 and 9.60
01:39updated to use this given how much more stable and fast it now runs. It can now kind of be ported to
01:45these higher firmwares. Now not only is Chameleon working on that, but we also have AlAziv who
01:50appears to be working on this too, because AlAziv's repo has also been updated. This also uses the web
01:56browser to run the exploit here, and you can see here it's now been updated. Originally it was only
02:008.00 to I think 8.03 that was supported. Now it supports firmwares from 8.00 all the way up to 9.60,
02:07at least with the initial ROP. Still not in a usable state yet, but as you can see it is being ported
02:12to support firmwares all the way up to 9.60, so that you'll be able to jailbreak just using the
02:18web browser with no additional devices up to 9.60 fairly soon. Now in addition to that, we also now
02:23finally have the implementation of the LAPS exploit using the Lua exploit to load it, which again uses
02:29these Artemis engine games with a modified save file that can be used to trigger the exploit. So we now
02:36actually have an implementation and it works on the PS4 and the PS5 here. So if we take a look at the
02:41payload section and then scroll down of course to the information here and you can see we've got
02:47LAPS.Lua kernel exploit for PS5 for firmware below or equal to 10.01 and PS4 below or equal to 12.02.
02:54It says on the PS5 it will jailbreak the game process as well as the PlayStation, allowing for
02:59more access to the system, and on the PS4 it will only give arbitrary kernel read-write for the
03:04vulnerable firmware. Jailbreaking for PS4 is not yet available. So on the PS5 it has a post-exploitation
03:10step that does things like enable the debug settings. That doesn't happen on the PS4, but on
03:15the PS4 it's mostly done, you know, it actually runs the exploit just fine, but it doesn't do anything
03:21for the post-exploitation step at the moment. So basically you need to have one of the games that
03:26uses the Artemis engine like Hamadashi Creative here. When I load up the game with the modified save
03:31file on it for the remote Lua loader, it will go up and load the userland exploit. We can then use
03:37the payload, the send Lua Python file using Python by opening up a command window, of course, in the
03:44directory with the payloads, and then we can just use Python, then the send Lua.py file, then the IP
03:50address of the PS4 with the port number being 9026, and then we can just enter the Lua file that we want
03:56to send to the console to execute, which is going to be our lapse kernel exploit, and then we can send it
04:02and it will start executing the exploit there on the PS4, and that should work all the way up to
04:0712.02. Not to mention we also have a Hen VTX from Echo Stretch that is also ported up to 12.02,
04:14so we're getting very close to being able to essentially jailbreak the PS4 all the way up to
04:1912.02. We're essentially just missing the kind of final post-exploitation steps like the bin loader,
04:24which will allow us to load the Hen VTX payload, and then eventually of course we'll need to wait for
04:29Gold Hen to get ported, which will take longer, which will give us all of the additional extra
04:34features that Gold Hen includes, but until that time we can use Hen VTX from Echo Stretch, which of
04:39course allows us to at least enable fake packages and essentially get the console jailbroken, so we're
04:45getting very close to being able to jailbreak the PS4 all the way up to 12.02 using the Lua exploit,
04:51and up to 9.60 using the web browser method. Now I know a lot of people do not want to have to
04:56get these Lua games. If we head of course back to the remote Lua loader here, we'll be able to see
05:02that we do have all the games that are currently supported, from Raspberry Cube all the way up to
05:07Jinky Resurrection. There's also the iX Sheetel demo that's been recently added, but obviously you'll
05:12need to get the full version of the game, a disc version of the game, in order to be able to load it
05:17on older firmwares. So that is basically it, you need to get one of these games. Now speaking of the
05:22games, there are other games that are getting added here, so Master S9 has shown off another game that
05:28appears to have been ported, so Fuyu Kiss CUSA 29745. So you can see this game here also uses the
05:35Artemis engine, and it can be used again to load the exploit on the console, as you can see, loads the
05:41save file, and then we get the remote Lua loader running. So that's another game that's also potentially
05:46working. Another game that's also being looked at at the moment is this Winter Guest game as well,
05:52this one has some kind of different structure to the save file, but it is a compatible game,
05:57so it will likely get ported over hopefully fairly soon. So we could potentially see this game,
06:02and obviously this game here, be added to the Lua loader, so that you could get one of those games
06:07as well, as the ones I showed in the earlier list. You can pretty much try and get them from places
06:11like eBay, or CD Japan, or PlayAsia. The only thing is, a lot of people who are kind of reselling them
06:17on eBay, or selling them at scalper prices at this point. The secret's out that these games can be
06:22used to trigger an exploit and jailbreak your console, so obviously they're being sold at
06:27inflated prices, unfortunately. But maybe because this game's just been added, you might be able to
06:32find one of these at a reasonable price, or maybe one of these at a reasonable price for when it
06:36hopefully gets ported in the near future. So those are some updates there as well. Now for the PS5,
06:41we recently got the new firmware update of 11.40. All it says is that they've improved messages and
06:47usability on some screens. Apparently they've also fixed a VRR stutter issue according to Digital
06:53Foundry in this particular version. But yeah, no mention of any kind of security fixes in this
06:59version, and the Lua exploit appears to still work up to firmware 11.40. So if you don't really use
07:04your PS5 that often, and you're thinking of maybe jailbreaking it in the future, and you're on the
07:08latest firmware like 11.40, then you could essentially just create a Japanese account,
07:13and then get one of the demos like the Hamadashi Creative demo, or the iX-She-Tel demo. Basically
07:19get one of these demos from the PSN store onto your PS5, and then put it offline, or your PS4,
07:26and then put it offline and keep it offline until a new kernel exploit comes out for one of those newer
07:31firmwares. And then you'll be able to use that demo to load the exploit. So next we also have an
07:37update to the backup files from Master S9. So Master S9's released a new backup that now includes
07:43the two versions of the Lua exploit. There's the remote Lua loader, RLL, and then there's the
07:48It's PLK version. The It's PLK version is used to automatically load the full chain exploit on consoles
07:55that already have the full jailbreak available up to 7.61, so that you can use it to auto load things
08:01like ETA Hen, just by launching the game. So that is what that version is. And then the RLL,
08:06the remote Lua loader, is the version that we just talked about before, where you can send different
08:10Lua files to the console to execute for testing the new Lapse exploit. And the way it works is it
08:16just has the saves on two different accounts. So you can sign into one account to use the remote
08:20Lua loader version, and sign into the other account to use the It's PLK version. And then you just load
08:25your Lua game, and it should run that particular version of the exploit. So that's all set up and
08:30ready. But this only works on firmwares 5.10 up to 10.01, because the backup was created on 5.10.
08:37So you need a console 5.10 or higher to be able to restore that backup onto it, to be able to access
08:42those save files. So I'll leave a link to that backup down in the video description. So now 8.x
08:48firmwares, 9.x firmwares, 10.0, and 10.01 can all essentially run the new kernel exploit on the PS5.
08:55And not only that, but there was an issue previously with the elf loader and not working
08:59above certain firmwares like 8.0 or 8.20. That issue appears to have been resolved. So it's now
09:05working up to all the way up to, I believe, 10.01, or at least the offsets and everything have been
09:09ported for it. So it looks like that fix has been applied. So we should now be able to use the elf
09:14loader on higher firmwares. And as an additional bonus, we now have the payloads being ported as well.
09:20So we've got on the PS5 payload dev repo, the web server payload has also
09:25been updated. So it now includes offsets for 8.x, 9.x and 10.x, which means you can run the
09:31homebrew loader on those firmwares and essentially load a bunch of things like the retro games and
09:36the offline account activator and the remote play enabler and all of those things can now be loaded
09:41on those firmwares. So again, no K stuff yet, or obviously ETA hen, but in the meantime, you can at
09:47least get some homebrew applications and payloads running on 8.x, 9.x and 10.x, which is pretty great.
09:54That includes things like the kernel log server and the FTP server, which should hopefully be able
09:58to run now on 8.x, 9.x and 10.x firmwares. So we also got some information about PS5 Slims
10:06from LukeD underscore NC, who said that PS5 Slims on 8.20 firmware with a factory paired Blu-ray drive
10:12and no PSN activation or account can be restored using Master S9's system image without losing drive
10:18pairing. And then Lua launched using the iX Shi. So essentially the worry with PS5 Slims is that the
10:23older model Slims that first came out did not have the disk drive paired from the factory. So you'd
10:28have to update to the latest firmware in order to pair the drive. And of course, that would prevent
10:33you from running the exploit on older firmwares. However, newer model PS5 Slims that are on 8.0 or
10:40above have the disk drive already paired from the factory so that you don't have to update to pair
10:45the drive and get it working. So you can use it to run your Lua game and run the exploit. The worry
10:50was when you restore a backup, because restoring a backup is similar to essentially factory resetting
10:55the console. And so the worry was restoring a backup to get the modified save file on there to load the
11:00exploit might actually remove the pairing on the drive. And then you'd have to update to the latest
11:05firmware to pair the disk drive again. Luckily, that is not the case. LukeD underscore NC took one
11:11for the team and tested this on a factory paired Blu-ray drive console and found that it does not
11:16actually remove the drive pairing when you essentially restore the backup. So that basically
11:20means disk addition slims on 8.0 or above are a viable option for running the jailbreak once we have
11:26k-stuff for Henv2 on 8.00 and above. We've also got some information about new games coming.
11:33So of course, Zekko has been teasing the new Henv2 method, showing a game like Spider-Man 2 running
11:40on a test kit. But at the moment, this is a debug package on a test kit, but basically showing what
11:46can potentially come to retail consoles eventually with this Henv2 method, because currently Spider-Man
11:522 is one of those games that cannot be turned into a working dump using the current methods we're using
11:58with k-stuff. But with this new Henv2 method, which should allow for fake packages in the future,
12:03something like this should be possible running games like Spider-Man 2 and other games that are not
12:08working with the k-stuff method. So Zekko just basically showing a little teaser of that as
12:13well, running on a test kit. We also have some new PS5 game backups, which require higher firmwares
12:18than 7.61 to dump, because we now have of course the PS5 self-decryptor that has been successfully
12:24ported to higher firmwares like 8.X, 9.X and 10.X, so people can start dumping those games and turning
12:31them into working backups. And then some of those backups might run on firmwares like 7.X,
12:36might be new enough to run some of those backups. So it looks like we have from Speed-007, Alone in
12:43the Dark, Dragon's Dogma 2 and Pacific Drive. So those games are games that require a firmware higher
12:50than 7.61 to run, so they couldn't be dumped previously. But now that we have the self-decryptor
12:54working on higher firmwares, people on 8.X, 9.X and 10.0X can dump those games. And then we can
13:01essentially try and run those game dumps on 6.X and 7.X and some of them might work. It looks like
13:06Alone in the Dark, Dragon's Dogma 2 and Pacific Drive may work on 7.X firmwares. So the last thing
13:12to show for the PS5 here is that Lightning Mods has shown an additional option that is coming to
13:17ETA Hen. So this is the controller shortcuts feature and you can see it here showing that there are
13:23certain controller shortcuts that you can enable to do things like open the cheats menu, open the
13:27ETA Hen toolbox, open the Webman Games menu, as well as toggle case stuff on and off. And then you can
13:34also remap the share button as well. So yeah, just pretty handy, kind of like how in Gold Hen you have
13:40the shortcut to bring up the cheats menu when you're in game. Well, these shortcuts can trigger at any
13:46point. You don't have to be in the game. You can trigger it when you're on the menu. And this is
13:50just going to make things so much more convenient to use your jailbroken PS5 because you don't have
13:54to go digging around in the settings to enable certain things. You'll be able to just hold down
13:59certain buttons on your controller and it will take you straight to that option, which is a huge
14:02welcome change for ETA Hen, which I think is going to make a real difference. So anyway, that is
14:08basically the whole update here for this video. So hope you guys enjoyed this one or found the
14:11information useful. If you did, please leave a like and subscribe. And once again, I'll hopefully
14:15see you guys in the next one.
Recommended
2:26
0:46
11:12
0:30
10:14
0:45
11:27
14:33
8:20
15:51
Be the first to comment