New PS5 Lapse exploit is here!

jalal khan

Watch New PS5 Lapse exploit is here! - jalal khan on Dailymotion

Transcript

00:00Hey how's it going guys, welcome back to another PS5 video. So it looks like we've had some pretty

00:03major news which is the release of the new LAPS kernel exploit for the PS5 using of course the

00:10Lua exploit as the entry point to trigger that kernel exploit. So we now have that chain working

00:15on the PS5. It also works on the PS4 although it's not quite fully implemented yet on the PS4

00:21so the PS4 version is lagging a little bit behind the PS5 version right now but on PS5 we essentially

00:28have it working on firmwares all the way from 8.00 all the way up to firmware 10.01 so any

00:34firmware in between 8.00 all the way up to 10.01 including also older firmwares below 8.00 that

00:41already have existing jailbreaks we can also run the new LAPS kernel exploit on those firmwares too

00:47so that is all basically implemented and ready to go here. Now we're just talking right now about the

00:53LAPS kernel exploit itself which on its own can only enable the debug settings right now

00:58and obviously you know it essentially jailbreaks the system but we don't have k stuff to be able

01:03to run fake packages or you know PS5 game backups or homebrew or anything like that at the moment

01:08we're just talking about enabling the debug settings up to 10.01. There's also the ELF loader which is

01:14trying to be ported at the moment and it is working I believe on 8.00 possibly 8.20 just not too sure

01:21about that right now but there definitely seems to be some changes that have been implemented in

01:26firmwares at least above 8.0 potentially 8.20 so basically 8.40 and above that are running into issues

01:34at the moment with trying to get the ELF loader working so we can see this from Echo Stretch here

01:39he made a post saying that with all the screenshots videos and messages going around trust me when I

01:44say something changed from 8.20 to 8.40 plus we're currently working on it so please do not update

01:51for now also avoid taking advice from untrusted sources so obviously I would second that but

01:57especially the whole thing about do not update obviously you should not update you know even

02:02if the ELF loader was working up to 10.01 right now because we don't have k stuff and we still don't

02:07know if k stuff can be successfully ported on these higher firmwares because there could be you know

02:12some kind of change that PlayStation have implemented to kind of firm up the security to prevent something

02:18like k stuff from actually working so we need to obviously you should wait until you essentially

02:22have k stuff and eta hen all working on those higher firmwares before you would consider updating

02:27to one of those higher firmwares and then even then there are reasons not to update in case you

02:32want to wait for a hypervisor exploit and you know other reasons like that so it remains to be seen at

02:37the moment if this change that is preventing the ELF loader from being ported right now to 8.20

02:42potentially or 8.40 and higher could be you know some kind of extra security measure that's going

02:48to be hard to get around or if it might just be something fairly trivial that they'll be able to

02:54figure out quite quickly and get around so that still remains to be seen so fingers crossed it's

02:59something trivial and not something very complicated like some kind of new security measure that is

03:04preventing it because obviously the ELF loader is needed to load payloads like your eventually k stuff

03:10if it gets ported successfully will need to be loaded with the ELF loader along with you know

03:14pretty much everything else other payloads and homebrew applications need to be loaded with the

03:18ELF loader it's a vital component so that will need to be figured out so it can be ported on these

03:23higher firmwares so the ELF loader is working right now on 8.00 but looks like firmwares above that

03:29may be having trouble getting the ELF loader working right now so it's currently not available

03:33on those higher firmwares but the kernel exploit on its own will work up to 10.01 so far which will

03:39just enable the debug settings for now so in order to get this up and running here you need to

03:43download the lua loader from this project this whole thing was ported by sharlnet and null pointer

03:49and of course I think echo stretch was working on porting all of the offsets so as you can see you

03:54need to get the save data copied over if you're using an older version of the remote lua loader

03:58you will need to update to this latest version which includes the offsets for the higher firmwares

04:03so make sure that you install the latest save data for the remote lua loader

04:08I do have a couple of videos on this one that shows the easy way of restoring a backup

04:12although there might not be a backup available yet with the latest version because at the time

04:17of recording it was only six hours ago that 9.xx offsets were added so I'd keep an eye on updates

04:22from master s9 on the backups because master s9 is usually the person that comes out with the latest

04:28backups that you can restore on your console so I'm sure there'll be a backup available soon that you

04:33can use to restore the save data onto your console for this latest version there are other ways that you

04:38can also copy the file over I'll leave a couple of guides that I've made on that down in the video

04:42description if you want to check it out to get the save data on your console and then if we take a look

04:47at the payloads we can see that we have the lapse.lua file here which runs the kernel exploit if we take

04:53a look at it it says kernel exploit for ps5 for firmwares below or equal to 10.01 and ps4s on firmwares

05:00below or equal to 12.02 and then also on ps5 it will jailbreak the game process as well as the

05:07playstation allowing for more access to the system on the ps4 it will only give arbitrary kernel read

05:13write for the vulnerable firmware jailbreaking for ps4 is not yet available so yes it does not quite work

05:19yet on the ps4 I mean actually the exploit itself does run on the ps4 I have tested it but as you'll see

05:26here if I launch the game on the ps4 a lua game that can run the remote lua loader when I try to

05:31send the lua file payload here you can see it does actually run the kernel exploit just fine but it does

05:38say here that it's not supported yet for the jailbreak so you know it just kind of stops at a

05:43certain point and doesn't go any further so that's what you get right now if you try to run it on the

05:47ps4 it's just a little bit further behind the ps5 not quite fully implemented yet but it's certainly

05:53been worked on and if you want to try and run this on the ps5 I just tested this on my 4.03 system

05:58since you can run it on firmwares that have previous jailbreaks as well so with this I already

06:03have the save file copied over so again I can just launch the game and it will run the remote lua loader

06:08listening on port 9026 and then from there we can simply go into the payloads folder that contains all

06:15the lua payloads we right click in that folder and open a terminal window and then from there we can

06:20simply type in python and then the send underscore lua dot py which is the script to send the lua files

06:27to the console and then the ip address of your ps5 followed by 9026 which is the port number and then

06:34obviously we're going to send the lapse dot lua file instead of the umtx one to try and jailbreak using

06:40this new exploit and as you can see when I press enter it's pretty much instant it's amazing how fast this

06:46runs it definitely loads faster than the umtx exploit although that too runs pretty fast with

06:51this particular method but even then this is definitely faster not quite 100% stable though

06:57as you can see in this case on my first try it did run successfully and it gets all the way to the

07:02point where it says it's done once it's done you can then send a follow-up payload like the elf loader

07:07if it's supported on your firmware right now obviously I'm on an older jailbreak so I have all

07:11payloads available to me so I can go ahead and send the elf loader next again using the same script

07:17and then that will get the elf loader loaded on my console and then finally last but not least

07:22because again I'm on an older firmware that has eta hen support I can also then just use netcat gui or

07:28any other payload injector to essentially send the eta hen payload on port 9021 and the elf loader will

07:35launch it on the ps5 and get the console fully jailbroken with eta hen so I can basically run the

07:41full exploit and get eta hen up and running using the new lapse exploit on my ps5 right now which is

07:47pretty damn awesome now obviously stability is not perfect so I only tried to load this three times

07:53so far the first time I loaded it it was successful the second time I tried to load it it failed it was

07:58unsuccessful and if you try and load it again after it fails because it doesn't necessarily kernel panic

08:04when it fails so you can go on and try and load it again but then it will most likely just kernel panic

08:09so you might as well just restart your ps5 when you get that error message and then just try and load

08:14it again and on my third try it was successful again so first try and third try were successful

08:20second try failed so yeah two out of three so far obviously I'd have to try it many more times to

08:26really see you know what the success and failure rate actually is so in terms of how this actually

08:31changes the whole status quo of jailbreaking on the ps5 as of right now the current situation

08:36basically up to firmware 8.0 you're able to enable the debug settings and also run the elf loader

08:44which means in a pretty short period of time I suspect things like the homebrew launcher will get

08:49updated to support 8.00 so you'll be able to load some of those retro games the offline account

08:54activator maybe things like the remote play enabler those kind of homebrew applications could run

09:00and then also of course other payloads like ftp for root access to the file system and maybe

09:06eventually things like ps5 debug air psx various other payloads could get ported over to work on

09:128.00 those are things that we could expect in the short term obviously long term we'll have to wait

09:17and see if k stuff will be able to be ported to firmwares above 7.61 that still remains to be seen

09:23and for firmwares above 8.00 and maybe 8.20 we're looking at an issue with the elf loader where it's not

09:29working at the moment and we'll have to see if that can be successfully fixed and made to work

09:34on all of the firmwares up to 10.01 so that's still a wait and see situation right there now there could

09:40also be some short-term benefits to people on 6.x and 7.x firmwares who already have existing jailbreaks

09:46because I've noticed that echo stretch has also been updating the offsets for the ps5 self decryptor

09:52which is used to decrypt your games so that you can create ps5 game backups or game dumps so those

09:58offsets are being updated to add 8.x 9.x and 10.0 and 10.01 firmware support to the self decryptor

10:05obviously it requires the elf loader to be able to load it which means only people on 8.00 would be

10:11able to load it in the immediate term even though we don't have k stuff on 8.x or anything yet you

10:17could still decrypt your retail games on an 8.x firmware with this updated self decryptor if you

10:23have a working elf loader available by that point and then you could essentially dump your games on

10:28those higher firmwares that are currently not runnable on 6.x and 7.x firmwares you could turn

10:33them into playable game dumps and then people on 6.x and 7.x would be able to run them using k stuff

10:39so people on 6.x and 7.x could look forward to newer games more ps5 game dumps being made available

10:45in the short term and then of course we also want to see the ps4 get full support for the exploit as well

10:52so that we can jailbreak our ps4s fully using this lua version of the exploit as well so yeah anyway

10:59that's basically where we are right now so hope you guys enjoyed this video or found the information

11:03useful if you did please leave a like and subscribe and once again i'll hopefully see you guys in the

11:07next one

11:22you

Category

Transcript

Be the first to comment

Recommended