v4.1.1

Notable New Features

• Added stdio redirection utilities. Inspired from work by John Törnblom, iakdev and CryoNumb.
• Added more sdk mappings.

Notable Fixes

• Fixed kernel offsets for 5.xx+.
• Fixed a few bugs in SDK.
• Fixed FTP server not reading device files. Big thanks to CryoNumb for the fix.

Notes

• See commit logs for full list of changes.
• The payloads are compatible with v4.1.0. However, the new UMTX should be ran using Remote Loader and not using the one from Full disc to obtain kernel r/w.
• Full ISO includes a menu and all the JARs as of this release. Trimmed ISO includes only the remote JAR loader, payloads need to be sent over network.

Payloads:

Same as v4.1.0.

v4.1.0

Notable New Features

• Multiple SDK improvements.
• Implemented paged DMA transfers.

Notable Fixes

• Jailbreak JAR now works with Menu Loader and is included in Full ISO.
• Previously inaccessible directories can now be read (bug in usage of native file i/o).

Notes

• See commit logs for full list of changes.
• New payloads are not compatible with previous JAR Loader version and vice-versa.
• Full ISO includes a menu and all the JARs as of this release. Trimmed ISO includes only the remote JAR loader, payloads need to be sent over network.

Payloads:

• UMTX bug implementations from flat_z, Cryptogenic and cheburek3000 adapted to this SDK. Each one of them can be used to obtain kernel read/write. Note: UMTX1 is the recommended payload. As stability improves, other implentations will be deprecated and eventually removed.
• Byepervisor implementation from Cryptogenic.
• Kernel dumper. Once kernel r/w is obtained, send this payload to dump the kernel. If byepervisor was run first, it will dump text and data. Otherwise, only data will be sent. Use netcat on a computer to receive the kernel binary by connecting to the PS5 on port 5656.
• Jailbreak implementation which makes BD-J process run with superuser and escapes it from /app0 jail.
• FTP server (with root access after jailbreak).
• Klog server. Not very stable when a client is connected to it.
• Debug Settings. Activates/deactivates debug settings (deactivation only works within initial BD-J process).
• Samples:
  • Mini tennis game.
  • System properties printer.
  • Dump current classpath of JVM, including java.base module (may not work on all firmwares).
  • Dump information about BD-J process (requires kernel r/w).
  • List of all directories in the filesystem using native calls.

v4.0.1

New Features

• Implemented AGC-based kernel read/write primitives to allow write access to kernel data on firmware 6.00+. Big thanks to flat_z.
• Added the payload to activate Debug Settings menu. Credit to CryoNumb.
• Various SDK improvements and refactorings.
• Added output of version numbers for JAR loader and for payloads (based on Maven project version).

Notes

• Release v4.0.0 was yanked as it contained a critical bug on firmware 7.00+.
• New payloads are not compatible with previous JAR Loader version and vice-versa.
• Full ISO includes a menu and all the JARs as of this release. Trimmed ISO includes only the remote JAR loader, payloads need to be sent over network.
• Full ISO does not include jailbreak and klogserver JARs as jailbreak is not working well with the menu loader.
• Some directories are not accessible in BD-J, even with jailbreak. This is a known issue, walkaround for this restriction has not yet been found.

Payloads:

• UMTX bug implementations from flat_z, Cryptogenic and cheburek3000 adapted to this SDK. Each one of them can be used to obtain kernel read/write. Note: UMTX1 is the recommended payload. As stability improves, other implentations will be deprecated and eventually removed.
• Byepervisor implementation from Cryptogenic.
• Kernel dumper. Once kernel r/w is obtained, send this payload to dump the kernel. If byepervisor was run first, it will dump text and data. Otherwise, only data will be sent. Use netcat on a computer to receive the kernel binary by connecting to the PS5 on port 5656.
• Jailbreak implementation which makes BD-J process run with superuser and escapes it from /app0 jail.
• FTP server (with root access after jailbreak).
• Klog server. Not very stable when a client is connected to it.
• Debug Settings. Activates/deactivates debug settings (deactivation only works within initial BD-J process).
• Samples:
  • Mini tennis game.
  • System properties printer.
  • Dump current classpath of JVM, including java.base module (may not work on all firmwares).
  • List of all directories in the filesystem using native calls.

v3.1.0

New Features

• A new payload for jailbreaking BD-J process. This JAR sets the process user to "root" and sets the root of the filesystem to "/", escaping "/app0" jail. After running this payload, FTP Server will see the entire filesystem.
• Another payload to retrieve the contents of Klog over network using something like netcat.
• Payloads can now run in the background while JAR loader accepts other JARs. Two payloads have been converted to background jobs: FTP Server and Klog Server.

Fixes

• Hopefully improved stability of UMTX2 which was deadlocking every single time in the last update.
• Still investigating stability issues due to native call optimizations in the last release. For now reverted to previous state (sort of).

Notes

• Usual note about backwards compatibility not guaranteed with previous versions of the JAR loader.
• On firmware 6.00+, attempting to write to certain regions of kernel data still results in a panic.

v3.0.0

New features:

• Two versions of the ISO: one with all the payloads (updated as of the time of the release) and the menu which can load them right from disc; another, as before, with just the remote JAR loader. Both versions can remote load the more recent payloads incrementally attached to this release, full ISO just has the menu which also loads payloads burned on disc. Thanks to iakdev.
• Incorporated recent native call optimization ideas from Andy Nguyen into the SDK. UMTX payload now converges much faster.
• UMTX2 is being deprecated with this release. It's more prone to deadlocks and maintaining two implementations adds unnecessary overhead. Will likely be removed in future releases.
• Misc SDK fixes.

Payloads compiled with the previous version of the SDK are unlikely to work with this loader and likely vice versa (previous loader is unlikely to load properly the JARs compiled with this version of the SDK).

Note: on firmware 6.00+, attempting to write to kernel data results in a panic. Kernel text can be read/written only on firmware below 3.00.

Steps:

• Compile the project and burn the contents of assembly/target/assembly-3.0.0 to BD-RE disc. Pre-compiled ISO is also provided. Optionally compile with -Dloader.logger.host=[Logging server IP] to echo the output on screen to a remote host.
• Insert the disc into PS5 and run the JAR Loader.
• Send a payload: java -jar <payload.jar> <PS5 IP>

Included payloads:

• FTP server (sandboxed).
• Sample mini tennis game.
• System properties printer.
• Dump current classpath of JVM, including java.base module (may not work on all firmwares).
• UMTX bug implementations from flat_z, Cryptogenic and cheburek3000 adapted to this SDK. Each one of them can be used to obtain kernel read/write. Note: UMTX1 is the recommended payload. As stability improves, other implentations will be deprecated and eventually removed.
• Byepervisor implementation from Cryptogenic
• Kernel dumper. Once kernel r/w is obtained, send this payload to dump the kernel. If byepervisor was run first, it will dump text and data. Otherwise, only data will be sent. Use netcat on a computer to receive the kernel binary by connecting to the PS5 on port 5656.

v2.1.0

Kernel read/write primitives up to FW 7.61.

Note: on firmware 6.00+, attempting to write to kernel data results in a panic. Kernel text can be read/written only on firmware below 3.00.

Steps:

• Compile the project and burn the contents of assembly/target/assembly-2.1.0 to BD-RE disc. Pre-compiled ISO is also provided. Optionally compile with -Dloader.logger.host=[Logging server IP] to echo the output on screen to a remote host.
• Insert the disc into PS5 and run the JAR Loader.
• Send a payload: java -jar <payload.jar> <PS5 IP>

Included payloads:

• FTP server (sandboxed).
• Sample mini tennis game.
• System properties printer.
• Dump current classpath of JVM, including java.base module (may not work on all firmwares).
• UMTX bug implementations from flat_z, Cryptogenic and cheburek3000 adapted to this SDK. Each one of them can be used to obtain kernel read/write. Note: performance and stability varies.
• Byepervisor implementation from Cryptogenic
• Kernel dumper. Once kernel r/w is obtained, send this payload to dump the kernel. If byepervisor was run first, it will dump text and data. Otherwise, only data will be sent. Use netcat on a computer to receive the kernel binary by connecting to the PS5 on port 5656.

v2.0.0

Framework for permanent kernel r/w.

Note that previous versions of JAR loader will not run JARs compiled with this release.

Steps:

1. Compile the project and burn the contents of assembly/target/assembly-2.0.0 to BD-RE disc. Pre-compiled ISO is also provided. Optionally compile with -Dremote.logger.host=[Logging server IP] to echo the output on screen to a remote host.
2. Insert the disc into PS5 and run the JAR Loader.
3. Send a payload: java -jar <payload.jar> <PS5 IP>

Examples:

1. FTP server (sandboxed).
2. Sample mini tennis game.
3. System properties printer.
4. Dump current classpath of JVM, including java.base module (may not work on all firmwares).
5. UMTX bug implementations from flat_z, Cryptogenic and cheburek3000 adapted to this SDK. Note that stability and specific FW support is still work in progress.

v1.1.2

Added useful SDK mappings

Steps:

1. Compile the project and burn the contents of assembly/target/assembly-1.1.2 to BD-RE disc. Pre-compiled ISO is also provided.
2. Insert the disc into PS5 and run the JAR Loader.
3. Send a payload: java -jar <payload.jar> <PS5 IP>

Examples:

1. FTP server (sandboxed)
2. Sample mini tennis game
3. System properties printer
4. UMTX bug implementation from flat_z, adapted to this SDK. Note that it is not very stable and will likely make the console panic at the end of execution in its current state.

v1.1

Added a simple FTP Server payload:

• Compile the project and burn the contents of assembly/target/assembly-1.0-SNAPSHOT to BD-RE. Pre-compiled ISO is also provided.
• Send the FTP Server payload to the JAR Loader: java -jar ftp-server-1.0-SNAPHSOT.jar <PS5 IP>
• Login to the FTP server with username ps5jb and no password on port 9225.

v1.0

Stable release of the JAR loader