Skip to content

v2.1.0
Compare
Choose a tag to compare
@hammer-83 hammer-83 released this 21 Oct 01:34
· 62 commits to main since this release
v2.1.0
c1d6ea2

Kernel read/write primitives up to FW 7.61.

Note: on firmware 6.00+, attempting to write to kernel data results in a panic. Kernel text can be read/written only on firmware below 3.00.

Steps:

  • Compile the project and burn the contents of assembly/target/assembly-2.1.0 to BD-RE disc. Pre-compiled ISO is also provided. Optionally compile with -Dloader.logger.host=[Logging server IP] to echo the output on screen to a remote host.
  • Insert the disc into PS5 and run the JAR Loader.
  • Send a payload: java -jar <payload.jar> <PS5 IP>

Included payloads:

  • FTP server (sandboxed).
  • Sample mini tennis game.
  • System properties printer.
  • Dump current classpath of JVM, including java.base module (may not work on all firmwares).
  • UMTX bug implementations from flat_z, Cryptogenic and cheburek3000 adapted to this SDK. Each one of them can be used to obtain kernel read/write. Note: performance and stability varies.
  • Byepervisor implementation from Cryptogenic
  • Kernel dumper. Once kernel r/w is obtained, send this payload to dump the kernel. If byepervisor was run first, it will dump text and data. Otherwise, only data will be sent. Use netcat on a computer to receive the kernel binary by connecting to the PS5 on port 5656.
Assets 11
Loading