How to: set up the 5.05 PS4 exploit on your ESP8266 Device (Windows)
The ESP8266 seems to be the device of choice for those of us who want to run a webkit exploit locally without having to use a big computer*. I recently ordered one and didn’t find the time to properly explain how to set it up, until now.
The following tutorial is for people using Windows 10. Some of the steps might be different if you run on a different OS (or a different flavor of Windows)
In this example, I will be installing and running the 5.05 PS4 Exploit, using the version compiled for the ESP8266 by C0d3m4st4. There are other binaries available from other tinkerers, but this one seems to be the most popular right now (and it’s fairly easy to use once installed on the ESP8266). You’ll need:
- An ESP8266. I use a NodeMcu v3 by Lolin, but there are multiple clones and they all should work as long as they have at least 4MB. Here’s one that works.
- A usb-to-micro-usb cable (that’s your typical android phone cable, or the one from your Dualshock 4) to connect the ESP8266 to your PC, then later to your PS4.
- A firmware binary for the ESP8266, hosting the PS4 5.05 exploit. I used ESP8266XploitHost 2.4 by C0d3M4st4 (source)
- A flasher tool that will help you copy the firmware from your PC to the ESP8266 device. Most people will want to download the x64 exe file.
- A PS4 running firmware 5.05. Here’s a guide on where to get one. (if you have a firmware lower than 5.05, it’s easy to upgrade. If you have a firmware higher than 5.05, you cannot downgrade and you need to buy a hackable PS4)
- Optional? Some people say you’ll need a driver for your PC to recognize the device. I did not need a driver for windows10, but you might need the one that matches your OS from this page
1. Loading the firmware onto the ESP8266
You only need to go through this step once, or, more precisely, every time you want to update the exploit you will be using (for example if a dev decides to improve the 5.05 exploit, or if someone publishes a new payload, you might need/want to update the esp8266 firmware again)
- Before you get started, make sure you read the README provided with your binary, if there is one. C0d3m4st4’s archive provides a fairly extensive readme that was the basis for this tutorial!
- extract the firmware binary somewhere on your hard drive (in my case, it’s a file named c0d3m4st4_ESP8266XploitHost_v2.4.bin)
- plug in the device to your computer via a USB cable. Your computer should recognize the device, if not, you might need to get a driver for it (see above)
- run the flasher (NodeMCU-PyFlasher-3.0). This should be a standalone executable, nothing to install
- From within the flasher, you should be able to choose your serial port (if the list is empty, it means the device was not recognized, in which case you might need to install one of the drivers mentioned above) and select your firmware binary (c0d3m4st4_ESP8266XploitHost_v2.4.bin). Other options are specific to your device: the baud rate (my device recommends to use 9600, but I had no issue with 115200 which is the default) and the flash mode (for clones of the NodeMcu it seems Dual I/O is the right choice). Last but not least, make sure to select “Erase Flash” as we’ll be installing a full 4MB binary.
- Hit the Flash button and wait until completion.
2. connecting your PS4 to the ESP8266 “router”
The 5.05 exploit and associated payloads are now loaded onto your ESP8266. You will now use the device as a “fake” router that your console can connect to, in order to run the exploit.
- Plug the ESP8266 into your PS4’s usb. The only purpose of doing this is to give the device power. Technically if you have another usb port somewhere that can give the device its power, it should work too. The port on the PS4 is just convenient.
- Go to your PS4’s internet settings, and configure your Wifi
- In C0d3m4st4’s binary, the entry point name is ESP8266XploitHost, and the password is ps4xploit. For everything else, use the “easy settings”. (This is why I like C0d3m4st4’s version, as there is no need for advanced wifi settings such as DNS, etc… Other binaries might have other wifi settings, so be sure to follow their readme for the wifi settings)
- Test your wifi settings for good measure. At the very least you should be able to get an IP address. The rest might not matter so much (the binary running on the ESP8266 does not give you actual internet access, it just creates a wifi signal and fakes a router’s behavior)
- You’re good to go
3. Launching the exploit
To run the exploit, go to Settings –> user guide, and launch the user guide.
If everything’s set up correctly, this should load the index page from the esp8266, which lets you choose the payload you want to run. For example, Mira + HEN is what I tried.
The exploit might fail a couple of times with an “out of memory” error, but ultimately it will go through, which you can confirm with the joke “GDPR” message. The web browser might crash, so only the “home” button will take you back to the main menu. the presence of the “debug settings” menu in your settings will definitely confirm that the hack was succesful.
* Please note that there are multiple ways to run the PS4 5.05 exploit and accompanying payloads. You can host the exploit locally on your computer, or android device. Or you can use an online option such as the version hosted on qwertyoruiop’s server. Using an ESP8266 is one other alternative and I personally find it quite elegant.