How to: set up the 5.05 PS4 exploit on your ESP8266 Device (Windows)
The ESP8266 seems to be the device of choice for those of us who want to run a webkit exploit locally without having to use a big computer*. I recently ordered one and didn’t find the time to properly explain how to set it up, until now.
The following tutorial is for people using Windows 10. Some of the steps might be different if you run on a different OS (or a different flavor of Windows)
0. Requirements
In this example, I will be installing and running the 5.05 PS4 Exploit, using the version compiled for the ESP8266 by C0d3m4st4. There are other binaries available from other tinkerers, but this one seems to be the most popular right now (and it’s fairly easy to use once installed on the ESP8266). You’ll need:
- An ESP8266. I use a NodeMcu v3 by Lolin, but there are multiple clones and they all should work as long as they have at least 4MB. Here’s one that works.
- A usb-to-micro-usb cable (that’s your typical android phone cable, or the one from your Dualshock 4) to connect the ESP8266 to your PC, then later to your PS4.
- A firmware binary for the ESP8266, hosting the PS4 5.05 exploit. I used ESP8266XploitHost 2.4 by C0d3M4st4 (source)
- A flasher tool that will help you copy the firmware from your PC to the ESP8266 device. Most people will want to download the x64 exe file.
- A PS4 running firmware 5.05. Here’s a guide on where to get one. (if you have a firmware lower than 5.05, it’s easy to upgrade. If you have a firmware higher than 5.05, you cannot downgrade and you need to buy a hackable PS4)
- Optional? Some people say you’ll need a driver for your PC to recognize the device. I did not need a driver for windows10, but you might need the one that matches your OS from this page
1. Loading the firmware onto the ESP8266
You only need to go through this step once, or, more precisely, every time you want to update the exploit you will be using (for example if a dev decides to improve the 5.05 exploit, or if someone publishes a new payload, you might need/want to update the esp8266 firmware again)
- Before you get started, make sure you read the README provided with your binary, if there is one. C0d3m4st4’s archive provides a fairly extensive readme that was the basis for this tutorial!
- extract the firmware binary somewhere on your hard drive (in my case, it’s a file named c0d3m4st4_ESP8266XploitHost_v2.4.bin)
- plug in the device to your computer via a USB cable. Your computer should recognize the device, if not, you might need to get a driver for it (see above)
- run the flasher (NodeMCU-PyFlasher-3.0). This should be a standalone executable, nothing to install
- From within the flasher, you should be able to choose your serial port (if the list is empty, it means the device was not recognized, in which case you might need to install one of the drivers mentioned above) and select your firmware binary (c0d3m4st4_ESP8266XploitHost_v2.4.bin). Other options are specific to your device: the baud rate (my device recommends to use 9600, but I had no issue with 115200 which is the default) and the flash mode (for clones of the NodeMcu it seems Dual I/O is the right choice). Last but not least, make sure to select “Erase Flash” as we’ll be installing a full 4MB binary.
- Hit the Flash button and wait until completion.
2. connecting your PS4 to the ESP8266 “router”
The 5.05 exploit and associated payloads are now loaded onto your ESP8266. You will now use the device as a “fake” router that your console can connect to, in order to run the exploit.
- Plug the ESP8266 into your PS4’s usb. The only purpose of doing this is to give the device power. Technically if you have another usb port somewhere that can give the device its power, it should work too. The port on the PS4 is just convenient.
The God of War PS4 Pro limited edition came with firmware 4.73 🙂
- Go to your PS4’s internet settings, and configure your Wifi
- In C0d3m4st4’s binary, the entry point name is ESP8266XploitHost, and the password is ps4xploit. For everything else, use the “easy settings”. (This is why I like C0d3m4st4’s version, as there is no need for advanced wifi settings such as DNS, etc… Other binaries might have other wifi settings, so be sure to follow their readme for the wifi settings)
- In C0d3m4st4’s binary, the entry point name is ESP8266XploitHost, and the password is ps4xploit. For everything else, use the “easy settings”. (This is why I like C0d3m4st4’s version, as there is no need for advanced wifi settings such as DNS, etc… Other binaries might have other wifi settings, so be sure to follow their readme for the wifi settings)
- Test your wifi settings for good measure. At the very least you should be able to get an IP address. The rest might not matter so much (the binary running on the ESP8266 does not give you actual internet access, it just creates a wifi signal and fakes a router’s behavior)
- You’re good to go
3. Launching the exploit
To run the exploit, go to Settings –> user guide, and launch the user guide.
If everything’s set up correctly, this should load the index page from the esp8266, which lets you choose the payload you want to run. For example, Mira + HEN is what I tried.
The exploit might fail a couple of times with an “out of memory” error, but ultimately it will go through, which you can confirm with the joke “GDPR” message. The web browser might crash, so only the “home” button will take you back to the main menu. the presence of the “debug settings” menu in your settings will definitely confirm that the hack was succesful.
* Please note that there are multiple ways to run the PS4 5.05 exploit and accompanying payloads. You can host the exploit locally on your computer, or android device. Or you can use an online option such as the version hosted on qwertyoruiop’s server. Using an ESP8266 is one other alternative and I personally find it quite elegant.
Note that you need to hold the flash button and press reset on the ESP8266 to upload firmware. (Unless this program does it for you somehow?)
If you have the board with no buttons, you need to connect GPIO2 to VCC, GPIO0 and GPIO15 (if present) to ground, and power on like that to enter flash mode. Connect GPIO0 to VCC to boot normally instead of flash mode.
fIRST
ESP8266XploitHost_v2.5 has been released
https://twitter.com/c0d3m4st4/status/1001529126900158464
yo finally i can buy hackable PS4 with this “safe” JB option – which of these will work please?:)
https://www.mouser.co.uk/Search/Refine.aspx?Keyword=esp8266
This one should do the job if you’re set on buying from Mouser:
https://www.mouser.co.uk/ProductDetail/Adafruit/3213?qs=sGAEpiMZZMve4%2fbfQkoj%252bKFfG4%252buIPtGg6tkIj4LZAU%3d
However, I’d recommend buying one of the replicas from aliexpress.com, as they are much cheaper and they seem to work just as well as the original ones.
any ESP8266 should work providing you buy a 4M version but i would recommend something like this off amazon, it’s what i bought and it’s cheap.
MakerHawk D1 Mini NodeMcu 4M Bytes Lua WIFI Development Board
https://www.amazon.co.uk/gp/product/B071S8MWTY/ref=oh_aui_detailpage_o02_s00?ie=UTF8&psc=1
How’s the noise level of your Pro? I’m considering buying one, but loud fans drive me crazy.
Like an airplane taking off… Is it supposed to be this loud with a jailbreak? It’s my first time jailbreaking mine.
I cant imagine the jailbreak will affect how loud your PS is atall
Here is a better one “BYdjBr” no need IP and easy to use : https://github.com/BYdjBr/PS4-5.05-ESP8266
Their description says HEN 1.5. It’s up to 1.6 now.
Thank you for the great tutorial, Wololo! Just a small correction if I can add:
NodeMcu V3 has 2 variations, using chips CP2102 and CH340, respectively. The module from the pictures is the one with CH340 chip and you pointed the people to the incorrect driver. In case needed they should install the CH340 driver (CH341SER.EXE) from wch.cn
Best Regards
I recommend ESP8266 + extra memory 32M Flash the price of the module is almost the same as 4MB, but the bigger capacity will enable you for future projects and more goodies.
that really isn’t needed when most of the guys that are setting this up are adding support for micro sd
Is there any ESP8266 software including the new ApptoUSB (5.05) payload?
this is what i use.
https://github.com/RetroGamer74/FirmwareV5.05_MiraHen_BaseInjection
Im noob. What about teensy ++2.0
these boards are wifi dev boards, the teensy is just a dev board
I recommend a Toshiba Flash Air SD-Card, as an all in one Super wonder solver…. Simplpe to use, looks great!
if you see the debug settings, it is no confirmation the exploit has been runned successful. in some case I load hen but with memory error (it was on 4.05 and 4.55) and see the debug settings but apps still are locked. it did not happen often.
Is it possible to change/hide the SSID?
Windows isn’t in flavors. Linux is.
Windows is in versions.
Or, different levels of broken, if you will.
I have an issue this one by c0d3m4st4 is perfect i made mine including xvx-hen only but it doesn’t contain feature to use easy connection when i do it i fail at proxy server and i must use custom instead of easy any idea how to fix that ?
Can I send gta5 payload from this? If possible how?
For those who have the esp 8266, mine didn’t work try this
https://github.com/nodemcu/nodemcu-devkit/blob/master/Drivers/CH341SER_WINDOWS.zip
this is for specially lilon esp 8266 v3 arduino, for troubleshoot like it’s just recognize as usb 2.0
if your computer still didn’t recognize it try change the wire thx. sorry for my bad english
When i try to connect to the esp it asks for a password, are there any defaults?
Hi Wololo.
I just released a HEN enabler for the big brother of the ESP8266. It is very basic and just enables HEN.
You can find the code on https://github.com/CelliesProjects/esp32-ps4-jailbreak.
Thanks for your site and good luck.
Here to buy all the original Ai-Thinker ESP8266 modules:
https://component.aliexpress.com/store/group/Ai-Thinker/1956345_512827548.html?spm=2114.12010608.0.0.586a5ce12aldmx
How do back firmware ps4 from 5.55 to firmware 5.05