PS5 Release: Kernel Exploit (Webkit – v1.03) compiled for ESP8266
I was having a hard time finding the latest and greatest version of the PS5 Kernel exploit files (known as v1.03 on SpecterDev‘s github) compiled for the ESP8266. Apologies if a compiled version already exists somewhere and I missed it*, but here goes.
If you don’t care about the reasons and the process, and just want the file, here it is: (tested PS5 3.00, but should work up to 4.51 included)
Update: I have pushed a more advanced version of the server which you can now find here.
What is the ESP8266 – And why it matters for the PS5
The ESP8266 is a tiny electronic module, typically aimed at DIY developers, that ships with basic Wifi functionality.
In theory, it’s not super useful on its own and is better used for DIYers working on electronic projects. But in the case of PS5 (and PS4) hacks, the device is perfect: loaded with the PS5 exploit, it can act as a fake Wifi router for your PS5, that will help you run the Webkit hack (and the kernel exploit). It has the benefit of being isolated from the Internet, so no risk of a mistaken firmware update. On top of that, its power needs are entirely fulfilled by the PS5’s usb port.
In other words, the ESP8266 can act as a perfect self contained loader for your PS5 exploit, with no need for an internet connection. And, perhaps more importantly, you can find it on pretty much any retailer for just a few bucks.
How to run the PS5 Kernel Exploit on an ESP8266
Requirements:
- Get an ESP8266 if you don’t have one
- Download and install the drivers
- Download NodeMCU Flasher
- Download the ESP8266 Binary for the exploit
Installation:
- Connect your ESP8266 to your PC – If everything works as expected, you should be able to see it in your Device Manager
- Run NodeMCU Flasher, and select the binary file to flash. The parameters are generally ok with the default, but make sure you select “yes” for erase flash (this will delete everything that was on the chip before).
- Unplug and re-plug your ESP8266 to restart it
- You should now see a PS5_WEB_AP wifi router from your PS5. Connect to it (default password is “password“)
- From there, going into Settings > User’s Guide, Safety and Health Information > User’s guide will launch the exploit page
If you prefer, Modded Warfare has a great video guide on how to do exactly this, although please note that his links are outdated (well, the binary in particular)
Note: The Server runs at IP 10.1.1.1, most likely your PS5 will get IP 10.1.1.100. You can also connect your PC to the Wifi SSID, this way you should be able to connect to the PS5 via FTP etc…
Additional setup – Internet Access (optional):
my version of the ESP8266 Exploit Host now includes a Fake DNS Server and acts as a Wifi Repeater: in other words, same as before, but it also lets you access the internet, while blocking some specific Playstation urls at the DNS level.
To set this up:
- head over to 10.1.1.1/admin.html from your PC Browser (after having connected it to the PS5_WEB_AP Wifi router, of course)
- Edit the config to connect to your Home Wifi router(Set “Enable wifi” to 1, and enter Wifi SSID and Wifi Password, then click on “Save config”)
- This will set the ESP8266 into the self contained mode with Fake DNS, Internet Access, etc…
- Once config is saved, the ESP8266 should restart on its own (if it doesn’t, unplug then replug it)
- You’re all set. At this point you probably have to connect your PC again to the access point for good measure, since it has changed.
- Things you should try from your PC Browser to confirm everything’s working as expected (make sure you’re only connected to the ESP8266 Access Point, disconnect your LAN cable if you have one):
- http://10.1.1.1 should display the exploit page
- https://10.1.1.1 should give you a certificate warning (proceed anyway of course), then redirect you to http://10.1.1.1 and you should ses the exploit
- https://playstation.net should also send you to the exploit (after a certificate warning)
- http://playstation.com should be blocked
- Other websites (e.g. google.com) should be accessible
Sources
- See https://github.com/frwololo/PS4_PS5-ESP8266-Server for details
- Followed mbcrump’s esp8266 compilation guide.
* Prior versions actually did exist. You can get compiled binaries for ESP32 and ESP8266 by Echo stretch here and here respectively. His binaries have the benefit of including the latest FPKG support, which SpecterDev’s repository doesn’t have yet.
I hope someone fix this for 4.00
Thanks!
first! I had to, and this was an interesting article.
It woukd be good if we could use the recent glitch to get decryption keys (if ever disclosed by siergsgy) to de-crypt the latest firmware, and re implement the old hypervisor that was integrated into the kernel and not separate as we have a way of patching that hupervisir, but I guess having the ability to full decrypt and access the latest firmware would negate this, as I guess you could possibly patch / modify the latest hyper visor to remove security checks, I don’t really know how reverse engineering furmware goes as far as having access to the decrypted firmware,
so dont comment then as you are talking garbage
Do you know the password for EchoStrech AP?
12345678
If you’re talking about OFW -> HFW for Superslim PS3 method probavly but keep in mind the ps3’s timeframe. With PS5 it could be double until we get that…
Its possible to compile this for a sandisk connect stick??
Maybe with some significant effort but nobody will do it for you. Have a look here maybe for pointers: https://forums.hak5.org/topic/41479-sandisk-wireless-connect-16g-flash-drive/
Or, you know, just get an ESP8266, they’re less than 10 bucks.
Yes, thanks, i have 2 sticks (for ps3 and ps4 things) and 2 esp (simple and oled versions). But i am on factory firmware 4.00, so, ill wait a bit more to do anything. Thanks for all the data and information.
Not working on FW 3.20.
Should work. What error do you get?
MW compiled v1.02 works fine.
ERROR 0x00000034
Ssl 0x00000012
Server returned nothing (no headers, no data)
You know what, I’ve seen this error on my build too occasionally! As you mentioned, try other builds and let me know. There might be a significant issue in my build.
Ill give Exchos version a go and report back.
Doesnt work for me, when i open the ps5 manual it try to load the original site sony.manual etc