PPPwn: You can now run GoldHEN on PS4 11.000 with a Raspberry Pi, and it’s 100% automated
Screenshot from Modded Warfare
Developer Stooged, who specializes in PS4/PS5 scene releases with devices such as the Raspberry Pi or the ESP32, has released PI-Pwn, a “port” of the PPPwn exploit to the Raspberry Pi. But this one really feels like magic. Specifically, once everything’s installed, the Raspberry Pi will automatically attempt to hack the connected PS4, and run GoldHEN on it, when you boot the PS4. It makes running the exploit extremely convenient.
This is how Stooged describes it (and exactly how people imagined this could work at console startup):
The idea is you boot the console and the pi together and the pi will keep trying to pwn the console without any input from you, just wait on the home screen until the pppwn succeeds.
Disclaimer: Amazon links in this article are affiliate links. If you purchase anything through those links, you don’t pay anything extra, but I might get a small commission from the sale
If you were looking for an easy way to run the PS4 exploit at startup, and happen to have a Raspberry pi lying around, you’ll definitely want to try this.
What is PI-Pwn for the PS4
PI-Pwn is a tool to run the PPPwn exploit on a Raspberry Pi, which will automatically try to run the PPPwn exploit on the connected PS4 (it will loop the exploit until successful), and then will load GoldHEN on the PS4.
PPPwn has been confirmed to run on the following devices:
Raspberry Pi 3B+
Raspberry Pi 4 Model B
Raspberry Pi 5
Raspberry Pi 400
Personal note: IMO the best cost/performance device at the time of writing is the Raspberry Pi 4 Model B
Other models such as the Raspberry Pi Zero 2 W with usb to ethernet adapter, or Raspberry Pi Zero W with usb to ethernet adapter, also work, but are not recommended as they are too slow for the exploit to work efficiently.
You’ll also need an SD Card (to install the system on the Raspberry Pi), and a usb key (you’ll load GoldHEN from there).
Download and use PI-Pwn
Download
The files can be downloaded from https://github.com/stooged/PI-Pwn
Setup
The steps below might seem daunting, but they just describe the initial setup of the whole thing. You only have to do this once. After that, running the exploit is just a matter of booting your Raspberry Pi at the same time as the console, and wait on the PS4’s home screen until the hack is done. Magical!
If you don’t want to read all of this, Modded Warfar has a tutorial video (below), as he always does 😉
To restate, after you’ve done the setup once, the only thing you have to do in the future is turn the raspberry Pi on when you turn the PS4 on.
From the readme:
you need to install Raspberry Pi OS Lite onto a sd card.
place the sd card into your computer and copy the PPPwn folder to the sd card.if you are using a usb to ethernet adapter you need to edit run.sh and set
USBETHERNET=true.
if your pi has an ethernet port and you are using a usb to ethernet adapter your interface for the usb adapter should beINTERFACE="eth1"
if you are using something like a pi zero 2 the interface will beINTERFACE="eth0"place the sd card into the raspberry pi and run the following commands
sudo chmod 777 /boot/firmware/PPPwn/install.sh sudo bash /boot/firmware/PPPwn/install.shonce the pi reboots pppwn will run automatically.
On your PS4:
- Go to
Settingsand thenNetwork- Select
Set Up Internet connectionand chooseUse a LAN Cable- Choose
Customsetup and choosePPPoEforIP Address Settings- Enter anything for
PPPoE User IDandPPPoE Password- Choose
AutomaticforDNS SettingsandMTU Settings- Choose
Do Not UseforProxy Serverfor GoldHen you need to place the goldhen.bin file onto the root of a usb drive and plug it into the console
once everything is setup and the ethernet cable is plugged in between the pi and the console the pi should automatically try and pwn the console.
the exploit may fail many times but the pi will continue to purge the console to keep trying to pwn itself.
once pwned the process will stop and the pi will shut down.you will need to restart the pi if you wish to pwn the console again.
the idea is you boot the console and the pi together and the pi will keep trying to pwn the console without any input from you, just wait on the home screen until the pppwn succeedes.
you can edit the exploit scripts by putting the sd card in your computer and going to the PPPwn folder.
I want 9.60, why its so long. Its so hard to make, or…?
The answer is within you 😉
Joke aside, try to look up how it’s done, that’s the best way to help the community.
Bottom line: you’ll need to get the right offsets for the firmware to implement a port of stage2.bin.
just update to 11.00 from https://darthsternie.net/ps4-firmwares/
What I don’t understand is how do I connect the PS4 to the internet (not for PSN but for downloading stuff, updates etc)? Can I set it to use local WiFi once pppwn has been triggered, and still have the exploit work? Do I have to “setup” pppoe, then enter the WiFi stuff again? Can the RasPi possibly act as a bridge to the remaining network?
I’m a bit confused so clarification would be great. Thank you 🙂
Stooged has a video where he shows how to enable internet connection here: https://www.youtube.com/watch?v=iaFxJI2jqb0
the video is private
Unfortunately that video is set to private,
Yeah seems like Stooged did a few changes there after I published. Not sure why
I tried exploiting my 11.00 PS4 using a VM running Windows 10 as I don’t use Windows normally but couldn’t get it to work (kept getting stuck on Heap Grooming” around 60 – 80%) but this method worked first try and works on a cold boot.
I hope a few tweaks could be applied so that the PS4 automatically switches from a PPPoE Network to a normal Network for internet access once Jailbreak has loaded and on a normal shutdown the Network is automatically switched back to PPPoE. I’m sure someone with coding knowledge could add this to GoldHEN as that would eliminate the need to keep manually changing the Network setting to PPPoE and Normal.
I successfully decrypted a game update that requires 10.70 (Borderlands 3 1.30). So happy about that.
Can’t wait for more progress on this exploit to happen on the PS5 side.
People thought the PS4 scene was dead but a lot has happened very quickly.
Every time I try run It said obtain IP address failed and pppwn stack at loading. I check everything and it’s look fine. I watch modded warfare video and do everything it says.any way to solve my problem? thanks for your time
Was there a method using an android phone to get goldenHEN to work?
I have everything I need to follow this tutorial, but I’m just missing one thing! I’m missing GoldHen 9.03! ;_)
This sounds truly fantastic. For those Do you think it is possible to have other things do the same automatically though? For example, an app on one’s phone, or somehow tricking the PS4 its self into doing it ?
Your pms … personal media server (usually plex)
can need a buddy frontpage or server catlog page
one that displays eatch share with a shuffle view to discover more …
more and more views and hack to views on the usenet firefox page in ur browser …
Now, how about triggering the PPPwn jailbreak from an ethernet capable Android box?
never only 9.0 is so fast with usb 2.0
In the original video, the guy configures the Pi to access remotely and launch two command lines. You only need to do this once and then it will always call in a loop to unlock the PS4. So at this stage I preferred to connect the Pi directly to the monitor and write the two command lines instead of looking for it on the network. The card already has an HDMI port for this.