PS5: kstuff support added for Firmware 6.50

Itemzflow running on PS5 5.50 – Screenshot by @madaramk

Another one bites the dust! Developer EchoStretch has announced a release of kstuff that now supports PS5 Firmware 6.50, promising much better homebrew compatibility for the owners of that Firmware, and, down the line, everything you can expect from a CFW (or as close as we can get to that nowadays, with a Homebrew ENabler aka HEN) on Firmware 6.50. This follows support for 5.10 and 5.50, added a few weeks ago.

Echostretch specifically credits sleirsgoevy, BestPig, zecoxao (as well as an anonymous friend of his), and Al-Azif for this release.

Kstuff For PS5 6.50!

A huge shoutout to @sleirsgoevy for creating this project! We also couldn’t have started without the help of @notnotzecoxao and keys friend, so a massive thanks to them. Big appreciation as well to buzzer, @bestpig and @_AlAzif.https://t.co/g4nztfv4YA

— Echo Stretch (@StretchEcho) March 16, 2025

This release obviously needs you to be on firmware 6.50, and have the necessary tools to run an exploit on your console. On that particular firmware as of today, this means either via the Blu-Ray bd-jb exploit, or via one of the LUA exploits. The LUA exploits require you to own specific exploitable games, and is unfortunately not a viable solution for most of you (on a digital PS5 edition, you need to be able to purchase and install the game, which you would need to have done while your console could still access the PSN). Bottom line, BD-JB probably remains the best way to run this.

Hamidashi creative, one of the exploitable games using the Artemis engine

What is kstuff for the PS5?

Note: if you don’t care how your food is cooked, just jump down straight to the “Download” section below for links and tutorials.

Things have become a bit hairy and complex with the multiplicity of tools on the PS5 scene, so here’s the obligatory recap:

PS5 Security in short

As you might know/remember, the PS5 has fairly advanced security mechanisms in place. In particular, the OS runs within an Hypervisor, a mechanism similar to a Virtual Machine, which ensures that even privilege escalation to root (aka a kernel exploit) doesn’t fully compromise the device.

Additionally, the PS5 kernel runs in an “eXecute Only” memory space (XOM), meaning it can run, but not be read (even with root privileges).

Typically once the PS4/PS5 scene has a kernel exploit, one of the first things we attempt to do is reverse engineer parts of the Kernel. The goal is to patch parts of the kernel in RAM, at runtime, to deactivate some protections (DRM checks and the like) as well as modify other elements of the system (for example to add functionality, in other words create a Custom Firmware, such as GoldHEN).

With an “eXecute Only” kernel, not only is it impossible to modify the kernel in RAM (XOM means no writing allowed), it’s not even possible to read it! This means no dump is possible, and consequently, reverse engineering of the kernel has been a tough nut to crack (solutions exist and some people have access to at least older versions of the kernel though).

This is where Prosper0GDB and “kstuff” come to the rescue.

Prosper0GDB and kstuff to the rescue

Although modifying/reading the kernel isn’t possible on the PS5 for now, hacker Sleirsgoevy has created a runtime debugger (Prosper0GDB) which is able to modify registers and the stack at runtime. In other words, although we are not able to patch the kernel in RAM, his debugger allows us to patch every instruction at the last minute, just before it gets executed.

The set of functions that Sleirsgoevy has created to patch “interesting” execution paths on the console is what we commonly call “kstuff”. Maybe not technically a “HEN” or Custom Firmware, but those are what I would personally consider to be the “building bricks” for a HEN.

Propser0GDB and kstuff is of course a very powerful toolkit, but without knowing which instructions are what, it was still extremely time consuming for Sleirsgoevy to reverse a specific kernel (4.03 at the time) and the instructions that mattered. And because most functions are located at different places depending on the version of the firmware, the location of interesting instructions to patch (or the “signature” to detect them when they’re about to be executed) changes with every firmware. Hence the need to port this to every single firmware that can be hacked.

This porting process is time consuming and not necessarily trivial, which is why each firmware takes time to get released

Download kstuff for 6.50

There is now a public github repository for the project (a fork of sleirsgoevy’s original source), which I believe wasn’t here for the original 5.xx support (correct me if I’m wrong). You can get the source there:

• (source code) kstuff 6.50 support branch (github)

For those of you looking for a compiled ELF to run with a typical ELF loader in your console’s exploit, Modded warfare has a compiled version here:

• (compiled ELF File) kstuff with 6.50 support

If you are using the BD-JB exploit, You will need to compile the base exploit + ELF loader into an iso. To burn and run the exploit, you will need a Blu-Ray Burner, and some Blu-Ray discs, preferably rewriteable (a.k.a. BD-RE).

The youtuber also, as usual, has a great video on how to install and run the whole thing:

Source: EchoStretch on Twitter