PS5: kstuff gets ported to all supported firmwares up to 7.61 included + kstuff-toggle plugin
Itemzflow running on PS5 5.50 – Screenshot by @madaramk
A few days ago, developer EchoStretch confirmed that kstuff now supports PS5 Firmwares from 3.00 to 7.61 included, bringing what’s currently the best that these firmwares can get in terms of kernel exploits. Kstuff is a prerequisite for native homebrew and backup compatibility on a Jailbroken PS5.
This follows support for 5.10 and 5.50, as well as 6.50 added a few weeks ago.
In parallel, the developer has also released kstuff-toggle, a plugin that allows you to turn kstuff off at runtime. This is interesting whenever you want to use your console “normally” (while remaining Jailbroken) for performance reasons: kstuff is very resource intensive, as it is literally a debugger monitoring kernel execution in real time.
For both kstuff and kstuff-toggle download links, check the Download section below
Great news, everyone! We now have complete support for all 7.xx firmware versions—covering everything from 3.00 up to 7.61! https://t.co/5WrADVP8Q9
— Echo Stretch (@StretchEcho) April 19, 2025
PS5 Jailbreak status and entry point exploits
To run kstuff on your PS5, you need to have a console running on Firmwares 3.00 to 7.61 included (firmwares 1.xx and 2.xx have access to a much more potent hypervisor exploit). You also need to have the necessary tools to run an exploit on your console. On firmwares 6.xx/7.xx as of today, this means either via the Blu-Ray bd-jb exploit, or via one of the LUA exploits. The LUA exploits require you to own specific exploitable games, and is unfortunately not a viable solution for most of you (on a digital PS5 edition, you need to be able to purchase and install the game, which you would need to have done while your console could still access the PSN). Bottom line, BD-JB probably remains the best way to run this.
Hamidashi creative, one of the exploitable games using the Artemis engine
What is kstuff for the PS5?
Note: if you don’t care how your food is cooked, just jump down straight to the “Download” section below for links and tutorials.
Things have become a bit hairy and complex with the multiplicity of tools on the PS5 scene, so here’s the obligatory recap:
PS5 Security in short
As you might know/remember, the PS5 has fairly advanced security mechanisms in place. In particular, the OS runs within an Hypervisor, a mechanism similar to a Virtual Machine, which ensures that even privilege escalation to root (aka a kernel exploit) doesn’t fully compromise the device.
Additionally, the PS5 kernel runs in an “eXecute Only” memory space (XOM), meaning it can run, but not be read (even with root privileges).
Typically once the PS4/PS5 scene has a kernel exploit, one of the first things we attempt to do is reverse engineer parts of the Kernel. The goal is to patch parts of the kernel in RAM, at runtime, to deactivate some protections (DRM checks and the like) as well as modify other elements of the system (for example to add functionality, in other words create a Custom Firmware, such as GoldHEN).
With an “eXecute Only” kernel, not only is it impossible to modify the kernel in RAM (XOM means no writing allowed), it’s not even possible to read it! This means no dump is possible, and consequently, reverse engineering of the kernel has been a tough nut to crack (solutions exist and some people have access to at least older versions of the kernel though).
This is where Prosper0GDB and “kstuff” come to the rescue.
Prosper0GDB and kstuff to the rescue
Although modifying/reading the kernel isn’t possible on the PS5 for now, hacker Sleirsgoevy has created a runtime debugger (Prosper0GDB) which is able to modify registers and the stack at runtime. In other words, although we are not able to patch the kernel in RAM, his debugger allows us to patch every instruction at the last minute, just before it gets executed.
The set of functions that Sleirsgoevy has created to patch “interesting” execution paths on the console is what we commonly call “kstuff”. Maybe not technically a “HEN” or Custom Firmware, but those are what I would personally consider to be the “building bricks” for a HEN.
Propser0GDB and kstuff is of course a very powerful toolkit, but without knowing which instructions are what, it was still extremely time consuming for Sleirsgoevy to reverse a specific kernel (4.03 at the time) and the instructions that mattered. And because most functions are located at different places depending on the version of the firmware, the location of interesting instructions to patch (or the “signature” to detect them when they’re about to be executed) changes with every firmware. Hence the need to port this to every single firmware that can be hacked.
This porting process is time consuming and not necessarily trivial, which is why each firmware takes time to get released
Download kstuff for 3.xx-7.61, and kstuff-toggle
EchoStretch’s github repository for the project is a fork of sleirsgoevy’s original source), and can be found here:
A compiled version can be found in the release section of the repository
If you are using the BD-JB exploit, You will need to compile the base exploit + ELF loader into an iso. To burn and run the exploit, you will need a Blu-Ray Burner, and some Blu-Ray discs, preferably rewriteable (a.k.a. BD-RE).
- kstuff-toggle (source) – No compiled binary there at the moment
Modded Warfare’s 6.50 video on how to run kstuff is basically still relevant:
Source: EchoStretch on Twitter
So is there any reason to keep a device on 6.51? Or should people just update to 7.61 because there is no downside?
Finally. Awesome work from the devs
Me needs a Blu-ray writer now, any hope of a webkit ?
FINALLY!!! Awesome work everyone!
That means stuff like Baldur’s Gate 3 will finally be playable 🙂
1st image of ItemzFlow doesn’t really make sense as kstuff doesn’t allow you to run the PS5 version of ItemzFlow.
Good news tho, at least we can play ps4 fake packages on 7.xx
Interesting times indeed, although without etaHEN it seems kstuff’s use is limited to installing and running PS4 fPKGs on 7.61 currently.
I found what appeared to be an updated version of libhijacker on GitHub to try the Bloodborne 60fps patch but I had no luck getting it to work through the BD-J elf loader so I’m pretty sure it’s incomplete.
Hi Wololo
I copy paste someonelse discovery here , make a big post about it and credit the guy ! 😉
All PS5 Games from Internal !
Ladies and Gentlemans, i did it!
I have figured out how to play all PS5 Games with an internal M2 Nvme (no more external case)
Please share this with modern warfare so he can implement this in his videos
First, install an M2 into the PS5 of your Choice. I used the SN850P 4TB and had it formatted by the PS5.
Then go to the PS5 APP (BREW 00001) in Itemzflow an click on Change App Path.
Once there, go down to the directory mnt. Then click on ext1 (in my case this is the path of the internal M2)
Now this step is very important! Without this step you will always get a black screen when starting the games!
You have to press L2 and create a folder with the nam e „appmeta“. Now select the game you want to copy into this „appmeta“ folder.
Once the copying process is complete and you want to start the game, you must always go to the entire folder of the game ( not just the parent folder). For example, the path could look like this:
mnt/ext1/appmeta/PPSA01288 and then press Square. Then left-click Launch and you are done!
You will never have to use the official google game sheet page again!
System Firmware 5.50 and itemzflow 1.09
Regards
Jigulina