GitHub - nexgen999/PS5-Super-PLDMGR-Auto-Updater: PS5 Super PLDMGR Auto Updater

Banner

🎮 PS5 Payload Manager & Mini-Store

Bienvenue sur mon écosystème automatisé pour la scène jailbreak PS5 !

> 💡 Configuration du Store sur l'application PS5 : Pour connecter votre console, ajoutez le fichier central payloads.json : > https://nexgen999.github.io/PS5-Super-PLDMGR-Auto-Updater/json/payloads.json


📱 Flux RSS & Alertes

  • Radar Global (OPML) : rss/store-global.opml
  • Flux de mises à jour (XML) : rss/feed.xml

📦 Liste des Applications & Payloads disponibles par Catégorie

🔓 PS5 Activation

📂 Fichier JSON Dédié : https://nexgen999.github.io/PS5-Super-PLDMGR-Auto-Updater/json/PS5_Activation.json

Application Version Empreinte SHA-256 Description
np-fake-signin v1.3 f5c66fcb9e... Fake activate PS5 without PSN.

🏴‍☠️ PS5 Cheat

📂 Fichier JSON Dédié : https://nexgen999.github.io/PS5-Super-PLDMGR-Auto-Updater/json/PS5_Cheat.json

Application Version Empreinte SHA-256 Description
CheatRunner v0.14 5ffe8ed97f... CheatRunner.
kylin-core-community-lite-v131-global-release Source-Fixe 2b731fc60b... kylin-core

🌐 PS5 Dns

📂 Fichier JSON Dédié : https://nexgen999.github.io/PS5-Super-PLDMGR-Auto-Updater/json/ps5_dns.json

Application Version Empreinte SHA-256 Description
nanoDNS 0.3 ce1c8b3103... Un serveur DNS ultra-léger et rapide idéal pour rediriger les requêtes de la console vers votre hôte local d'exploits.
Chukei_DNS 0.9.0 0cf13e1ed8... Serveur DNS de redirection d'envergure conçu spécifiquement pour bloquer les mises à jour de Sony et rediriger le guide de l'utilisateur.

📂 PS5 File Explorer

📂 Fichier JSON Dédié : https://nexgen999.github.io/PS5-Super-PLDMGR-Auto-Updater/json/ps5_file_explorer.json

Application Version Empreinte SHA-256 Description
bfpilot-core Source-Fixe 4375479705... BFpilot is a lightweight PS5 payload that serves a browser-based file manager.
bfpilot-full Source-Fixe c5b6674533... BFpilot is a lightweight PS5 payload that serves a browser-based file manager.
lapy_jb_daemon Source-Fixe e8230ac459... Daemon pour le jailbreak de Lapy

💾 PS5 Freeshop

📂 Fichier JSON Dédié : https://nexgen999.github.io/PS5-Super-PLDMGR-Auto-Updater/json/ps5_freeshop.json

Application Version Empreinte SHA-256 Description
Spectrum-Library 1.4.2 54755ce62d... free store webadmin http://your-ps5-ip:7575.
pegasus-dl v1.7.0 cb2a4b3c24... free store webadmin http://your-ps5-ip:6970.

💿 PS5 Game Dump

📂 Fichier JSON Dédié : https://nexgen999.github.io/PS5-Super-PLDMGR-Auto-Updater/json/ps5_game_dump.json

Application Version Empreinte SHA-256 Description
PS5-Game-Compressor v1.0.3 51b66edf62... Tool to compress PS5 games.
ps5-app-dumper v1.10 95382a9e37... PS5 App Dumper payload.
ShadowMountPlus 1.6beta16 a35246fb3b... ShadowMountPlus payload for game mounting.
BackPork 0.1 d74e4cd119... BackPork PS5 tool.

🚀 PS5 HEN Loader

📂 Fichier JSON Dédié : https://nexgen999.github.io/PS5-Super-PLDMGR-Auto-Updater/json/ps5_hen_loader.json

Application Version Empreinte SHA-256 Description
etaHEN 2.5B 4845cac450... Le Homebrew Enabler (HEN) de référence pour la PS5 avec serveurs de triche, plugins et gestionnaire de mémoire intégrés.
PS5_Unified_Autoloader v0.1.2-8e96846 14312044a4... Chargeur universel de payloads permettant de lancer automatiquement vos outils favoris au démarrage de l'exploit.
pldmgr v0.3.1 518740adba... Interface d'administration et de gestion réseau pour envoyer, activer et ordonner vos fichiers ELF/BIN sur la console.
ELF_Arsenal v1.6.21 cec8008893... Boîte à outils regroupant une collection complète de payloads utilitaires pour les consoles jailbreakées.
Kura v1.0.0 193a22edf4... Un loader de payloads moderne et épuré conçu pour optimiser l'injection de code sur PS5.

🧪 PS5 Kstuff

📂 Fichier JSON Dédié : https://nexgen999.github.io/PS5-Super-PLDMGR-Auto-Updater/json/ps5_kstuff.json

Application Version Empreinte SHA-256 Description
kstuff_EchoStretch v1.6.7 f1c1f4b2b6... Fnd Kstuff payload for PS5.
kstuff-lite_EchoStretch v1.08 641ad66069... Lightweight version of kstuff.
kstuff-lite_drakmor 1.2-dr-test2 2b699d4110... Drakmor's variant of kstuff-lite.

🐧 PS5 Linux

📂 Fichier JSON Dédié : https://nexgen999.github.io/PS5-Super-PLDMGR-Auto-Updater/json/ps5_linux.json

Application Version Empreinte SHA-256 Description
ps5-linux-loader v2.1 c1014a153e... Linux loader payload for the PS5.

📝 PS5 Saves

📂 Fichier JSON Dédié : https://nexgen999.github.io/PS5-Super-PLDMGR-Auto-Updater/json/ps5_saves.json

Application Version Empreinte SHA-256 Description
garlic-savemgr v1.10 b82bf7aa83... Save manager utility hosted on Forgejo.
garlic-worker v1.1.4 da311b3ff9... Garlic worker payload component.
savemnt-offset-dumper 1.0.0 946328551f... Offset dumper for save mounting utilities.

⚙️ PS5 Sdk Debug

📂 Fichier JSON Dédié : https://nexgen999.github.io/PS5-Super-PLDMGR-Auto-Updater/json/ps5_sdk_debug.json

Application Version Empreinte SHA-256 Description
ps5debug-NG 1.3.0 8f75fb90b4... Next generation debugger payload for PS5.
ps5-fw-spoof 26616621599 f1754521ca... Firmware spoofer utility for PS5.
ps5-self-pager-full-system v1.2 fb498d4112... SELF pager payload tool.
ps5-self-pager-game v1.2 73d94fea5d... SELF pager payload tool.
ps5-self-pager-shellcore v1.2 2b500bc356... SELF pager payload tool.
ps5-self-pager-system-common-lib v1.2 a86c3e69ed... SELF pager payload tool.
ps5-self-decrypter-system-common-lib v0.5.2 6a16c6457c... SELF decrypter tool for PS5 binaries.
ps5-self-decrypter-game v0.5.2 190b350759... SELF decrypter tool for PS5 binaries.
ps5-self-decrypter-full-system v0.5.2 46340d3048... SELF decrypter tool for PS5 binaries.
ps5-self-decrypter-shellcore v0.5.2 15050c691c... SELF decrypter tool for PS5 binaries.
ps5-remoteplay-get-pin v0.1.1 1d611c1856... Utility to get Remote Play PIN.

🖥️ PS5 Server

📂 Fichier JSON Dédié : https://nexgen999.github.io/PS5-Super-PLDMGR-Auto-Updater/json/ps5_server.json

Application Version Empreinte SHA-256 Description
zftp v1.5.0 68a80e1cb4... FTP server payload for PS5. Port: 21
zhttp v1.5.0 6cf6a73811... FTP server payload for PS5. Port: 21
zhttp v1.5.0 9340aa91f8... FTP server payload for PS5. Port: 21
zftp v1.5.0 f430dc1fde... FTP server payload for PS5. Port: 21
elfldr v0.23 092d16ee0e... ELF Loader utility. Port: 9020 / 9021
ftpsrv_ps5-payload v0.20 8f305a959f... FTP server background daemon. Port: 21
websrv v0.33 4676a40ac4... HTTP Web server payload. Port: 8080
gdbsrv v0.8 7621b829bd... GDB Debugger server payload. Port: 1234
klogsrv v0.8 f6eb1b415e... Kernel log server daemon. Port: 3232
ftpsrv_drakmor 1.6-ng-test2 da65f0c5b5... Drakmor's variant of the FTP server. Port: 21
ps5upload v3.3.24 0669701436... PS5 Upload server / tool. Port: 9025
airpsx 0.19 ae025ca772... AirPSX server tool for PS5 ecosystem.

📦 PS5 Themes-Avatars

📂 Fichier JSON Dédié : https://nexgen999.github.io/PS5-Super-PLDMGR-Auto-Updater/json/ps5_themes-avatars.json

Application Version Empreinte SHA-256 Description
PS5-Custom-Tool-Manager- Custom 297824ceaf... Custom manager tool for PS5 personalization.
ps5-wallpaper-modd v1.0 b18a866bac... Wallpaper modification utility for PS5.

🏆 PS5 Trophy

📂 Fichier JSON Dédié : https://nexgen999.github.io/PS5-Super-PLDMGR-Auto-Updater/json/ps5_trophy.json

Application Version Empreinte SHA-256 Description
uds-trophy-unlocker v1.0.0 3a338eccaa... Trophy unlocker utility for PS5 hosted on Forgejo.

🛠️ PS5 Utility

📂 Fichier JSON Dédié : https://nexgen999.github.io/PS5-Super-PLDMGR-Auto-Updater/json/ps5_utility.json

Application Version Empreinte SHA-256 Description
ChronicLoader-PS5-Payload 0.1 3561120f85... ChronicLoader utility payload for PS5.
Ghostpad v1.0.0 94d43a8db7... Ghostpad controller input utility.
Ghostcontrol-PS5-USB-Controller-Patcher 1.0.4 e2e658fc3c... USB Controller patcher tool for PS5.

🤝 Crédits & Remerciements

github.com
u/a1mhtar — 7 days ago

GitHub - SvenGDK/LibProsperoPKG: WIP Library for creating, inspecting, and modifying PS5 PKG, GP5, PFS, and related files.

github.com
u/a1mhtar — 7 days ago

Release Game Compressor 1.0.2 · juma-sayeh/PS5-Game-Compressor

PS5 Game Compressor

Standalone PS5 payload for compressing, unpacking, validating, repairing, and moving ShadowMountPlus-mounted games from a simple web UI.

Game Compressor is made for the day-to-day workflow after your games are already mounted through ShadowMountPlus: pick a title, choose an action, and let the PS5 do the work. The app keeps long operations running on the console even if the browser window is closed.

Main Features

  • Compress mounted game folders or images into FF-PFSC output.
  • Choose PFS or exFAT output when compressing.
  • Automatically build APR Emu ampr_emu.index before compressing APR titles.
  • Manually run Build AMPR Index on a folder when you only want to refresh the APR index.
  • Validate compressed games and repair detected PFSC block issues when possible.
  • Uncompress compressed games back to folder/app form.
  • Move supported titles between internal storage and USB storage.
  • Track progress, speed, estimated remaining time, and operation history.
  • Keep operations running on the PS5 even if the browser tab closes.
  • Install or refresh a PS5 home-screen launcher tile:
Game Compressor / PSGC50001 -> http://127.0.0.1:5910/

The PS5 home-screen tile opens the Game Compressor web UI in the browser. It is not the compression worker itself. Compression, validation, repair, move, and uncompress jobs continue on the PS5 if you close the browser window or reopen the tile later.

APR Emu Support

APR Emu titles need an ampr_emu.index file and the correct ShadowMountPlus read-only image settings when they are run from internal SSD. Game Compressor handles those details for the common workflows:

  • To compress a folder-format APR Emu game from USB and run it from internal SSD, plug in the USB drive, select the title, and choose Compress. Game Compressor builds ampr_emu.index using the same workflow as build_ampr_index.py, writes the ShadowMountPlus read-only and sector-size settings, creates the .ffpfsc image, mounts it, and validates the mounted image byte-for-byte against the original.
  • If the compressed game stutters and you still want it on internal SSD, open the secondary action menu, choose Uncompress, then select exFAT. The ShadowMountPlus settings and ampr_emu.index are already in place, so Game Compressor leaves them unchanged and creates an uncompressed exFAT image.
  • If you already know the game should stay uncompressed, open the secondary action menu, choose Make Image, then select exFAT and Internal SSD. Game Compressor detects the APR Emu title, builds or refreshes ampr_emu.index, applies the read-only ShadowMountPlus settings, and creates the uncompressed image.
  • If you already have an exFAT image and ampr_emu.index exists, use Set Read Only from the secondary action menu to apply the ShadowMountPlus read-only settings for that image.

The only unsupported automatic case is an existing exFAT image with no ampr_emu.index. For that case, run the game once from external USB without read-only settings so APR Emu can create its index, confirm the game starts, then copy it to internal SSD and use Set Read Only.

Non-APR titles keep the normal compression path. When APR indexing is performed, the selected game screen and operation history show APR indexed.

The in-app APR-EMU Version picker uses Pippo's public APR-EMU manifest and binary mirror:

https://pippo26442999.github.io/.exFAT/ampr-emu-drakmor/manifest.json

The manifest and hosted files are provided by Pippo (pippo26442999). Manifest entries are downloaded by the browser, uploaded to Game Compressor, cached under /data/GameCompressor/ampr-emu, and then applied to the selected title or image. Custom .sprx/.prx files can also be uploaded manually from a desktop browser. The upstream APR Emu project source is drakmor/ampr_emu.

Requirements

  • A PS5 homebrew environment capable of running payload ELFs.
  • ShadowMountPlus latest version, installed and managing mounted titles.
  • KStuff Lite 1.07 Beta or later.
  • Payload Manager or another method to launch game-compressor.elf.

This project assumes you already understand the risks of running PS5 homebrew payloads. Keep backups of important data and test with non-critical titles first.

Build

Set PS5_PAYLOAD_SDK to your local SDK path, then run make:

export PS5_PAYLOAD_SDK=/path/to/ps5-payload-sdk
make

The build output is:

game-compressor.elf

Generated build outputs are intentionally ignored by git:

build/
gen/
game-compressor.elf

Deploy

Copy the built ELF to your PS5 payload folder. A typical Payload Manager path is:

/data/pldmgr/payloads/game-compressor/game-compressor.elf

This repo also includes Payload Manager metadata in:

payload-manager/game-compressor.elf.json

If you rebuild the ELF, update that JSON checksum before publishing or redistributing it.

How To Use

  1. Make sure ShadowMountPlus has mounted one or more games.
  2. Launch game-compressor.elf from Payload Manager or your payload loader.
  3. Open the web UI:
http://<PS5_IP>:5910/
  1. Pick a game from the left sidebar.
  2. Use the primary action:
    • Folder/image titles show Compress.
    • Compressed titles show Validate and Repair.
  3. For compression, choose either PFS or exFAT when prompted.
  4. Use the secondary action menu for supported actions such as:
    • Build AMPR Index
    • Uncompress
    • Move to USB
    • Move to Internal SSD
  5. Use the History button to review previous operations.

The app remembers the last game you viewed using a browser cookie, so reopening the UI returns to that title when it is still available.

If you close the browser window during an operation, open the Game Compressor tile again or go back to http://<PS5_IP>:5910/ to see the current job.

Compression Settings

When you choose Compress, Game Compressor asks for the output format, destination, and how to handle the original source.

Format

Compress always produces a .ffpfsc file, which is a compressed PFS container. The format choice controls the nested image stored inside that compressed container:

  • exFAT is the default and recommended nested image format. It stores an exFAT image inside the .ffpfsc output and is the preferred option for most games, especially APR Emu workflows.
  • PFS Experimental stores a PFS image inside the .ffpfsc output. Use it only when you specifically want to test the PFS nested-image path.

Destination

  • Compress in place writes the compressed .ffpfsc container next to the currently selected game.
  • Internal SSD writes the compressed output under /data/homebrew. This is only shown when the selected game is not already on internal storage.
  • External Storage writes the compressed output to a selected USB/external target. If the game is already on external storage, Game Compressor may show a Compress to... picker so you can choose internal SSD or another USB target.

Original Handling

  • Keep original leaves the source folder or image untouched. This is the safest choice and requires enough free space for the compressed output.
  • Delete after verified writes and validates the compressed output first, then removes the original source. This is the default for in-place compression. It still needs full-size temporary free space because the original is kept until verification succeeds.
  • Destructive deletes source data while writing the compressed output. It requires at least 1 GB of free space, cannot be cancelled after the unsafe phase begins, and is only available for same-storage folder compression. It is not available when compressing to another drive or when using Make Image.

When compressing to internal SSD or external storage, Game Compressor keeps the original by default. If you choose to remove the original, it uses the safer Delete after verified behavior.

Game Discovery

Mounted games are shown automatically. Game Compressor also scans known game storage folders, including:

/data/homebrew
/data/etaHEN/games
/mnt/ext0
/mnt/ext0/homebrew
/mnt/ext0/etaHEN/games
/mnt/ext1
/mnt/ext1/homebrew
/mnt/ext1/etaHEN/games
/mnt/usb0 through /mnt/usb7
/mnt/usb0/homebrew through /mnt/usb7/homebrew
/mnt/usb0/etaHEN/games through /mnt/usb7/etaHEN/games

When You Are Done

Game Compressor should only be launched when you need to compress, validate, repair, move, or unpack games. After your games are compressed and you no longer need the web UI, it is preferred that Game Compressor is no longer running.

Use the terminate button in the top bar when you are done. Game Compressor removes its home-screen tile, stops the payload, and leaves a final screen telling you to exit the browser window.

Notes

  • Launcher installation is nonfatal. If it fails, the web UI can still be used directly from http://<PS5_IP>:5910/.
  • Payload operations are owned by the PS5-side worker, not the browser tab.
  • Compression and repair workflows can take a long time on large titles.

Credits

Created by Juma Sayeh.

Tested by Osama Abualia.

Thanks to Pippo (pippo26442999) for maintaining the public APR-EMU manifest and binary mirror used by the in-app APR-EMU version picker.

Built on and inspired by work from:

  • PSBrew/MkPFS
  • Drakmor's ShadowMountPlus, APR Emu, and build_ampr_index.py work, which Game Compressor builds on for mounted-title support and PS5-side ampr_emu.index generation.

Made with love in Palestine.

Disclaimer

This is homebrew software for experimental PS5 workflows. Use it at your own risk. The project is not affiliated with Sony, PlayStation, or any game publisher.

github.com
u/a1mhtar — 16 days ago

P2JB port for Netflix-N-Hack - wodz69/Netflix-N-Hack

P2JB port for Netflix-N-Hack

Netflix 'N Hack

Inject custom JavaScript into the Netflix PS5 error screen by intercepting Netflix's requests to localhost.

PS5 firmware version: 4.03-12.XX

Lowest working version: https://prosperopatches.com/PPSA01614?v=05.000.000 (Needs to be properly merged)

Recommended download link merged 6.00: https://pkg-zone.com/details/PPSA01615

> This project uses a local MITM proxy to inject and execute inject.js on the Netflix error page

> [!IMPORTANT] > Jailbreaking or modifying your console falls outside the manufacturer’s intended use. Any execution of unsigned or custom code is performed solely at your own risk. > > By using this project, you acknowledge that: > > - You assume full responsibility for any damage, data loss, or system instability. > - The contributors and maintainers of this repository cannot be held liable for any issues arising from the use of this code or any related instructions. > - This project is provided “as is”, without warranty of any kind, express or implied. > > Proceed only if you understand and accept these risks.


Instructions

Extended Storage Setup

> [!WARNING] > This will wipe your drive.

Disclaimer: Only works on PS5s that have an activated account. Real PSN account or Fake activated via jailbreak.

Do not update your console to activate! Use System backup method below

Requirements for PS4 Version

The PS4 version of Netflix requires a license.

You may have the license if:

  1. You have previously installed Netflix but deleted it.
  2. You currently have the retail application installed and can run it without jailbreaking. (Not the one from homebrew store/pkg zone)
  3. You have a real PSN account activated as primary.

If you don't know if you have the license, you can still try flashing the extended storage image for your region (region relevant only for PS4) and testing to see if the Netflix app will work. If it stays locked, it means you don't have a license and you will not be able to use the jailbreak.

Requirements to flash the extended storage image:

  1. PS4 firmware 9.00-12.02
  2. 256GB or larger (up to 8TB) USB drive / External HDD / External SSD
  3. Must be USB 3.0 connection

> [!TIP] > If you have a higher version application than the vulnerable 1.53 version, delete it and flash an extended storage image to a drive — it'll give you the 1.53 version.

> [!NOTE] > Alternatively, if you can already jailbreak, instead of flashing an extended storage image you can install the retail version of Netflix and use it afterwards. Still requires a license.


Extended Storage Drive Setup (PS4)

> [!IMPORTANT] > Before plugging in the extended storage drive, delete the Netflix app from your PS4 if you have it installed. Then turn off the console, plug in the extended storage drive, and turn the console back on.

Step 1: Download balenaEtcher

Step 2: Download the Image Archive

  • Download the .7z archive for your region from the Releases section. For PS4 the Images are Netflix_PS4_xx.7z ,US/EU/JP to indicate the region they are for. > [!NOTE] > Extended Storage does not require an exact capacity beyond the minimum of 256GB. Meaning that if your drive is 256GB you can use the image. If your drive is 500GB you can use the image. Or if it is 1TB you can use the image and etc up to 8TB. But if it is 250GB you cannot use the image.**
  • The .7z download size is roughly ~95-200 MB and around 400MB unpacked.

Step 3: Extract the ZIP Image

  • Extract the downloaded .7z file.
  • Inside, you will see a .zip image file.

Step 4: Write the Image with balenaEtcher

  1. Connect your Drive to your computer (using a dock/enclosure or spare M.2 slot).
  2. Open balenaEtcher.
  3. Click “Flash from file” and select the extracted .zip image.
  4. Click “Select target” and choose your Drive.
  5. Click “Flash!” to start the process.

> Etcher will appear stuck at 0% for a while, then at 85-99% for several minutes. > This is normal, let it finish without interruption! > If you encounter damaged image warnings, reboot your pc, redownload the image.

Step 5: Moving the Netflix App to Internal Storage

  1. Go to Settings -> Storage -> Extended Storage -> Applications -> [Press Options on controller] -> Move To System Storage
  2. Press X on the Netflix App to tick and select it.
  3. Go to "Move" and press X.
  4. Press OK on the prompt to move the app to internal storage. It will then move to internal storage and be usable for the exploit. Accessible from the Media tab of the XMB.

Extended Storage Drive Setup (PS5)

> [!IMPORTANT] > While the console is off, plug in the extended storage drive, then turn the console on.

Step 1: Download balenaEtcher

Step 2: Download the Image Archive

  • Download the .7z archive for your desired region from the Releases section. the PS5 Extended Storage Image is PS5_EU_Ext.7z
    • NOTE: ** Extended Storage does not require an exact capacity beyond the minimum of 256GB. Meaning that if your drive is 256GB you can use the image. If your drive is 500GB you can use the image. Or if it is 1TB you can use the image and etc up to 8TB. But if it is 250GB you cannot use the image.**
  • The .7z download size is roughly ~95-300 MB and around 500MB unpacked.

Step 3: Extract the ZIP Image

  • Extract the downloaded .7z file.
  • Inside, you will see a .zip image file.

Step 4: Write the Image with balenaEtcher

  1. Connect your Drive to your computer (using a dock/enclosure or spare M.2 slot).
  2. Open balenaEtcher.
  3. Click “Flash from file” and select the extracted .zip image.
  4. Click “Select target” and choose your Drive.
  5. Click “Flash!” to start the process.

> Etcher will appear stuck at 0% for a while, then at 85-99% for several minutes. > This is normal, let it finish without interruption! > If you encounter damaged image warnings, reboot your pc, redownload the image.

Step 5: Moving the Netflix App to Internal Storage

  1. Go to Settings>Storage>USB Extended Storage>Games and Apps
  2. Press X to select the Netflix app.
  3. Go to "Select Items to Move" and press X.
  4. The Netflix app should be selected now go to "Move" and press X
  5. Press OK on the prompt to move the app to internal storage. It will then move to internal storage and be usable for the exploit. Accessible from the Media tab of the XMB.

M.2 Drive Setup (PCIe Gen 4 NVMe for PS5)

Step 1: Download balenaEtcher

Step 2: Download the Image Archive

  • Download the .7z archive for your desired capacity from the Releases section.
    • NOTE: Exact capacity matters for M.2 Images only - not all 1TB drives are 1000GB: some are 1024GB, same with 2000/2048, 4000/4096; choose carefully!
  • The .7z download size is roughly ~95-200 MB. Unpacked files range from ~95100MB-4GB.

Step 3: Extract the ZIP Image

  • Extract the downloaded .7z file.

  • Inside, you will see a .zip image file, with size depending on the target SSD:

    • 256 GB image: ~380 MB .zip
    • 500 GB image: ~670 MB .zip
    • 1 TB image: ~1.2 GB .zip
    • 2 TB image: ~2.3 GB .zip
    • 4 TB image: ~3.9 GB .zip

    <ins>This .zip is what you will flash with balenaEtcher.</ins>

> Note: When you load this image in balenaEtcher, you may see a > Missing partition table warning. This is expected for encrypted PS5 drives. > It is safe to click Continue.

Step 4: Write the Image with balenaEtcher

  1. Connect your M.2 SSD (PCIe Gen 4 NVMe) to your computer (using a dock/enclosure or spare M.2 slot).
  2. Open balenaEtcher.
  3. Click “Flash from file” and select the extracted .zip image for your chosen capacity.
  4. Click “Select target” and choose your M.2 SSD.
  5. Click “Flash!” to start the process.

> Approximate flashing times (varies depending on M.2 dock/enclosure speed and your CPU): > - 256 GB image: ~10 minutes > - 500 GB image: ~15 minutes > - 1 TB image: ~25 minutes > - 2 TB image: ~45 minutes > - 4 TB image: ~80 minutes > > Etcher will appear stuck at 0% for a while, then at 85-99% for several minutes. > This is normal, let it finish without interruption! > If you encounter damaged image warnings, reboot your pc, redownload the image or use a different enclosure/motherboard slot for the m.2 SSD.

Step 5: Install the M.2 Drive in the PS5

  • Power off the PS5 completely.
  • Install the imaged M.2 SSD into the PS5’s internal M.2 slot.
  • Power the PS5 back on; the console should now see the preinstalled Netflix app, viewable under Storage settings.
  • Move app from the M.2 to console storage, then reformat the M.2 drive in under Storage settings to safely continue using it.

Step 6: Move the Netflix App to Internal Storage


System Backup Restore

> [!WARNING] > This will wipe all existing games and saves from your PS5!

Step 1: Prepare the Backup USB

  1. Format a USB drive as exFAT or FAT32.
  2. Unzip the system backup onto the formatted USB drive.

Step 2: Restore the System

Follow Sony’s official guide to restore your PS5 system from the USB: https://www.playstation.com/en-us/support/hardware/back-up-ps5-data-USB/

Safe Internet Connection Setup for Netflix

Step 1: Open Network Settings

  1. On your console, go to: Settings > Network > Settings > Set Up Internet Connection

  2. Scroll to the bottom and select: Set Up Manually


Step 2: Choose Connection Type

  • Wi-Fi: Select Use Wi-Fi
  • LAN Cable: Select Use a LAN Cable

If using Wi-Fi:

  1. Choose Enter Manually.
  2. Enter your SSID Wi-Fi network name.
  3. Set Security Method to WPA-Personal/WPA2.. (or similar).
  4. Enter your *Wi-Fi network password.

Step 3: Configure Proxy Settings

For either Wi-Fi or LAN, continue the setup:

  1. Scroll to the Proxy setting.

  2. Change it from Automatic to Manual.

  3. Enter the following details:

    • Address: 172.105.156.37
    • Port: 42069
  4. Press Done to save your settings.


Step 4: Finalize and Connect

  • Wait for the console to attempt a connection.
  • You may see Can't connect to the internet — this is expected and can be ignored after pressing OK.
  • The connection will still function normally.

You can now open Netflix safely.


Self-host mitmproxy with Docker

Requirements

Installation & Usage

Copy the .env.example to .env.

cp .env.example .env

Edit the .env and change the IP_SCRIPT variable to the IP of the device that will host mitmproxy. Optionally change IP_SCRIPT_PORT if 8080 is already used.

docker compose up -d

Check the logs to ensure the services are deployed successfully.

docker logs -f --tail 10 mitmproxy
docker logs -f --tail 10 ws

Continue to the Network / Proxy Setup section.

How to run proxy locally

Requirements

  • Python (for mitmproxy)
  • mitmproxy (pip install mitmproxy)

Installation & Usage

# install mitmproxy
pip install mitmproxy

# clone repository
git clone https://github.com/earthonion/Netflix-N-Hack/
cd Netflix-N-Hack

# run mitmproxy with the provided script
mitmproxy -s proxy.py

Current script will trigger after the WebSocket for remote logging is initiated.

# install websockets
pip install websockets

# Generate Keys
openssl req -x509 -newkey rsa:4096 -nodes -keyout key.pem -out cert.pem -days 365 -subj "/CN=localhost"

# run WebSocket server
python ws.py

Network / Proxy Setup

On your PS5:

  1. Go to Settings > Network > Settings > Set Up Internet Connection.

  2. Scroll to the bottom and select Set Up Manually.

  3. Choose Connection Type Use Wi-Fi or Use a LAN Cable If using Wi-Fi: Choose Enter Manually, Enter your SSID Wi-Fi network name. Set Security Method to WPA-Personal/WPA2.. (or similar) then Enter your *Wi-Fi network password.

  4. Use Automatic for DNS Settings and MTU Settings.

  5. At Proxy Server, choose Use and enter:

  • IP address: &lt;your local machine IP&gt;

  • Port: 8080

  1. Press Done and wait for the connection to establish
  • You may see Can't connect to the internet — this is expected and can be ignored after pressing OK.

> Make sure your PC running mitmproxy is on the same network and reachable at your local IP.

Open Netflix and wait.

> [!NOTE] If you see elfldr listening on port 9021 you can send your elf payload.

if it fails reboot and try again

Troubleshooting

  • If the Netflix application crashes shortly after opening it, reopen it to retry.
  • If you see a green text error "Exception" press X or O to retry.
  • If Lapse fails you will see a notification telling you to reboot the console, you must reboot to retry.

P2JB

For PS5 firmwares between 10.x - 12.40 inclusive, an implementation of P2JB is available. This is a port of matem6/P2JB-Y2JB-Porting with changes requried by the NF app environment (use uncompressed reads/writes, avoid the use of pthread_create/scePthreadCreate, minimize garbage creation). According to my testing, the exploit is relatively stable on 2 cores but unstable on 3+. Instructions of running the P2JB implementation:

  • start the proxy in the same way as with the lapse variant, start ws.py script for websocket logging
  • run the Netflix app and wait for remote_js_loader notofication
  • send p2jb payload to the remote JS loader, wait till complete
python payload_sender.py &lt;IP_OF_YOUR_PS5&gt; payloads/p2jb.js

Once complete (ETA ~70min), it will launch elfldr via kexp on the usual port (9021) and return the control to remote_js_loader. At this point, Netflix app can be safely closed without crashing. Please note: a customized kexp (payloads/kexp_no_pthreads.bin_, that launches elfldr directly instead of using pthread_create, is used. This is because pthread_create crashes during TLS allocation on 10.x firmwares (and I presumably all higher versions). For disc-based PS5 users: elfldr can be used to (un)patch bdjstack.jar (see BD-UN-JB project) to provide a much faster JB method on supported firmwares) The jailbreak also enables the debug menu, which can be used to install Youtube app without restoring a backup (see Y2JB github repo for details and pkg & update files):

  • install YT pkg from USB using the debug men
  • launch YT app and close
  • copy download0.dat to the required location (e.g. by using ftpsrv payload injected via elfldr)
  • YT app should now be exploitable

Credits

  • c0w-ar for complete inject.js userland exploit and lapse port from Y2JB!
  • ufm42 for regex sandbox escape exploit and ideas!
  • autechre for the idea!
  • Dr.Yenyen for testing and coordinating system back up, M.2 Drives, Extended Storage, making PS5 Extended storage Image and much more help!
  • Gezine for help with exploit/Y2JB for reference and original lapse.js!
  • Rush for creating system backup, 256GB and 2TB M.2 Images, PS4 Extended Storage Images and hours of testing!!
  • Jester for testing 2TB and devising easiest imaging method, and gathering all images for m.2!
  • TeRex777 for PS5 App Extended Storage method.
github.com
u/a1mhtar — 21 days ago

Release Kstuff Lite 1.2-dr-test2 · drakmor/kstuff-lite

##Kstuff Lite 1.2-dr-test2

  • Added Trophy support (do not work with an activated account) Thanks @idlesauce, @ArkSama and @EchoStretch!

  • Thank you to everyone working on this project — @sleirsgoevy, @zecoxao, @flatz, @idlesauce, @buzzer-re, @Al-Azif, @EchoStretch, and many others!

  • Firmware up to 12.70 is supported.

github.com
u/a1mhtar — 24 days ago

Release 0.0.8 · PSBrew/MkPFS

🎉 MkPFS 0.0.8 is released!

##🤖 What's Changed

  • Several improvements and fixes related to image packing, unpacking, and verification.

  • Added warnings to let the user know when they use experimental flag combinations

  • Automatically rename inner image to avoid bad special characters introduced by the user

github.com
u/a1mhtar — 26 days ago

Releases · itsPLK/ps5-y2jb-autoloader v0.8-dev-a1b152e **Pre-release**

&#x200B;

##Changelog:

Pre-release

  • added P2JB support for firmwares above 10.01 up to 12.70 (lower firmwares use Lapse)

  • added estimated progress overlay during the P2JB exploit loading phase (shifts position randomly to prevent OLED burn-in)

  • updated elfldr (rebuilt with latest sdk)

  • updated Payload Manager to v0.3.1

github.com
u/a1mhtar — 26 days ago

Sponsor @Gezine on GitHub Sponsors (support Gezine)

You can always support Gezine if you liked his work

github.com/sponsors/Gezine

USDC (Solana) 96hqBZSu8cSg6ghdJn6sZKrmTU3iMFpr2fbA8scKpqAx

github.com
u/a1mhtar — 26 days ago
▲ 140 r/ps5homebrew+1 crossposts

Got Y2JB working without PSN at 12.70

Got Y2JB working without PSN at 12.70 (Read the full post)

##By Dr.Yenyen Read the full post as this is an important development for 12.60 and above userlands.

Sony patched Y2JB in a bad way. Currently it will still work up to the latest firmware by using a different app version.

This means we'll get you guys a system backup made that will work up to 12.70 to jailbreak (yes including 12.60) fully digitally and up to 13.40 generally as a userland, until a usable kernel exploit past that becomes available. Netflix is still dead though.

TeRex777 nudged me tonight with some information about YouTube working on 13.20 for him, so we looked into it and found out the patch job was bad by Sony. I tested on 12.70, 13.20 and 13.40 and it works.

Until they patch it again we've got a free userland up to 13.40 that requires you to wipe your console and allows you to retain your manually paired disc drive.

Picture by Gezine who ran it on 12.70:

u/a1mhtar — 27 days ago

Release ps5debug-NG v1.2.6 · OpenSourcereR-dev/ps5debug-NG PS5 Debug Next Generation -- Full Support Up To 13.20

1.2.6

54d8930

v1.2.5 added initial support for FW 8.x-13.x. v1.2.6 makes it actually functional and adds hardware verification across most firmwares.

🎮 Firmware support - 8.x through 13.x now working

✅ Hardware-verified: FW 4.x, 6.x, 8.x, 9.x, 10.x and 12.x - poke, software + hardware breakpoints, all watchpoint types, title ID, content ID and version confirmed working.

⚠️ FW 3.x, 5.x, 7.x, 11.x and 13.x: supported but not yet fully tested. The fixes are firmware-agnostic by design. Feedback welcome.

🔧 Memory write (poke) on FW 9.x+

Pokes silently failed on FW ≥ 9 (the kernel blocks the old mdbg write path there). Writes now go through a DMAP page-table walk, so poking, cheats and patches work again on 9.x-13.x. (mdbg stays the path on FW ≤ 8.x.)

Newly allocated memory is pre-faulted so writes land correctly.

🔴 Breakpoints & watchpoints on FW 9.x-13.x

Hardware breakpoints/watchpoints were silently doing nothing on 9.x+ - now enabled across 9.00-13.20.

Software (INT3) breakpoints now write correctly on 9.x+ (same DMAP fix as poke).

Fixed breakpoints/watchpoints that fired a few times then stopped on FW 11/12 (the debug-status register wasn't being cleared between hits).

🏷️ Title ID / Content ID / Version - now firmware-agnostic

Game title ID, content ID and version are detected by scanning the process instead of per-firmware offsets (which shifted at 8.x and 12.x). Reaper / Cheater again show the running game correctly on newer firmware.

💥 Fixed a console crash on client disconnect (SIGPIPE)

Closing the client mid-operation (e.g. during a scan) could crash the whole console by killing SceShellCore. Now suppressed - disconnecting is safe. Affects all firmwares.

🔔 Load notification now shows the firmware version

The "loaded" popup now includes a Firmware: x.yy line.

💜 Credits

Added @Pharaoh2k to the special thanks.

📖 Documentation

Rewrote PROTOCOL.md to match the current sources (every command, packet struct, status code and enum), and corrected/expanded the README firmware table with per-release verification status.

⚠️ Known caveats

FW 3.x, 5.x, 7.x, 11.x and 13.x are supported and quite likely fully working but not yet fully hardware-tested - please report results.

FW ≤ 5.x behavior is otherwise unchanged.

github.com
u/a1mhtar — 1 month ago

v1.6.4 - soniciso/elf-arsenal

Cheat engine improvements

Cheat game list fix: After a full repo download, the staged-cheat game list was always empty because list_cheats() only scanned the flat root — all downloaded files live in json//shn//mc4/ subdirs. Now scans all four paths; 3000+ titles correctly appear.

Format selector tabs: When multiple formats exist for a game (e.g. SHN + MC4), tab buttons appear above the cheat list so you can pick which version to load. Example: Dead Space SHN → 1 cheat, MC4 → 10 cheats. Tabs are hidden for single-format games.

XML patches (from v1.6.3)

Global toggle + per-patch enable/disable across all three CheatRunner scan dirs

Upload new XML patch files from the browser

Source badges (Arsenal / CheatRunner / CheatRunner PS5)

Plugin loader (from v1.6.3)

Drop .elf files into /data/elf-arsenal/plugins/ and manage them from Settings

git.etawen.dev
u/a1mhtar — 1 month ago

GitHub - StonedModder/Y2JB-Genny: Y2JB Generator with custom theme support

y2JBGenny

GUI for creating PS5 Y2JB update ZIPs.

What It Does

  • Creates a new Y2JB update workspace from the bundled template.
  • Writes ps5_autoloader/autoload.txt from the payload order list.
  • Supports payload, delay, and message rows.
  • Imports payload files into the workspace.
  • Tracks payload sources and release versions via github/lab.
  • Edits the Y2JB autoloader look/theme.
  • Supports the bundled cyberpunk theme and the default PLK-style autoloader theme.

Current Y2JB Template

The bundled update template is based on PLK Y2JB autoloader:

v0.6.3-e655073

Bundled dependency versions include:

  • ps5-elfldr v0.23.1-148b71c
  • ps5-kexp v0.5.1-2cc1a71
  • ps5-payload-manager v0.1.1

Template files live in:

src/shared/project-templates/y2jb

Requirements

  • Windows
  • Node.js with npm

WSL is not required. ZIP files are built with the native PS5-safe ZIP writer included in the app.

Quick Start

Use the included launcher:

launch.bat

The launcher installs dependencies if needed, then starts the Electron app.

Manual start:

npm install
npm start

Build A Portable App

Use the included compile script:

compile.bat

This runs dependency install, syntax checks, and the portable Windows build. Output is written to:

dist/

Manual build:

npm install
npm run lint
npm run build

Basic Workflow

  1. Launch y2JBGenny.
  2. Create a new Y2JB update workspace.
  3. Add or import payloads.
  4. Arrange the payload order.
  5. Edit the look/theme if desired.
  6. Click Build Update ZIP.
  7. Copy the finished ZIP to USB as y2jb_update.zip.

The app writes verbose build progress while creating the ZIP, including manifest, root file, payload file, ZIP, and final copy stages.

Theme Editor

The Look editor customizes the autoloader UI that appears during the Y2JB flow.

Editable fields include:

  • Screen title
  • Version text
  • Top credit text
  • Top loader text
  • Protocol title text
  • Protocol detail text
  • Colors for background, title, log, border, progress, and log states

Cyberpunk builds include both theme assets:

  • cybercore.ps5.css
  • host-ui.css

Notes

This project packages Y2JB update workspaces. It does not install console-side files or modify console storage directly. Use responsibly and follow the upstream Y2JB project instructions for your environment.

github.com
u/a1mhtar — 1 month ago

🎮 PS5 Rules for Success by Declan Kerr

🎮 PS5 Rules for Success

Before asking for help, please make sure you’ve read and followed the guidance below.

  1. Use a Single Mounting Method

Always use only one mounting solution at a time.

Examples include:

Voidshell

ShadowMount Plus

Dump Installer

etaHEN + ItemzFlow

Mixing multiple mounting methods can lead to conflicts, crashes, duplicate shortcuts, or games failing to launch.

Note: Dump Installer can generally be used alongside etaHEN.

  1. Use the Latest kstuff

Using an up-to-date version of kstuff is recommended.

Use either the latest Echo Stretch kstuff Lite release or Drakmor’s 1.1 Stable release. Drakmor’s 1.1 Stable should only be used on firmware 10.01 or below, while Echo Stretch kstuff Lite can be used on firmwares up to 12.xx.

If you are experiencing issues, test different kstuff versions before reporting problems.

  1. Use an SSD for Best Results

For the best compatibility and loading performance:

✅ Use an SSD in a USB enclosure

✅ Connect it to a SuperSpeed USB port:

Rear USB ports

Front USB-C port

⚠️ Internal storage is generally not recommended for mounted content.

  1. Configure kstuff Pause Correctly

Do not set your kstuff pause delay too the kstuffshort.

The pause delay should generally be set to at least 45–60 seconds.

Some games require additional time to finish loading resources. If kstuff resumes too early, the game may crash during startup or shortly afterwards.

If you experience crashes, increase the pause delay and test again.

  1. Check Firmware Compatibility

Games must be compatible with your firmware.

Examples:

Firmware 4.xx → Game must support 4.xx or have a backport.

Firmware 5.xx → Games requiring 6.xx will need a backport.

If a game requires a newer firmware than your console supports, you must:

Obtain an existing backport, or

Create one yourself (advanced users)

Many popular titles already have backports available within the community.

  1. Switching from ItemzFlow to Other Mounting Methods

If you previously mounted games using etaHEN + ItemzFlow and want to switch to ShadowMount Plus, Voidshell, or another mounting solution:

Open ItemzFlow.

Locate previously mounted games.

Remove all created shortcuts.

Reboot if necessary.

Mount again using your new preferred method.

Failing to remove old shortcuts can cause launch issues and conflicts.

Before Asking for Help

Please verify:

✅ You are using only one mounting method.

✅ Your game is compatible with your firmware.

✅ You are using a suitable kstuff version.

✅ Your kstuff pause delay is not too short.

✅ You are using an external SSD connected to a SuperSpeed USB port.

✅ You removed old ItemzFlow shortcuts if switching mounting methods.

Community Etiquette

❌ Do not post the same question across multiple channels.

❌ Do not repeatedly bump your question.

✅ Ask once and wait for a response.

✅ Provide useful information such as:

Firmware version

Mounting method used

kstuff version

Storage device used

Exact error or crash behaviour

This helps experienced users and moderators diagnose problems much faster.

reddit.com
u/a1mhtar — 1 month ago

GitHub - deejay87/PS4-PS5-Payloads-Sender: Windows payload sender PS4 / PS5

PS4 / PS5 PAYLOADS SENDER

Application Windows permettant d’envoyer facilement des payloads vers une console PS4 ou PS5.


📦 Fonctionnalités

  • Envoi de fichiers payload :

    • .elf
    • .bin
    • .js
    • .lua
  • Glisser-déposer des fichiers

  • Chargement manuel via explorateur

  • Sélection du port d’envoi

  • Compatible PS4 / PS5

  • Interface simple et rapide


🖥️ Utilisation

  1. Lancer l’application
  2. Entrer l’adresse IP de la console
  3. Sélectionner le port correspondant au besoin du fichier à envoyer
  4. Glisser-déposer un fichier payload ou cliquer pour parcourir
  5. Cliquer sur ENVOYER

📡 Ports supportés

Les ports peuvent varier selon le payload ou l’exploit utilisé.

Exemple :

  • 9020
  • 9021
  • 9026
  • 50000

📸 Aperçu

<p align="center"> <img src="screenshots/PS4-PS5 PAYLOADS SENDER.JPG" width="900"/> </p>


📥 Téléchargement

Téléchargez l’application depuis la section Releases.


⚙️ Compatibilité

  • Windows 10 / 11
  • PS4
  • PS5

⚠️ Antivirus / Windows Defender

Comme beaucoup d’outils réseau ou de payload sender, certains antivirus ou Windows Defender peuvent détecter l’application comme potentiellement dangereuse ou afficher une alerte de sécurité.

  • Ajouter l’application aux exclusions Windows Defender
  • Autoriser l’exécution manuellement
  • Désactiver temporairement l’antivirus pendant l’utilisation
github.com
u/a1mhtar — 1 month ago

GitHub - matem6/YarP2JB: A P2JB port for the Yarpe userland exploit

p2jb-yarpe

PlayStation 5 jailbreak (firmware 9.00 – 12.70) — a port of Gezine's p2jb kernel exploit (cr_ref overflow via kqueueex) to yarpe, Helloyunho's Ren'Py userland exploit, running inside Arcade Spirits: The New Challengers.

Confirmed working end-to-end on both editions of the game: jailbreak + GPU-DMA debug menu + in-place ELF loader. Closing the game after completion does not kernel-panic the console.

> Firmware support: offsets cover 9.00 – 12.70. Validated > end-to-end on 11.60 (PS5 edition) and 10.40 (PS4 edition on PS5).


How it works

The payload triggers a 32-bit cr_ref overflow in the PS5 kernel (via ~2³² kqueueex syscalls), uses the resulting use-after-free to build kernel read/write primitives (pipe-based + IPv6), escalates the host process to root, and enables the Debug Settings menu via GPU PM4 DMA writes on the read-only kernel .data segment.

It then loads elfldr-ps5.elf in place: a normal region is pre-allocated before the leak and, after the jailbreak, made RWX by patching its vm_map_entry protection byte through the kernel R/W — no new mapping, so it bypasses the per-process vm_map_entry limit that otherwise blocks a second payload. On the PS4 edition the process sysent is temporarily swapped to a PS5-native one so the PS5 ELF's syscalls resolve correctly. The loader then listens on TCP :9021 for ELFs to run on the jailbroken PS5.


Requirements

PS5 setup (yarpe)

This payload runs inside yarpe, the Ren'Py userland exploit, in Arcade Spirits: The New Challengers (yarpe by Helloyunho).

The exploit save is provided in this release — you don't need to build it. Get it onto the PS5 in one of two ways:

  • Restore the provided system backup image — it already includes the exploit save. Simplest path.
  • Install the provided save into the game's save slot manually:
    • Jailbroken console: replace the save directly (e.g. Apollo Save Tool).
    • Non-jailbroken, PSN-activated account: import the save via USB — see yarpe's docs for the decrypt / re-encrypt steps.

Then launch the game and load the save — that's the exploit entry point. yarpe listens on TCP :9025 for a Python script. yarpe is a userland exploit; this payload is what takes it to the kernel.

The provided save already includes the updated ELF loader at /saves/yarpe/elfldr-ps5.elf — you don't need to add it yourself.

Hardware

  • PlayStation 5 with Arcade Spirits: The New Challengers installed — PS5 edition (PPSA06409 / PPSA06410) or PS4 edition (CUSA32096 / CUSA32097).
  • A PC on the same LAN as the PS5.
  • A USB stick for transferring the save (method depends on whether the console is jailbroken).

Software (on PC)

  • Any TCP socket client — nc, or Al-Azif/hermes-link — to send the payload to :9025 and ELFs to the loader on :9021.

Files

  • p2jb.py — the jailbreak payload (this repo).
  • Exploit save / system backup image — provided in this release; already includes the updated ELF loader (elfldr-ps5.elf).

Usage

1. Send the payload

With the exploit save loaded in the game (yarpe listening on :9025):

nc &lt;ps5-ip&gt; 9025 &lt; p2jb.py

2. Wait for the leak

The cr_ref leak dominates the runtime:

  • PS5 edition: ~45 min.
  • PS4 edition: ~52 min.

On-screen notifications mark progress (Stage 0 … Stage 9). Don't interact with the PS5 while it runs. A stall would surface as a FATAL / please retry log line — if the leak fails, just reload the save and send the payload again.

3. Look for completion

When it's done the console shows the debug menu enabled and the ELF loader running. From there, any ELF you send to :9021 runs on the jailbroken PS5:

nc &lt;ps5-ip&gt; 9021 &lt; your_payload.elf

hermes-link handles the loader's TCP protocol for you.


Known limitations

  • One run per boot. The triple-free is a point of no return; a failed or completed run needs the save reloaded (and, if the game was torn down, a fresh launch).

Credits

  • p2jb PoC (PS5 cr_ref overflow via kqueueex) — Gezine. Luac0re.
  • lapse / netcontrol — TheFlow and the PS5 lapse work; source of the kqueue leak and UIO/IOV kernel R/W primitives, the IPv6 R/W, and the GPU PM4 DMA debug-menu apply flow reused here.
  • yarpe (Ren'Py userland exploit) — Helloyunho. Helloyunho/yarpe.
  • NineS / ps5-payload-dev — John Törnblom; the in-place ELF execution technique (vm_map_entry protection patch) and the elfldr-ps5.elf loader.
  • Dr.Yenyen — built the system backup image bundling the exploit saves, and testing on real hardware.
  • Sonic-Iso — testing on real hardware.
  • Claude (Anthropic) — AI assistant used throughout the port.

License

MIT — see LICENSE.

github.com
u/a1mhtar — 1 month ago

GitHub - lz-anonz/Y2X: Y2eXploit (Y2X) - Y2JB Autoloader

Y2eXploit (Y2X)


Overview

Y2eXploit (Y2X) is an autoloader designed to simplify and organize payload execution within the Y2JB ecosystem.

It provides a structured workflow for chaining and managing exploit-stage payloads including P2JB + Lapse integration.


Features

  • Y2JB Autoloader/Updater Included
  • Autorun P2JB/Lapse Exploit
  • Autoupdate Y2JB Files (From USB)
  • Autoload Payload Manager
  • Autoclose YT App after finish

Screenshots

Main UI


Installation

Download from Releases

Releases Page


Project Purpose

This project was created to improve ui & payload execution in Y2JB.


Credits & Acknowledgements

This project builds on the foundational work and research contributions from many developers in the PS5 security and homebrew community.

Core Contributions

  • Gezine
    Creator of the Y2JB framework and foundational Lapse ecosystem work

  • itsPLK
    Contributions to autoloader ui concepts and payload structuring

  • Owendswang
    Contributions to Y2JB & Autoloader

  • TheFlow
    Low-level vulnerability research that enabled modern exploit development

  • EchoStretch / john-tornblom
    ELF loading tools, debugging utilities, and runtime execution research

  • PS5 Homebrew & Jailbreak Community
    Testing, validation, documentation, and continuous ecosystem support


Disclaimer

This software is provided strictly for educational and research purposes only.

The developer does not promote or encourage piracy, system abuse, or unauthorized modification of commercial devices.

Users are fully responsible for compliance with applicable laws and regulations in their region.

No liability is assumed for damage, data loss, bans, or system instability.


Contributing

Contributions, improvements, and suggestions are welcome.

To contribute:

  1. Fork the repository
  2. Create a feature branch
  3. Commit your changes
  4. Submit a pull request
github.com
u/a1mhtar — 1 month ago

Gezine/Y2JB Got stable p2jb under 1 hour Will do commit after few more test

Gezine/Y2JB

Got stable p2jb under 1 hour

Will do commit after few more test

u/a1mhtar — 1 month ago

PS5 FW Spoof by illusionyy. "Patch PS4 SDK + PS5 Update version in kernel data to `99.99` without hardcoded offsets".

PS5 FW Spoof by illusionyy.

"Patch PS4 SDK + PS5 Update version in kernel data to `99.99` without hardcoded offsets".

u/a1mhtar — 1 month ago