Join Us and become a Member for a Verified Badge on Discord to access private areas with the latest PS4 FPKGs.
PS4 Jailbreaking       Thread starter PSXHAX       Start date May 11, 2020 at 5:02 AM       44,115       77      
Proceeding the Orbis Lib Generator today the OpenOrbis Team released a PS4 homebrew platform known as Mira Project featuring a collection of PlayStation 4 homebrew tools for use with a Jailbroken PS4 Console. 😍

This comes following OpenOrbis Team's Mira Project initial announcement and the Project Mira v1.0 MiraFW developers release.

Download: MiraLoader_Orbis_MIRA_PLATFORM_ORBIS_BSD_672.bin (Latest Compiled Build) / Mira_Orbis_MIRA_PLATFORM_ORBIS_BSD_672.elf (Latest Compiled Build) / MiraLoader_Orbis_MIRA_PLATFORM_ORBIS_BSD_505.bin (Latest Compiled Build) / Mira_Orbis_MIRA_PLATFORM_ORBIS_BSD_505.elf (Latest Compiled Build) / / GIT / Report Issues / Cryptogenic Fork / Mira-5.0X-1590179148.7z (128.02 KB) via _AlAzif / Mira-474.7z (110.99 KB) via _AlAzif / MIRA_5.05-20200718.7z (86.27 KB)

Spoiler: Depreciated

Those who don't have access to a PS4 jailbroken console can try to Find a 5.05 / 5.07 Jailbreakable PS4 Console or wait for a Future PS4 Jailbreak Exploit to be publicly released such as what TheFloW previously announced for 6.20 Firmware.

Below are some highlights on this latest PS4 scene release from the, to quote: Mira Project - PlayStation 4 Homebrew Tools

The Mira Project is a set of tools (includes compiled Mira_Orbis_MIRA_PLATFORM_ORBIS_BSD_505.elf and MiraLoader_Orbis_MIRA_PLATFORM_ORBIS_BSD_505.bin) that grants you more power and control over your jailbroken Playstation 4. It is the result of all the hard work by the OpenOrbis team.

It works differently to the custom firmware experience on PlayStation 3, where CFW would be installed on the system via modified PUP files (e.g. Rebug), however once the framework is installed and ran it gives users the same functionality they were previously used to.

Build Status

Firmware Version Passing
4.05 WIP
4.55 WIP
6.20 WIP
New Features!
  • Homebrew Enabler (HEN)
  • Emulated Registry (EmuReg)
  • Emulated NVS (EmuNVS)
  • Kernel Debugger
  • Remote GDB
  • System-level FUSE implementation (Experimental, WIP)
  • Load sprx modules + IAT + Function Hooking (Thanks theorywrong)
You can also:
  • Mount and decrypt local gamesaves (Thanks ChendoChap) (WIP)
  • Transfer files to and from the harddrive
  • Implement your own kernel plugins (RPC using protobuf)
  • Implement your own userland trainers (hooks included!)
  • Dump your HDD encryption keys
  • A bunch of other stuff

This project would not be possible without these people (no particular order):
  • kiwidog - Lead developer
  • flatz - Developer (Code, writeups, non-stop help we <3 u flatz)
  • CrazyVoid - Developer (Loader/self/*** help, overall general help, OO moderator)
  • theorywrong - Developer (OverlayFS, general)
  • SiSTR0 - Developer (HEN support, general)
  • SocraticBliss - Developer (HEN support, general)
  • valentinbreiz - Developer (Mira Companion App v1)
  • Seremo - Developer (Mira Companion App v2, Log plugin)
  • Al-Azif - Developer (5.05 lead maintainer, general)
  • z80 - Developer (5.05 maintainer)
  • balika011 - Developer (Fixing userland elf loader entry point, general developer)
  • Zer0xFF - Developer (OverlayFS, general)
  • CelesteBlue - Developer (Bugfixes, plugins)
  • Joonie - Developer (Offsets porting 5.01/5.05)
  • AlexAltea - Low level and kernel help (go check out Orbital Emulator)
  • qwertyoruiop - Security (4.55-5.05 kernel exploits)
  • CTurt - Security (Initial payload PS4 *** and 1.76 kernel exploit)
  • m0rph3us1987 - Developer (Code examples, kernel ***, overall general help)
  • eeply - Developer (UART)
  • zecoxao - RE (4.74 Port)
  • aerosoul - Developer (Everything elf related, loaders, etc)
  • maxton - Developer (Everything pkg related, etc)
  • ChendoChap - RE (Bug hunting, general kernel help)
  • sugarleaf - Initial 4.55 private exploit, inital help with Mira dev (retired/left)
  • kozarovv - RE (4.05 offsets)
  • LM - RE (Research on System-Library-Loading), assembler and linker script help
  • TheFlow - RE
  • samsepi0l - Offset Porting
  • xvortex - Original VTX-Hen
  • 2much4u - Ptrace patches
  • golden - Ptrace patches, rpc ideas
Special Thanks
  • bigboss - liborbis with examples and orbisdev (and complaining a lot)
  • rogero - Original 5.01 testing
  • AbkarinoMHM - Original 5.01 testing
  • wildcard - General questions, and hardware help
  • frangarcj - orbisdev ***, musl, C++ support
  • masterzorag - orbisdev ***, musl, C++ support
  • fjtrujy - orbisdev ***, musl, C++ support
  • [Anon #1] - Developer (Code, Non-stop help, <3 thx bruv)
  • [Anon #2] - Developer (Code, Non-stop help, gl with job!)
  • [Anon #3] - Security (Future proofing design)
  • [Anon #4] - Developer (Ideas from Vita)
  • [Anon #5] - Security (Software and hardware)

Mira provies a plugin framework that can run in kernel mode (userland is soon, thanks to TW!), it provies a stable framework for startup, shutdown, suspend, resume in order to ensure clean operation of Mira.

Plugin Directory
Debugger src/plugins/Debugger
(WIP) Emulated Registry src/plugins/EmuRegistry
Fake PKG src/plugins/FakePKG
Fake Self src/plugins/FakeSELF
File Manager src/plugins/FileManager
(WIP) Fuse src/plugins/FuseFS
Log Server src/plugins/LogServer
OverlayFS (OrbisAFR) src/plugins/OverlayFS

Want to contribute? Great! There is no set limit on contributors and people wanting to help out in any way!

Join the OpenOrbis discord and have knowledge of C/C++ and FreeBSD or unix-like operating systems, web design and programming, rust-lang, content creator (youtube, twitch), or artist, or just want to find something to help out with like documentation, hosting, etc, kernel experience is a plus but not required by any means.

Building from source
Firmware porting guide

Lets say you are an eager developer, even a newbie that wants to try and contribute in some way or form to porting to a firmware that is not under active support. Here's the steps you would need to accomplish new builds from scratch. We will start by adding a non-existent firmware and work our way from that.

NOTE: This assumes you already have a kernel dump for your firmware, and things already labeled. If you need help with this step, you can ask in #help on the discord but you are pretty much on your own.*


Lets assume our firmware is 8.88 found in the PlayStation 4 System Software menu.
  1. Add your new firmware to src/Boot/Config.hpp you will see a bunch of defines already there, add your firmware in the correct version order a. #define MIRA_PLATFORM_ORBIS_BSD_888 888
  2. Fix any structure changes for the kernel in freebsd-headers. You should compare against what's already there and add fields that have been added via a. #if MIRA_PLATFORM==MIRA_PLATFORM_ORBIS_BSD_888 b. HINT: These are usually done in struct proc, struct thread, struct ucred if applicable, located in exernal/freebsd-headers/include.
  3. Add a new static function in src/Boot/Patches.hpp with your pre-boot patches, this will be called after MiraLoader finishes and before Mira runs a. static void install_prerunPatches_888();
  4. Add your firmwares version to the case within install_prePatches in src/Boot/Patches.cpp a. case MIRA_PLATFORM_ORBIS_BSD_888: install_prerunPatches_888(); break;
  5. Next create a new file named Patches888.cpp inside of src/Boot/Patches directory (or copy an existing one and rename it)
  6. You must follow the same format as all of the other patch files, this involves including the Patches.hpp and defining the install_prerunPatches_888() function with all needed patches a. As new features are added, this will need to be updated for any kernel patches required, so far a baseline is Enable UART, Verbose Kernel Panics, Enable RWX mappings, Enable MAP_SELF, Patching copy(in/out)(str) checks, patching memcpy checks, patching ptrace checks, patching setlogin (for autolaunch check), patch mprotect to allow RWX, patching pfs signature checking, patching to enable debug rifs, patch to enable all logs to console, (newer fws: disable sceverifier, delayed panics) b. All patches are required for full functionality, but to get up and running only the rwx patches, copy(in/out)(str), memcpy, mprotect patches are needed (I think, someone correct documentation + send PR if wrong).
  7. Add support to the MiraLoader by copying the newly finished src/Boot/Patches.cpp to loader/src/Boot/Patches.cpp and the new src/Boot/Patches/Patches888.cpp to loader/src/Boot/Patches/Patches888.cpp
  8. Next would be to create a new kernel symbol file in src/Utils/Kdlsym/Orbis888.hpp or copy one from a supported platform (more offsets than what's probably needed)
  9. Add support by modifying src/Utils/Kdlsym.hpp and adding either within #if defined(MIRA_UNSUPPORTED_PLATFORMS) before the #endif a line for your firmware file (make sure these are in numeric order) #elif MIRA_PLATFORM==MIRA_PLATFORM_ORBIS_BSD_888 #include "Kdlsym/Orbis888.hpp"
  10. The next step would be finding all of the functions that Mira/MiraLoader use in the kernel... This is the most time consuming portion of this and will need to be verified before upstreamed. The easiest way to handle this is to try building (using the build instructions provided) you will get a massive ton of errors around kdlsym and it not being able to find errors. One of such errors are shown as such:
src/External/protobuf-c.c: In function ‘protobuf_c_message_unpack’:
src/Utils/Kdlsym.hpp:49:52: error: ‘kdlsym_addr_printf’ undeclared (first use in this function)
#define kdlsym(x) ((void*)((uint8_t *)&gKernelBase[kdlsym_addr_ ## x]))

10. (continued) This means if you break it down, that printf was undeclared, look in your kernel dump with a dissassembler of choice (Ghidra/IDA Preferred, untested with others such as Binary Ninja, Relyze) and get the offset from the start of the loading address for the function printf (Calculated by Function Address - Base Address of Kernel where it was dumped from) and add it to your src/Utils/Kdlsym/Orbis888.hpp with the line #define kdlsym_addr_printf 0x<offset address> and repeat for all other build errors.​
11. Once complete you should have a full port to a new firmware completed (unless I missed a step/something unclear, create issue or fix + PR please)​
  • Clean kernel rebooting support
  • Web browser activation
  • Fake Online (spoof for LAN usage)
  • Game dumping and decryption
  • FakeDEX support
  • Linux loader
  • Embedded builds into loader
  • Remote registry


Free Software, Hell Yeah!

Spoiler: Related Tweets

PS4 Mira CFW Release (Overview + Tutorial)
Mira Project PlayStation 4 Homebrew Tools by the OpenOrbis Team.jpg



Senior Member
@aneesh absolutely not, zero use for the end user. Can it lead to something that an end user can actually use?.... sure, but that's up to the devs.


Game Mod Developer
Senior Member
This is big all around
For One its going to be
A more (Legit/Legal) and (Stable) way
For building and playing Homebrew.

2nd for The (End Users)
Up-and-coming new Features 😁

And 3rd
More stable grounds
to move forward on to future exploits 😁

Now for anything dealing with
Anything higher then 5.05
Continue to be patient.

We all already know that
We have good people working on it.
(patience is a virtue)
This project was not focusing
on anything dealing with backups
but solely the function to expand on Homebrew and console capability

Think of it like this
If it's somebody's birthday you know
You don't give them a birthday gift and tell them what it is before they open it.
Lets all just be grateful for whatever is in the Box if it succeeds expectations are if it doesn't these are all great people putting in a lot of great work and that
Should Not be Over Looked.


Staff Member
Senior Member
@liylith nice find, definitely interesting

@GrimDoe Does this mean some dev could possibly port Movian/Kodi/VLC to Orbis since the tools will now be legal and more devs will be interested in homebrew?