Join Us and become a Member for a Verified Badge on Discord to access private areas with the latest PS4 FPKGs.
PS4 Jailbreaking       Thread starter PSXHAX       Start date May 11, 2020 at 5:02 AM       44,025       77      
Proceeding the Orbis Lib Generator today the OpenOrbis Team released a PS4 homebrew platform known as Mira Project featuring a collection of PlayStation 4 homebrew tools for use with a Jailbroken PS4 Console. 😍

This comes following OpenOrbis Team's Mira Project initial announcement and the Project Mira v1.0 MiraFW developers release.

Download: MiraLoader_Orbis_MIRA_PLATFORM_ORBIS_BSD_672.bin (Latest Compiled Build) / Mira_Orbis_MIRA_PLATFORM_ORBIS_BSD_672.elf (Latest Compiled Build) / MiraLoader_Orbis_MIRA_PLATFORM_ORBIS_BSD_505.bin (Latest Compiled Build) / Mira_Orbis_MIRA_PLATFORM_ORBIS_BSD_505.elf (Latest Compiled Build) / / GIT / Report Issues / Cryptogenic Fork / Mira-5.0X-1590179148.7z (128.02 KB) via _AlAzif / Mira-474.7z (110.99 KB) via _AlAzif / MIRA_5.05-20200718.7z (86.27 KB)

Spoiler: Depreciated

Those who don't have access to a PS4 jailbroken console can try to Find a 5.05 / 5.07 Jailbreakable PS4 Console or wait for a Future PS4 Jailbreak Exploit to be publicly released such as what TheFloW previously announced for 6.20 Firmware.

Below are some highlights on this latest PS4 scene release from the, to quote: Mira Project - PlayStation 4 Homebrew Tools

The Mira Project is a set of tools (includes compiled Mira_Orbis_MIRA_PLATFORM_ORBIS_BSD_505.elf and MiraLoader_Orbis_MIRA_PLATFORM_ORBIS_BSD_505.bin) that grants you more power and control over your jailbroken Playstation 4. It is the result of all the hard work by the OpenOrbis team.

It works differently to the custom firmware experience on PlayStation 3, where CFW would be installed on the system via modified PUP files (e.g. Rebug), however once the framework is installed and ran it gives users the same functionality they were previously used to.

Build Status

Firmware Version Passing
4.05 WIP
4.55 WIP
6.20 WIP
New Features!
  • Homebrew Enabler (HEN)
  • Emulated Registry (EmuReg)
  • Emulated NVS (EmuNVS)
  • Kernel Debugger
  • Remote GDB
  • System-level FUSE implementation (Experimental, WIP)
  • Load sprx modules + IAT + Function Hooking (Thanks theorywrong)
You can also:
  • Mount and decrypt local gamesaves (Thanks ChendoChap) (WIP)
  • Transfer files to and from the harddrive
  • Implement your own kernel plugins (RPC using protobuf)
  • Implement your own userland trainers (hooks included!)
  • Dump your HDD encryption keys
  • A bunch of other stuff

This project would not be possible without these people (no particular order):
  • kiwidog - Lead developer
  • flatz - Developer (Code, writeups, non-stop help we <3 u flatz)
  • CrazyVoid - Developer (Loader/self/*** help, overall general help, OO moderator)
  • theorywrong - Developer (OverlayFS, general)
  • SiSTR0 - Developer (HEN support, general)
  • SocraticBliss - Developer (HEN support, general)
  • valentinbreiz - Developer (Mira Companion App v1)
  • Seremo - Developer (Mira Companion App v2, Log plugin)
  • Al-Azif - Developer (5.05 lead maintainer, general)
  • z80 - Developer (5.05 maintainer)
  • balika011 - Developer (Fixing userland elf loader entry point, general developer)
  • Zer0xFF - Developer (OverlayFS, general)
  • CelesteBlue - Developer (Bugfixes, plugins)
  • Joonie - Developer (Offsets porting 5.01/5.05)
  • AlexAltea - Low level and kernel help (go check out Orbital Emulator)
  • qwertyoruiop - Security (4.55-5.05 kernel exploits)
  • CTurt - Security (Initial payload PS4 *** and 1.76 kernel exploit)
  • m0rph3us1987 - Developer (Code examples, kernel ***, overall general help)
  • eeply - Developer (UART)
  • zecoxao - RE (4.74 Port)
  • aerosoul - Developer (Everything elf related, loaders, etc)
  • maxton - Developer (Everything pkg related, etc)
  • ChendoChap - RE (Bug hunting, general kernel help)
  • sugarleaf - Initial 4.55 private exploit, inital help with Mira dev (retired/left)
  • kozarovv - RE (4.05 offsets)
  • LM - RE (Research on System-Library-Loading), assembler and linker script help
  • TheFlow - RE
  • samsepi0l - Offset Porting
  • xvortex - Original VTX-Hen
  • 2much4u - Ptrace patches
  • golden - Ptrace patches, rpc ideas
Special Thanks
  • bigboss - liborbis with examples and orbisdev (and complaining a lot)
  • rogero - Original 5.01 testing
  • AbkarinoMHM - Original 5.01 testing
  • wildcard - General questions, and hardware help
  • frangarcj - orbisdev ***, musl, C++ support
  • masterzorag - orbisdev ***, musl, C++ support
  • fjtrujy - orbisdev ***, musl, C++ support
  • [Anon #1] - Developer (Code, Non-stop help, <3 thx bruv)
  • [Anon #2] - Developer (Code, Non-stop help, gl with job!)
  • [Anon #3] - Security (Future proofing design)
  • [Anon #4] - Developer (Ideas from Vita)
  • [Anon #5] - Security (Software and hardware)

Mira provies a plugin framework that can run in kernel mode (userland is soon, thanks to TW!), it provies a stable framework for startup, shutdown, suspend, resume in order to ensure clean operation of Mira.

Plugin Directory
Debugger src/plugins/Debugger
(WIP) Emulated Registry src/plugins/EmuRegistry
Fake PKG src/plugins/FakePKG
Fake Self src/plugins/FakeSELF
File Manager src/plugins/FileManager
(WIP) Fuse src/plugins/FuseFS
Log Server src/plugins/LogServer
OverlayFS (OrbisAFR) src/plugins/OverlayFS

Want to contribute? Great! There is no set limit on contributors and people wanting to help out in any way!

Join the OpenOrbis discord and have knowledge of C/C++ and FreeBSD or unix-like operating systems, web design and programming, rust-lang, content creator (youtube, twitch), or artist, or just want to find something to help out with like documentation, hosting, etc, kernel experience is a plus but not required by any means.

Building from source
Firmware porting guide

Lets say you are an eager developer, even a newbie that wants to try and contribute in some way or form to porting to a firmware that is not under active support. Here's the steps you would need to accomplish new builds from scratch. We will start by adding a non-existent firmware and work our way from that.

NOTE: This assumes you already have a kernel dump for your firmware, and things already labeled. If you need help with this step, you can ask in #help on the discord but you are pretty much on your own.*


Lets assume our firmware is 8.88 found in the PlayStation 4 System Software menu.
  1. Add your new firmware to src/Boot/Config.hpp you will see a bunch of defines already there, add your firmware in the correct version order a. #define MIRA_PLATFORM_ORBIS_BSD_888 888
  2. Fix any structure changes for the kernel in freebsd-headers. You should compare against what's already there and add fields that have been added via a. #if MIRA_PLATFORM==MIRA_PLATFORM_ORBIS_BSD_888 b. HINT: These are usually done in struct proc, struct thread, struct ucred if applicable, located in exernal/freebsd-headers/include.
  3. Add a new static function in src/Boot/Patches.hpp with your pre-boot patches, this will be called after MiraLoader finishes and before Mira runs a. static void install_prerunPatches_888();
  4. Add your firmwares version to the case within install_prePatches in src/Boot/Patches.cpp a. case MIRA_PLATFORM_ORBIS_BSD_888: install_prerunPatches_888(); break;
  5. Next create a new file named Patches888.cpp inside of src/Boot/Patches directory (or copy an existing one and rename it)
  6. You must follow the same format as all of the other patch files, this involves including the Patches.hpp and defining the install_prerunPatches_888() function with all needed patches a. As new features are added, this will need to be updated for any kernel patches required, so far a baseline is Enable UART, Verbose Kernel Panics, Enable RWX mappings, Enable MAP_SELF, Patching copy(in/out)(str) checks, patching memcpy checks, patching ptrace checks, patching setlogin (for autolaunch check), patch mprotect to allow RWX, patching pfs signature checking, patching to enable debug rifs, patch to enable all logs to console, (newer fws: disable sceverifier, delayed panics) b. All patches are required for full functionality, but to get up and running only the rwx patches, copy(in/out)(str), memcpy, mprotect patches are needed (I think, someone correct documentation + send PR if wrong).
  7. Add support to the MiraLoader by copying the newly finished src/Boot/Patches.cpp to loader/src/Boot/Patches.cpp and the new src/Boot/Patches/Patches888.cpp to loader/src/Boot/Patches/Patches888.cpp
  8. Next would be to create a new kernel symbol file in src/Utils/Kdlsym/Orbis888.hpp or copy one from a supported platform (more offsets than what's probably needed)
  9. Add support by modifying src/Utils/Kdlsym.hpp and adding either within #if defined(MIRA_UNSUPPORTED_PLATFORMS) before the #endif a line for your firmware file (make sure these are in numeric order) #elif MIRA_PLATFORM==MIRA_PLATFORM_ORBIS_BSD_888 #include "Kdlsym/Orbis888.hpp"
  10. The next step would be finding all of the functions that Mira/MiraLoader use in the kernel... This is the most time consuming portion of this and will need to be verified before upstreamed. The easiest way to handle this is to try building (using the build instructions provided) you will get a massive ton of errors around kdlsym and it not being able to find errors. One of such errors are shown as such:
src/External/protobuf-c.c: In function ‘protobuf_c_message_unpack’:
src/Utils/Kdlsym.hpp:49:52: error: ‘kdlsym_addr_printf’ undeclared (first use in this function)
#define kdlsym(x) ((void*)((uint8_t *)&gKernelBase[kdlsym_addr_ ## x]))

10. (continued) This means if you break it down, that printf was undeclared, look in your kernel dump with a dissassembler of choice (Ghidra/IDA Preferred, untested with others such as Binary Ninja, Relyze) and get the offset from the start of the loading address for the function printf (Calculated by Function Address - Base Address of Kernel where it was dumped from) and add it to your src/Utils/Kdlsym/Orbis888.hpp with the line #define kdlsym_addr_printf 0x<offset address> and repeat for all other build errors.​
11. Once complete you should have a full port to a new firmware completed (unless I missed a step/something unclear, create issue or fix + PR please)​
  • Clean kernel rebooting support
  • Web browser activation
  • Fake Online (spoof for LAN usage)
  • Game dumping and decryption
  • FakeDEX support
  • Linux loader
  • Embedded builds into loader
  • Remote registry


Free Software, Hell Yeah!

Spoiler: Related Tweets

PS4 Mira CFW Release (Overview + Tutorial)
Mira Project PlayStation 4 Homebrew Tools by the OpenOrbis Team.jpg



Thanks for all the hard work guys, the PS4 scene it's all about to get new strength with this release, weend users, appreciate all the efforts and have a huge felling of gratitude, thanks for don't let us, big hugs from Brazil!! 🇧🇷


Id like to be skeptical, but at the same time I am hopeful.
I think this might be a golden solution to the cat and mouse game with Sony. If this Mira acts as a custom firmware, it might be possible to unlock new firmware games without giving away the secret publicly and allow Sony to patch it. Keeping exploits private and only the developed HEN open to the public.
On the other hand it might just be a few game emulators we get with Mira.


Senior Member
MIRA_PLATFORM_ORBIS_BSD_620 (Unsupported) 6.20
MIRA_PLATFORM_ORBIS_BSD_650 (Unsupported) 6.50
Support Status Description
Unsupported May build, may not, previously was updated but no active updating
So working on 6.20/6.50 ???


Senior Member
A year ago this would have had been great news
Now it means nothing
These silly kids spin themselves in a circle
No one cares about their work
As soon as ps5 gets released or hacked or something, they will be completely forgotten
You know why? because they haven't pleased the regular user looking to get an updated exploit
5.05 is for a minority
A smaller minority is looking forward to this mira garbage
You are working for nothing and appreciating each other in a circle
reminds me of those silly irc collector groups
they went on for years keeping private collections of comic books or cartoons or archiving obscure tv shows, and in the end if you ask them, most never enjoyed what they've collected, never watched past 5% of collection
And they've been aholes for nothing by not sharing with the public their collections
This is exactly the case here
Nothing for the public to appreciate
I suggest you all stop tweeting and better keep updates to yourselves on pm's
Dumb 'hacking scene'
Scene used to mean something once