Join Us and become a Member for a Verified Badge on Discord to access private areas with the latest PS4 FPKGs.
PS4 Jailbreaking       Thread starter PSXHAX       Start date Feb 5, 2018 at 2:28 AM       41,920       99      
Not open for further replies.
Following the PS4 Rest Mode REcon Demo and Slideshow PDF of Volodymyr Pikhur's presentation comes some PS4 EAP Kernels from 1.01, 1.76 and 4.05 OFW via notzecoxao for developers alongside a Standalone RPi installer for PS4 Exploit Host (no router, no switch) by @Al Azif who's currently working on improving it further with wifi and by eliminating the PS4 to change settings. :geek:

Download: eap_kernel_101.bin / eap_kernel_176.bin / EAP (8.31 MB - Mirror) / EAP (Mirror #2) / RPi Installer for 4.55 / PiXploitHost GIT / PS4-EAP-KEY-DUMPER-672.bin (6.6 KB)

Below are some related Tweets including a PS2Reality MediaPlayer (PS2 Emulation) PS4 demo video from BigBoss, and to quote from the Standalone RPi installer for ps4-exploit-host (No router, no switch)

  1. Have a fresh install of Raspiban Lite on your RPi
  2. Connect you RPi to a network with internet access
  3. Run this command on you RPi:
     `curl -L | sudo bash -s`
  4. Your device will restart automatically
  5. Run an ethernet cord directly between RPi and PS4
  6. On the PS4 setup the network as follows:
    • Set Up Internet Connection
    • Use a LAN Cable
    • Custom
    • Manual
      • IP Address:
      • Subnet Mask:
      • Default Gateway:
      • Primary DNS:
      • Secondary DNS:
    • Automatic
    • Do Not Use
  7. Load the User's Manual
Github: / Spanish Guide

PS4 EAP Kernel Dumps & Standalone PS4 Exploit Host RPi Installer 2.jpg
PS4 EAP Kernel Dumps & Standalone PS4 Exploit Host RPi Installer 3.jpg

EAP Internal Partition Key is at kernel_base + 0x258CCD0 on 4.55 kernel
Cheers to both @oneman123 and @SSShowmik for the heads-up in the PSXHAX Shoutbox earlier today! :beer::beer:
PS4 EAP Kernel Dumps & Standalone PS4 Exploit Host RPi Installer.jpg


Al Azif

Senior Member
Do we need to use a standard ethernet cord or does it need to be a cross over cable?


in my opinion, a raspberry pi to excute exploit, is wasted.

Better make a web server on rpi, then use a local html page to execute exploit, and you can use rpi in meantime to download or do other stuff.

For now i use web page of a site that contain exploit, anyway better way is a offline solution, and i looking for it, but a rpi stuck only for that is a pity, because rpi can make a lot of things, and in this way can do only one.

You are misunderstanding something, this method is just to be portable (No network needed whatsoever). If you have a network you can just run the my script normally to host locally... Or use my DNS ( or visit my site....


Senior Member
Which version of what? o_O

If you mean which version of raspberry pie, I think every version should be ok.

If we want to brief all the alternatives to activate HEN:
  1. DNS method: consists in changing DNS ip adress in the "personalized connection" section of your console settings, and then using "User Guide" to launche the exploit; in particular, the DNS ip can be:
    • a local machine hosting a DNS server and the exploits on your local network through al-azif tool, which can run on windows, linux, arm (raspberry as reference ARM platform) and practically everything that can run a python script;
    • a remote machine that works as DNS: alazif has kindly provided us a remote DNS hosting some exploits at the adress: (he is planning to change it in near future.. follow his twitter to know the new IP)
  2. WebPage Method: if you have permanently enabled the browser with the appropriate payload, you can use it to connect to one of the numerous sites that are hosting the exploits.
    Note that this method, unlike the DNS one, doesn't isolate your console from comunicating with Sony servers.
    So pay attention for bans, updates (that can be disabled with the appropriate payload) and so on..
  3. Network-free method: that is exactly what is described in this news!
    You connect your raspberry pie directly to the PS4 with lan cable, set the parameters of the connection and you're done: permanent JB even if you're totally isolated from the world.


Senior Member
Bye bye Web_kit !!!
  • According to the hacker, the sys_kldload exploit still exists in firmware 5.00, potentially more recent firmwares as well.
  • The important point of the video above is that the hack persists after boot, demonstrating what is probably the very first custom firmware on the PS4
  • Sony changed their keys in 5.05, but apparently not the signing process.
  • The kernel bootloader contains the keys for Rest Mode kernel, which is why it was interesting to get access to it.
By: vpikhur
Not open for further replies.

:fire: Latest Help Topics