In PS5Scene news today developer @sleirsgoevy announced on Twitter that the Kstuff PS5 Porting Tool is complete allowing others to dump the offsets for the missing PlayStation 5 Firmware on PS5 versions 3.00 to 4.51 that have a kernel exploit while noting the list of currently supported revisions (3.00, 3.10, 3.20, 3.21, 4.00, 4.02 added thus far to 4.03, 4.50 and 4.51) can be found in offsets.c on his Github repository.
This comes proceeding the PS5 Kernel Exploit 4.03 / 4.50 / 4.51 Firmware Version Updates, PS5 Kernel Exploit v1.01 for 4.03 / 4.50 / 4.51, PS5 Kernel Exploit Payload.bin Loader Host, 4.03 PS5 HEN PS4 FPKG Enabler Payload, 4.50 PS5 HEN PS4 FPKG Enabler Payload and 4.51 PS5 HEN PS4 FPKG Enabler Payload with a PS5 Kstuff Porting Tool Guide to dump the offsets of Firmware not yet supported via the README.md:
Instructions for PS5-kstuff porting_tool (original by NotSoTypicalGamer and EchoStretch)
Finally, Sleirsgoevy states, "You can verify the found offsets by running the script test_offsets.py with the same arguments. It should launch a ps5-kstuff that can run fPKG files. If that works, please submit your JSON file either here, or to the testing channel on PS5 R&D Discord."
Spoiler: Related Tweets & Files
This comes proceeding the PS5 Kernel Exploit 4.03 / 4.50 / 4.51 Firmware Version Updates, PS5 Kernel Exploit v1.01 for 4.03 / 4.50 / 4.51, PS5 Kernel Exploit Payload.bin Loader Host, 4.03 PS5 HEN PS4 FPKG Enabler Payload, 4.50 PS5 HEN PS4 FPKG Enabler Payload and 4.51 PS5 HEN PS4 FPKG Enabler Payload with a PS5 Kstuff Porting Tool Guide to dump the offsets of Firmware not yet supported via the README.md:
Instructions for PS5-kstuff porting_tool (original by NotSoTypicalGamer and EchoStretch)
- Make sure PS5 is jailbroken and running your exploit of choice with the ELF loader active
- Use Linux, this README is focused on Ubuntu specifically (WSL2 doesnt appear to work)
- Clone this repository locally:
- git clone https://github.com/sleirsgoevy/ps4jb-payloads.git --recursive --recurse-submodules -b bd-jb
- move into the right folder cd ps4jb-payloads/ps5-kstuff/porting_tool
- Create symbols.jsonin the same folder and the contents should be:
Code:
{"allproc": <ALLPROC_OFFSET>}
- to find the ALLPROC_OFFSET for your firmware, search on Specter's GitHub
- the offsets are located here document/en/ps5/offsets, find the right .js file for your firmware and search for OFFSET_KERNEL_DATA_BASE_ALLPROC. The HEX value you will find needs to be converted to DEC (just use a website online)
- you can finally substitute <ALLPROC_OFFSET> with the DEC value you got and save the file
- Make sure python3 is installed
- Install gdb-tools either with pip install gdb-tools or sudo apt-get install gdb if the other command doesn't work.
- Install yasm with sudo apt install yasm
- Try and run the script with
Code:
python3 main.py symbols.json <your.ps5.ip.address> <elf.loader.port> kernel-data.bin
- Once complete you should have kernel-data.bin dumped into porting_tool folder.
- symbols.json will have also been updated to include needed information.
Finally, Sleirsgoevy states, "You can verify the found offsets by running the script test_offsets.py with the same arguments. It should launch a ps5-kstuff that can run fPKG files. If that works, please submit your JSON file either here, or to the testing channel on PS5 R&D Discord."
Spoiler: Related Tweets & Files