Those of you who have been waiting for a newer jailbreak can now rejoice, thanks to the PPPwn exploit for PS4. While PPPwn works on almost every firmware below 11.0 and is currently available for 9.0, 10,0, etc., we will be talking about PPPwn for 11.0 in this article. We will briefly look into the basics of the exploit before seeing how you can actually use it to jailbreak your system coupled with the latest GoldHEN.
Just a quick note before we proceed though. The exploit on 11.0 is still evolving and in the current stage, is comparatively a hassle to run compared to the exFATHAX method on 9.00 and earlier. So, if you are currently on 9.00 or earlier, I’d recommend staying there for a few more months, let the latest exploits mature a bit. Or, if you have multiple PS4s, you can update to 11.0 and try new stuff and maybe help the devs debug.
UPDATE 1 (18 Jun, 2024) – PPPwn fixed for all PS4 models.
What is PPPwn exploit for PS4?
PPPwn gets its name from the exploit surface – PPPoE (Point-to-Point Protocol over Ethernet). This is an internet connection protocol that many ISPs including Optical Fibre operators still use. Much like the ancient Dial-up modems, this provides the user with a username and password to connect. And, like the name suggests, it connects through Ethernet either to a modem or directly to an Ethernet-enabled device. Read more about it here.
Anyways, how does that help the PS4 scene? Thanks to the well-known dev, theflow0’s (Andy Nguyen) finding reported on HackerOne, the PPPoE support on PS4 firmwares upto 11.0 can be used to run kernel-level code. In other words, you can run code enabling jailbreak on your PS4 due to a bud in the PPPoE protocol.
Once we had that running, we had SiSTR0, the resident Homebrew enabler dev, who developed the latest GoldHEN payload that finally enables you to do all the actual jailbreak stuff.
Since that’s out of the way, let us look into the actual steps required to turn a PS4 on 11.0 to a system capable of running homebrew apps.
Detailed steps to jailbreak PS4 on 11.0 with latest GoldHEN
As usual, we will begin with the requirements.
Requirements
- PS4 running firmware 11.0 (Download official/retail 11.0 here or here. Also, make a note of MD5 sum)
- USB drive
- Windows PC
- Ethernet cable (for PPPwn exploit)
- GoldHEN & Stage 2 Loader (Download latest version here)
- PPPwn GUI (Download here – Try various versions and use the one that works best for you)
Step 1. Update PS4 to 11.0
This step applies only if you are on a firmware below 11.0.
- Plug USB drive on a Windows machine.
- Right click on the USB drive and click Format.
- Change File system to exFAT and click on Start.
- Once done, open the USB drive and create a folder in the root named PS4.
- Open the folder named PS4 and within it create another folder named UPDATE.
- Before proceeding, check MD5 sum of the file using application like WinMD5.
- Copy the downloaded firmware file (.PUP) to the UDPATE folder.
- Rename the PUP file to PS4UPDATE.PUP, if it is anything else.
- Unplug the USB drive and plug it into the PS4.
- Make sure the PS4 is not connected to Internet.
- On PS4, go to Settings, then choose System Software Update.
- It should say, Version 11.0 is available. If it does, choose Next and follow through.
- Post update, PS4 will reboot and you can check your firmware version in Settings to make sure you are on 11.0.
Now, let us look into the next step.
Step 2. Run PPPwn exploit on PS4 11.0
- Connect one end of the Ethernet cable to your PS4 and the other end to your Windows machine.
- On PS4, go to Settings, then Network and enable the option – Connect to the Internet.
- Choose Set Up Internet Connection and then Use a LAN Cable.
- Choose Custom and then PPPoE. Enter any random alphanumeric string for the User ID and Password. Choose Next.
- Leave the rest of the settings on Automatic and choose Do Not Use on Proxy Server.
- Once it says, Internet settings updated, press on circle on the DS4 to go back. Do not choose Test Internet Connection yet.
- Extract the GoldHEN package using 7-Zip.
- Copy the extracted goldhen.bin file onto your USB drive (exFAT; FAT32 must also work).
- Plug the USB drive onto the PS4.
- Open your preferred PPPwn GUI app. Select the correct Ethernet port under Config. Change firmware version to 11.0. For the Payload, choose the file – stage2_11.00.bin in the extracted GoldHen package.
- When ready, click on Run Exploit on the PPPwn app.
- On your PS4, assuming you are still under Network settings, choose Test Internet Connection.
- If successful, Obtain IP Address on PS4 should say successful, followed by two notifications, the first one saying, “PPPwned” and the next one informing you that GoldHEN loaded.
- That’s it! You have successfully jailbroken your PS4 on 11.0.
Now, remember that this is a temporary jailbreak, meaning, you will have to repeat the above steps every time you reboot. But, fortunately, there is a workaround, thanks to SiSTR0. So, I recommend you follow the steps below to make the jailbreak “persistent-y” before moving on to loading Linux.
Step 3. Make PPPwn jailbreak persistent on PS4 11.0
- Go to GoldHEN on PS4 (first item on the Homepage after jailbreak).
- Choose Settings and tick Enable Rest Mode Support.
From now, on instead of shutting down the PS4, go to Power and choose Enter Rest Mode. This is a rough equivalent of Sleep mode on Windows machines. The advantage is that GoldHEN would still be running when your PS4 wakes from Rest mode.
Conclusion
That was a quick guide on jailbreaking your PS4 with the latest PPPwn exploit. I will be keeping an eye on the latest developments and will be posting about more financially viable and easier methods to jailbreak your PS4 and more. Stay tuned!
This dosent work on ps4 cuh-2116a.
Have try all the pppwn that i can find. The longest i get is to stage 2 defeat KASLR. Then the pppwn stop or freeze.. have been standing on stage 2 defeat KASLR for more then 5 hours before i turn it of and try again
If it gets stuck, keep trying
again and againa few times. Also, make sure that you are on the right firmware, have used the right stage 2 loader for your firmware and set the PPPwn app to the right firmware.Edited – Some comments on social media claim, it might not be a good idea to keep trying again and again. Until we have some solid news, I’d request you to hold.
UPDATE – This should fix it.
it will be nice once this exploit is as stable as 9.00, specifically the pc side gui.
Hello, does this method work for version 11.50 or not?
how to fix Payload not found?