Run PS4 Linux on 11.0 with 11.0 Linux payloads by EinTim: Detailed PPPwn, PS4 Linux tutorial

A detailed tutorial on how to install and load PS4 Linux distros on firmware 11.0 using EinTim's 11.0 payloads and PPPwn exploit for 11.0.

The PS4 development community has come alive yet again and the past few weeks have been all about the new PPPwn exploit. Thanks to the PPPwn exploit, now, you can run PS4 Linux on 11.0 firmware. So, if you are one of those who had updated past 9.00 after waiting for months for a 9.00+ exploit, you are in luck. That is, as long as you didn’t update past 11.0. This article will discuss everything from running PPPwn on PS4 11.0 to finally loading Linux distros on your 11.0 PS4.

Just a quick note before we proceed though. The exploit on 11.0 is still evolving and in the current stage, is comparatively a hassle to run compared to the exFATHAX method on 9.00 and earlier. So, if you are currently on 9.00 or earlier, I’d recommend staying there for a few more months, let the latest exploits mature a bit. Or, if you have multiple PS4s, you can update to 11.0 and try new stuff and maybe help the devs debug.

On that note, let us proceed with the tutorial. But, before that, a quick introduction to the various exploits and their founders.

What is PPPwn exploit for PS4?

PPPwn gets its name from the exploit surface – PPPoE (Point-to-Point Protocol over Ethernet). This is an internet connection protocol that many ISPs including Optical Fibre operators still use. Much like the ancient Dial-up modems, this provides the user with a username and password to connect. And, like the name suggests, it connects through Ethernet either to a modem or directly to an Ethernet-enabled device. Read more about it here.

Anyways, how does that help the PS4 scene? Thanks to the well-known dev, theflow0’s (Andy Nguyen) finding reported on HackerOne, the PPPoE support on PS4 firmwares upto 11.0 can be used to run kernel-level code. In other words, you can run code enabling jailbreak on your PS4 due to a bud in the PPPoE protocol.

Once we had that running, we had SiSTR0, the resident Homebrew enabler dev, who developed the latest GoldHEN payload that finally enables you to do all the actual jailbreak stuff.

PS4 Linux payloads for 11.0

As for the payloads themselves, developer, EinTim released them a few days ago, after figuring out the offsets required to port them over to 11.0 from 9.00. While the offsets were made public by other developers like LightningMods, figuring it out is very difficult. So, kudos to EinTim for doing just that at a fast pace. Also, he is working on PS4 Linux payloads for 10.0, 10.1 and 9.60 even. You can monitor his repo to stay updated on any progress.

That pretty much covers the introduction I believe. Now, let us get into the actual process of jailbreaking PS4 on 11.0 and running Linux.

How to run Linux on PS4 on 11.0 using PPPwn exploit?

As usual, we will be using a step-by-step approach. Let us jump into the requirements.

Requirements

  • PS4 running firmware 11.0 (Download official/retail 11.0 here or here. Also, make a note of MD5 sum)
  • USB drive (multiple/single for updating to 11.0; running PPPwn and then running Linux payloads)
  • Windows PC
  • Ethernet cable (for PPPwn exploit)
  • PS4 Linux 11.0 payloads & Stage 2 loader (Download here)
  • PS4 Linux distro (Download here)
  • PS4 Linux Kernel – bzImage (Find PS4 Southbridge and Download appropriate kernel here)
  • PS4 Linux initramfs.cpio.gz (Download here or download EinTim recommended)
  • PPPwn GUI (Download here – Try various versions and use the one that works best for you)
  • USB Keyboard and Mouse with a good USB hub (My equipment)

Now, let us get into the process in detail.

Step 1. Update PS4 to 11.0

This step applies only if you are on a firmware below 11.0.

  1. Plug USB drive on a Windows machine.
  2. Right click on the USB drive and click Format.
  3. Change File system to exFAT and click on Start.
  4. Once done, open the USB drive and create a folder in the root named PS4.
  5. Open the folder named PS4 and within it create another folder named UPDATE.
  6. Before proceeding, check MD5 sum of the file using application like WinMD5.
  7. Copy the downloaded firmware file (.PUP) to the UDPATE folder.
  8. Rename the PUP file to PS4UPDATE.PUP, if it is anything else.
  9. Unplug the USB drive and plug it into the PS4.
  10. Make sure the PS4 is not connected to Internet.
  11. On PS4, go to Settings, then choose System Software Update.
  12. It should say, Version 11.0 is available. If it does, choose Next and follow through.
  13. Post update, PS4 will reboot and you can check your firmware version in Settings to make sure you are on 11.0.

Now, let us look into the next step.

Step 2. Pre-prepare PS4 for PPPwn and PS4 Linux loading

  1. Connect one end of the Ethernet cable to your PS4 and the other end to your Windows machine.
  2. On PS4, go to Settings, then Network and enable the option – Connect to the Internet.
  3. Choose Set Up Internet Connection and then Use a LAN Cable.
  4. Choose Custom and then PPPoE. Enter any random alphanumeric string for the User ID and Password. Choose Next.
  5. Leave the rest of the settings on Automatic and choose Do Not Use on Proxy Server.
  6. Once it says, Internet settings updated, press on circle on the DS4 to go back. Do not choose Test Internet Connection yet.
  7. Extract the 11.0 payloads package.
  8. Open your preferred PPPwn GUI app. Select the correct Ethernet port under Config. Change firmware version to 11.0. For the Payload, choose the file – stage2_11.00.bin in the extracted folder.

There are two ways to proceed from here. You can either use the PS4 itself for installation. Else, you can use the faster alternate method for installation if you have another machine running Linux, preferably an Ubuntu-based distro. If you did choose the alternate method, move to Step 3.2. Else, continue with Step 3.1.

Step 3.1. Install and Load Linux on PS4 11.0 (installation using PS4)

Step 3.1.1 Prepare USB drive for Linux installation using PS4

  1. Format USB drive, preferably SSD to FAT32 using FAT32 Format (Download here).
  2. Copy the distro file (.tar.xz or .tar.gz) to the root of the USB drive along with the downloaded kernel (bzImage) and initram. N.B. Depending on the archive format (.tar.gz or .tar.xz), you might have to change the initram file.
  3. Within the extracted payloads folder (in Step 2), rename payload-1100.bin to payload.bin. Copy payload.bin to the root of the USB drive.

Step 3.1.2 Install and load PS4 Linux distro

  1. Connect the prepared USB drive to the PS4 along with a keyboard and mouse.
  2. When ready, on the PPPwn app on Windows, click on Run Exploit.
  3. On your PS4, assuming you are still under Network settings, select Test Internet Connection.
  4. If successful, Obtain IP Address on PS4 should say successful, followed by which the screen should go black dropping you into the familiar initram shell.
  5. Once it drops to rescueshell, type exec install-psxitarch.sh or the corresponding command for your initram. This should start the installation. It will take some time.
  6. Once installed, type exec start-psxitarch.sh, which will drop you into the distro!

Step 3.2. Load Linux on PS4 (after alternate method for installation)

Step 3.2.1 Prepare USB drive for loading Linux on PS4

  1. Complete PS4 Linux installation using this tutorial.
  2. Within the extracted payloads folder (in Step 2), rename preferred payload depending on the VRAM you require, to payload.bin. For example, payload-1100-3gb.bin pertains to the 3GB VRAM payload. Copy payload.bin to the root of the FAT32 partition containing bzImage and initramfs.cpio.gz.

Step 3.2.1 Load PS4 Linux distro

  1. Connect the prepared USB drive to the PS4 along with a keyboard and mouse.
  2. When ready, on the PPPwn app on Windows, click on Run Exploit.
  3. On your PS4, assuming you are still under Network settings, select Test Internet Connection.
  4. If successful, Obtain IP Address on PS4 should say successful, followed by which the screen should go black dropping you into the familiar initram shell and then, the distro should load.

Step 4. Change Linux payload (VRAM)

This is important if you are testing games, or if you simply need to change the payload after installation using PS4 (Step3.1: 3.1.1-3.1.2). In this case, just follow these directions:-

  1. Power off PS4 Linux.
  2. Connect the Linux USB drive to Windows machine.
  3. Within the extracted payloads folder (in Step 2), rename preferred payload depending on the VRAM you require, to payload.bin. For example, payload-1100-3gb.bin pertains to the 3GB VRAM payload. Copy payload.bin to the root of the FAT32 partition containing bzImage and initramfs.cpio.gz.

Now, you are ready to load into Linux with the newly selected payloads.

Step 5. Loading Linux on PS4 11.0 subsequently

For the time being, this is the most painful part, cause each time you want to load Linux, you will have to go through some steps as earlier. Rest assured though, the devs are working on simpler solutions. Anyways, for your convenience, here are the steps to follow.

If you connected to another Internet source (Ethernet or WiFi) post reboot, you will have to redo the steps from Step 1 below. Else, if you still have the PPPoE connection intact with an Ethernet cable connecting your PS4 directly to your Windows machine, skip to Step 7. Also, before proceeding, make sure that the FAT32 partition on the USB drive still has the file – payload.bin.

  1. Connect one end of the Ethernet cable to your PS4 and the other end to your Windows machine.
  2. On PS4, go to Settings, then Network and enable the option – Connect to the Internet.
  3. Choose Set Up Internet Connection and then Use a LAN Cable.
  4. Choose Custom and then PPPoE. Enter any random alphanumeric string for the User ID and Password. Choose Next.
  5. Leave the rest of the settings on Automatic and choose Do Not Use on Proxy Server.
  6. Once it says, Internet settings updated, press on circle on the DS4 to go back. Do not choose Test Internet Connection yet.
  7. Open your preferred PPPwn GUI app. Select the correct Ethernet port under Config. Change firmware version to 11.0. For the Payload, choose the file – stage2_11.00.bin in the extracted payloads folder.
  8. When ready, click on Run Exploit on the PPPwn app.
  9. On your PS4, assuming you are still under Network settings, select Test Internet Connection.
  10. If successful, Obtain IP Address on PS4 should say successful, followed by which the screen should go black dropping you into the familiar initram shell and then, the distro should load.

Conclusion

And, that’s how you can run PS4 Linux on 11.0. Since this is a new method, you might face some issues. Drop any problems you face while using the tutorial below, and I will try to help you out. Good luck. By the way, here is a video from EinTim himself showing his Belize PS4 on 11.0 running Linux:-

21 Comments

  1. I Hope they Will release a method to do It with the Raspberry pi (pi pppwn) because inject payloads its very easy

      • So could i get a wireless keyboard & mouse aslong as it is not bluetooth style, or should i stick with a cheapo wired keyboard while using the controller to get it installed with no issues?

        • Both wired and wireless (non-Bluetooth) keyboard and mouse combo work on PS4 Linux, right off the box. So, it depends on your preference. I recommend getting a keyboard with good travel and feel cause on Linux, you will have to use terminal commands often.

  2. I’m trying to launch linux using my raspberry pi.

    My ps4 is shutting down when the exploit is triggered.

    I use the right bzimage (Baikal) for my ps4 pro

    I’m using “payload-1100.bin” for the stage 1 and “stage2_11.00.bin” for the stage2

    On my pi I launch with this command:

    “sudo /boot/firmware/PPPwn/pppwn7 –interface eth0 –fw 1100 –stage1 linux_payload/payload-1100.bin –stage2 linux_payload/stage2_11.00.bin –timeout 10 –auto-retry”

    My usb stick has:
    payload.bin (payload-1100 renamed)
    bzimage
    Initramfs.cpio.gz
    debian.tar.gz

    I don’t know what I’m doing wrong

    • Try using a Windows device instead of RPi and see if the issue persists. If it does, you might have one of those consoles which has an issue running the payloads for now.

  3. After some time I have gotten psxitarach to run on my baikal ps4 11.00 slim using the modified kernel 5.4.213 with the MT7668 WiFi/BT fix and a custom initramfs compiled from hippie68’s original and the MT7668 patch! The issue I’m having is I can’t get it to run on subsequent boots. It just crashes the ps4 when the exploit runs. I’ve put the payload.bin back into the fat32 partition. What do you think is most likely the cause be the cause?

  4. How can i do this with the Karo218.ir/1100/ linux payload? I don’t want to change the stage2.bin on my rasberry pi constantly.

  5. hi evrywon i have a problem by Step 3.1.2. wen i in the familiar initram shell it coms an error: the root variable is emtpty, set to false or zero but shouldent be. tatsh the error.

  6. When I run PPPwn as soon as completes The TV loses the HDMI signal in the PlayStation. Either hangs up without bringing the signal back or crashes. I’ve double-checked all the files are named correctly and I am using the correct ones. I’ve tried several USB external drives, reformatted the drives etc. All of the settings for the video output in the PlayStation are set to the recommended settings. I’ve tried several kernels that match my South bridge with the same result. Any ideas?

      • I have tried several different Baikal kernels. I use PPPwn gui 1.8 & 1.9 for GoldHen without any issues. Tried PPPwngo and still get the same result. I am using the linux payload from the zip file listed in the guide. Sometimes it crashes and sometimes it just seems to loose the video signal and front light just glows blue/purple forever until I power cycle it. My External SSD is formatted to FAT32 and is set as mbr. The root of the ssd is as follows:

        bzimage
        initramfs.cpio.gz
        payload.bin
        psxitarch.tar.gz

        Anything else to try?

Leave a Reply

Your email address will not be published.


*