New technique to jailbreak PlayStation PS5 published

Researchers have at last cracked the PlayStation’s security after nearly two years of work. The PS5 has been jailbroken and completely unlocked, making this the device’s first serious hack since its introduction in 2020. Lance McDonald, a well-known gamer and broadcaster, shared a video of his recently jailbroken PS5 system on Twitter showcasing some of the newly available options. The new capability to install customized packages is the most noteworthy. Enabling developer settings and even concealed dev tools while running games are additional capabilities.

However, before Lance posted his tweet, SpecterDev, another cybersecurity and exploit developer, released his version of the PS5 IPV6 Kernel hack. His study uses Webkit as an entry point, therefore it can be used with any PS5 (including the PS5 Digital Edition) running firmware 4.03. Lower firmware may function since the exploit may require adjusting. As higher firmware versions are not now exposed to the Webkit attack, they will not function. According to his experience, the exploit is quite unpredictable and only works 30% of the time.

Don’t give up if you’re attempting to execute it; it can take a few tries until the exploit succeeds. The fact that this attack grants us read/write access but not execution may be more significant.

PS5 Jailbreak Instructions

Python is required to utilize SpecterDev’s attack, and because it makes use of the Webkit vulnerability, your local PC must be running a web server that your PS5 can access. After that, simply follow the instructions below to jailbreak the PS 5:

  1. Set up fakedns in dns.conf to direct your computer’s IP address at
  2. Python -c dns.conf to launch fake DNS
  3. Execute the python HTTPS server.
  4. Set your PC’s IP address as the primary DNS server in the PS5 advanced network settings, and leave the secondary DNS at Unsure of why that happens, it’s pretty strange when the manual still won’t load and a restart is required.
  5. Access the user manual under settings, execute, and accept the prompt for an untrusted certificate.
  6. Run rpc/dump server scripts (note: address/port must be substituted in binary form into exploit.js)