Home

Awesome

Exploit Host

What is this?

This is an easy way for anyone to host their own exploit for the PS4/PS5/Vita/Wii/Switch/etc on their LAN. Features include:

If you do not want to host the package yourself you can use my remote DNS. See the Using remote DNS section below.

PLEASE READ THIS README AND THE FAQ BEFORE POSTING AN ISSUE.

Requirements

How to download

Using remote DNS (Run Nothing Locally)

  1. Make sure you are on an exploitable device/firmware (ie. PS4: <=9.00, PS5: <=4.51, etc)
    • On the PS4/PS5 this can be found at Settings > System > System Information
    • If your firmware is too high you are out of luck there is no public exploit available and you cannot downgrade.
  2. On your device go to setup your network as desired but be sure to set the DNS servers to 165.227.83.145 and 192.241.221.79
    • This is typically found when setting up a "custom" network on the device.
    • Either IP can be used as the Primary or Secondary DNS. Flip a coin to decide. Randomly selecting with help with load balancing.
  3. On the device visit the internet. If the devices is explicitly supported the online uses manual, internet connection test, and/or the browsers default homepage should be the exploit page. Examples:
    • On the PS4/PS5, go to Settings > User's Guide and select it the exploit selection should appear.
    • On the PS4 uou can also open browser and the default homepage will be the exploit selection.
    • On the Nintendo Switch the internet connection test will be the exploit selection.
  4. If you using something like Bin Loader you will need to use another program to send the desired payload.

My Twitter is @_AlAzif you can check my recent tweets for know issues/maintenance info.

Request forwarding is disabled for non-sponsors, due to it being abused. You can read more info about the situation that caused open forwarding to be removed here.

How to run (Run Locally)

  1. Download the files (As shown in the "How to download" section above)
  2. Double click the executable (exploit-host.exe, exploit-host.py, etc). If it starts with no errors, note the IP given.
    • Alternatively run it from the command line (exploit-host.exe, ./exploit-host, python exploit-host.py, etc)
    • If you are not root when running on a non-Windows machine you need to use sudo
  3. Follow the Using remote DNS section substituting your DNS IP given noted in the previous step for both primary and secondary DNS IP addresses.
  4. When done use Ctrl+C to cleanly close the application.

Note: You can edit settings.json to modify the hosts behavior. There is a section below with more info.

Creating a static HTML build

TBD.

Running on Raspberry Pi

While the "How to run" section applies to the Pi as well there are some more complex options people may want to use for the Pi like running without any network whatsoever.

Running on an ESP device

TBD.

How to use the built in updater

Below is an example of how to issue the PS4 5.05 update to PS4s that have a lower FW currently installed.

If you already have an official updated above 5.05 downloaded you must delete it first.

  1. Make these changes before starting the application in the How to run section. Look at the Update [PS4_No_Update] setting in the settings.json info below.

  2. Put the system update in the updates folder as PS4UPDATE_SYSTEM.PUP

    • Optionally put the recovery update in the updates folder as PS4UPDATE_RECOVERY.PUP

      5.05 SYS MD5: F86D4F9D2C049547BD61F942151FFB55

      5.05 REC MD5: C2A602174F6B1D8EF599640CD276924A

  3. MAKE SURE THE DNS IS SET CORRECTLY!

  4. SEE #2 I'M SO SERIOUS!

  5. There should be a different page on the System Software Update > View Details option on the PS4. It will be obvious!

    • The PS4 is not using the right DNS if you get the standard Sony changelog page. STOP IMMEDIATELY AND RESTART THE ENTIRE PROCESS
  6. Run a system update on your PS4 system.

  7. Return to the "How to run" section.

Modifying settings.json

It's probably a good idea to make a backup of the default settings.json just in case. Any invalid settings will throw a warning and use a default value.

Use valid json formatting. Boolean values should be lower case, integers should not be quoted, etc.

SettingNotesType
DebugWill print debug info from the DNS/HTTP serversboolean
Root_CheckWill skip the root user check for Linux/OSX, only disable if you are sure you don't need it. Will cause port errors if set wrongboolean
PublicIf the server is listening on a public IP (Disabled payload sending other than "Auto_Payload and disables viewing/editing settings remotely)boolean
DNSIf the DNS server should be runboolean
HTTPIf the HTTP server should be runboolean
HTTPSIf the HTTPS server should be runboolean
DNS_InterfaceThe IP of the interface to bind the DNS server tostring (IP Address)
DNS_PortThe port to bind the DNS server toint (1-65535)
HTTP_InterfaceThe IP of the interface to bind the HTTP server tostring (IP Address)
HTTP_PortThe port to bind the HTTP server toint (1-65535)
HTTPS_InterfaceThe IP of the interface to bind the HTTPS server tostring (IP Address)
HTTPS_PortThe port to bind the HTTPS server toint (1-65535)
Compression_LevelEnables gzip compression on the HTTP server, 0 being disabled, 9 being most compressedint (0-9)
UA_CheckIf the UA should be checked against values in the Valid_UA settingboolean
ThemeWhich theme to use, themes must be located in the themes folderstring
Sticky_CacheWhether the appcache manifest should be included in itself or notboolean
Auto_PayloadPayload to send to any IP that accesses server at /success. Payload must be in the payloads folderstring
Payload_TimeoutThe timeout, in seconds, to try and send a payload through the payload menu before timing outint (1-999)
DNS_RulesFake DNS control block
DNS_Rules [Redirect IP]The IP address to redirect URLs listed in the Redirect rules tostring (IP Address)
DNS_Rules [Redirect]Array of domains to forwards to DNS_Rules [Redirect IP]array of strings (regex)
DNS_Rules [Block]Array of domains to blockarray of strings (regex)
DNS_Rules [Pass_Through]Array of IP addresses to not modify DNS requestsarray of strings (IP Address)
Valid_UAUser-Agents to allow access to exploits, only used if UA_Check is enabledarray of strings (regex)
UpdateUpdater control block
Update [PS4_No_Update]The PS4 version (and lower) listed here will not be served update filesfloat
Update [PS5_No_Update]The PS5 version (and lower) listed here will not be served update filesfloat
Update [Vita_No_Update]The PS Vita version (and lower) listed here will not be served update filesfloat

Modifying metadata

TBD.

About offline caching

About autoload

Contributing

You can check the issue tracker for my to do list and/or bugs. Feel free to send a pull request for whatever. Be sure to report any bugs, include as much information as possible.

What if a new exploit is released?

You should just be able to place the exploit files in the exploit directory. The exploit will automatically add the exploit to the menu.

    ex. exploits/firmware_version/exploit_name/index.html

Why do you commit so many little changes, tweaks, etc?

I have no self control... it also lets people see the actual development. From barely working chicken scratch to actual code.

Credits