- Currently only tested on Firmware 2.00 but should work on all supported firmwares by the SDK.
- C++23 is the highest language revision of C++ used.
- Relies on SDK from John Törnblom, thanks for the great work!
- Clone and build the SDK from John Törnblom (GNU/Linux based)
wget https://github.com/ps5-payload-dev/sdk/releases/latest/download/ps5-payload-sdk.zipsudo unzip -d /opt ps5-payload-sdk.zip
- Clone Nihonium
git clone git@github.com:cragson/nihonium
- (Optional) Jailbreak your PS5 to send the payload directly after building
- Set the correct IP address of your PS5 inside of
nihonium/debug.sh - Run
nihonium/debug.shto build the payload and sent it to your PS5
Here are all the available features of this framework listed, explained and shown with an example.
This should give you access to functions, which you can use for manipulation of the Kernel (e.g. reading and writing to kernel memory).
Currently the following functions are supported:
- sceKernelSendNotificationRequest
- sceKernelGetHwModelName
- sceKernelGetHwSerialNumber
- sceKernelGetCpuFrequency
- sceKernelGetCpuTemperature
- sceKernelGetSocSensorTemperature
Here are and will be a lot of small examples on how to use different parts of this framework, so you can easily try it out yourself.
#include "kernel_memory.hpp"
#include <memory>
#include <print>
int main()
{
const auto kmem = std::make_unique< kernel_memory >();
const auto kernel_txt = kmem->get_kernel_text_base();
std::println( "[+] kernel text: {:X}", kernel_txt );
return 0;
}#include "kernel_memory.hpp"
#include <memory>
#include <print>
int main()
{
const auto kmem = std::make_unique< kernel_memory >();
const auto kernel_data = kmem->get_kernel_data_base();
std::println( "[+] kernel data: {:X}", kernel_data );
return 0;
}#include "kernel_memory.hpp"
#include <memory>
#include <print>
int main()
{
const auto kmem = std::make_unique< kernel_memory >();
const auto kernel_txt = kmem->get_kernel_text_base();
if(!kernel_txt)
return 0;
const auto buffer = kmem->read_kernel< uint64_t >( kernel_txt );
std::println( "[+] First 8 bytes from kernel text: {:X}", buffer );
return 0;
}#include "kernel_memory.hpp"
#include <memory>
#include <print>
int main()
{
const auto kmem = std::make_unique< kernel_memory >();
const auto kernel_data = kmem->get_kernel_data_base();
if(!kernel_data)
return 0;
if( kmem->write_kernel< uint64_t >( kernel_data + 0x1337, 0xDEADAFFE ) )
std::println( "[+] Successfully wrote to memory!" );
else
std::println( "[!] Failed to write to memory!" );
return 0;
}#include "kernel_memory.hpp"
#include <memory>
#include <print>
int main()
{
const auto pid = int32_t( 0x1337);
const auto address = std::uintptr_t( 0xDEADBEEF );
constexpr auto PROT_READ = 0x01;
constexpr auto PROT_WRITE = 0x02;
constexpr auto PROT_EXEC = 0x04;
const auto kmem = std::make_unique< kernel_memory >();
if( kmem->change_memory_protection( pid, address, 0x420, PROT_READ | PROT_WRITE | PROT_EXEC ) )
std::println( "[+] Successfully changed memory protection!" );
else
std::println( "[!] Failed change memory protection!" );
return 0;
}#include "kernel_memory.hpp"
#include <memory>
#include <print>
int main()
{
const auto kmem = std::make_unique< kernel_memory >();
const auto process = kmem->get_process( 0x1337 );
std::println( "[+] process: {:X}", process );
return 0;
}#include "kernel_memory.hpp"
#include <memory>
#include <print>
int main()
{
const auto kmem = std::make_unique< kernel_memory >();
const auto str = kmem->read_string_from_memory( 0x1337 );
std::println( "[+] String from memory: {}", str );
return 0;
}#include "kernel_memory.hpp"
#include <memory>
#include <print>
int main()
{
const auto kmem = std::make_unique< kernel_memory >();
const auto processes = kmem->get_process_list();
if( processes.empty() )
return 0;
for( const auto& _proc : processes )
std::println( "[+] Name: {} PID: {} State: {}", elem->m_name, elem->m_pid, elem->m_state );
return 0;
}