A significant new update has been released for the PS5 Payload SDK , the toolkit developed by developer John Törnblom used to create ELF payloads for PlayStation 5 consoles .

This SDK integrates several components derived from the PS5SDK project , providing advanced tools for developers working on exploits for the console.

The development kit enables the creation of custom applications and features, allowing you to take full advantage of the capabilities of the PlayStation 5 platform.

The update introduces important compatibility and optimization improvements. Offsets for firmware 8.xx, 9.xx and 10.0x have been added, along with the absolute address for the structure bus_data_devices, as defined in the FreeBSD source code.

On the critical signal handling front, automatic stack tracing in case of fatal errors has been removed, a change intended to avoid conflicts with the debugger gdbsrv.

On the library front, the update integrates the C11 thread implementation from FreeBSD 11.4, improving compatibility and reliability of multithreaded applications.

Finally, changes have been made to the linker: the size of payloads with an .bssextended section has been reduced, and the .textand sections .rodataare now writable, eliminating the need to use them mdbgfor dynamic program launching.

Building

john@localhost:ps5-payload-sdk$ make

Installation

john@localhost:ps5-payload-sdk$ make DESTDIR=/opt/ps5-payload-sdk install

Usage

john@localhost:ps5-payload-sdk$ export PS5_PAYLOAD_SDK=/opt/ps5-payload-sdk 
john@localhost:ps5-payload-sdk$ make -C samples/hello_world 
john@localhost:ps5-payload-sdk$ export PS5_HOST=ps5; export PS5_PORT=9021 
john@localhost:ps5-payload-sdk$ make -C samples/hello_world test

Adding new SCE libraries

If you have decrypted sprx files that you want to interact with, you can create stubs for them as follows:

john@localhost:ps5-payload-sdk $ sudo apt-get install wget python3 python3-pyelftools 
john@localhost:ps5-payload-sdk $ cp /path/to/sprx/libSceXYZ.sprx sce_stubs/ 
john@localhost:ps5-payload-sdk $ make -C sce_stubs stubs 
john@localhost:ps5-payload-sdk $ make DESTDIR=/opt/ps5-payload-sdk install

Bug Report

If you encounter any issues with ps5-payload-sdk, it is recommended to file a GitHub issue . If you plan to submit pull requests that affect more than a few lines of code, it is recommended to file a ticket before starting to work on the changes.

This will allow you to properly discuss the solution before committing time and energy.

Changelog

kernel : Added offsets for 8.xx, 9.xx and 10.0x firmwares.
kernel : Added absolute address for structure bus_data_devices(defined in freebsd-src/sys/kern/subr_bus.c).
crt : Removed automatic stack tracing on fatal signals, as it interfered with gdbsrv.
libc : Added C11 thread implementation from FreeBSD 11.4.
linker : Reduced payload size with .bsslarge section size.
linker : Made sections writable .textso you .rodatado rtldn’t need mdbg.