Editing Softmod (section)

===PlayStation 5===
The [[PlayStation 5]] has ways to achieve a softmod. They rely on a userland exploit, which can be either [[WebKit]] vulnerabilities in the PS5 Web Browser, a specially crafted [[Blu-ray]] disc, or a savegame exploit, that is combined with a kernel (and optionally [[hypervisor]]) exploit. They are all tether exploits meaning they have to be performed every time the console is powered on, although some exploits may be persisted using rest mode.

Softmodding a PS5 allows running homebrew, load game backups, modify the PS4 backwards compatibility blacklist, install and run PS4 "FPKGs" (including PS4 homebrew and PS1/PS2/PS4 game backups), change fan speeds, and spoof firmware (which allows the install of games that require an update patch, and can also block updates). However, firmware spoofing will not allow games above the console's true firmware revision to load without the required update patch. The PS5 is also capable of playing patched PS4 titles above the PS4 [[frame rate]] cap of 60 FPS, such as [[Bloodborne]], at higher frame rates e.g. 120 FPS.

Compared to its predecessor the PS4, a userland and kernel exploit would have been enough to accomplish what is generally regarded as a true jailbreak by patching the kernel, however the PS5 has added security measures in comparison, mainly a hypervisor (HV) and eXecute Only Memory (XOM) which do not allow kernel patching - as a result not all kernel exploits on the PS5 can be leveraged due to these additional measures, and makes reverse engineering much more difficult. Despite this, several HENs (Homebrew ENablers) have been made that operate within the constraints of the HV and XOM to defeat enough security to enable a homebrew environment. After the first public HV exploit, HENs were adjusted to operate with the HV compromised (including the XOM being deactivated), providing better stability and functionality than HENs that don't leverage a HV exploit since kernel patching is now possible.

Known firmware versions that allow for a softmod are: 2.50,<ref>{{cite web|title=PS5Dev/Byepervisor|website=[[GitHub]]|url=https://github.com/PS5Dev/Byepervisor|accessdate=26 October 2024}}</ref> 4.51,<ref>{{cite web|title=Cryptogenic/PS5-IPV6-Kernel-Exploit|website=[[GitHub]]|url=https://github.com/Cryptogenic/PS5-IPV6-Kernel-Exploit|accessdate=29 August 2024}}</ref> 5.50,<ref>{{cite web|title=PS5Dev/PS5-UMTX-Jailbreak|website=[[GitHub]]|url=https://github.com/PS5Dev/PS5-UMTX-Jailbreak|accessdate=22 September 2024}}</ref> 7.61,<ref>{{cite web|title=hammer-83/ps5-jar-loader|website=[[GitHub]]|url=https://github.com/hammer-83/ps5-jar-loader|accessdate=1 June 2025}}</ref> 10.01.<ref name="ps4jb-12.02-ps5jb-10.01"/>

It is worth noting the 2.50 exploit compromises the kernel and HV, while the exploits up to 10.01 only compromise the kernel.

The IPv6 kernel exploit on the PS4 that led to the 6.72 jailbreak<ref name="ps4jb-6.72"/> was patched a few months prior to the release of the PS5, which was reintroduced on the PS5 with 3.00 firmware and affected up to 4.51 firmware. The exFAT filesystem kernel exploit that led to the 9.00 jailbreak<ref name="ps4jb-9.00"/> also affected PS5 firmware up to 4.03, however due to additional protections on the PS5 it is not possible to use this to softmod the PS5. The [[Point-to-Point Protocol over Ethernet|PPPoE]] kernel exploit that led to the PS4 11.00 jailbreak<ref name="ps4jb-11.00"/> also affected PS5 firmware up to 8.20, and is not known to softmod the PS5. The lapse kernel exploit that led to the PS4 12.02 jailbreak<ref name="ps4jb-12.02-ps5jb-10.01"/> could also be used to jailbreak the PS5, and affected up to 10.01 firmware.

In June 2023, a payload called ''libhijacker''<ref>{{cite web|title=astrelsky/libhijacker|website=[[GitHub]]|url=https://github.com/astrelsky/libhijacker|accessdate=24 June 2023}}</ref> was disclosed, becoming a reliable method of running homebrew and partially circumvents the HV, which works by creating a new, separate process by interacting with the PS5's [[Daemon (computing)|Daemon]], effectively acting as a background ELF loader. This is notable over previous ELF loaders such as the WebKit or Blu-ray methods since those ELF loaders were terminated when the corresponding process was stopped. Another advantage of this new method is that the newly separate process is not confined to the fixed maximum resource allocation of the WebKit or BD-J processes.

In July 2023, security researcher ''Flat_z'' disclosed<ref>{{cite web|title=Aleksei Kulaev on Twitter: finally... hello, PS5 PSP :)|website=[[Twitter]]|url=https://twitter.com/flat_z/status/1684554194366107650|accessdate=30 July 2023}}</ref> that they had read access to the PS5's Platform Secure Processor (PSP) which is one of the most protected parts of the system and contains crucial keys for decryption. In addition, they also confirmed they had successfully exploited the HV via a save game exploit chain. ''Flat_z'' said he does not intend to disclose his findings publicly, however he is using these exploits to further reverse engineer the PS5 now that he is able to decrypt more parts of the system.

In November 2023, scene developer ''LightningMods'' disclosed<ref>{{cite web|title=LM on Twitter: First ever PS5 Game Back up to be played, PPSA03527|website=[[Twitter]]|url=https://twitter.com/LightningMods_/status/1721713975929209075|accessdate=7 November 2023}}</ref> that they had managed to load and play a retail PS5 game backup.

In December 2023, scene developer ''LightningMods'' updated his ''Itemzflow''<ref>{{cite web|title=LightningMods/Itemzflow|website=[[GitHub]]|url=https://github.com/LightningMods/Itemzflow|accessdate=12 September 2024}}</ref> homebrew to support loading PS5 game backups.

In September 2024, a kernel exploit was disclosed for [[FreeBSD]] 11, which the PS5 software is based on. It can be leveraged on the PS5, which affects all firmware versions up to 7.61.<ref name="ps5jb-7.61">{{cite web|title=PS5Dev/PS5-UMTX-Jailbreak|website=[[GitHub]]|url=https://github.com/PS5Dev/PS5-UMTX-Jailbreak|accessdate=22 September 2024}}</ref> The bug is not present in FreeBSD 9 and as such the PS4 is unaffected.

In October 2024, security researcher ''SpecterDev'' disclosed<ref name="ps5jb-hv-2.50">{{cite web|title=PS5Dev/Byepervisor|website=[[GitHub]]|url=https://github.com/PS5Dev/Byepervisor|accessdate=26 October 2024}}</ref> two exploit chains that compromise the hypervisor, which affect all firmware versions up to 2.50.