matem6/yarp2jb

This project is a PlayStation 5 jailbreak tool that works on consoles running firmware versions 9.00 through 12.70. It combines two existing exploits: a kernel-level vulnerability called p2jb (originally found by Gezine) and a userland exploit called yarpe (by Helloyunho) that runs inside a specific commercial game, Arcade Spirits: The New Challengers. The end result is a way to gain elevated, root-level access to the PS5's operating system. The technical path goes like this: the game's save file is replaced with a specially crafted exploit save. When the game loads that save, it triggers yarpe, which listens over the local network for a Python script. You send the included payload script (p2jb.py) to the console over a TCP connection. That script then forces the PS5 kernel into a known broken state by calling a system function roughly 4 billion times, causing an integer overflow. From that broken state, the code builds the ability to read and write arbitrary kernel memory, escalates the game process to root, and patches a normally read-only section of the kernel to unlock the console's hidden debug menu. A small loader program (elfldr-ps5.elf) is then placed into memory and starts listening for additional software to run. The process takes 45 to 52 minutes depending on which version of the game is installed (PS5 native edition or PS4 edition played under backward compatibility). During that time the screen shows progress stages numbered 0 through 9. If it fails at any point, reloading the save and re-sending the payload restarts the attempt. The jailbreak is not permanent across reboots, it needs to be re-run each time the console starts fresh. To use this, you need a PS5 with the game installed, a PC on the same home network, and a basic command-line tool (such as nc, the standard netcat utility) to send files over TCP. The release includes the exploit save file and the ELF loader so no building from source is required for the setup steps.