A bunch of “homebrew” binaries (payloads) from the 1.76 PS4 Jailbreak are being ported to the “new” PS4 scene. Recently, libftps4 has been ported to the 4.05 firmware, and basically lets you run your PS4 as an FTP Server, which is a perfect way to start looking at what’s inside your PS4’s hard drive.

What fun stuff can I do when my PS4 is running an FTP Server?

Important: root access gives you lots of control on your console, and the possibility to mess up dramatically. Don’t start touching, editing or removing files if you’re not 100% sure what you’re doing. You could end up with a bricked console.

Of course most of the files on your PS4 system are encrypted and useless “as is”. You might still want to look around for unencrypted data such as images, etc…

Besides looking at what files are stored on your PS4 to learn more about the system, there’s one really useful thing you can do:

Delete PS4 firmware update – If your console has downloaded the latest firmware update by mistake, you’re probably annoyed by the constant message asking you if you’d like to update. With root access on your console, you can now delete the PS4UPDATE.PUP file that is in the update folder, which will make the message go away.

How to – run an FTP Server on PS4 4.05

The PS4 FTP Server code is yet another payload that is run like any other payload on the PS4 (follow our guide here), however there are a couple “tricks” to know beforehand (we’ll go in details below for both of those):

The payload has your PS4’s IP address hardcoded within it. You will need to hex-edit the binary file in order to replace with your console’s actual IP. It’s an easy process (the “hard” version is to recompile the payload from scratch with your IP address)

The FTP server seems to not get full root access with older versions of the PS4 4.05 exploit. You want to make sure you have IDC’s recent fork, or anything more recent.

In the tutorial below, I’ll recommend that you use ps4-exploit-host, a tool by developer Al-Azif which is an all-in-one server/proxy/exploit package to run exploit 4.05. You can of course download the PS4 exploit, etc… independently but I find this tool way convenient.

Requirements

0. Prepare your PS4 and computer

In this step, you want to set up your PS4 and your computer to be able to run exploits. For this, Follow this tutorial. Make sure you use a recent version of ps4-exploit-host and choose the IDC exploit. (some details why)

1. Prepare the payload

The FTP Payload is hardcoded to a specific IP. You’ll need to edit that and replace it with your PS4’s IP. To do that, use a hexeditor such as XVI, and look for the hardcoded IP at offset 0x5900:

Update and save the file.

Copy your modified file into the “payloads” subfolder of ps4-exploit-host.

Alternatively: for advanced users, you might want to compile the FTP Server Payload yourself. The source is IDC’s github here.

2. Run the payload on your console, and access your FTP server

Pick the FTP Payload in ps4-exploit-host command line, and you should get a message saying “Payload Sent”. Your FTP server is now, in theory, running. You can test by accessing your FTP server with an FTP Client. Host is your PS4’s IP address (in my case, 192.168.1.2), username and password should stay empty (anonymous connection), and the port is set to 1337 (this is different from the default of port 20).

You should now be able to see the contents of your PS4’s hard drive. To confirm you’re in “root” mode: you should see multiple folders in there including “usb”, “update”, “eap_vsh”, and more. If you only see a handful of folders, you’re not in root access (see troubleshooting section below).

That’s it!

Troubleshooting

Q: I cannot access the FTP server

A: Make sure you have all the IPs right. The IP on your PS4 and in the payload and in your FTP client need to match. If nothing works, get back to basics: can you run the “Debug settings” payload correctly?

Q: I don’t see many folders on the FTP, only a handful of them

A: You’re running the FTP server in usermode. Make sure you use the latest version of ps4-exploit-host, and use the IDC exploit. As of 2017/12/31, The FTP Payload has some incompatibilities with SpecterDev’s version of the exploit. Details here.