- Features
- Supported Firmware
- Tested Hardware
- Why GoldHEN Only?
- PI-Pwn Installation
- PS4 Configuration
- Usage
- Advanced Features
- Updating PI-Pwn
- Uninstalling PI-Pwn
This is a fork of the original stooged/PI-Pwn, which has not been updated for some time. This version adds compatibility with the latest Raspberry Pi OS Debian 13 (Trixie) and includes updated GoldHEN and stage2 payloads.
PI-Pwn is an automated setup script for PPPwn and PPPwn_cpp on Raspberry Pi and compatible single-board computers. It provides automated PS4 exploitation with internet connectivity support, USB passthrough capabilities, and a web-based control interface.
- Automated exploit execution with continuous retry
- Support for GoldHEN
- Optional console internet access
- Web interface for configuration and control
- USB drive passthrough to console
- Built-in DNS blocker to prevent system updates
- FTP, klog, and binloader server access forwarding
- Rest mode support with GoldHEN detection
- LED indicators for exploit progress (model-dependent)
- 7.00, 7.01, 7.02
- 7.50, 7.51, 7.55
- 8.00, 8.01, 8.03
- 8.50, 8.52
- 9.00
- 9.03, 9.04
- 9.50, 9.51, 9.60
- 10.00, 10.01
- 10.50, 10.70, 10.71
- 11.00
PI-Pwn has been tested on the following models, but is not limited to them:
- Raspberry Pi 5
- Raspberry Pi 4 Model B
- Raspberry Pi 400
- Raspberry Pi 3B+
- Raspberry Pi 2 Model B
- Raspberry Pi Zero 2 W (requires USB to Ethernet adapter)
- Raspberry Pi Zero W (requires USB to Ethernet adapter)
This fork focuses exclusively on GoldHEN payloads and has removed PS4HEN support. GoldHEN is more feature-rich and user-oriented, with built-in quality-of-life improvements that make it the preferred choice for most users. While PS4HEN remains a valuable open-source alternative for development and older firmwares, supporting only GoldHEN allows this project to be simpler, easier to maintain, and focused on delivering the best experience.
- Raspberry Pi or compatible board
- MicroSD card (8GB or larger recommended)
- Raspberry Pi OS Lite or Armbian CLI/Minimal
- Ethernet cable to connect Pi to PS4
- USB drive formatted in FAT32 or exFat
- Internet connection for initial setup
- Flash Raspberry Pi OS Lite or Armbian CLI/Minimal to your SD card
- Insert the SD card into your Raspberry Pi and boot it
- Connect the Pi to the internet (via Ethernet or WiFi)
- Run the installation:
Interactive Setup:
wget https://raw.githubusercontent.com/mariozelaschi/PI-Pwn/main/setup-pipwn.sh
chmod +x setup-pipwn.sh
./setup-pipwn.shManual Installation:
sudo apt update
sudo apt install wget unzip -y
sudo rm -rf /boot/firmware/PPPwn
cd /tmp
wget -q https://github.com/mariozelaschi/PI-Pwn/archive/refs/heads/main.zip -O pipwn.zip
unzip -q pipwn.zip
sudo mkdir -p /boot/firmware/
sudo cp -r PI-Pwn-main/PPPwn /boot/firmware/
rm -rf PI-Pwn-main pipwn.zip
cd /boot/firmware/PPPwn
sudo chmod +x *.sh pppwn7 pppwn11 pppwn64 2>/dev/null
sudo bash install.shIf you previously installed the original stooged/PI-Pwn, it is strongly recommended to start with a fresh Raspberry Pi OS installation. The original version modifies system files (/etc/dnsmasq.conf, /etc/nginx/sites-enabled/default, /etc/rc.local) that may conflict with this fork. If a clean installation is not possible, manually remove all traces of the old installation before proceeding.
During installation, you'll be prompted to configure several options:
- Python PPPwn Support: Option to install Python3 and Scapy for using the original Python version of PPPwn (slower but may work better on some setups)
- FTP Server: Optional FTP server installation for easy file access to the PPPwn folder
- Requires setting the root account password for login
- Uses standard ports 21 (command) and 20 (data)
- Samba Share: Optional network share setup for accessing PPPwn files
- No authentication required
- Accessible at
\\pppwn.local\pppwn(Windows) orsmb://pppwn.local/pppwn(macOS/Linux)
- USB Ethernet Adapter: Select "yes" if using a USB to Ethernet adapter for the console connection
- If your Pi has a built-in Ethernet port and you're using a USB adapter, the interface will typically be
eth1 - For boards like Pi Zero 2, the interface will be
eth0
- If your Pi has a built-in Ethernet port and you're using a USB adapter, the interface will typically be
- PPPoE Credentials: Configure username and password for console connection (default:
ppp/ppp)- Must match on both PI-Pwn and PS4 if enabling internet access
- Console Internet Access: Enable internet connectivity for the PS4 after exploitation
- Firmware Version: Select your PS4's firmware version (7.00 through 11.00)
- Timeout Setting: Time in minutes (1-5) before restarting PPPwn if it hangs
- Network Interface: The LAN interface connected to the console (auto-detected, usually
eth0oreth1) - Original IPv6 Address: Option to use the original PPPwn IPv6 (
fe80::4141:4141:4141:4141) - USB Drive Passthrough: Enable USB drive mounting to console (Pi 4/400/5 only)
- Hostname: Set a custom hostname for the Pi (default:
pppwn) - affects web interface URL - Additional Options:
- GoldHEN detection for rest mode support
- Console shutdown detection and auto-restart
- Verbose logging for debugging
- Automatic Pi shutdown after successful exploit
- DNS blocker configuration
After installation completes, the Pi will reboot and PPPwn will start automatically.
Configure your PS4 to connect via PPPoE:
- Navigate to Settings → Network → Set Up Internet Connection
- Select Use a LAN Cable
- Choose Custom setup
- Select PPPoE for IP Address Settings
- Enter PPPoE credentials:
- User ID:
ppp(or the username you configured during PI-Pwn setup) - Password:
ppp(or the password you configured during PI-Pwn setup) - Note: If internet access is enabled, these credentials must match those set during PI-Pwn setup
- User ID:
- Choose Automatic for DNS Settings
- Choose Automatic for MTU Settings
- Choose Do Not Use for Proxy Server
After configuration, connect the Pi to the PS4 with an Ethernet cable:
- Download the latest
goldhen.binfrom the official source: https://ko-fi.com/sistro. - Place
goldhen.binon the root of a USB drive formatted as FAT32 or ExFAT. - Insert the USB drive into your PS4.
- Power on both the PS4 and Raspberry Pi.
- Leave the PS4 on the home screen.
- The Pi will automatically begin the exploitation process.
- Multiple attempts may be required; this is normal. The Pi will keep retrying until successful.
- The jailbreak will be successful when the GoldHEN icon replaces the PlayStation Plus icon (first icon at the top left of the screen).
- After the first successful load, GoldHEN will be copied to the console's internal HDD.
- When the exploit succeeds, the Pi will shut down (if selected during setup, and unless internet access is enabled).
- The PS4 remains jailbroken until the next shutdown or reboot. If enabled in the options, rest mode can be used to keep the PS4 jailbroken while sleeping.
- No user interaction is required, the Pi manages the entire process automatically.
- The USB drive is not needed for subsequent boots.
- To update GoldHEN, place the new version on the USB drive and repeat the jailbreak process; the updated GoldHEN will overwrite the previous version on the PS4 HDD.
- Always download GoldHEN from SiSTR0's official Ko-fi page to ensure you have the authentic, latest version.
Access the web control panel from:
- Your PS4 browser (when connected):
http://192.168.2.1:8000 - Your PC browser:
http://{pi-hostname}.local:8000orhttp://{pi-ip-address}:8000
When internet access is enabled, the Pi can forward requests to the console's services. However, to access the PS4's FTP server from your home network, you need to configure routing because the PS4 is on a different network (192.168.2.0/24) than your home LAN.
The simplest method is to SSH into the Pi first, then access the console from there:
ssh user@<pi-ip-address>
ftp 192.168.2.2 2121To access the PS4's FTP (192.168.2.2:2121) directly from your PC, you need to tell your system how to reach the 192.168.2.0/24 network through the Pi.
Option 1: Static Route on Your PC (temporary)
On macOS/Linux:
sudo route add 192.168.2.0/24 gw <pi-lan-ip>
# Example: sudo route add 192.168.2.0/24 gw 192.168.50.234On Windows (CMD as Administrator):
route add 192.168.2.0 mask 255.255.255.0 <pi-lan-ip>
REM Example: route add 192.168.2.0 mask 255.255.255.0 192.168.50.234Then connect with your FTP client to 192.168.2.2 port 2121 in Active mode.
Option 2: Static Route on Your Router (persistent, recommended)
Add a static route in your router's admin panel:
- Destination Network: 192.168.2.0/24
- Subnet Mask: 255.255.255.0
- Gateway:
<pi-lan-ip>(e.g., 192.168.50.234)
This makes the console network accessible from all devices on your LAN without configuring each device individually.
Raspberry Pi 4 and 5 models support USB drive passthrough:
- Create a folder named
payloadson the root of a USB flash drive - Insert the drive into the Raspberry Pi
- Connect the Pi to the PS4 USB port
- Enable "USB drive to console" in the PI-Pwn configuration
- The drive will be accessible from the PS4
Power Note: Most configurations work with a single USB cable. If experiencing power issues, use a USB Y cable to inject additional power.
To enable rest mode functionality:
- Enable "Detect if GoldHEN is running" in PI-Pwn options
- If powering the Pi from the PS4 USB port, disable "Supply Power to USB Ports" in the console's rest mode settings
- Ensure the PS4's PPPoE credentials match your PI-Pwn configuration (default:
ppp/ppp)
PI-Pwn will check if GoldHEN is already loaded and skip the exploit process if it's running.
To monitor PPPwn exploitation progress in real-time via SSH:
tail -f /boot/firmware/PPPwn/pwn.logPress Ctrl+C to exit the log viewer.
Note: Verbose mode must be enabled in the configuration for logs to be generated. You can enable it through the web interface or during installation.
If you installed the FTP server during setup:
- Server: Pi's IP address
- Ports: 21 (command), 20 (data)
- Credentials: Root username and password (set during installation)
- Path:
/boot/firmware/PPPwn - Note: Can be installed later by re-running the installation script
If you configured the Samba share during setup:
- Windows:
\\pppwn.local\pppwn - macOS/Linux:
smb://pppwn.local/pppwn - Credentials: None (no authentication required)
- Note: Can be installed later by re-running the installation script
The only safe and supported way to update PI-Pwn is to redownload the latest setup script and run it over your existing installation.
This ensures that all configuration changes and new options are properly applied and avoids unexpected errors or broken installs if configurations change between versions
You can check for new versions from the web interface (Update button) or by visiting the GitHub page.
To completely remove PI-Pwn from your Raspberry Pi:
Using setup-pipwn.sh:
Select option 2 to uninstall. The script will:
- Stop and disable all PI-Pwn services
- Remove systemd service files
- Remove configuration files (dnsmasq, nginx, udev rules, ppp)
- Remove PI-Pwn directories
- Clean up system modifications (sudoers, config.txt)
- Remove nginx PI-Pwn site configuration
- List installed packages that can be removed manually
Note: The uninstall script does NOT remove packages installed during setup (like nginx, php-fpm, dnsmasq, etc.) to avoid breaking other services. You can manually remove them if needed, but be careful with dnsmasq if you have Pi-hole installed.