This is a script to setup PPPwn and PPPwn_cpp on the raspberry pi and run GoldHen on the PS4 fw 11.0, 10.01, 10.00, 9.60, 9.00
It also supports internet access after pwn and access to ftp, klog and binloader servers launched by goldhen.
A dns blocker is also installed and used to prevent updates.
The Raspberry Pi 4, Raspberry Pi 400 and Raspberry Pi 5 can pass through a usb drive inserted into the pi to the console if the pi is plugged into the console usb port
There is also a webserver to control the pi, change settings and send payloads by accessing http://pppwn.local from the console or your pc if you have internet access enabled.
Raspberry Pi 5
Raspberry Pi 4 Model B
Raspberry Pi 400
Raspberry Pi 3B+
Raspberry Pi 2 Model B
Raspberry Pi Zero 2 W with usb to ethernet adapter
Raspberry Pi Zero W with usb to ethernet adapter
ROCK PI 4C Plus with armbian Image
BIGTREETECH BTT Pi V1.2 with armbian minimal
pcDuino3b with armbian Image
You need to install Raspberry Pi OS Lite or Armbian Cli / Minimal onto a sd card.
Place the sd card into the raspberry pi, boot it and connect it to the internet then run the following commands
sudo apt update
sudo apt install git -y
sudo rm -f -r PI-Pwn
sudo systemctl stop pipwn
git clone https://github.com/stooged/PI-Pwn
sudo mkdir /boot/firmware/
cd PI-Pwn
sudo cp -r PPPwn /boot/firmware/
cd /boot/firmware/PPPwn
sudo chmod 777 *
sudo bash install.sh
During the install process you will be asked to set some options.
If you are using a usb to ethernet adapter for the connection to the console you need to select yes
If your pi has an ethernet port and you are using a usb to ethernet adapter your interface for the usb adapter should be eth1
If you are using something like a pi zero 2 the interface will be eth0
Once the pi reboots pppwn will run automatically.
- Go to
Settings
and thenNetwork
- Select
Set Up Internet connection
and chooseUse a LAN Cable
- Choose
Custom
setup and choosePPPoE
forIP Address Settings
- Enter
ppp
forPPPoE User ID
andPPPoE Password
- NOTE if you enable internet access you must match the username and password entered during the install or use the default
ppp
- Choose
Automatic
forDNS Settings
andMTU Settings
- Choose
Do Not Use
forProxy Server
For GoldHen you need to place the goldhen.bin file onto the root of a usb drive and plug it into the console.
Once goldhen has been loaded for the first time it will be copied to the consoles internal hdd and the usb is no longer required.
To update goldhen just repeat the above process and the new version will be copied to the internal hdd
If the pi pwn was setup to allow internet access you can use the ftp, klog, and binloader servers on the console
Your pi must be also connected to your home network via wifi or a second ethernet connection
To connect to the servers from your pc just connect to the raspberry pi ip on your network and all requests will be forwarded to the console
For ftp make sure you set the transfer mode on your ftp client software to Active
not passive.
You can put a usb flash drive in the pi and that will be mounted to the console, you must put a folder on the root of the drive called "payloads"
To use this feature you must plug the raspberry pi 4 / 400 / 5 into the consoles usb port using the usb-c connection on the pi.
If you have power issues you can use a usb Y cable to inject power from another source but in my tests both pi variants ran using a single cable.
You can enable the option to detect if goldhen is running in the options which will cause pi-pwn to check if goldhen is active before running pppwn, this is useful for rest mode
If you have the pi powered from the console usb port you must disable "Supply Power to USB Ports" in the rest mode settings of the console.
The console must also use the PPPoe user and pass set for the "console internet connection" of pi-pwn or the defaults if you never changed them which are ppp for both user and password.
If you install FTP to access the pppwn folder for the exploit files you must use your root login user/pass to access the server.
The ftp server uses the standard ports 21 and 20.
If you setup samba to access the pppwn folder for the exploit files you can access the drive on...
\\pppwn.local\pppwn
or
smb:\\pppwn.local\pppwn
The share has no user/password required to access it.
Once everything is setup and the ethernet cable is plugged in between the pi and the console the pi should automatically try and pwn the console.
The exploit may fail many times but the pi will continue to purge the console to keep trying to pwn itself.
Once pwned the process will stop and the pi will shut down if you are not using internet access.
You will need to restart the pi if you wish to pwn the console again.
The idea is you boot the console and the pi together and the pi will keep trying to pwn the console without any input from you, just wait on the home screen until the process completes
You can edit the exploit scripts by putting the sd card in your computer and going to the PPPwn folder.
The commands above can also be run again to install updates or change the settings.
You can also click the update button on the web ui.