Hacking [OLD!] PS3 "jailbreak" F.A.Q.

[elb]

Wow, I've been out of the game for awhile in terms of gaming. Only been using my PS3 for movies. I recently had to update the firmware inorder to do the Netflix thing. So I'm at 3.50. Does that mean I can't have any of this jail-breaking fun?

So people who like Netflix have to make a choice?

 

[Rydian]

Corret, if you're on anything past 3.41 you can't do it.

Netflix and possibly more. This is normal. If you want to be able to hack your system you never keep the firmware updated. This goes for anything (not just the PS3), because later firmware updates fix security holes that are used to hack it.

EDIT: Whoops, Cyan's right. I was thinking 3.42 with move.

 

[Cyan]

So people who like Netflix have to make a choice?Yes, you have to choose either to have an updated PS3 with online capability, or a hacked/homebrew enabled one.
The last working firmware for debug mode is (currently) 3.41
@Rydian : Move require 3.40

QUOTE(ComplicatioN @ Oct 25 2010, 02:16 PM) What is a payload and the Hermes v4 KAKAROTOPL3?

a Payload is the code which put the PS3 in debug mode.
It's the data you put on a USB HUB device and is read at the launch of the PS3.

Here is a quick summary of the PS3 scene :

First it was the PSjailbreak team which released a debug dongle (130$), but after Sony seized the devices, it appears open sources clones from people who could buy one in time.

Those open sources are :
PSGroove : the first open source payload, destined for programmable USB HUB devices (Teensy, AT90, etc.)
PSFreedom : a port of PSGroove to everyday devices (phones, gaming console, TI84+ calculator, etc. but mostly phones)
Rockbox : PSGroove port, and later PL3 port for Media players (like iPod, Sansa) running under the Rockbox open source jukebox firmware.
PSGrooPIC : PSGroove port for PIC programmable chipset.
PL3 : unified payload

PSGroove being open source, Hermes made few patches to it :
PSGroove Hermes 1.1 : Enable backups playing without a disc in a drive and enable more memory access (peek and poke)
PSGroove Hermes V2 : Introduce a patched mode for problematic games which have controller issues.
PSGroove Hermes V3 : better fix for problematic games, no more patched mode needed (but still available), introduce Homebrew launching. (usb:/homebrew//.elf)

PSGroove Hermes V3fix (HWM) : Waninkoko made a patch for Hermes V3 to enable installation of retail demo (.pkg) from PSN, which will be corrected by Mathieulh (hence the name HWM: HermesWaninkokoMathieu)

KaKaRoTo, author of PSGroove, seeing there were now 3 different payloads (PSFreedom, original PSGroove branch, and Hermes PSGroove branch), decided to fuse each improvements from all of them and maintain only 1 payload for clearer and better development, and it was named PL3 (payload3).
The PL3 is then made to be working on previous PS3 firmware (the flaw of the current exploit in the PS3 firmware was introduce in fw2.01), and there' s now Payload compatible for : 3.01, 3.10, 3.15, 3.41
Users who never updated their console to keep OtherOS can now enjoy homebrews too

Hermes quit the PS3 scene and release the last version of his PSGroove port : PSGroove Hermes V4, which improve nodisc mode, include all the patches fix from Waninkoko and Mathieulh, and code cleanup.

Rockbox (for iPod, sansa music player) port of PL3 appears and is available for 3.01, 3.15, 3.41

PL3 allow now (since 22 oct 2010) the launch of backups needing 3.42 firmwares while still on an older one.
It's currently not working for games requiring fw3.50

PL3 is the latest, up to date, payload.

 

[Rydian]

I added the summary into the first post, hopefully that'll clear things up for a lot of people, thank you.

 

[ComplicatioN]

So people who like Netflix have to make a choice?Yes, you have to choose either to have an updated PS3 with online capability, or a hacked/homebrew enabled one.
The last working firmware for debug mode is (currently) 3.41
@Rydian : Move require 3.40

QUOTE(ComplicatioN @ Oct 25 2010, 02:16 PM) What is a payload and the Hermes v4 KAKAROTOPL3?

a Payload is the code which put the PS3 in debug mode.
It's the data you put on a USB HUB device and is read at the launch of the PS3.

That answered many questions thanks

 

[mark.m.moran]

Hi guys,
If a game does not show up in the backup manager even though it is in the Gamez folder on the internal HDD what is the most likely cause of this?

 

[Cyan]

Did you change your backup Manager recently?
You can store games in many folders, you have to tell the manager which one it should use.

dev_hdd0/games/LAUN12345/GAMEZ/

 

[flo]

How do i correctly uninstall a PKG ? I installed Snex9x , then i pressed triangle->Delete , it's gone from XMB . But when browsing dev_hdd0/game there was still a folder created there called SNES0000 ( something like that.. )

 

[mark.m.moran]

Did you change your backup Manager recently?
You can store games in many folders, you have to tell the manager which one it should use.

dev_hdd0/games/LAUN12345/GAMEZ/

 

[Rydian]

Okay, updated the guide's info to be more current, clarified and split the section on which device to buy (and linked to/suggested the $20 one from shoptemp), merged a question or two to try to save some room, removed a question that doesn't matter... and I really want to try to trim the size of the guide down. >>;

Can the instructions on hex editing xxxx to bdvd be removed, or are they still relevant for more than a port or two? Stuff like that, for example.

I lack a PS3 so I can't exactly test this stuff.

 

[Cyan]

@Flo : sorry, I don't know why there's still this folder.
What's inside ? if it still take space on the disk, that would be bad.


@mark.m.moran :
I was talking about the folder structure starting from the game's name folder.

Check that you correctly have this :
Darksiders/PS3_DISC.SFB
Darksiders/PS3_GAME/
Darksiders/PS3_GAME/ here the icon, param.sfo, etc.
Darksiders/PS3_GAME/USRDIR/eboot.bin and data folder here

and not this :
Darksiders/whatever/PS3_GAME/


All of this should be considered too :
- Which ftp did you use ? Blackb0x FTP, or an FTP server provided by a backup manager ?
- Did you enabled a "patched mode" before launching the server ?
- Which payload did you use ? (hermes or PL3, which version)

Combination of payload+manager+patched_mode can determine if a game will work or not.
It could be a folder with wrong right access (usually when using Hermes to dump, and PL3 to play).

There's few thing you could try, but 20G is certainly very long to dump/send to PS3 :

I suggest you use Hermes v4b + Blackb0x ftp 1.1, then try Open Manager 1.13 (or newer).

If it's still not showing, try Gaia manager 1.13.1 and it's internal ftp server (The patched mode shouldn't be needed, as the compatibility list doesn't suggest it)
If still not working, try with PL3 instead of Hermes

If still not working, then you should try to split big files in .666xx using a software on your computer and place the resulted game folder on your external HDD.
Then use a manager (gaia+PL3 ?) to copy the game to internal (you can't play on external).

 

[B-Blue]

OK, I have a lot of questions:

1. I have this PSJailbreak2 (a clone) is it any good?

1-2. Do I have to "jailbreak" every time I turn off the PS3?
1-3. Do I have to keep the device plugged in after I jailbreak or while playing games?
2. What's the best backup manager (gaia, open manager, etc...)
3. How do I transfer a game (ISO) to the PS3?
4. WHAT DO I DO WITH THESE HEX FILES?!

5. How do I install a .pkg file?
6. Can I play pirated PSN games (like flower, echochrome, etc...) after I jailbreak?

That's it... for now.

 

[Cyan]

Hi,
I hope I can help you.


1. I have this PSJailbreak2 (a clone) is it any good?

It does its job. Though, there are fake (clone of the clone) which seems poorly designed and could break after an upgrade.

1-2. Do I have to "jailbreak" every time I turn off the PS3?
Yes, it's a memory patch. the device put the console in debug mode.
The console initialize plugged USB hub after a hard power off and before power ON, hence the power cycle+plug+power ON, each time you want to put the console in debug mode.

1-3. Do I have to keep the device plugged in after I jailbreak or while playing games?
The original needed it. All the "2nd gen clones" don't. You can unplug it after the console is correctly booted in debug mode.

2. What's the best backup manager (gaia, open manager, etc...)
Gaia, Open Manager 2.x, and Open Manager 1.x by Moh.Sakkai are equally good. (Open manager 1.x and 2.x are both different version maintained by different developers)
"Open Manager 1.x" is the most simple. the others includes covers and many patches (like allowing to play newer games with older frmware), etc.
the 3 devs decided to join their forces and release a "unified manager". It will be released soon I think.

Note that some patches require a specific payload (Hermes v4, or PL3, etc.)

3. How do I transfer a game (ISO) to the PS3?
A) Is that really an .iso ?
the games have to be in a file/folder form, not an iso form.
ISO are the old dump format, before the jailbreak was released.
Now games are re-released in a file/folder form.
You have to place the game folder in a correct place on your HDD (internal or external).
The place change for each manager, so it's really a mess to swap managers. that's why they decided to merge them in only one development effort.

See bellow for more info.

B) If you have the original bluray disc, the manager will dump it to the internal HDD for you automatically to the correct folder.


4. WHAT DO I DO WITH THESE HEX FILES?!

To place the console in debug mode, you need to use a program to tell the PS3 what it has to do when booting.
That program has been converted to open source and is often updated. There are 2 main Open source version : PSGroove and PL3.
When they release a new version, the sources are compiled in a form of hexadecimal code (in fact, it's the binary), and you have to write this .hex file to your dongle's chipset.
There exist few programs to do that transfer. It should be available on the official PSJailbreak2 website.

5. How do I install a .pkg file?
Place the .pkg at the root of an FAT32 USB stik or USB HDD.
When in debug more, under the Game menu, there are 2 new options :
- Install Package Files (it will list all the .pkg found and will install them)
- PS3_Game/something/ (this one is used as a shortcut to launch games when you don't have a disk in the drive)

6. Can I play pirated PSN games (like flower, echochrome, etc...) after I jailbreak?
Not yet. but a hacker team (from Old time, like amiga ?) is working on it.
Currently you can only install retail demo, and official game updates from the PSN.
To install these retail, you need at least the .hex payload version "Hermes V3fix" or "PL3 from 2010-10-23".
There's another option to install .pkg without these payload, but I will tell how only if it's needed not to confuse people.

There are 3 possibilities to install them without a PSN account:
A)
Download the file.pkg on your computer, and place it on your external HDD root.
There are few websites providing links to free and legal retail .pkg download.
Some websites are also providing not so legal .pkg (internal demo, pre-released version destined for PS3 developers etc.)

Here are two legal one : ps3news.com : psn
http://www.psxstore.com/

B)
Directly from the internet browser of the PS3 http://www.psxstore.com/ + external HDD, it will be downloaded to the root of the drive.
Once downloaded, go to the "install package files" menu of the PS3.

C)
From a PS3 homebrew : FreeStore (I can't provide the link, I guess it's compiled with leaked sony sdk)
Edit : it seems FreeStore is only for installing homebrew. It's the "Wii Homebrew browser" counterpart for PS3.


Informations on where to place your games :

• External HDD :
USB:/GAMEZ/

note :
/GAMEZ//ICON0.PNG here etc.
Don't put the files (icon and USRDIR) in the GAMEZ, put the game directory containing the files.

• Internal :
Backup Manager 1.0 (can be used by other managers too) :
dev_hdd0/games/LAUN12345/GAMEZ/

Open Manager 1.x :
dev_hdd0/games/LAUN12345/GAMEZ/

Open Manager 2.x :
dev_hdd0/games/OMAN46756/GAMEZ/
dev_hdd0/games/OMAN01234/GAMEZ/

Gaia Manager (there are 2 pkg versions) :
dev_hdd0/GAMEZ/
dev_hdd0/BDRIPS/

As the first manager used "games/laun12345/gamez", usually each managers will ask you if it has to use this folder or not.
Attention : If you use that folder, and decide to delete "backup manager 1.0"" or "open manager 1.x", all your dumps will be deleted too (as they are sub-folder of the manager).
if you want to update, don't delete the previous version. just install the new one, as they share the same GameID the manager will be replaced without loosing your games.

The best thing to do is use Gaia Manager and refuse to use "laun12345" folder, it will place all the game in the root:/GAMEZ folder, so you won't loose your game by accident.

I don't know yet which folder name will be used by the unified manager (maybe it will be user defined !).

 

[B-Blue]

That was very helpful! Thank you so much!

 

[Cyan]

a new payload has just been released : PSGroove psn !
It's based on PSGroove Hermes v4b (and PL3 ?), and patch it to allow access to PSN with a PS3 with firmware 3.15 or 3.41.
(usually, PSN require the console to be in fw3.50).

Some games doesn't work at all (maybe because it's based on hermes' version instead of PL3?), but PSN access is now enabled.
Sony will certainly cover this breach in few days, so it's maybe not even a good thing to try it, and that will avoid you a ban

We could see the first ban wave soon.

For people who still want to try it, the .hex file is available for the commercial dongle "PS3Yes", but it's based on AT90USB162, 16Mhz (like the minus AVR)
The sources are available so it should be ported soon to other devices and dongle.
unfortunately, the sources patch are "really weird" ? it's not a patch, it doesn't explain which file to modify.

But there's a full Hermes PSGroove already patched, I should be able to compile a version for Rockbox devices if I can get a compiled descriptor.h file.

http://bbs.a9vg.com/read.php?tid=1614802&fpage=1

 

[B-Blue]

2 questions:
1- What's the best ummm... payload (

) and where can I download it?
2- In Gaia Manager, what does "Direct Boot" and "Mem Patch" do?

 

[Cyan]

Humm, my answers might not be very good, that's only few things I read on few forums, I didn't explain all the subject very well, especially for the mem patch.
I recommend you to read more information regarding the mem patch yourself on other forums (look at the old thread, the one which introduced it in the payload and manager for example)

1- What's the best ummm... payload (

) and where can I download it?
There's no real best one.
Hermes patched the original PSGroove port to add memory access, peek & poke, lvl2 access in PS3 architecture, syscall 36 (that's functions access, like IOS for the Wii I think), etc.
Hermes has quit the scene (at least about developing PSGroove any further); so Hermes is a good one, but it will be an outdate one really soon.

Then come PL3 (which is a mix of 2 payloads : PSFreedom and PSGroove). It's maintain by many developers, and it's the one which get updates and new game patch.
So I guess PL3 is the best one for newer games.
BUT, PL3 doesn't include Peek&Poke at all, which is require to gain specific memory access for games/homebrew.

PL3 also use syscall 35 instead of 36 (old managers relied on syscall 36, so old one won't work with PL3, and new one could not work with Hermes payload).
That's a little complicated

usually the managers know how to deal with both payload, so just try and you will see.

There are 1 official and 2 unofficial port of PL3 :
DEF = default payload
DEV = payload with peek+poke used for development
NOUNAUTH = payload that behaves similar to Hermes and fixes controller issues (eyepet and F1)


To resume, I suggest you use the most recent PL3 (they don't have revision number, but are sorted by date).
if something is not working, try Hermes v4.


2- In Gaia Manager, what does "Direct Boot" and "Mem Patch" mean?

usually, the manager only patch the memory of the PS3 to fools it and think that a game is inserted. then reboot to XMB.
There, you will see the new game located at the place of the real bluray disc game (or at the shortcut menu I talked earlier).

Direct boot is launching game without going back to XMB. it's not always working. I recommend you just "select" a game and let the manager reboot to XMB.


Mem patch (also called "Patched mode"), it's what Hermes introduced first, it allow some problematic game to work (F1 2010, Street Fighter 4, etc.).
It placed the console in a special mode (permanently until power off or reverting the option back manually).
That mode can be used before launching a FTP homebrew and transfer files in this special mode. Some games needs this patched mode, either on dump or on boot.

the last game which required it was Medal of Honor, it needed it in order to play and install the game while the game required 3.42 and the PS3 was in 3.41.
Managers has been updated, and now the patch is included natively I think. you don't need this mode anymore.

Don't use that mem patch if you don't need it.

You can know what games usually need this mode by looking at the compatibility list website.


PS : sorry if it's confusing. I understand that I'm not really good at explaining things

I don't find good english words sometime.

 

[B-Blue]

I can't thank you enough Cyan really

 

[Cyan]

I can't thank you enough Cyan really

No problem, really.
I know you like to help other too, so I'm glad to help you ^^

Tell me if you manage to make everything working as you would like.

For the PS3 scene news, I'm following this website (maybe a little slow compared to a french one I'm following too, but only few hours of difference, it's ok

).
They are talking about everything. you need an account to download though (I never created one, so I'm looking at other website to find free download).

I often read psx-scene.com forum's comment (the dev for PS3 backup managers are there).
http://psgroove.com/ have also homebrew and scene informations.


I suggest you to read the old news from PS3hax website, and read the news titles chronologically. It will give you an idea of the scene development.
You will also understand the changes in each payload/manager versions.

 

[Bloodlust]

I ordered the USD20 dongle from shoptemp. Any idea which chiptype & chipset it's using from this list : http://www.playstationclub.nl/psgroove-hex-collectie/

Is it compatible with hermesv4b? Does anyone also have an idea how to compile those hex files from the list for using your your own dongle?

I am planning to use hermesv4b (assuming the shoptemp one supports it) + Gaia Manager v1.03.1, but there are 2 pkg files for GM :

UP0001-GAIA01985_00-7679866932773369-BDRIPS.pkg
UP0001-GAIA01985_00-7679866932773369-GAMEZ.pkg

Which one should I use? My games are downloaded ones and not ripped...


Q - If I want to buy a USB programming board and do it myself, which do you recommend?
A - I recommend this $20 board from shoptemp. Other boards known to be used are the teensy++ and BlackCat 1.2+. If you search around you can possibly find other programming boards and modified versions of PSGroove or other payloads for them.