Hacking [OLD!] PS3 "jailbreak" F.A.Q.

[Cyan]

i do run all my games off internal, i didnt think there would be any games that can run off external but not off internal

There's only 3D Dot Hero.
It doesn't work internally, but is fine externally with a DVD in drive.

On psjcb, there's a report of the game working "sometime" on internal, but I never get past the introduction logos.

 

[DaMummy]

Okay. Tomorrow I'm buying a PS3 with a burned out laser. It's an old phat model with an outdated firmware, and so should be fully hackable. So um, how do I go about that? What's the most effective dongle I could buy/make? What do i do with it? After I do that, how, specifically, do I run backups? I read the FAQ, but it was kinda general.

just so you know, as of right now, many games wont work unless you have a ps3 game in the drive, so a ps3 w/o a working drive wont run all games

 

[ChaosBoi]

Sorry if this is already answered before, but here's a question I've been meaning to ask.

When Sony bans you, do they only ban your PSN or do they also ban your console unit?

 

[Rydian]

Sony's never banned anybody, so nobody knows.

 

[Madridi]

I got myself two Teensy++ v2.0
What's the best payload to use with it (PS3 v3.15)

 

[Cyan]

If you ask about the difference between PL3 and hermes, then that's not a payload which is better, but the features added to them.

They almost do the same thing, which is :
- jailbreak (run unsigned homebrews)
- redirect bluray drive to harddrive.
- install packages
- spoof firmware version (3.50, 3.55 etc.)
- peek & poke (memory read and write)*
- PSN access patched
- Work on many firmware version (PL3 > Hermes)

* about peek and poke :
Hermes has p&p natively, while PL3 has 3 different versions :
- default PL3 payload (no memory access)
- dev PL3 payload (forgot what's added, I guess it's root access instead of limited user right)
- nounauth PL3 Payload (dev + peek and poke enabled).

Default PL3 payload might have better security, as it prevent homebrew to modify or delete files in your console.


So, you can use both payload.
I'm using PL3 for games, and Hermes for File browser homebrew.

PL3 is still updated frequently, fixing bugs and adding memory adress for new firmwares (like adding fw2.70).
But if you are on 3.15, then there are no problem at all, it's one of the first release payload.

 

[Madridi]

If you ask about the difference between PL3 and hermes, then that's not a payload which is better, but the features added to them.

They almost do the same thing, which is :
- jailbreak (run unsigned homebrews)
- redirect bluray drive to harddrive.
- install packages
- spoof firmware version (3.50, 3.55 etc.)
- peek & poke (memory read and write)*
- PSN access patched
- Work on many firmware version (PL3 > Hermes)

* about peek and poke :
Hermes has p&p natively, while PL3 has 3 different versions :
- default PL3 payload (no memory access)
- dev PL3 payload (forgot what's added, I guess it's root access instead of limited user right)
- nounauth PL3 Payload (dev + peek and poke enabled).

Default PL3 payload might have better security, as it prevent homebrew to modify or delete files in your console.


So, you can use both payload.
I'm using PL3 for games, and Hermes for File browser homebrew.

PL3 is still updated frequently, fixing bugs and adding memory adress for new firmwares (like adding fw2.70).
But if you are on 3.15, then there are no problem at all, it's one of the first release payload.

Thanks a lot for the detailed explanation Cyan. I'm new to PS3 jailbreaking so I'm taking it one step at a time.
Can you link me to both hermes and PL3 (best versions of both). I'm not worried about user access as nobody uses the PS3 besides me, and I dont go around deleting or modifying random stuff.. So I'll take whatever you see is best, and I'll start learning the differences from there

That aside, can you please explain the last part of your sentence? if I remember correctly, jailbreaking was buggy on 3.15, and only 3.41 that was fully supported.. right?

 

[GNkyrios]

question, can i unplug my dongle after the game starts? i want to play with both controllers wired in case i have bluethoot interference on my friend's house.

 

[DaMummy]

the clones support unplugging of dongle after you boot your ps3 in debug mode. the official ps3jailbreak does not though and has to stay inside due to software

 

[Cyan]

Thanks a lot for the detailed explanation Cyan. I'm new to PS3 jailbreaking so I'm taking it one step at a time.
Can you link me to both hermes and PL3 (best versions of both). I'm not worried about user access as nobody uses the PS3 besides me, and I dont go around deleting or modifying random stuff.. So I'll take whatever you see is best, and I'll start learning the differences from there

That aside, can you please explain the last part of your sentence? if I remember correctly, jailbreaking was buggy on 3.15, and only 3.41 that was fully supported.. right?

I have a pack with every payload for every devices on my computer (I found it on gx-mod french forum).
I'm not at home right now, so I'll give it to you later if you don't find it first.

About the firmware compatibility :
•The original payload (from PSJailbreak) worked only on 3.41, and so was Hermes patches.
•Then comes PSGroove (Open source of the PSjailbreak payload), and we found that it was based on an exploit in the firmware present since 2.70.
•Then comes PL3 payload which found the memory coordinate to patch few other firmware version to make the console boot in jailbreak mode.
These firmware were : 3.01, 3.10 and 3.15.
Hermes payload wasn't easy to modify to compile the payload for each firmware (we had to edit manually each time), while PL3 payload had all the firmware in the sources, and you can just choose the one you want to compile.

•Since then, new compatible firmware version were added to PL3, it's now compatible with all of them from 2.70 to 3.41
•Hermes was then modified to support other firmware version, but they don't have all of them.

I think 3.50 could be added (sony only blacklisted the USB devices, they didn't patch the exploit)
about 3.55 I'm not sure. maybe it could be jailbroken the same way, of the exploit patched back (now that we can modify and sign firmware update to patch the files officially).


PS :
I would like to help this forum section, and make more FAQ and help topic, but I'm a little short on free time

I will help when I can.

 

[Madridi]

Thanks alot Cyan!

So what you're saying that the latest PL3 release and hermes fully support 3.15 as they do 3.41?
Well that's awesome, as I didnt wanna lose my otherOS.

•Hermes was then modified to support other firmware version, but they don't have all of them.

What do you mean by they don't have all of them. As in, they dont support all firmwares between 2.70 and 3.41?
But hermes fully support 3.15 now right?

Thanks alot for your help man.
I would appreciate it if you can upload the payloads for the teensy++. I would like to try both hermes and PL3 (whatever version you think is best!)

 

[Cyan]

yes, hermes is compatible with 3.15 and 3.41
But, it's maybe only for Rockbox (which I'm using and following the development). I try to find the Hermes 3.15 for teensy++2.0 but I didn't find it.
maybe I never took these payload as I don't own a teensy, I will let you use google and you will have to read older forum messages on sites like psx scenes, or ps3hax


here are all the PL3 payload for all the devices, compiled using PL3 from 2010 12 28.
I don't remember where I found the file (either gx-mod or psx-scene)

You can always compile the .hex for you device by using this website :
http://www.project0.de/psgroove-maker/
(for PL3, don't forget to select 3.15 on the 2nd page)

 

[Madridi]

Thanks alot Cyan! I'll flash it now and see how it is!
I've tried searching for hermes but I was not sure what i was looking for really. Is hermes 4b with 3.55 firmware spoof what I'm looking for? Do I even WANT firmware spoof? PSN access is patched right?

So am I looking for 4b with no other modifications?

as for PL3 (excellent package there!), I'm not sure which one would be best to install. But from your description above, nounauth PL3 Payload seems the best?

One last question. Which one is the best backup manager to install..

 

[Cyan]

yes, the latest Hermes is v4(b) spoof 3.55

Spoof and PSN Fix are 2 different things.
First they found how to access PSN, then (few hours later) they added the firmware version spoof ability. people think it's the same because it was released very close from each other.
PSN access has been patched server side by Sony, but the firmware spoofing could be useful to prevent updating the console by error, launching a games doesn't ask you to update if you are already up to date.


The no_unauth is the one with all the memory and root access, like Hermes payload.
When you said "I don't care about security, because I'm the only one using the console", you are wrong.
It's not a user security, it's a harming homebrew/virus security. If you run a homebrew which try to delete your flash NAND outside the currently used folder, then default PL3 will refuse access while no_unauth will grant the request and delete your files.
And, yes, there is (unfortunately) already a harmful homebrew (a fake backup manager which delete all installed games. Not very harmful but very annoying). That one can't be block with the default PL3 though, as it access the files under it's own subdirectory, not the system files.
Though, I think the best one is no_unauth, as some manager and homebrew require memory patching and root access. it's up to you to be careful and read user comment first before using an unknown homebrew.


Best backup manager, humm difficult to say.
They are all based on Open Manager.
•Open manager 1.17.2 by Moh.Sakkhai is/was(not updated anymore) a good one, though the install folder is a sub-folder of the manager. If you delete the manager the games are deleted too.
•Gaia Manager 1.04.1, which was updated regularly before the main backup manager's devs decided to join forces to create "unified manager" (no info from the dev since 1 month).
Gaia Manager uses 2 possible external folders for storing games, so you won't loose your games if you delete the manager.
This manager can also automatically patch the param.sfo for games requiring newer firmware, ex. if you are on 3.15 and you run a 3.41 game, it patch the content to 3.15 so the game can boot.
•MultiMan (too many version update every days), could be a good one, I never try it.
It's a Backup Manager and an AVCHD video player.
It can mount any folder on the hard drive as the game or video folder, so no worries about loosing game if you delete the manager.
Many new features and bugfixes every day, the only manager still in development.

 

[Madridi]

Thanks for the detailed description Cyan!
While waiting for your reply, I went ahead and flashed the no_unauth hex, jailbroke my PS3, and installed open manager 2.1-I (is this a good one?) and Gaia Manager 1.04.1. I will also be sure to check out multiMan as well Thanks

No my problem is with ripping BD games. I insert a game, I click on copy, it gives me a fatal error and asks me to abort. Am I doing it wrong?

The same thing happens with both backup managers

Edit: also, I do know the difference between spooking the firmware and actually having PSN access. My question is, what's the point of that? Just to have the firmware number? In PSP spooking 2.00 was a way to downgrade the PSP to 1.5, so there was a point behind it. But is there any point of doing that here?

well, updating it by error is stupid anyways as it takes time to download before it installs. but that's an interesting note about running a game that requires FW update. I thought all of those needed to be patched? (such as GT5)

 

[Cyan]

Open Manager 2.x is a good one too.
I recommend you use either Gaia or MultiMan (because of the external path for storing games), but you are free to test.

When you run Gaia for the first time, don't say "yes" when it asks you if you want to use "hdd0/games/LAUN12345" folder. This is the first "Backup Manager" (release from PSJailbreak) folder.
When you say no, it will create hdd0/gamez/ folder
Then this folder can also be used by MultiMan.

I don't know why you have an error. dumping works fine with both Hermes and PL3 for me, and it's quite fast (25min/8GB), not anything like 4h30 for a full BD like it was announced the first day.

There's no real point in the spoofing. it's just an option to be on the last known firmware version, to run original retail games without asking to update.
(we can't anticipate firmware version, it needs a checksum)

for GT5, NFS, sly, and other, you can't run it from original, as it include a new key that older firmware can't decrypt.
You need to dump the game to internal HDD, then replace the original 3.55 crypted eboot.bin with a decrypted one.
if you use Gaia or MultiMan, then the param.sfo will be patched automatically to says that the needed minimum firmware is the one you are currently using.
If you use another manager, you will have to manually patch it with param.sfo editor, and replace the file on hdd.

 

[Madridi]

Open Manager 2.x is a good one too.
I recommend you use either Gaia or MultiMan (because of the external path for storing games), but you are free to test.

When you run Gaia for the first time, don't say "yes" when it asks you if you want to use "hdd0/games/LAUN12345" folder. This is the first "Backup Manager" (release from PSJailbreak) folder.
When you say no, it will create hdd0/gamez/ folder
Then this folder can also be used by MultiMan.
I already noticed that. But thanks for mentioning it

I don't know why you have an error. dumping works fine with both Hermes and PL3 for me, and it's quite fast (25min/8GB), not anything like 4h30 for a full BD like it was announced the first day.
Actually, it was the no_unauth payload doing that. The default payload works fine. It was MultiMan that specified that error. Any idea why?
Also, yes I got about the same speed when I dumped the game. I was surprised to be honest

QUOTE

for GT5, NFS, sly, and other, you can't run it from original, as it include a new key that older firmware can't decrypt.
You need to dump the game to internal HDD, then replace the original 3.55 crypted eboot.bin with a decrypted one.
if you use Gaia or MultiMan, then the param.sfo will be patched automatically to says that the needed minimum firmware is the one you are currently using.
If you use another manager, you will have to manually patch it with param.sfo editor, and replace the file on hdd.

Yeah I heard about that. I intend to try NFS and GT5 once I get my hands on a copy.

So you mean it will run fine once I dump it to my internal HDD (which I'm using) and run it using any of these managers? sounds easy enough
btw, did the PL3 you posted include the firmware spoof?

Thanks again Cyan. You have helped me alot

 

[nugundam0079]

My ps3 is at 3.55 and I have not modded it in anyway-I keep hearing about "Signed games" and I want to try out Gundam Musou3 -ive downloaded all the files required to get the game to run-Im wondering do I still need to CFW my ps3? or is signing the game enough?

 

[luke_c]

My ps3 is at 3.55 and I have not modded it in anyway-I keep hearing about "Signed games" and I want to try out Gundam Musou3 -ive downloaded all the files required to get the game to run-Im wondering do I still need to CFW my ps3? or is signing the game enough?

If you are on 3.55 OFW you will need to flash Geohots 3.55 CFW so you can Install Package Files. You will need to use the eboot method aswell to get it to run as a PSN game from the XMB, make sure you sign the .pkg aswell. Even then it is not guaranteed that this will work.

 

[Nollog]

YO.
I was offered an original PS3 60GB recently.
Two questions:

Any problems with phat original ps2 hardware compatibility versions so far? (waninkoko's aside since I don't believe his code is good to begin with.)
Do you still need a jailbreak device or can I install a CFW from an OFW without one?

Much obliged.