PS3:PS3Xploit

From ConsoleMods Wiki
Jump to navigation Jump to search
Exclamation-triangle-fill.svgThere is always a chance of bricking your console when flashing data to the NAND/NOR chip.


To minimize the chance of bricking, do NOT skip any of the following sections. This process will use a recently released software hack to to allow the installation of custom firmware. Check to make sure that your console is CFW compatible.

With any newly released exploit of this caliber, there is always a chance that you can brick your console. Follow all sections of this guide exactly as how they are written.

Materials Needed

  • A USB storage device, formatted as FAT32 with 32kb allocation size.
  • PyPS3Checker.
    • Windows users can download the 'PyPS3checker-standalone-package' and utilise the .bat script, all other operating systems must install python and run the .py script.
  • A CFW capable PS3.
    • MinVerChk can be used to determine if a PS3 is compatible with custom firmware.

Running PS3Xploit

(Method 1: 4.75 - 4.91) Using bgtoolset (recommended)

A video guide for using this tool set can be found here.

  1. Ensure the date and time of the PS3 is correctly set by navigating to the Settings column of the XMB and selecting "Date and Time Settings" → "Date and Time", and either manually setting the date and time, or using set via internet.
  2. Plug the USB drive into the right-most USB port, ensuring your USB is formatted as FAT32 MBR, and that it is recognized by the PS3 by checking that it shows up on the XMB under the Photos column.
  3. Navigate to the Network column of the XMB and select "Internet Browser".
  4. Press Triangle, select Tools → Delete Cookies.
  5. Press Triangle, select Tools → Delete Search History.
  6. Press Triangle, select Tools → Delete Cache.
  7. Press Triangle, select Tools → Delete Authentication Information.
  8. Press Circle to close the browser, then open it again.
  9. Press Start and enter ps3toolset.com. If prompted to run a plugin, select "Yes". Press the "OK" button on the maintenance costs popup.
  10. Press Triangle, select Tools → Home Page. Select "Use Current" and press Cross. Scroll down to OK and press Cross to exit this menu.
  11. Select "System Manager" and ensure there is a green tick next to "CFW Compatible PS3".

Dumping NAND/NOR flash

  1. Scroll over the "Flash Memory" folder and press Cross, then Cross again on "Save Flash Memory Backup".
  2. Select "/dev_usb" (followed by three numbers) as the save destination, and press Cross on the "Save" button.
    • After the dumping process completes, a green tick should appear, indicating the dump was successful.
  3. Press Cross on the "Close" button, hold Circle to exit out of the PS3 browser, and unplug the USB drive from the PS3.

Verifying NAND/NOR flash dump

  1. Plug the USB drive into a computer, then copy the flash dump file (dump.hex) from the root of the USB to your desktop.
  2. Download PyPS3checker by clicking "PyPS3checker-standalone-package", followed by the "Download" button.
  3. Extract the PyPS3Checker zip, then Drag dump.hex onto the drag&drop_your_dump_here.bat file. Wait for the check to complete, and ensure there are no "Dangers" or "Warnings".
    • If either are encountered, reinstall the PS3s firmware and try again.
    • If an error is shown only for SKUIdentityData, the PS3 is likely refurbished and it is okay to proceed.
    • If an error is shown for the hash of either ROS0 or ROS1, it is likely okay to proceed, reinstalling official PS3 firmware and creating a new flash dump should fix this warning.
  4. Backup the dump.hex file to a safe location. Should the PS3 become bricked, this file will be used along with a hardware flasher to restore the console to a working state.

Patching the flash

  1. Navigate back to the Network column of the XMB and open the Internet Browser. Load the plugin if prompted, and close the Maintenance Costs popup.
  2. Press Cross on "System Manager", then scroll over the "Flash Memory Patch" folder and press Cross, then Cross again on "Load Patch via HTTP". Once complete, press Cross on the "Close" button.
  3. Scroll over the "Flash Memory Patch" folder and press Cross, then scroll over "Apply loaded Patch" and press Cross.
    • Read and understand the warning message, if the PS3 loses power or is otherwise interrupted during the patching process, it may result in a brick.
  4. Press Cross on the "Yes" button, and wait for the process to complete.
    • Once complete, a message should popup alerting you to reboot the console.
  5. Press Cross on the "Close" button, hold Circle to exit out of the web browser, then reboot the PS3.
    • Note if the PS3 takes longer than usual to reboot, do not be immediately be alarmed, and to wait for a few minutes.
  6. Proceed to Installing a CFW of equal or higher version.

(Method 2: 4.90) Using PS3Xploit Flash Writer

This video guide also details the instructions of self-hosting and using this method.

Self-hosting the Exploit (optional, but recommended)

  1. Download the 4.90 Flash Writer & XAMPP
  2. Launch XAMPP, and click the Explorer button. It will take you to XAMPP's installation folder.
  3. Navigate to the folder named htdocs.
  4. Extract the files from the flash writer zip into a folder named ps3xploit inside XAMPP's htdocs folder.
  5. In XAMPP, start the Apache module. The computer will now be hosting the web page.
  6. Determine the IP address of the computer. On Windows, it can be done by opening the terminal, command prompt, or Powershell and typing the ipconfig command.
  7. Continue to the next section.

Using the Exploit-Loading Site

Installing HFW
  1. Download 4.90.1 HFW.
  2. Once complete extract the .zip and Check the MD5 hash of the HFW .PUP file to ensure that it matches 5eaef6cf25b6c319228de713b270e464. If it does not, you will need to redownload it.
  3. Insert a FAT32 MBR USB and copy over the "PS3" folder to the root of the USB.
  4. Eject the USB from the PC and insert it into the right-most USB port of the PS3.
  5. From the XMB navigate to the Settings column of the XMB and select System Update > Update via Storage Media.
  6. Ensure the Version displays "4.90.1 HFW", and press Cross on the OK button.
  7. Navigate through the User Agreement and press Cross on the Start button. The PS3 will restart to an installing screen, follow any prompts required.
Dumping NAND/NOR flash
  1. From the XMB navigate to the Network column of the XMB and open the Internet Browser, press Triangle > select Tools > Homepage > Use Blank Page.
  2. Press Triangle > select Tools > Delete Cookies.
  3. Press Triangle > select Tools > Delete Search History.
  4. Press Triangle > select Tools > Delete Cache.
  5. Press Triangle > select Tools > Delete Authentication Information.
  6. Press Circle to close the browser, then open it again.
  7. Press START and enter https://ps3addict.github.io/writer/ or https://evilnat.github.io/flashwriter/.
    • If you are self-hosting the site, use the computer's local IP address with /ps3xploit added at the end of the address.
  8. Read the information displayed, then press Cross on the "Click here to CONTINUE" text.
  9. Insert a FAT32 MBR formatted USB into the right-most USB port of the PS3 and select the flash memory type used in your PS3s model, either NOR or NAND.
    • CECH-A/B/C/E/G models use NAND flash, while all other CFW compatible models from the CECH-H to the CECH25 use NOR flash.
  10. The page should change to display "Successfully found all variable offsets!", select the "Run checks" button.
  11. A file named "flash490.P3T" will be downloaded, once complete press the Circle button to close the prompt.
  12. Once the text changes from "Checking patch file..." to "All checks passed!" select the "Dump flash memory" button.
  13. The page should eventually update to display "Dump operation successful!", unplug the USB from the PS3 and plug it into a PC. Do not make any other changes to the PS3.
Verifying NAND/NOR flash dump
  1. Download PyPS3Checker by clicking on the "PyPS3checker-standalone-package..." text and then the "Download" button.
  2. Extract the contents of the .zip file, and open the newly created folder to find the "drag&drop_your_dump_here" .bat file.
  3. Select the "PS3FlashDump490OFW" .bin file from the USB, dragging and dropping it on top of the "drag&drop_your_dump_here" .bat file, a new window should open.
  4. Verify that the Number of dangers and Number of warnings are both 0.
    • If they are not, reinstall the HFW update file and restart the Dumping process.
    • If an error is shown only for SKUIdentityData, your console is likely refurbished and it is okay to proceed.
Patching the flash
  1. Return to the PS3 and select the "Patch flash memory" button.
    • It is important that the PS3 does not lose power or is otherwise interrupted during the patching process, ensure not to accidentally bump the PS3 or close the internet browser.
  2. The page should update to display "Patch operation successful!", press Circle to close out of the browser, restart the PS3, then continue with the following steps for installing a CFW.

Installing a CFW

  1. Create a folder on the root of the USB drive titled "PS3", and inside of that folder, create a new folder titled "UPDATE".
  2. Download your desired CFW of equal or higher version, or a CFW spoofed to the latest version. The most recent firmwares can be found on this page. Regardless of which firmware you choose, verify the MD5 hash of the .PUP file to ensure that the file is not corrupt.
    • In order to go to a lower version CFW, you must install a CFW of equal or higher version and then install the Habib QA Toggle PKG, run it, and reboot before you can install the desired CFW.
  3. Rename the CFW .PUP to "PS3UPDAT.PUP".
  4. Move the PUP to the "UPDATE" folder on the USB drive.
    • The resulting folder structure must be PS3>UPDATE>PS3UPDAT.PUP
  5. Remove the USB drive from your PC and plug it into a USB port on your PS3. **Make sure to remove any disc inside your console**.
  6. On your PS3, navigate to Settings → System Update, then Update from Removable Media.
  7. Go through all the necessary prompts to install the firmware onto your system. If all goes well, you should now be on CFW.
    • If you get a error saying "The data is corrupted" and you had verified the MD5 hash, then the PS3xploit patch most likely failed and you should try the exploit again.
    • If you receive error 8002F1F9, check that your disc drive and Bluetooth are working. If they are not, you need to use a No-BD firmware.
  8. (Optional) Visit this page of the wiki to learn about the basic things you can do with your newly hacked PS3, and explore the rest of the PS3 Mods Wiki.

Bad Flash Recovery

In the event that something goes wrong while flashing your NAND, and your console is not working properly (or "bricked"), you may be able to recover it by updating the firmware normally through the XMB, ensuring you haven't shut down your console. Otherwise you can possibly boot into recovery mode and reinstall your current firmware from there. If this does not work, you will need to use a a hardware flasher to reflash. Please see Bad Flash Recovery section of the E3 Flasher, Teensy or ProgSkeet guides.

Troubleshooting

Unable to access ps3xploit:

  • Check psx-place for any news regarding service changes.

Flash drive not appearing to dump flash:

  • Check that the flash drive is formatted as a FAT32 MBR drive.
    • To check if the PS3 detects the drive, plug it into the PS3 and see if it appears under the 'Music' category of the XMB.
Retrieved from "https://consolemods.org/wiki/index.php?title=PS3:PS3Xploit&oldid=41390"