To minimize the chance of bricking, do NOT skip any of the following sections. This process will use a recently released software hack to to allow the installation of custom firmware. Check to make sure that your console is CFW compatible.
With any newly released exploit of this caliber, there is always a chance that you can brick your console. Follow all sections of this guide exactly as how they are written.
- A USB storage device, formatted as FAT32 with 32kb allocation size.
- Windows users can download the 'PyPS3checker-standalone-package' and utilise the .bat script, all other operating systems must install python and run the .py script.
- A CFW capable PS3.
Choose one of the methods below to follow. The Exploit-Loading Site requires internet connection, while the Self-Host option does not but requires slightly more work and has a larger risk of user error.
(Method 1) Self-hosting the Exploit (recommended)
PS3Xploit's Flash Writer for 4.90
Please refer to either this video guide or this text guide
(Method 2) Using an Exploit-Loading Site
- Download 4.90.1 HFW.
- Once complete extract the .zip and Check the MD5 hash of the HFW
.PUPfile to ensure that it matches
5eaef6cf25b6c319228de713b270e464. If it does not, you will need to redownload it.
- Insert a FAT32 MBR USB and copy over the "PS3" folder to the root of the USB.
- Eject the USB from the PC and insert it into the right-most USB port of the PS3.
- From the XMB navigate to the Settings column of the XMB and select System Update > Update via Storage Media.
- Ensure the Version displays "4.90.1 HFW", and press Cross on the OK button.
- navigate through the User Agreement and press Cross on the Start button. The PS3 will restart to an installing screen, follow any prompts required.
Dumping NAND/NOR flash
- From the XMB navigate to the Network column of the XMB and open the Internet Browser, press Triangle > select Tools > Homepage > Use Blank Page.
- Press Triangle > select Tools > Delete Cookies.
- Press Triangle > select Tools > Delete Search History.
- Press Triangle > select Tools > Delete Cache.
- Press Triangle > select Tools > Delete Authentication Information.
- Press Circle to close the browser, then open it again.
- Press START and enter
- Read the information displayed, then press Cross on the "Click here to CONTINUE" text.
- Insert a FAT32 MBR formatted USB into the right-most USB port of the PS3 and select the flash memory type used in your PS3s model, either NOR or NAND.
- CECHA, CECHB, CECHC, CECHE, and CECHG models use NAND flash, while all other CFW compatible models from the CECHH to the CECH25 use NOR flash.
- The page should change to display "Successfully found all variable offsets!", select the "Run checks" button.
- A file named "flash490.P3T" will be downloaded, once complete press the Circle button to close the prompt.
- Once the text changes from "Checking patch file..." to "All checks passed!" select the "Dump flash memory" button.
- The page should eventually update to display "Dump operation successful!", unplug the USB from the PS3 and plug it into a PC. Do not make any other changes to the PS3.
Verifying NAND/NOR flash dump
- Download PyPS3Checker by clicking on the "PyPS3checker-standalone-package..." text and then the "Download" button.
- Extract the contents of the .zip file, and open the newly created folder to find the "drag&drop_your_dump_here" .bat file.
- Select the "PS3FlashDump490OFW" .bin file from the USB, dragging and dropping it on top of the "drag&drop_your_dump_here" .bat file, a new window should open.
- Verify that the Number of dangers and Number of warnings are both 0.
- If they are not, reinstall the HFW update file and restart the Dumping process.
- If an error is shown only for SKUIdentityData, your console is likely refurbished and it is okay to proceed.
Patching the flash
- Return to the PS3 and select the "Patch flash memory" button.
- It is important that the PS3 does not lose power or is otherwise interrupted during the patching process, ensure not to accidentally bump the PS3 or close the internet browser.
- The page should update to display "Patch operation successful!", press Circle to close out of the browser, restart the PS3, then continue with the following steps for installing CFW.
Installing a CFW
- Create a folder on the root of the drive titled "PS3", and inside of that folder, create a new folder called "UPDATE".
- Download your desired CFW of equal or higher version, or a CFW spoofed to the latest version. The most recent firmwares can be found on this page. Regardless of which firmware you choose, verify the MD5 hash of the .PUP file to ensure that the file is not corrupt.
- In order to go to a lower version CFW, you must install a CFW of equal or higher version and then install the Habib QA Toggle PKG, run it, and reboot before you can install the desired CFW.
- Rename the CFW .PUP to "PS3UPDAT.PUP".
- Move the PUP to the UPDATE folder on the USB drive.
- Remove the USB drive from your PC and plug it into a USB port on your PS3. **Make sure to remove any disc inside your console**.
- On your PS3, navigate to Settings → System Update, then Update from Removable Media.
- Go through all the necessary prompts to install the firmware onto your system. If all goes well, you should now be on CFW.
- If you get a error saying "The data is corrupted" and you had verified the MD5 hash, then the PS3xploit patch most likely failed and you should try the exploit again.
- If you receive error 8002F1F9, check that your disc drive and Bluetooth are working. If they are not, you need to use a No-BD firmware.
- (Optional) Visit this page of the wiki to learn about the basic things you can do with your newly hacked PS3, and explore the rest of the PS3 Mods Wiki.
Bad Flash Recovery
In the event that something goes wrong while flashing your NAND, and your console is not working properly (or "bricked"), you may be able to recover it by updating the firmware normally through the XMB, ensuring you haven't shut down your console. Otherwise you can possibly boot into recovery mode and reinstall your current firmware from there. If this does not work, you will need to use a a hardware flasher to reflash. Please see Bad Flash Recovery section of the E3 Flasher, Teensy or ProgSkeet guides.
Unable to access ps3xploit:
- Check psx-place for any news regarding service changes.
Flash drive not appearing to dump flash:
- Check that the flash drive is formatted as a FAT32 MBR drive.
- To check if the PS3 detects the drive, plug it into the PS3 and see if it appears under the 'Music' category of the XMB.