PS3:PS3Xploit (NAND)

There is always a chance of bricking your console when flashing data to the NAND/NOR chip.

This page describes the self-hosting method for PS3Xploit. It is recommended to use an internet-hosted website instead, as they are more simplified and carry less risk of error. For instructions on using an internet-hosted website, please visit the PS3Xploit page.

Self-hostable files are now available for 4.90 firmware. If you have a firmware higher than 4.85, you will need to go to the PS3Xploit page and use the updated flash writer.

NAND or NOR?

It is recommended to check the model number on the back of your console and compare it to the chart below to determine if your console is NAND-based or NOR-based. If your console is not NAND based, use the PS3Xploit (NOR) page instead.

If you have a CECH-25XX console, you will have to use MinVerChk to check if it's compatible.

Materials Needed

• The NOR/NAND Flash Writer zip file (extracted to Desktop) (mirror)
• The NOR/NAND Flash Dumper zip file (extracted to Desktop) (mirror)
• 4.85.1 HFW .PUP
• MiniWeb HTTP Server
• PS3 Dump Checker

Self-hosting the Exploit

Setting up miniweb server

1. Double check that your console is a NAND console, and not a NOR console. You will risk bricking your console if it is a NOR console!
2. Update to 4.85.1 HFW using this guide and the .PUP linked in the "Materials Needed" section.
   • Verify the MD5 checksum of the PUP matches the checksum: C6632994C04D0ED8C555091F3FDE9BBB before continuing. If they match, you may continue, otherwise you will need to redownload the PUP and verify again.
3. Extract the NOR/NAND Flash Writer zip file into a folder labeled "NANDFlasher".
4. Inside of the NANDFlasher folder, create a folder called "htdocs".
5. Inside of the htdocs folder, create another folder called "writer".
6. Move the "ps3xploit_writer_v201.js", and the "index_nand.html" files into the "writer" folder, then rename "index_nand.html" to "index.html".
7. Inside of the htdocs folder, create a folder called "dumper".
8. From the "NOR_NAND_IDPS_dumper" .zip, move "ps3xploit_v202.js". and the "index_nand.html" files into the "dumper" folder, then rename "index_nand.html" to "index.html".
9. Ensure your PS3 is connected to the same network as your PC, in order to be able to connect to the web server. This can either be through WiFi or network cables to your router.
10. Move the "miniweb.exe" file into the NANDFlasher folder and run it. This will start the web server on your local network.

Dumping the consoles flash for recovery purposes

1. Plug the USB drive into your computer, and copy over the "flash_485.hex" file to the root of the drive and then plug it in the right-most USB port on the PS3.
2. Turn your PS3 off, then turn it back on again.
3. Navigate to the Network column of the XMB and select "Internet Browser". Press Start and enter the IP address and port that the miniweb window displays (example: "192.168.11.010:1337").
4. A directory page should appear with 3 options, select "dumper".
5. Press Triangle, scroll down one option and select Tools → Home Page. Scroll down two options to "Use Current" and press Cross. Scroll down to OK and press Cross to exit this menu.
6. Press Circle and choose Yes to exit the browser.
7. Launch the Internet Browser again. Read the warnings on screen, and ensure /dev_usb000/dump.hex is selected, click the "Initialize exploitation" button, wait for a success message, and then choose "Dump 239MB NAND to USB/Card device" and wait until you receive a message saying "NAND Flash dump operation completed..!".
   • If it takes longer than 30 minutes, try another USB storage device.
8. Unplug your USB storage device and plug it into your PC. Drag your dump.hex file over the file "ps3_dump_checker.exe". The program will open and validate your dump. If the dump comes up as "OK" it's okay to proceed. If it comes up as "BAD" and lists the only failures as the ROS0/ROS1 hash, you're okay to proceed.
   • If you receive a message saying that it is the wrong file size, you likely have a NOR console and not a NAND console. Check again here.
   • If you receive an error for only SKUIdenityData (and maybe also the ROS0 hash or ROS1 hash), your console is likely refurbished and it is okay to proceed.
   • BACKUP THE DUMP.HEX FILE IF IT IS "OK"... SHOULD YOU MANAGE TO BRICK YOUR PS3, THIS FILE WILL BE USED WITH A HARDWARE FLASHER TO RESTORE THE CONSOLE
9. Restart your PS3, you are now ready to modify the consoles flash.

Modifying the consoles flash

1. On the PS3 web browser navigate to your PC's IP address and miniweb's port to access the same directory page as earlier. Select the "writer" directory.
   • You should receive a message indicating that your console is compatible. If you do not, reinstall 4.85.1 HFW. Press Cross to dismiss the compatibility message.
2. Press Triangle, scroll down one option and select Tools → Home Page. Scroll down two options to "Use Current" and press Cross. Scroll down to OK and press Cross to exit this menu. Press Circle and choose Yes to exit the browser.
3. Launch the Internet Browser again. Read the warnings on screen, and ensure that the /dev_usb000/flash_485.hex option is checked.
4. Hover over the "Initialize exploitation" button and press Cross. A success message should almost instantly appear indicating "Exploit Initialization SUCCESS...!". If it fails, follow the on-screen instructions to refresh the page.
5. Select "Patch NAND Flash Memory". A message should appear saying "Proceeding to patch NAND Flash Memory...". After a few minutes, it should change to "NAND Flash memory patch operation completed..!". If it takes longer than 5 minutes to complete, exit the browser and try again.

Dumping the consoles flash for verification

1. On the PS3 web browser, navigate to your PC's IP address and miniweb's port to access the same directory page as earlier. Select the "dumper" directory. Press Triangle, scroll down one option and select Tools → Home Page. Scroll down two options to "Use Current" and press Cross. Scroll down to OK and press Cross to exit this menu.
2. Press Circle and choose Yes to exit the browser.
3. Launch the Internet Browser again. Read the warnings on screen, and ensure /dev_usb000/dump.hex is selected, click the "Initialize exploitation" button, wait for a success message, and then choose "Dump 239MB NAND to USB/Card device" and wait until you receive a message saying "NAND Flash dump operation completed..!".
   • If it takes longer than 30 minutes, try another USB storage device.
4. Unplug your USB storage device and plug it into your PC. Drag your dump.hex file over the file "ps3_dump_checker.exe". The program will open and validate your dump. If the dump comes up as "OK" it's okay to proceed. If it comes up as "BAD" and lists the only failures as the ROS0/ROS1 hash, you're okay to proceed.
   • If you receive a message saying that it is the wrong file size, you likely have a NOR console and not a NAND console. Check again here.
   • If you receive an error for only SKUIdenityData (and maybe also the ROS0 hash or ROS1 hash), your console is likely refurbished and it is okay to proceed.
   • This second dump of the flash is used to verify that the modification of the flash has been successfully completed.
5. Restart your console and proceed to install a CFW of equal or higher firmware version with the "Installing a CFW" instructions.