PS3:PS3Xploit (NOR): Difference between revisions

From ConsoleMods Wiki
Jump to navigation Jump to search
mNo edit summary
Line 22: Line 22:
|-
|-
| CECH-3000+
| CECH-3000+
| Cannot downgrade
| Not compatible.
|}
|}
If you have a CECH-25XX console, you will have to use [[PS3:MinVerChk|MinVerChk]] to check if it's compatible.
If you have a CECH-25XX console, you will have to use [[PS3:MinVerChk|MinVerChk]] to check if it's compatible.

Revision as of 21:08, 30 October 2021

Exclamation-triangle-fill.svgThere is always a chance of bricking your console when flashing data to the NAND/NOR chip.


To minimize the chance of bricking, do NOT skip any of the following sections. This process will use a recently released software hack to to allow the installation of custom firmware. Check to make sure that your console is downgrade compatible.

With any newly released exploit of this caliber, there is always a chance that you can brick your console. Follow all sections of this guide exactly as how they are written.

NAND or NOR?

It is recommended to check the model number on the back of your console and compare it to the chart below to determine if your console is NAND-based or NOR-based. If your console is not NOR based, go back to the PS3:Getting Started page and choose a different guide.

Model Flash
CECHA through CECHG NAND
CECHH through CECHQ NOR
CECH-2000 through CECH-25XX NOR
CECH-3000+ Not compatible.

If you have a CECH-25XX console, you will have to use MinVerChk to check if it's compatible.

Materials Needed

  • A USB storage device, formatted as FAT32 with 32kb allocation size.
  • PyPS3Checker.

(Method 1) Using an Exploit-Loading Site

  1. Ensure your USB drive is formatted as FAT32, and that it is recognized by your PS3 by checking that it shows up on the XMB under Photos, Music, or Videos column.
  2. Plug the USB drive into the right-most USB port.
  3. Navigate to the Network column of the XMB and select "Internet Browser". Press Start and enter the URL for the PS3Xploit website: http://ps3xploit.net. Press "yes" when prompted to load a plugin. You should see a green checkmark or a red X depending on whether your PS3 is CFW compatible.
  4. Press Triangle, scroll down one option and select Tools → Home Page. Scroll down two options to "Use Current" and press Cross. Scroll down to OK and press Cross to exit this menu.
  5. Clear your cookies and cache by going to Tools. Press Circle and choose Yes to exit the browser.
  6. Launch the Internet Browser again. Make sure to press Cross and load the plugin. If you see an error in the top right, restart your console then open the Internet Browser again.
  7. Hover over the "Flash Memory Manager" button and press Cross.
  8. Press Cross on "Flash Memory" then Cross on "Save Flash Memory Backup".
  9. Clear cookies and cache again, then exit the browser. Unplug your USB, put it back into your computer, then copy the flash dump file (dump.hex) from the root of your USB to your desktop.
    • Backup the dump.hex file to a safe location. Should you manage to brick your PS3, this file will be used with a hardware flasher to restore the console!
  10. Extract the PyPS3Checker zip into a folder of your choice. Drag dump.hex onto the .bat file inside that folder and make sure the total number of "Dangers" and "Warnings" is 0 for both. If you see any "Dangers" or "Warnings", repeat the dump and try again.
  11. Open the Internet Browser again, ensuring you load the plugin once again, and make sure the top right says the exploit is initialized. Press Cross on "Flash Memory Manager".
  12. Press Cross on "Flash Memory Patch". Press Cross on "Load Patch via HTTPS". Wait for it to download.
  13. Press Cross on "Apply loaded Patch". DO NOT INTERRUPT THE PATCHING PROCESS. It may take a few minutes to complete.
  14. Once you see a green checkmark, close the Internet Browser and reboot your console.
  15. Proceed to install a CFW of equal or higher version with the "Installing a CFW" instructions found below.

(Method 2) Self-hosting the Exploit

These steps are an alternative to using an exploit-loading site. You will need to download the NOR/NAND Flash Writer zip file (extract to Desktop).

  1. Double check that your console is a NOR console, and not a NAND console. You will risk bricking your console if it is a NAND console!
  2. Update to 4.85.1 HFW using this guide and the .PUP linked in the "Materials Needed" section.
    • Verify the MD5 checksum of the PUP matches the checksum: C6632994C04D0ED8C555091F3FDE9BBB before continuing. If they match, you may continue, otherwise you will need to redownload the PUP and verify again.
  3. Extract the NOR Flasher zip file into a folder labeled "NORFlasher".
  4. Inside of the NORFlasher folder, create a folder called "htdocs".
  5. Move the "ps3xploit_writer_v201.js", and "index_nor.html" files into htdocs, then rename "index_nor.html" to "index.html".
  6. Ensure your PS3 is connected to the same network as your PC, in order to be able to connect to the web server. This can either be through WiFi or network cables to your router.
  7. Move the "miniweb.exe" file into the NORFlasher folder and run it. This will start the web server on your local network.
  8. Plug the USB drive into your computer, and copy over the "flash_484.hex" file to the root of the drive and then plug it in the right-most USB port on the PS3.
  9. Turn your PS3 off if it was on, then turn it back on again.
  10. Navigate to the Network column of the XMB and select "Internet Browser". Press Start and enter the IP address and port that the miniweb window displays (example: "192.168.11.010:1337"). You should receive a message indicating that your console is compatible. If you do not, reinstall 4.85.1 HFW. Press Cross to dismiss the compatibility message.
  11. Press Triangle, scroll down one option and select Tools → Home Page. Scroll down two options to "Use Current" and press Cross. Scroll down to OK and press Cross to exit this menu.
  12. Press Circle and choose Yes to exit the browser.
  13. Launch the Internet Browser again. Read the warnings on screen, and ensure that the /dev_usb000/flash_485.hex option is checked.
  14. Hover over the "Initialize exploitation" button and press Cross. A success message should almost instantly appear indicating "Exploit Initialization SUCCESS...!". If it fails, follow the on-screen instructions to refresh the page.
  15. Select "Patch NOR Flash Memory". A message should appear saying "Proceeding to patch NOR Flash Memory...". After a few minutes, it should change to "NOR Flash memory patch operation completed..!". If it takes longer than 5 minutes to complete, exit the browser and try again.
  16. On the PS3, navigate to "192.168.11.010"/index_nor.html. Note the example IP we used from earlier. Press Triangle, scroll down one option and select Tools → Home Page. Scroll down two options to "Use Current" and press Cross. Scroll down to OK and press Cross to exit this menu. Press Circle and choose Yes to exit the browser.
  17. Launch the Internet Browser again. Read the warnings on screen, then ensure /dev_usb000/dump.hex is selected, click the "Initialize exploitation" button, wait for a success message, and then choose "Dump 16MB NOR to USB/Card device" and wait until you receive a message saying "NOR Flash dump operation completed..!".
    • If it takes longer than 30 minutes, try another USB storage device.
  18. Unplug your USB storage device and plug it into your PC. Drag your dump.hex file over the file "ps3_dump_checker.exe". The program will open and validate your dump. If the dump comes up as "OK" it's okay to proceed. If it comes up as "BAD" and lists the only failures as the ROS0/ROS1 hash, you're okay to proceed.
    • If you receive a message saying that it is the wrong file size, you likely have a NAND console and not a NOR console. Check again here.
    • If you receive an error for only SKUIdenityData (and maybe also ROS0 or ROS1), your console is likely refurbished and it is okay to proceed.
    • BACKUP THE DUMP.HEX FILE IF IT IS "OK"... SHOULD YOU MANAGE TO BRICK YOUR PS3, THIS FILE WILL BE USED WITH A HARDWARE FLASHER TO RESTORE THE CONSOLE.
  19. Restart your console and proceed to install a CFW of equal or higher firmware version with the "Installing a CFW" instructions found below.

Installing a CFW

  1. Remove the USB Drive from your PS3 and plug it into your PC.
  2. Create a folder on the root of the drive titled "PS3", and inside of that folder, create a new folder called "UPDATE".
  3. Download your desired CFW of equal or higher version, or a CFW spoofed to the latest version. The most recent firmwares can be found [[PS3:Firmwares|on this page]. Regardless of which firmware you choose, verify the MD5 hash of the .PUP file to ensure that the file is not corrupt.
    • In order to go to a lower version CFW, you must install a CFW of equal or higher version and then install the Habib QA Toggle PKG, run it, and reboot before you can install the desired CFW.
  4. Rename the CFW .PUP to "PS3UPDAT.PUP".
  5. Move the PUP to the UPDATE folder on the USB drive.
  6. Remove the USB drive from your PC and plug it into a USB port on your PS3. **Make sure to remove any disc inside your console**.
  7. On your PS3, navigate to Settings → System Update, then Update from Removable Media.
  8. Go through all the necessary prompts to install the firmware onto your system. If all goes well, you should now be on CFW.
    • If you get a error saying "The data is corrupted" and you had verified the MD5 hash, then the PS3xploit patch most likely failed and you should try the exploit again.
    • If you receive error 8002F1F9, check that your disc drive and Bluetooth are working. If they are not, you need to use a No-BD firmware.
  9. (Optional) Visit this page of the wiki to learn about the basic things you can do with your newly hacked PS3, and explore the rest of the PS3 Mods Wiki.

Bad Flash Recovery

In the event that something goes wrong while flashing your NAND, and your console is not working properly (or "bricked"), you may be able to recover it by updating the firmware normally through the XMB, ensuring you haven't shut down your console. Otherwise you can possibly boot into recovery mode and reinstall your current firmware from there. If this does not work, you will need to use a a hardware flasher to reflash. Please see Bad Flash Recovery section of the E3 Flasher, Teensy or ProgSkeet guides.