PS3:PS3Xploit (NAND)

There is always a chance of bricking your console when flashing data to the NAND/NOR chip.

To minimize the chance of bricking, do NOT skip any of the following sections. This process will use a recently released software hack to to allow the installation of custom firmware. Check to make sure that your console is downgrade compatible.

With any newly released exploit of this caliber, there is always a chance that you can brick your console. Follow all sections of this guide exactly as how they are written.

NAND or NOR?

It is recommended to check the model number on the back of your console and compare it to the chart below to determine if your console is NAND-based or NOR-based. If your console is not NAND based, go back to the How to Hack your PS3 page and choose a different guide.

Materials Needed

• A USB storage device, formatted as FAT32 with 32kb allocation size
• NOR/NAND Flash Writer zip file (extracted on Desktop)
• ps3_dump_checker.exe from Edythator's version of Swizzy's Dump Checker
• 4.85.1 HFW .PUP

(Method 1) Using an Exploit-Loading Site

1. Double check that your console is a NAND console, and not a NOR console. You will risk bricking your console if it is a NOR console!
2. Ensure your USB drive is formatted as FAT32, and that it is recognized by your PS3 by checking that it shows up on the XMB under Photos, Music, or Videos column.
3. Plug the USB drive into your computer, and copy over the "flash_485.hex" file to the root of the drive.
   • Verify the MD5 checksum of this file matches the checksum: 2D74B066E7453E6B1336E36C410FB1EB before continuing. If they match, you may continue, otherwise you will need to redownload the NOR/NAND Flash Writer zip file and verify again.
4. Update to 4.85.1 HFW using this guide and the .PUP linked in the "Materials Needed" section.
   • Verify the MD5 checksum of the PUP matches the checksum: C6632994C04D0ED8C555091F3FDE9BBB before continuing. If they match, you may continue, otherwise you will need to redownload the PUP and verify again.
5. Plug the USB drive into the right-most USB port.
6. Navigate to the Network column of the XMB and select "Internet Browser". Press Start and enter the URL for the PS3Xploit website: http://ps3xploit.com/hfw/writer/index_nand.html. You should receive a message indicating that your console is compatible. If you do not, reinstall 4.85.1 HFW. Press Cross to dismiss the compatibility message.
7. Press Triangle, scroll down one option and select Tools → Home Page. Scroll down two options to "Use Current" and press Cross. Scroll down to OK and press Cross to exit this menu.
8. Press Circle and choose Yes to exit the browser.
9. Launch the Internet Browser again. Read the warnings on screen, and ensure that the /dev_usb000/flash_485.hex option is checked.
10. Hover over the "Initialize exploitation" button and press Cross. A success message should almost instantly appear indicating "Exploit Initialization SUCCESS...!". If it fails, follow the on-screen instructions to refresh the page.
11. Select "Patch NAND Flash Memory". A message should appear saying "Proceeding to patch NAND Flash Memory...". After a few minutes, it should change to "NAND Flash memory patch operation completed..!". If it takes longer than 5 minutes to complete, exit the browser and try again.
12. On the PS3, navigate to http://ps3xploit.com/hfw/dumper/index_nand.html. Press Triangle, scroll down one option and select Tools → Home Page. Scroll down two options to "Use Current" and press Cross. Scroll down to OK and press Cross to exit this menu.
13. Press Circle and choose Yes to exit the browser.
14. Launch the Internet Browser again. Read the warnings on screen, and ensure /dev_usb000/dump.hex is selected, click the "Initialize exploitation" button, wait for a success message, and then choose "Dump 239MB NAND to USB/Card device" and wait until you receive a message saying "NAND Flash dump operation completed..!".
    • If it takes longer than 30 minutes, try another USB storage device.
15. Unplug your USB storage device and plug it into your PC. Drag your dump.hex file over the file "ps3_dump_checker.exe". The program will open and validate your dump. If the dump comes up as "OK" it's okay to proceed. If it comes up as "BAD" and lists the only failures as the ROS0/ROS1 hash, you're okay to proceed.
    • If you receive a message saying that it is the wrong file size, you likely have a NOR console and not a NAND console.
    • If you receive an error for only SKUIdenityData (and maybe also ROS0 or ROS1), your console is likely refurbished and it is okay to proceed.
    • BACKUP THE DUMP.HEX FILE IF IT IS "OK"... SHOULD YOU MANAGE TO BRICK YOUR PS3, THIS FILE WILL BE USED WITH A HARDWARE FLASHER TO RESTORE THE CONSOLE
16. Restart your console and proceed to install a CFW of equal or higher version with the "Installing a CFW" instructions found below.

(Method 2) Self-hosting the Exploit

These steps are an alternative to using an exploit-loading site.

1. Double check that your console is a NAND console, and not a NOR console. You will risk bricking your console if it is a NOR console!
2. Update to 4.85.1 HFW using this guide and the .PUP linked in the "Materials Needed" section.
   • Verify the MD5 checksum of the PUP matches the checksum: C6632994C04D0ED8C555091F3FDE9BBB before continuing. If they match, you may continue, otherwise you will need to redownload the PUP and verify again.
3. Extract the NOR/NAND Flash Writer zip file into a folder labeled "NANDFlasher".
4. Inside of the NANDFlasher folder, create a folder called "htdocs".
5. Move the "ps3xploit_writer_v201.js", and the "index_nand.html" files into htdocs, then rename "index_nand.html" to "index.html".
6. Ensure your PS3 is connected to the same network as your PC, in order to be able to connect to the web server. This can either be through WiFi or network cables to your router.
7. Move the "miniweb.exe" file into the NANDFlasher folder and run it. This will start the web server on your local network.
8. Plug the USB drive into your computer, and copy over the "flash_484.hex" file to the root of the drive and then plug it in the right-most USB port on the PS3.
9. Turn your PS3 off, then turn it back on again.
10. Navigate to the Network column of the XMB and select "Internet Browser". Press Start and enter the IP address and port that the miniweb window displays (example: "192.168.11.010:1337"). You should receive a message indicating that your console is compatible. If you do not, reinstall 4.85.1 HFW. Press Cross to dismiss the compatibility message.
11. Press Triangle, scroll down one option and select Tools → Home Page. Scroll down two options to "Use Current" and press Cross. Scroll down to OK and press Cross to exit this menu. Press Circle and choose Yes to exit the browser.
12. Launch the Internet Browser again. Read the warnings on screen, and ensure that the /dev_usb000/flash_484.hex option is checked.
13. Hover over the "Initialize exploitation" button and press Cross. A success message should almost instantly appear indicating "Exploit Initialization SUCCESS...!". If it fails, follow the on-screen instructions to refresh the page.
14. Select "Patch NAND Flash Memory". A message should appear saying "Proceeding to patch NAND Flash Memory...". After a few minutes, it should change to "NAND Flash memory patch operation completed..!". If it takes longer than 5 minutes to complete, exit the browser and try again.
15. On the PS3, navigate to "192.168.11.010:1337"/index_nand.html. Note the example IP we used from earlier. Press Triangle, scroll down one option and select Tools → Home Page. Scroll down two options to "Use Current" and press Cross. Scroll down to OK and press Cross to exit this menu.
16. Press Circle and choose Yes to exit the browser.
17. Launch the Internet Browser again. Read the warnings on screen, and ensure /dev_usb000/dump.hex is selected, click the "Initialize exploitation" button, wait for a success message, and then choose "Dump 239MB NAND to USB/Card device" and wait until you receive a message saying "NAND Flash dump operation completed..!".
    • If it takes longer than 30 minutes, try another USB storage device.
18. Unplug your USB storage device and plug it into your PC. Drag your dump.hex file over the file "ps3_dump_checker.exe". The program will open and validate your dump. If the dump comes up as "OK" it's okay to proceed. If it comes up as "BAD" and lists the only failures as the ROS0/ROS1 hash, you're okay to proceed.
    • If you receive a message saying that it is the wrong file size, you likely have a NOR console and not a NAND console. Check again here.
    • If you receive an error for only SKUIdenityData (and maybe also the ROS0 hash or ROS1 hash), your console is likely refurbished and it is okay to proceed.
    • BACKUP THE DUMP.HEX FILE IF IT IS "OK"... SHOULD YOU MANAGE TO BRICK YOUR PS3, THIS FILE WILL BE USED WITH A HARDWARE FLASHER TO RESTORE THE CONSOLE
19. Restart your console and proceed to install a CFW of equal or higher firmware version with the "Installing a CFW" instructions found below.

Installing a CFW

1. Remove the USB Drive from your PS3 and plug it into your PC.
2. Create a folder on the root of the drive titled "PS3", and inside of that folder, create a new folder called "UPDATE".
3. Download your desired CFW of equal or higher version, or a CFW spoofed to the latest version. The most recent firmwares can be found on this page. Regardless of which firmware you choose, verify the MD5 hash of the .PUP file to ensure that the file is not corrupt.
   • In order to go to a lower version CFW, you must install a CFW of equal or higher version and then install the Habib QA Toggle PKG, run it, and reboot before you can install the desired CFW.
4. Rename the CFW .PUP to PS3UPDAT.PUP.
5. Move the PUP to the UPDATE folder on the USB drive.
6. Remove the USB drive from your PC and plug it into a USB port on your PS3. Make sure to remove any disc inside your console.
7. On your PS3, navigate to Settings → System Update, then Update from Removable Media.
8. Go through all the necessary prompts to install the firmware onto your system. If all goes well, you should now be on CFW.
   • If you get a error saying "The data is corrupted" and you had verified the MD5 hash, then the PS3xploit patch most likely failed and you should try the exploit again.
   • If you receive error 8002F1F9, check that your disc drive and Bluetooth are working. If they are not, you need to use a No-BD firmware.
9. (Optional) Visit this page of the wiki to learn about the basic things you can do with your newly hacked PS3, and explore the rest of the PS3 Mods Wiki.

Bad Flash Recovery

In the event that something goes wrong while flashing your NAND, and your console is not working properly (or "bricked"), you may be able to recover it by updating the firmware normally through the XMB, ensuring you haven't shut down your console. Otherwise you can possibly boot into recovery mode and reinstall your current firmware from there. If this does not work, you will need to use a a hardware flasher to reflash. Please see Bad Flash Recovery section of the E3 Flasher, Teensy or ProgSkeet guides.