Welcome to PS3Hax, your official PS3 hacks, PS3 Homebrew, and PS3 Downloads scene. Check back daily to keep up with the latest PS3 Hacks and drop by our forums for more PS3 Hacks discussions.
  • Posted by Pirate , on 30/09/2010 , @ 08:59pm


    DanyL from PSX-Scene has released an EASY and newb friendly program to add PSGroove on iPod devices (and various others including: sansa E200v1, E200R, C200v1).

    To quote:
    I built a small program that allows easy installation of PSGroove on iPod devices.
    It’s still in beta and it lacks of automatic installation of iPL.
    But it works pretty well.

    [Download RockBoxPSGroove Installer]
    [VIA PSXScene]

    Thanks to condorstrike for the tip

  • Posted by Pirate , on 30/09/2010 , @ 08:19pm


    Another update  is out by the Spanish hacker Hermes, this time he has updated his original Hermes v1 PSGroove paypload to version 2. The newest payload supposidley fixes the controller issues with games such as F1 2010 and Street Fighter.

    To quote (translated):

    Useful information by Hermes Yesterday 19:09

    Looking looking, I’ve noticed where the problem that makes the game Formula1 2010, does not recognize the controls. This is a patch which is not its function, but removing it, I have not noticed anything unusual: perhaps a sort of check related to the modules that has USB and F1 games like this, do not recognize the command. Perhaps it is only relatively necessary in the initialization process and then beaten.

    Anyway, I uploaded an update to the source, but does not include that set off the patch, if marked with a warning (see line 169) and includes a define to disable the USB and also another DESTINATION, which states the address where the code is installed (and added a new patch file, if it stayed in another place)

    Here I note that we have a table (memory_patch_table) that is about to address 0×700710 (because we needed space) and that concerns me, because it may be crushed at any time if new modules are loaded (such may be best off finding another site or directly load the payload in another direction more convenient, at the end of the kernel (I’ve done this and it has worked, as it has worked to put the code in the DESTINATION so low that it appears aside in the source, but the same is not an appropriate place, of course)

    The fact is that there is another way to override the patch using the POKE role in eg open_manager:

    void pokeq( uint64_t addr, uint64_t val)
    system_call_2(7, addr, val);
    pokeq(0x80000000000505d0ULL, 0xE92296887C0802A6ULL);

    Adding that code to any program, you can disable that patch that prevents the proper functioning of at least F1 2010, without touching the payload.

    Requires that if your “spike” has the functionality peek / poke, because otherwise it will not work.

    The source of the second version you can download the first thread, but you know that it is not necessary actualicéis your “thorn”, as the modifications are more source code to allow the payload to carry any other direction.

    PS: I included hex teensy version with at90usb162.ñ In my case I use two LEDs, but that should be a issue!


    You can grab the latest update at the news source HERE.

    Thanks to mupet000 for the tip.

  • Posted by GregoryRasputin , on 30/09/2010 , @ 06:40am


    As most of us know, developer marcan was working on a Linux bootloader for firmware 3.41, the only problem he had, was choosing a name, well he has settled on AsbestOS, here is the tweet where he reveals the name and a few after regarding the bootloader.

    AsbestOS (yeah, I’m calling it that) now works on the PS3 Slim (still doesn’t quite boot Linux, though)

    Next headache: catching *both* CPU threads from lv2.

    That wasn’t too bad. Threads caught.

    Wasted like an hour debugging a bootwrapper that was working perfectly, except noone documents this stuff. dtbImage.ps3 != zImage.ps3

    I bet you’ve never seen a Linux kernel say this: [ 0.000000] PS3 firmware version 3.4.1

    http://is.gd/fBv7U It’s alive! Mostly, anyway.

    Confirmed that it works (to the same extent) on the Slim too :)

    To follow marcans progress, follow him on Twitter here

    The AsbestOS logo in the above pic, is not the official logo, i just added it to make it prettier :p

  • Posted by GregoryRasputin , on 29/09/2010 , @ 12:26pm


    jiXo from the Spanish forum Elotrolado, has made a post stating that he received an Open Source Back Up manager from a person who wishes to stay anonymous, here is what it says:

    Open Manager v1.0

    This application has been made by an anonymous person non seeking fame, profit or benefit.

    I dont want to cause any damage to the video game industry, but it is not reasonable that these consoles (expensive cost) are constructed like butter and we can not do anything to preserve the health of the lens of our readers (my console model cannot be repaired), While Sony is rubbing his hands when you send to repair a console and them are dedicated to eliminating original features of the console, as PS3 Other OS and Linux, relying on what they think best for your business and not caring a shit or the feelings of their users or their acquired rights as users and owners of their consoles.

    The videogame industry only wants control, oligopoly, money, pursuit of anything that does not benefit their interests and if it is possible, force legal changes using their influence and power while we’re just anonymous people we have to endure all the crap on hardware that is passed through a computer, just to avoid taxes.

    So I decided to do an experiment: I decided to see if I can make a BACKUP and Homebrew purpose loader (legal in my country), release the source code and waits to see what happens. Maybe someone has the Sony SDK 1.92 and wants to compile, it but that’s not my problem.

    Obviously, is ‘illegal’ to build things with the SONY SDK unlicensed but this is only source code ;)


    Open Manager has the next features:

    - Supports up to 512 items from two USB devices, internal hdd and bluray

    - Ability to copy games from bdvd to hdd0 or USB’s, from hdd0 to USB’s or from USB’s to hdd0. It is done asking to you the destination device. It use uses asynchronous reading and writing for fast copy.

    - Special support for big files in FAT: it splits files >= 4GB using .666xx fragments (if the file is name.ext, the file splits as name.ext.66600, name.ext.66601,…). This file is not bootable and it is marked using ‘_’ as folder prefix. The file is joining when you copy it to hdd0 device

    - Automatically finds the path of the games and asks to you about it. In other case, if the Open Manager is installed in the hdd0 creates one. You can change it pressing L2+START later.

    - Including checking game option (pressing L1). It displays information about the files, size, splits or big files, if it have one.

    - Support for Homebrew: you can creates “homebrew” folder in root USB FAT device and put here others folders with an EBOOT.BIN (.self format) and one ICON0.PNG. Also you can use the internal hdd0. Homebrew is launched directly and receive the path in argv[0].

    - FTP support to upload homebrew: open_manager uses “OMAN46756″ as user, by default. I recommend flashfxp to use it, because FTP support is not very good…

    NOTE: Open Manager works with Hermes payload update. So,if you return from game list, apps_home can launch gamaes without one disc (some games dont work without any disc), but if you return from Homebrew, apps_home works from usb000

    NOTE2: You can modify the program as you want, but please, make public the source code

    Download And Source

    Images thanks to bubba

    Video thanks to Jurai

  • Posted by Pirate , on 29/09/2010 , @ 11:09am


    Still haven’t gotten your hands on a USB Developement board? Not to worry, At90usb162.com has provided PS3Hax with 10 free USB development boards (Golden AVR) to giveaway to free to our members. They are also having a 50% promotions for PS3Hax members, so if you don’t win one from us, be sure to check them out and grab one for cheap :) .

    Specs about the Golden AVR:

    Teensy / Golden AVR AT90USB162 Training board:
    - Chip AT90USB162 programmable through USB
    - Training Board compatible Teensy / Blackcat USB / AT90USBKEY
    - Reprogrammable through USB under Windows/Linux


    The contest is open to only the following regions (this is only where the company ships to, sorry USA folks): Austria, Belgium, Denmark, France, Germany, Ireland, Italy, Luxembourg, Netherlands, Portugal, Spain, Sweden, United Kingdom

    How to enter:

    Simple, we just fired up a Twitter account by popular demand, tweeting only PS3Hax news. All you have to do is retweet the post about the giveaway (HERE), and become a follower on the Twitter.  The contest ends October 1st, winners will be chosen randomly and posted here.

    Good luck :)

  • Posted by GregoryRasputin , on 29/09/2010 , @ 04:28am


    KaKaRoTo via his blog has announced PL3 and that he is working on implementing PSGroove on firmwares between 3.01 and 3.15, this is what he said:

    I’ll announce two things, first, let’s talk about PL3.. PL3 is a new project I started in order to have a common repository of payloads that can be used by any ‘jailbreak’ implementation. I got tired of copying payloads from PSGroove, and I had some nice changes in mine that I thought the PSGroove project could benefit from, so I thought I’d create a single repository that both projects, PSFreedom and PSGroove (or any other similar projects) could use.

    You can find it in github, so don’t hesitate to submodule it and use it.

    Second important news… I’ve bought a new PS3 just for homebrew. Thanks to all who donated money so I can buy it (I didn’t get enough donations to pay for it, but enough to help me). I bought this PS3 used and it came with firmware 3.01! This is good and bad news : I can’t use PSFreedom to jailbreak it, so i’ve put on hold any improvements for it, however, it will allow me to actually port PSFreedom to older firmwares! My plan is to get the jailbreak working on 3.01, then move on to 3.10 and 3.15 (depending on how hard it is, i might skip 3.10).

    Another good news is that after 4 days of work, I was finally able to dump the LV2 memory from the 3.01 firmware, and now all that remains is to find the right offsets to patch, and port PSFreedom to 3.01, so all those who are still using this firmware version, you will soon be able to jailbreak it! Once I’m done with that, I’ll try to do the same with the 3.10/3.15 firmware versions!

    To dump LV2, I used a trick and algorithms found by marcan42, so big thanks goes to him, as well as many other people who helped me out, RichDevX and Aaron in particular. I used RichDevX’s idea of ignoring the JIG and bruteforcing the address in which the port1 descriptor gets stored until I get a hit, then use that payload to dump lv2, then find the right JIG offset for that particular firmware from the dump. Marcan’s trick was to send the data through the ethernet cable by using LV1 only hypercalls, and it worked!

    Now the latest git version of PL3 has a new ‘dump_lv2′ payload which you can use, it is firmware independent, and only uses LV1 hypercalls, so it should just work… It will dump all the lv2 memory through ethernet, so fire up wireshark, save the dump to a .pcap file, and use the tool in PL3/tools to extract the memory dump from the .pcap file.

    In other news, I will soon upload to Ps3utils an .idc script that will search and find the syscall table, and correctly resolve all of its functions and name them properly.. maybe even have it automatically find all functions of a dump in order to save time creating procs in IDA. I’ll let you know once I’m done with it.


    Download PL3 Via Github
    Just a note, ps3hax.net are not associated nor hold responsibility with files hosted off forum, you download at your own risk.

  • Posted by Pirate , on 28/09/2010 , @ 03:24pm


    Tired of having to unplug your power cord for PS3 slim just to be able to load up PSGroove? The x3Max team have heard you pleas and have released the x3switch, retailing for about $20.

    [VIA Logic-Surnise]

  • Posted by Pirate , on 27/09/2010 , @ 09:50pm


    garyopa over at PSX-Scene has posted an interesting article today, releasing many possible recent court documents.

    To quote:

    In this boring legal filings by Sony, it now covers not just PSJailbreak, but also names PSGroove, PSFreedom, OpenPSJailbreak, and they have filed printouts from various blogs, forums, with comments and tutorials people have been writing up on how to use these various programs. They even mention of course the phone ports & TI84 calc. hacks.

    Sony is using this information, to get the courts to order up faster service, to force the various ISP’, Domain Register’s, and Web Hosting Services to give up the personal info on their clients so that can serve more court papers on those people, and issue DMCA takedown notices to shut down various sites.

    So for the Judge has only granted one order so far, this one is directed to YAHOO! to within 5 business days to turn over all the information they have on a [email protected], all IP’s he used to access his mail, his personal info stored by Yahoo, his email of course, and other logs.

    This E-Mail address is the one that was used to rent the mail-drop box in Texas used by http://shoppsjailbreak.com as their virtual office for orders, shipments, registering the domain name, etc.

    Recently, that above name site which also goes under the company name of Zoomba stop using the “.com” domain and now is operating under a http://shoppsjailbreak.net domain. — Plus also the http://psjailbreakcanada.com site which seems to point IP wise to the older site, has suddenly been changed to DOJ/IPR/ICE notice that has been used in the past for “Torrent/Movie” site take-downs!

    Anyhow, here is all the public court documents you can read thru them now, and see just what SCEA has been printing out about yourself online, they are asking the court they need to findout the true identify of everyone that sells, makes, offers for sale, or even has just knowledge of the real people behind any project called PSJailbreak, PSGroove, OpenPSJailbreak, PSFreedom.

    Don’t be surprized if the next few days, you see less sites online, or you find yourself answering the door to a person serving you a Summons to Appear! — The good reading stuff is the PDF’s called Exhibit or Exhibits!

    You can see all the documents at the source below:

  • Posted by Pirate , on 27/09/2010 , @ 07:34pm


    PS3Hax member NZHawk, has released an ‘awesome’ application known as “NZHawk’s Awesome MountPoint Manager v1.0″. This program allows you to choose where to install the PS3 game (instead of having it in LAUN12345)

    To quote:

    This Awsome MountPoint Manager is pretty much like the existing backup manager, with one major difference! You can choose any folder on any device on you PS3 to use as the mounted disk.

    I wanted to mess around with the SDK that was ‘avaliable’ and it was a good learning curve! (Pretty much the first time ive coded in C++) and it was a challenge! (24 hours with no sleep )

    You can grab the download and read more about the application at the original release thread located HERE.

  • Posted by Pirate , on 27/09/2010 , @ 07:20pm


    Due to the increase in traffic, and user activity, PS3Hax.net will be going through a server upgrade at 1:00 AM EDT on Friday, October 1st. The downtime is expected to last about 5-6 hours.

    Update: The above date may be subjected to change to October 2nd or 3rd. Site may be down for more than 12 hours (due to new server IP). Also we know the site is loading very slowly (hence server upgrade ^_^)

    We will post any updates on the PS3Hax twitter during downtime (related to site):
    EDIT: We seem to have completed some tweaking to site which may not require any downtime at all.

  • Posted by Pirate , on 27/09/2010 , @ 07:02pm


    Demonhades today has leaked the internal PS3 Jig manuals. The documents outline how configure and setup the Sony software and how to use Sony’s service USB jig. The files obviously are illegal so we won’t like the downloads to you, but you can find the information you desire at the source.

    To quote:

    Well I dedicate this information for some eol aware of that are still believed themselves the lies that this is an exploit, when really jigcard leverages the technology of Sony and its backdoor in the usb port and libusb.

    Alert and has long behind it were several people including Mathieulh, geohot and Richdevx and as you see all this coming out of their hands … this debate is what has led to the TeamHades was dissolved by doubting my statements and worst all that I crellesen my own colleagues and friends.

    Here you have the PDF of JigCard so you can see with your own eyes have deceived you into believing it is an exploit, save data as the service mode to do this for chapters and no deliveries and so suspicious of them. You have more information at the Research Forum

    And since I already communicated that leaves DemonHades investigations; only me to care for the community engages DHorg (the people), help with problems and doubts keep the site up to date … but I withdraw from the research topic.

    1saludo and thanks to that if I have believed and supported me and the rest to be happy with this BIG LIE.

    [VIA Demonhades]

  • Posted by Pirate , on 27/09/2010 , @ 06:48pm


    Want to reduce the size of your PS3 game dump? The folks over at Logic Sunrise have released a tool to do just that. This program scans your PS3 game dump and removes files such as dummy files, foreign languages, updates, and various others. The program is in Spanish but its not too difficult to navigate through, if someone can port an English version or make a diagram of the menu in English - I am sure many would appreciate it.

    [Download PS3 Game Ripper v1.0]


  • Posted by GregoryRasputin , on 27/09/2010 , @ 10:03am


    cfwprophet has released a PKG tool, here is a quote from his post:

    Hi folks, Today I wanna release my little batch PS3 PKG Tool v0.5 which can do a lot of things:

    • Installing of MinGW, msys, msysDTK and setting the environment for msys
    • View PKG info
    • View PKG Contents
    • Unpack PKG
    • Decrypt EBOOT.BIN
    • Edit .ELF
    • Encrypt .ELF
    • Edit SFO
    • Generate PKG config file
    • Repack PKG

    It’s a command line tool and will automate some task and make the job of pkg modifying and generating a much easier. It’s not perfect and I’m not a coder but when I have time and you guys like it I will update the tool.

    Just unpack the .rar to .exe and install it where you want.

    Have Fun!

    [Download Link Removed because file is illegal]

  • Posted by GregoryRasputin , on 27/09/2010 , @ 06:19am


    French site PS3GEN has reported that PS3 Developer RichDevX, is working on a payload, to get the PS3 into Service Mode,here is a translated quote from the source:

    As shown in this first image, we can see the red box on the XMB showing that the console actually went into service mode. In this mode, it is possible to run specific software, including one allowing the domwgrade (the opposite of update, ie back to a previous firmware). Who says so says downgrade opportunity to go 3.15 for the benefit of new and more otheros hack with PSGroove.

    Payload through this, it is also possible to run each time you start the console, loading a file. Self from a USB key as explained above. This could allow the hack using only one time a dongle or other, then your USB stick could complete the task alone. Advances in the underground world push the limits even further, watch this.


    Thanks to dondolo for the tip.

    So it appears we have more scene lies and rubbish:
    In reply to Pockets69 Mathieulh wrote

    @Pockets_69 I don’t even think this payload is destined for a public release, none of us issued any statement regarding those. People just happened to stumble upon those pictures from Rich’s twitpic folder and made a whole story around it.

  • Posted by Pirate , on 26/09/2010 , @ 09:21pm


    inf1 from PSX-Scene has posted a tutorial on how to play PS3 game dumps containing 4gb+ files via external HDD. Many PS3 games use a type of compression known as .PSARC, an archived format for PS3, similar to WinRAR or WinZIP. The logical thing to do is simply extract them, and copy them over in smaller size :)(more…)

  • Posted by Pirate , on 26/09/2010 , @ 12:11pm


    Yesterday we told you about the POC video of PS3 jailbreaking via SIXAXIS by haskuy. Today, the full tutorial has been revealed. The hack works via the 18f2550 pic. Unfortunately it is not as easy as many of you would hope, it requires soldering and some technical skills. Another issue is that the tutorial was originally written in Spanish, so the google translation is some what sketchy, if you speak Spanish we would greatly appreciate a properly translated post (and will post it here). You can find the original tutorial and release via Elotrolado.

    Update: Well it seems from the post it is fair to say this is not really a PORT, its more of a way to power the PIC via Sixaxis controller, which could actually be bad for you when you don’t want the exploit activated. Also based off the posts at the source, people are saying that this  could result in electrical failure as the PIC is always activated.


  • Posted by Pirate , on 26/09/2010 , @ 11:06am


    Remember the iPod video port we told you about a few days ago? Well there is another out on the web, id10terror from PSX-Scene has managed to port PSGroove to the Sansa e200,c200v1 MP3 series and other versions via Rockbox. You can view the step-by-step tutorial below.

    1. Download Rockbox Installer — http://www.rockbox.org/download/
    2. Use installer to install at least the minimal Rockbox installation

    Once Rockbox is up and running normally on your Sansa e200:

    3. Extract the attached zip file (DOWNLOAD HERE)  into the root of your Sansa and let it overwrite any newer files.

    4. Disconnect and restart your Sansa.

    Once your Sansa is re-booted into the new Rockbox:

    5. Turn off the back Power switch or Disconnect PS3.
    6. Connect the Sansa via USB to your PS3. (make sure it’s the only thing connected)
    7. Turn the Power switch back.
    8. Press the touch sensitive Power Button and then Eject immediately after.

    - To return Sansa to normal, just run the Automatic installer and reinstall Rockbox.
    - These instructions will not work on the e200 RHAPSODY version yet. *Being tested ATM*
    - To access original firmware and USB functionality: Turn on Sansa while holding down the left (or back) button. Then Connect to your PC’s USB.

  • Posted by GregoryRasputin , on 26/09/2010 , @ 05:07am


    New update fro blackb0x is out, bringing the version to 1.1b. Change log below, download at the end of the post. (more…)