Welcome to PS3Hax, your official PS3 hacks, PS3 Homebrew, and PS3 Downloads scene. Check back daily to keep up with the latest PS3 Hacks and drop by our forums for more PS3 Hacks discussions.
  • Posted by hellsing9 , on 22/07/2012 , @ 02:23am


    As many of you know (again) the fuzz that the Cex>Dex method, created. Now it’s turn of demonhades crew to bring an EID0 Dumper for JBM 3.55, MA 3.56 and (you can read the whole article) for more references. The first MAIN step or objective from the *demonios* it’s to not have to depend on Linux to do the conversion. (Aka = DEX). Then you have another app called ConfEditor PS3 for TheGrid, that let’s you mess around more with flags among other powerful as risky ones to use. The only NEGATIVE that i find in all of this, it’s that you have to use the JBM (From DH) to achieve this kind of things. Well it’s time to play!, if you want to know more i will do a better *to english* translation, since i fetched this from another source.

    This weekend Spanish PlayStation 3 developers at DemonHades have made available a PS3 eEID0 Dumper for JBM 3.55, MA 3.56 and PlayStation 3 CFW 3.55 alongside a ConfEditor for TheGrid. To quote, : (I had to translate the all damn thing again because google translate) eEID0 Dumper by BlackDeath to JBM 3.55, MA 3.56 and CFW 3.55

    Hello pals, after the filtered method of CEX2DEX the team decided to investigate in this new field for certain users and not so much for other. That’s why we are working to make an *easier* method in order to switch to DEX without needing linux.
    Today i present you the EID0 dumper created by BlackDeath, this app will let us dump all the EID0 or the first section of CEX, ONLY using or running a PKG and having connected a pendrive in dev_usb000. The instructions are on screen and easy to follow:

    START: Used to dump all the EID0.
    SQUARE: Just to dump the first section of the EID0 (eid0_1st_Section_CEX.bin).
    X (EX): To dump the ciphered METLDR to the USB and ready to go (plug and play) for the exploit and get the dump from deciphered METLDR (mentioned in early staged of this guide)

    If you are in CFW 3.55 (normal) you have to launch the pkg from video.

    Needless to say i leave you the download link that works in ANY CFW 3.55 (PEEK | POKE LV2) As well in MA.

    Blackdeath says:
    This last version now allow us to dump the METLDR (ciphered) from our consoles if you use the X (EX) button and you will obtain the already ciphered METLDR, ready to make a deciphered dump along with they *keys* using the exploit (later).

    We will keep on working on this *area*. Ergo the next step is dump the METLDR without doing so many things in linux, quite the contrary our objective is to achieve a quick, easy to use method to dump it.

    eEID0 is needed for make the process of dumping the metldr (as you all know, and only the first section of the eEID0). The result was this tool, which is needed to do the proper conversion from DEX to TEST.

    • http://www.mediafire.com/?eblfgmmwrmjl8sw (Old Version)
    • http://www.mediafire.com/?32dca82c31470qa (New Version)

    Thanks BlackDeath, Checko, Tito01 and DemonHades From checko: WIP: A method to dump metldr and eEID root keys without linux, more easy with some little steps .. maybe naehrwert can help you. To quote from his Twitter (via twitter.com/naehrwert/status/226682478373531648 and twitter.com/naehrwert/status/226686257005203456): Isn’t installing linux to get your eid root key a bit of an overkill when you could just use netrpc?! Or you could compile this pastie.org/4295312, sign it with metldr keys and grab the key/iv from shared LS…

    	. = 0x25800;
    	.text :
    	.data :
    	.bss :
    		bss = .;
    #ifndef _TYPES_H_
    #define _TYPES_H_
    typedef char s8;
    typedef unsigned char u8;
    typedef short s16;
    typedef unsigned short u16;
    typedef int s32;
    typedef unsigned int u32;
    typedef long long int s64;
    typedef unsigned long long int u64;
    /* Loader entry. */
    .global _start
    	/* Setup stack pointer. */
    	ila sp, 0x3DFA0
    	/* Well... */
    	brsl lr, main
    		br _hang
    #include "types.h"
    void *_memcpy(void *dst, void *src, u32 len);
    void main()
    	//Copy eid root key/iv to shared LS.
    	_memcpy((u8 *)0x3E000, (u8 *)0x00000, 0x30);
    	//Hang (the PPU should copy the key/iv from shared LS now).
    void *_memcpy(void *dst, void *src, u32 len)
    	u8 *d = (u8 *)dst;
    	u8 *s = (u8 *)src;
    	u32 i;
    	for(i = 0; i < len; i++)
    		d[i] = s[i];
    	return dst;

    ConfEditor PS3 for TheGrid by RacingLocura07 Our partner and developer RacingLocura07 (UsaveME) leaves us on this occasion the conf editor ps3, this application allows you to enable or disable patches, plugins or create flags without using a PC, all from the PS3 itself in a simple and fast Download: http://www.sendspace.com/file/99llgd Options:

    • Displays a list of flags
    • Displays list of patch-dynamic
    • Displays a list of plugins
    • Allows you to export to the root of the usb, the. Cfg file to test it before storing.

    List of flags:

    • Matheros (direct or normal)
    • dumper-ram
    • debug
    • dev_flash (dumper / restore)
    • sc35/36 +8 (more compatible)
    • 100% Fan speed (fan at 100%)

    Source: Ps3news

    Update: I had to TRANSLATE again, because it’s easy to use google translate, and a pain in the EYE to do a proper translation. Please NEXT TIME guys from ps3 news, use someone who knows spanish. Still we cannot trust in Machines. (Sic).

  • Posted by PS3Hax Member News , on 27/05/2012 , @ 03:21am


    I won’t get in *Clinical* or technical details but the pantomime of demonhades is getting old.


    Never ending story part 0:

    They showed the world what they can do with UNIVERSAL MAD downgrade.
    Now with the release of an UNIVERSAL guide (i think they have a serious issue with the the universe since they make mention about it most of the time).

    I was translating their guides by my own means and not insulting the intelligence of anybody there neither showing disrespect by what i tought in that moment a bunch of people that deliver serious solutions to universal problems.
    If i make a sudden stop and think about it for a moment i will say that STILL they have a posture towards to the NON-ENGLISH readers/speakers/writers that’s way beyond childish.

    MAD Downgrade:

    They say that we don’t need a HARDWARE flasher in order to perform the magic.
    I say it’s pure vaporware, even if it’s showed on a video.
    I translated the guides corresponding this im still dubious about their *research* seems that empty promises bring hollow results.


    This dev is mentioned over and over again, often i imagine they have this poor guy chained to a chair on a dark room developing things to certain area of wannabe elitists.


    This is not ME trying to star a war on demonhades, but this charade gone too far for my taste and for the ones following the proyect since day 0.

    Next i will translate (since my native langague is spanish) what’s is being said about the others SCENE sites like HAX are posting the NEWS from THEM.

    Let’s take out the mask of this DEMONHADES, now i want to see them refute this.


    VideoTutorial PRE3,downgradeando de 356MA a 355

    Nuestro amigo varicela nos deja este video para demostrar que el downgrader de 356MA a 355 es real y no un fake ni nada parecido y que tampoco se necesita un flasher fisico,espero que esto picara a mas de uno pero..A CHUPARLA!!! (¿¿donde estan ahora los trolls o los espavilados de turno que decian que no era posible??)

    1saludo y gracias a Varicela y Jaicrab


    doing downgrade from 356MA to 355 = VideoTutorial
    Author: DEMONHADES

    Our friend Varicela posted this video in order to demostrate that the downgrader from 356MA to 355 is REAL and it’s not FAKE and nothing like that. Neither you need a physical flasher to do this.
    Hope this will generate some *itch* (when they say itch, means = more tha one person will doubt about what they are saying) BUT ALL OF YOU CAN SUCK IT!!! (where are the trolls now?? or the crack heads that said that THIS was not even POSSIBLE?

    Well since i exposed this, i sense some belligerence from their side towards anyone who dare to not believe in what they say.
    So any SCENE site that was posting news from demonhades now you know how they think about US being posting their news in our communities. In some kind of way they are *trolling* and *abusing* the fact that some words get lost in translation.

    I see demonhades *SCENE* facing a big self esteem problem.

    My error was bring Zrandiscene one guy that roughly translated what they were working and they silenced the user here in HAX.
    So they have 0 tolerance towards anyone that doubts or defies what they *done*. (or both of them)

    This being said, i like to mention one last thing:

    Please. Next time bring something real and try not to manipulate users to use them as guinea pigs.
    In a land of make believe, you are good story tellers but bad at perfoming a task that all of you being promoting ages ago.

    This is the proof how they silent users in boards (this happened here):


    Zrandi,don´t lie anymore please.Yes, he was moderator one time,but he never has been involved with our team.we was waiting to public this info when the tool have ready.

    This information doesn´t correspond to Zrandi




    P.s: Never trust google translate, if you are speaking the truth why calling the trolls or dare anyone to take a stand when all what they are and thus creating and using is not fake?

    Since im a good *person/user* if someone ask me to translate the findings of demonhades i will do it, i won’t allow my personal opinion cloud my judgment.

  • Posted by PS3Hax Member News , on 12/05/2012 , @ 05:40pm


    Here I leave the new version of BD TOOL MA who now includes the basic graphical interface, the ability to save data to any USB connected on the console port as well as the ability to detect and extract the serial model BD reader that you have in your PS3 along with the old features of the first version with the MKB and the HRL.

    You can download from here:


    In some cases the standard model may not be obtained but that’s is sometimes because the BD is not the original from the console.

    Details on this version.

    Implemented basic Graphical interface.
    Fixed bugs when extracting HRL or MKB Version.
    Now dumping and working with any usb connected to any port.
    Added detecting of Serial | Model of BD Reader.

    For now it just work on MA.

    Acknowledgements: Demonhades for being my friend, Rokiski for letting me be his student and JaiCraB for being with me and help me many times.

  • Posted by PS3Hax Member News , on 20/04/2012 , @ 05:45am


    Hello all,
    DemonHade’s team present it’s new system called Dynarec !
    A multi-plateform emulator on the JFW DH 3.56 MA, allowing many functions, especially PSX iso emulation without need to the “Cobra” dongle, here is a professionally translated quote of the source article, thanks to hellsing9.

    Hello friends, today i present you Dynarec a powerful tool for devs exclusive for ours JFW.

    Dynarec is a port of MA the old and powerful patch system in LV2 done by Aerialx (Creator of PS1LIGHT) in 2010, since so many people ignore the fact that not all the old info is useless.
    Kammy in 3.41 patched lv2 to execute a recomp dynamic code (knowed by many devs as Dynarecs).

    In 3.41 even was contemplated the creation of a dreamcast emulator but this was stepback hence this type of things limited so many devs, but in the case of Kammy we had the possibilty to debug and easy recieve Printfs by net with socat. Having a plus of executing too JIT code.

    This video shows how MA356 supports the new and renewed system of Dynarec. (Kammy in 3.41) i gave my thanks to Aerialx for this and regarding other devs you can see with your own eyes (robo hobo and others) you know that when you null the NX protection BIT in LV2 was a great advance never done in superiors FW to 3.50 and now it’s possible in MA.

    That’s why the devs left aside develpoments when users passed to 3.5x.

    In MA we get again this system giving us more power and possibilities to port more powerful emulators like = N64,dreamcast,NDS, etc.

    As you can see in Emulator configuration we left the option *INTERPRETER* off in order to use Dynarec. As you may remember in 3.55 only you can run it but slow with interpreter mode on and bios hle bios emulated. Now any bios can be used with Dynamic recompiler.

    I have to say that this new system will have Thegrid as a dynamic patch. Because of this you don’t have to execute anything. Only the Emu.
    TheGrid will come with SP1.3 integrated (soon to be published).

    Now some other news, i have to anounce that me (Blackdeath)
    I am making progress with a job regarding PS3SX which i updated using the source of Anonymous when he published in 2011 fixing some new bugs and optimizing Dynarec.
    If i have time enough i will improve it as N64, the only thing left to say to all the devs that we do what we like most that you are invited if you want to join contributing with this development platform that is 3.56MA.

    As you know in PS3SX some shaders and filter are missing and for the moment we are at full speed using PE OPS (software) if we had the hardware plugin to obtain better quality like HD mode in 360 will be awesome to have that with the help of other devs that will like to help me to port this to PS3.

    A pleasure, Blackdeath.


  • Posted by PS3Hax Member News , on 29/10/2011 , @ 07:46am


    Here’s something unique. This app called Chaos Air Bringer, lets you change your MAC address kind of like spoofing your firmware version.

    This little tool lets you do some magic in your máquina.Te to change the MAC address FOREVER, easy, huh?

    1 º) Make a hard drive or flash drive / external, for example, into any USB port (the application takes care of searching alone).

    2 º) Now you have 2 options:
    a - Do not put any files on the USB drive. In this case, the program will use a special MAC address (Air Base).
    b - Now put a file called “mac.bin,” This file will be your new mac. You need to put in binary format
    6 bytes of your new Mac, for example, DE 11 00 11 4A.

    3 º) Install the application, and throw.

    4 º) The program will make a backup of your old Mac USB drive as “mac_original.bin.”
    Remember to keep the backup in a safe place before launching the program again, but will be overwritten by the current modified (mac.bin), otherwise perhaps could be lost forever ….

    5 º) We hope that the program returns to the XMB or to restart the system.
    If restart automatically, restart it manually from PS3, you’ll forever change your mac.

    6 º) That’s it!


    a) It is necessary to use SS patches enabled to use if you have no SS patches lv1 possibly block access to these services
    b) If the program can not make a backup of your old mac, red LED flashes.
    c) If the program can not change your mac, the LED will be off (if you reboot your machine back to the green LED)
    d) If the program can make a backup or Mac LED flashes green.
    d) If the program can change your Mac to leave the LED green off and then after a few seconds, if you can not let him off.
    e) This proven and tested by the team, we are not responsible for the misuse of it to this tool.
    f) Do not change the value in the RAM (lv1, lv2 vsh), the change is real.
    g) can be modified in a custom firmware to official firmware update and will remain unchanged.
    h) This application will be a plugin for 3.41 DH JFW


    The Mac is a real change, has many uses, such as:

    - Make funny videos stupid “new firmware”, without hiding your Mac (use stupid, aim well, a lot of people are stupid and live in dark places …).

    - Make legitimate video of something and do not want your mac to appear.

    - Fool your Mac to get wireless connections are authorized mac list, and use of this wireless connection (yes, Air Carrier of Chaos).
    - A large number of uses of imagination … that sometimes can not use.


    About the source code, which is a very easy to do, you only need to use your brain, or vice versa (it is easy).

    VIA Demonhades


  • Posted by PS3Hax Member News , on 29/10/2011 , @ 07:30am


    The french Scene site PS3-Addict has interviewed Mathieulh. Thanks to both of them for taking the time for this interesting read

    Hi Mathieulh, could you give us your curriculum vitae to light up ours members?

    I reserve my curriculum vitae for business. However, I can tell you that skills are there.

    We saw you participating to PSP and PS3 Scenes, two consoles from Sony, do you have some reason (affinity…)? Have you another favorite platform (like the Galaxy S2 with Android…)?

    I’ve just been seduced by these two platforms, especially the fact that just a few details were revealed, particularly on the technic side, which raises challenge. I’m more interested in understanding the system architecture of the platform than playing, even if I’m a gamer.
    Concerning the Galaxy S2, I’m also really interested on it, but more for fun than to develop or reverse engineer.

    According to you, what kind of tools should be in hacker’s tool kits… except a brain (hardware / software)?

    A computer of course, a disassembler (e.g. IDA), a logic analyzer, if you’re interested in hardware, good knowledge in development and reverse engineering (assembly…), don’t be afraid to take risks with your equipment, if possible, have the resources to debug the code that you analyze/reverse. Maybe more if you want :P

    You seemed detached from bad comments which gone the rounds concerning what you told in the past and that didn’t result in a release, and it does you credit ! But aren’t you tempted to shut their mouth by publishing a “legal” release?

    Not really, I posted or participated to enough releases in my life (Custom Firmwares M33, Pandora, PSGroove (open source version of PSJailbreak’s exploit + full documentation), Documentation about .self/update packages cryptography, appldr + lv2ldr keys, Documentation and games packages keys, QA flag (even if this release was a leak, it was my work), use of SPE8, Kirk keys to sign applications to PSP… and many others that I’ve forgotten), as well in PSP, as in PS3 Scene to get a deep respect from my peers.

    I’ve little esteem for ungrateful users who ask more than what they’re graciously provided and who have some chronic amnesia when it comes to remember what developers have done for them. More people claim results, insult me when these don’t match with what they expect… Less I’m disposed to provide my hard work to the public. I don’t develop to fame, money or any other reason like these, I develop by curiosity to understand how the system of a platform was elaborated, and also to challenge, like to find glitches on theses platforms, consoles correspond very well to it as their system are designed with a military level, especially PlayStation 3 and Xbox 360. Apart sharing, I haven’t any interest to publish my work to the public, so when the public abuse of my work or my kindness, I feel no remorse to suspend my releases. I believe this is also the case of many other developers who haven’t any interest to run backups or any other thing on any platform.
    This is one of the reasons that pushed me to stop releasing, another good one is to avoid a possible lawsuit from Sony.

    You still are active on Gitbrew IRC channel, Twitter, and also reactive to some news, why did you left the Scene?

    Despite having stopped public releases, it doesn’t prevent me from continuing my work for personal and educational goals, to be an acute observer, and to help other developers who need it.
    This is what’s happening, I attend some developers in their work without asking any credits in return (particularly via IRC or MSN) and post comments on my Twitter when opportunity arises.

    Could you tell us more about one of your last tweets:

    @playstation #didyouknow that your self format is uber fail ? #morethanjustmy2cents xD

    It concerns a vulnerability I recently discover in Sony’s SELF format.

    Have you been able to exploit the vulnerability (lack of verification to the size of the header of an SCE SELF when copying it from the Local Shared Storage to the Local Isolated Storage) unveiled by yourself a while ago?

    This vulnerability is really difficult to implement, and only works with some loaders when we have a direct control on the arguments which are send to them. However, other flaws exist and never have been published.

    Rumors say that you’ve got the keys to decrypt 3.60 / 3.65 / 3.66 / 3.70 games. Could you confirm?

    I prefer to don’t answer to this issue, and let your interpretation answer to it. Public doesn’t need those keys, you can downgrade to 3.55 (via hardware) almost all PlayStation 3 out now (about 40 million consoles are vulnerable), and it’s possible to run Linux (via OtherOS++) or homebrews on them. I think it’s quite enough to make the PlayStation 3 one of the most open consoles in the market.

    What’s your opinion concerning DemonHades’ theory to find them?

    It’s a (really) bad sum up of the tweets I posted 6 months ago. Many elements are missing, and I doubt DemonHades has capacities to recover the keys.

    With all information available to hackers and without 3.6+ keys, is it possible to sign an application that could be functional on 3.70? If so, do you think it would lead to piracy again?

    It’s impossible to obtain the private key from keysets used by Firmwares 3.56+, and so to sign applications to those, however it’s possible to launch SELFs on 3.56+ with old keysets (below 0x0D) if we know how. Therefore, it’s possible to sign a Custom Firmware 3.60+ and install it over Fimware 3.55, if we have 3.60+ keys.

    Many people are ungrateful and always want more things, and faster. Do you think this conduct penalizes the Scene and drives away its actors? We recently saw ColdBird leaving PSP Scene.

    Indeed, I think this behavior scares many developers, including myself.

    Do you think PS3 Scene is still able to progress? Has it got the “good” sceners and public to evolve peacefully?

    Good sceners, maybe, even if a lot have gone, I though to fail0verflow, or myself. Good public, I don’t think.

    What are your motivations to this Scene? What kind of projects would you like to see?

    I appreciate the challenge and the fact that we always find new things, especially items hidden by Sony that are part of PlayStation 3′s system.

    Are you working on some projects, like the dead Utopia or other, to PS3?

    Currently, I haven’t such project to PS3.

    Do you believe Firmwares above the 3.55 could be “jailbreaken”? If so, do you think a release could revive dongles?

    I don’t think Firmwares 3.56+ could be jailbreaken with an USB dongle.

    What’s your opinion regarding modchips and their future?

    I think they’ll allow people to easily downgrade to Firmware 3.55, but their future is lukewarm, at least until 3.60+ keys become public.

    People are dissatisfied by the Scene because 3.6x+ keys weren’t found/disclosed, what do you think of these people ? Do you think it’s good to be responsive to their expectations?

    I think if they’re unhappy, nothing prevents them to work and retrieve these keys by themselves. I’ve published more than one method to recover them.

    A last question, slightly HS if we ignore old rumors, but… As an ex member of M33 Team, do you have some news about Dark_AleX?

    I don’t want to reveal too much without his consent, however, I can tell you he goes well, and I’m regularly in touch with him.

    Thank you for this interview Mathieulh, maybe we’ll see you again on December 17th?

    Hum… I may be busy to that date, I’m not sure to be able to go to CCC, it mainly depends on my availability.

    Thank you for your time

    You’re welcome

    If you want more details about Mathieulh’s works on PS3, you can read the Wiki dedicated to research or go to his own website, LAN.ST.

    Source PS3-Addict.fr

  • Posted by PS3Hax Member News , on 21/09/2011 , @ 09:17am


    Demonhades has just released a video demoing you the JFW-DH working on 3.56 firmware.Check it out below:

    Hi hell, here I leave a video that shows the installation of 356 DH JFW MA on a 355, this version is created only for users locked into a 356 (base) that can not drop below the 356 and therefore can not enjoy the scene.

    The reason why you can not downgrade the 356, is that apart from the 356 it incorporates a second updater which is the preparatory 360.Este then would be the new way (updater2) mode unusable old (355) is why not recognize any update below.

    It’s supposed to be given to how to do down at 356 after the DH JFW 356 MA, but when tested it is only possible with a flash out of 356.

    The video shows how to use various applications such as:


    Showtime-media player


    What is not allowed to peek / poke the moment, but the pkg type psn games if the charges.

    Again, this is a special version to help people who can not lose more than 356, so you need a flasher to install it and enjoy the scene, so abstain from stupid comments about that why not do it in 355, etc.

    Thanks to Alejandro, Jaicrab, Calimba and Varicella for collaboration in this custom help, the output of this custom and delayed a bit because right now we are saturated with the 341 and prefer to postpone a little more the 356 (to address and incorporate same graph as his brother 341)

    1saludo and as I always say, this video is unique demonhades.org, this may not be copied in places eol or copied only to criticize and make visits to it (which is alluded to by whoever)

    Source Demonhades

  • Posted by PS3Hax Member News , on 17/09/2011 , @ 09:04am


    So DemonHades and jaicrab along with their group of developers have been working for quite a while on a 3.41 CFW, which implements the Cobra payload, it also allows for playing games directly from the XMB, without the need of a backup manager, this FW was only for PS3 consoles on firmware 3.41, but does this new post from the source, mean it will also work on firmware 3.55 or even firmware 3.56 ???

    Here is a quote of the post in question, translation by PS3HaX member CaptainCPS-X(Thank you).

    Before reading any further, if you’re looking for something related to FW 3.60 or PSN, don’t bother reading

    Hello friends, as we said JFW DH was going to work only on FW 3.41, well now we bring JFW DH 3.56.

    - At this moment, the new JFW DH can only be installed over FW 3.55 or over 3.56 by patching part of the update with a hardware flasher (I recommend teensy, is the cheapest and easier to handle).

    What can be done with JFW DH 3.56…

    - Launch homebrew
    - Loading of backups without managers (multiMAN)

    What can’t be done at this moment…

    - Once on 3.56 you can’t downgrade, due to the new update system that we explained some time ago.
    - The Grid cannot be used (for now).
    - Downgrade is only possible with a flasher, but if you enter factory mode you will not be stuck anymore, you will be able to exit…we have not touched the QA yet, but it could be a way out .



  • Posted by Pirate , on 12/09/2011 , @ 01:51am


    Everyone has been eagerly anticipating for the 3.6x keys, and many of you probably are wondering why there have they not been released yet. Well obviously its a difficult process, but S0uL and DemonHades have outlined on how to get the 3.60 keys. Keep in mind that this is not newb friendly. I post this because hopefully this may be useful to the next “Dark Alex” of the PS3 scene looking for the right path.

    To quote (translated):

    Hi demons,

    this is a tutorial on how to obtain the 3.6+ keys, and it’s been made by S0ul and DemonHades (thanks to Demon for the info and for revising it). This is for all those people out there that think that finding the keys is easy.

    - a brain
    - expensive hardware
    - Knowledge of motherboard designs (this is if you wanna obtain data from sockets)
    - SMD and BGA knowledge (to desolder and solder smd and bga components)
    - High Frequency Oscilloscopes (to log frequencies)
    - PPC ASM knowledge (to modify lvs to be able to implement new functions)
    - Knowledge of the PS3′s architecture (to know what’s an lv)
    - a lot of patience

    Let’s see how this rolls out:
    To obtain the keys, we’ll need lv0 decrypted. Lv0 will unpack itself unto the RAM, and is decrypted with the bld key. There, the keys will already be in the SPU, which is like a safe, an impossible area to enter (isolated from the exterior).

    When the loaders and the lvs are loaded unto the SPU, lv1 will clean any traces of the decrypted lvs and loaders from the memory. But who’s the one giving orders to clean? Lv1, therefore, it can be accessed with an exploited version.

    To solve this problem, we’d need to make a modified lv1 that’ll copy the data we wanna get, the decrypted lv0 in memory, and then make it put that info aside, so we can then extract it, and after that, leave it continue its normal cleaning and mapping routines.
    This way, we’ll have the part of the memory with lv0 safe for us to get, exposing lv0 to all its content.
    From there, we’ll have appldr, that’ll be decrypted with lv0, and with it, we’ll have our “keys warehouse” available to us.

    Do you still think it’s easy to obtain the keys? I don’t think so…

    Greetings to everyone,

    Thanks to jean945 for the translation.

    There you have it, as said earlier it is no easy feat and hopefully shed some light to what it takes to get the keys.

    [VIA Demonhades]

  • Posted by PS3Hax Member News , on 09/09/2011 , @ 03:11pm


    the_marioga has released LuaFPS3 0.1, a port of the famous LuaFWii, which loads and executes lua files.

    After the “success” of luafwii, I decided to port it to PS3 and take two parallel developments. For those who do not know LuaFPS3 LuaPlayer for PS3 is that is allows you to run homebrew lua made ​​in your ps3.

    Author: the_marioga

    What is Lua?

    Lua is a programming language, simple and powerful, that does not require to be compiled to run it.

    What can you do this lua player?

    Show pictures, shapes, display text, data collected and SIXAXIS DualShock3, among other things. Very useful and powerful when programming simple video games.

    The features are on file in the RAR reference.html

    What changes will be in the next version?

    Management functions of files and folders

    ImageLoadinOne removed (obsolete)

    Initial Release

    No sound or file management functions

    Download LuaFPS3 0.1

    Source DH.org

  • Posted by PS3Hax Member News , on 04/09/2011 , @ 12:52pm


    blipi has released his project Open OSK, a On-Screen Keyboard for PS3. It’s still under developement, it looks very nice and I would love to see it implemented in Homebrew applications and games.

    Well, I thought that maybe someone of interest. It is designed for programmers and a framework in C + +.

    This is an OSK (On-Screen Keyboard) for the development of homebrews. Since I did not get to show the PS3 by psl1ght OSK decided to make one. Thinking about thinking I decided that maybe someone else saw this, so I decided to share my work:

    It is released under GNU GPL, under which you can freely use the code, but any modification is above code should be released or before uploading it to the repository or enviandomela to me for the climb.

    Is still in development, so has a lot of functionality to be added yet.

    I hope to serve you,

    Project Homepage

    Source Demonhades via PS3Crunch

  • Posted by Pirate , on 31/08/2011 , @ 06:51pm


    PSDK v3.1.0 was released today by the_marioga. For those of you unaware, this is basically a homebrew SDK+toolchain made with PSL1GHT. In noob terminology, this is for homebrew development.

    To quote:

    New Toolchain + SDK for PS3 PS3SDK substitution that was already obsolete. No more presentations I leave you with the download and some extra information Version 1.0: Download

    Composed by:
    PS3Toolchain, PS3DEV PSL1GHT and portlibs of
    SDL and SDL_LIBS of cebash
    Ps3soundlib and tiny3d Hermes
    geohot Python tools for
    MinGW and MSYS

    Thanks to: Ifcaro and Hermes, for their help in compiling PS3dev, HackerChannel, and Hermes Oopo for their contributions to the SDK and toolchain Nvidia and Python applications that complement the SDK

    1 º Run. exe (it is a Self-Extractor made ​​a 7zip) and unzip the folder PSDK3 in the root (C:)
    2 When You will need to compile using. bat that I attached. This bat can find him in the name rar MakeIt.bat

    Inside the folder you can find actualizador.sh PSDK3 and actualizador.bat, both serve to update the PSDK3 parts, so you need not download the whole pack every time something new comes out, it is all automatic, the process takes a while (2 or 3 minutes) so do not close the command window until the end of Previous Version: PS3SDK3.0 (Thanks for uploading blipi) http://www.multiupload.com/Q20ZF4LGZJ

    MULTI Moreover Multipurpose public library that simplifies the programming with k psl1ght

    Just unzip the rar inside the folder PSl1ght (within PS3SDK) Version 0.1: http://www.multiupload.com/V4QQ8Z6D7V · Initial Release

    [Download PSDK v3.1.0]

    [VIA Demonhades]

  • Posted by GregoryRasputin , on 16/08/2011 , @ 06:35pm


    OFFICIAL PS3HAX TUTORIAL CAN BE FOUND HERE: http://www.ps3hax.net/2011/08/noob-tutorial-how-to-downgradeflash-your-ps3-from-firmware-3-70-to-3-55-via-progskeetteensy-and-install-3-55-kmeaw-cfw/

    Important updates to this article follow below. Spanish Developer dospiedras1973, has released his method to downgrade Slim PS3 Consoles on firmware 3.70, here is a roughly translated native spanish-to-english quote from the source:

    Hello everyone, i finally got it, we have a downgrader for slims consoles , this time a bit different that i did with fat models, i made it by the two flashers, progskeet and teensy ++,dope

    We need:
    fat or slim console with nor updated to 3.70 “DO NOT TRY With ANOTHER VERSION”Solution to write and read the nor of the console ( flasher progskeet or teensy + +)
    hxd program (which I use to edit hex)
    FlowRebuilder v.
    a cold beer (this is important)
    Http://pastebin.com/yuvJ5Leh Downgrade.bin

    First we dump our NOR with a flasher, the file size must be “16,777,216 bytes” no byte more or a byte less, take several to be absolutely sure of what you do..get the dump “example jakemcallister.bin”and we have to get it in flowrebuilder to make it readable,the option is called bytereverse dump and extract

    we do it and we will have a file but the extension will be bin.REV open it with the hxd and take out our personal data of the console EID, BOOTLOADER, CSID and METLDR

    no need to put more data
    We get it with the following way:in this case we get our METLDR in our prepatched image for downgrade attached in this tutorial
    inside the folder where flowrebuilder had placed our.rev also has created another folder called “nameofthedump.EXT”in there are our personal files of our console and we need to get some to place em inside the pre-patched image that i attached

    Open the hxd and open downgrade.bin and the metldr file that is inside the folder asecure_loader, we pick the tab on the hxd metldr and copy all the HEX content to get in inside the downgrade.bin
    press control + g and write “820″thats the position of the metldr right click on the first line of the position 820
    And choose “paste writing” and in the same way we introduce the other ones
    the files to get in are
    :METLDR: offset“810″ size “E960″
    BOOTLOADER_0 Offset“FC0000″ size “40000″
    EID: Offset “2F000″ size “10000″
    CISD: Offset“3F000″ size “800″

    then we take the downgrade.bin with the saved changes and we get in flowrebuilder with the option bytereverse dump and extract
    This time the program will give us a error, but is a normal error, in fact is okay and will give us a file called downgrade.bin.REV

    And thats the file you have to get in in the “flash” console
    if all went well at writing ,turn on the console and you will see in the screen press the ps button or in English push ps button, DONT PRESS ANYTHING, turn off the console and put it in factory service mode, once done we need to put the correct file system for 3.55 lv2diag of jaicrab without reader and a special cfw

    lv2diag:http://www.logic-sunrise.com/telecharge … icrab.html
    cfw: http://pastebin.com/03MFDLGV turn onthe console with the usbstick with these two files in the right usb port (in the last) of the console and it will shut down for 10 / 15 minutes, turn on the console without any usb connected to verify that you did it correctly it will take you to xmb,
    If all went well turn off the console and put your lv2diag
    FILE2 of this pack:http://pastebin.com/gGETcxMR

    the console will turn on for 20 seconds will turn off itself and CONGRATULATIONS you have your console in functional 100% and kmeaw cfw 3.55 100%

    Thanks to
    :D iGiTaLAnGeL (Tester with progskeet)
    Glevand & mfw builder team (cfw)
    NDT (Assistant) is a very good person
    JaiCraB (lv2diag without reader)
    Robs1 (my guide with the nor flash)
    EussNL (his great support in the wiki that I use every day PS3DEVWIKI.COM)
    Defyboy (for creating ps3devwiki)
    To the whole channel darkps3 from irc-hispano.org for their support and many hours of testing we have hit hard mother****ers!
    DemonHades (because if you had not post on your website with the lie you said about me, I had not met DigitalAngel or uf6667and these two helped me a lot)

    and finally to the people who asked me in private to place a donate paypal button

    greetings and from now on i will resume my work with the dual nand and that dump 3.6x that gives me so many problems hehehe

    Ive updated the position of METLDR that was misplaced offset 810 ” e960″size


    UPDATE 1:

    dospiedras1973 has updated the post with the following new details:


    i fixed metldr location and leght please update

    METLDR : offset “810″ size “E960″

    UPDATE 2:

    PS3Hax member mximposter has brought us a correct and actual Spanish to English translation, the big quote box above has been edited to reflect this change.

    UPDATE 3:

    Dospiedras1973 was kind enough to post this update here on PS3HaX:

    psicoleo, uf6667 and I have made an application to automate the use hex editors to modify the downgrade.bin


    bytereversed you put your flash in donor and recipient and will downgrade.bin in the process hxd without … xD

    you not need hex edit anymore…

    and “If at any time during the downgrade DISPLAY RED (RSOD) STOP PROCESS IMMEDIATELY I WILL RELEASE A FIX SOON” Please be patient

    UPDATE 4:

  • Posted by PS3Hax Member News , on 14/08/2011 , @ 02:23pm


    Well most of us should have heard that the crew behind JFH-DH Have lost hopes for PSN access on their firmware, instead they have been working on a lil sumfin’ sumfin. In summary its a PSN alternative (they abandoned plans for PSN connectivity).

    To quote, translated:


    As you can see in the picture this will be the design (for lack of making a decent logo) to RNA.
    Also if you can observe the list of functions that will bring its first version:

    • Friends:
    Add your friends see your profile, avatar and information. Browse through their trophies and compare with yours.

    • Trophies:
    Updates trophies for other friends to see. In later versions will add support for social networks can post your trophies on sites like facebook and twitter. Maybe when I get The Grid be able to update facebook and trophies at the same time to win.

    • Network:
    Do not come in the first version, but it will be the meeting point. Create rooms and join them will be just some of the options available there.

    • Inbox:
    Send and receive messages from your friends. In future it will be possible to send messages inviting rooms in the network.

    • Quick Menu:
    By simply pressing <- -> (arrow), the menu will change law offering:

    ◦ Your profile
    ◦ Friends List
    ◦ Posts
    ◦ Menu
    ◦ Accept suggestions

    There will also be an options menu where, among other things, you can choose the background color to taste full and unrestricted (limited range of RGB, which should not be a problem).

    You can see an outline of the functions in (updated regularly): http://www.mindomo.com/es/mindmap/rna-ca64b56858824209916e8222a07e3f6e

    Suggestions and others: https://bitbucket.org/blipi/rna/issues/new

    By selecting “Type”: “proposal” and “Priority” as you may believe that very little or urgent.


    Progress (14/08/11 - 3:30 am)

    • PHP Server:

    ◦ Login: 100%
    ◦ Handshake Process (security): 30%
    ◦ Parser package: 100%
    ◦ Builder packages: 100%
    ◦ User (information): 0%
    ◦ Trophies: 0%
    ◦ Friends: 0%

    • PS3 pkg:

    ◦ Basic GUI: 80%
    ◦ Interaction and control: 40%
    ◦ Dynamism and animations: 20%

    • Global: 5%

    Here is a small video showing their text transitions:

    [VIA Demonhades]

  • Posted by PS3Hax Member News , on 13/08/2011 , @ 12:03pm


    Over on Demonhades, they have posted an update of the JFW openstore. The project is about 90% completed and expected launch date is in October. Here is a rough translation of what they have posted:

    Fellow demons, opened this thread to get official comments on developments and answer questions focused on OpenPStore.

    Above you can see the video created by matercrack, one of the devs involved in the development of the app created exclusively for JFW.

    The state of development is 90%, in the absence of the inclusion of some details in the menus and upload content to the server.

    Developers involved:


    This application is exclusively for developers involved, before publishing it elsewhere you will have to ask permission from these devs.



    [VIA Demonhades]

  • Posted by PS3Hax Member News , on 31/07/2011 , @ 11:49pm


    Alright we have been hearing about JFW-DH for a while now and a lot of speculation has been going on.  Well very soon it will be in a beta form for testers.  How do you get to be a tester, well you have to be a Demon friend on DH.org and meet the requirements for the group your ps3 falls into.  The return of online will be the openpsTore which is where you will be able to find and download homebrew for your ps3.  Also it looks like people will have to wait until October, if you don’t qualify to be a beta tester,  because they have said if the beta gets leak they will brick the tester who leaked it and anyone who is not a tester using it. The anti leak measure will not be in the final release. Also do not trust any leaked beta’s you find.

    Quote from DH.org:

    Hello friends of the Community DHorg, we know the impatience of many to JFW-DH.Teneis expected to know that the work we are doing is very tiring and among all those who compose the JFW-DH Team want to open the period beta testers.

    The requirements are:

    -Registered user community with the status DHorg “Friend devil”
    ____________________________Grupo A __________________________
    User-Spanish speaking (in Spanish beta)
    -Internet Connection on the PS3 (not psn)
    Backward-Console PAL, NTSC FAT
    Game-Original 3.56 (not dispensable)
    -Console with Firmware 3.41 or less
    Original game-PS2, PS1, PS3
    -Backup of the above both PS3, PS2, PS1 (PS3 unpatched)
    -Game store NPDRM 3.56 or 355 (not psone)
    -Backup 341 / 355Kmeaw
    Linux live cd-USB Red Ribon
    ____________________________Grupo B __________________________
    User-Spanish speaking (in Spanish beta)
    -Internet Connection on the PS3 (not psn)
    Console not backwards-PAL, NTSC FAT
    Game-Original 3.56 (not dispensable)
    -Console with Firmware 3.41 or less
    Original game-PS2, PS1, PS3
    -Backup of the above both PS3, PS2, PS1 (PS3 unpatched)
    -Game store NPDRM 3.56 or 355 (not psone)
    -Backup 341 / 355Kmeaw
    Linux live cd-USB Red Ribon
    ____________________________Grupo C __________________________
    User-Spanish speaking (in Spanish beta)
    -Internet Connection on the PS3 (not psn)
    Console not backwards-PAL, NTSC Slim
    Game-Original 3.56 (not dispensable)
    -Console with Firmware 3.41 or less
    Original game-PS2, PS1, PS3
    -Backup of the above both PS3, PS2, PS1 (PS3 unpatched)
    -Game store NPDRM 3.56 or 355 (not psone)
    -Backup 341 / 355Kmeaw
    Linux live cd-USB Red Ribon

    The beta test shall undertake not to publish the beta, and have a mechanism that anti leaks, this means that not only would find the informer, but you use it the users activate the safety mechanism to make them shiny bricks (Forewarned is a traitor) :twisted:
    The beta testers inform the organizer of the bugs to be repaired.
    The testing period will be from 2 weeks to address everything that contains the JFW-DH and so do not leave nothing out.

    The estimated date for the publication of the JFW-DH is October 1, 2011 (after two weeks testing the above)


  • Posted by PS3Hax Member News , on 19/07/2011 , @ 04:38pm


    Today, The team of developers behind JFW DH modified firmware have posted an update about the project. Their new firmware will have tons of new features currently found no where else!

    Quote from Demonhades.org below:


    - Core central 100%
    - Payload Cobra 60%
    - Linux 95%
    - Preloader 90%
    - Categorias xmb 95%
    - Manager TheGrid 25%
    - TheGrid 100%
    - Services Packs 0%
    - OpenPStore 50%

    -Return of the online (running)
    -Update of keys (working)
    -Spoof Version
    -Disable devices
    -Mounted units, several readers virtual
    -Plugins level conbinacion buttons on the six
    -Modification speedfun speed
    -Multiloader (operating)
    Dumper full-ram (running)
    PSN-games license generator (operating)
    -Hacked signature verification token QA (running)
    -PSN access sysversion check “no spoof nor certs” (running)
    Check-patching the original disks (operating)
    -Activation of the 8th SPU

    Compatibility with games and applications using a DH-JFW 341v2 core, this does not mean not being able to play all over now without patching.
    The DH-JFW is compatible with games that include between 3.56 down, including the current patched to 3.55
    DH-JFW runs natively games until 3.56 (original disks) without having to upgrade.
    Psn-games that require npdrm 356, are also supported without upgrading (the current cfw not give this support)
    -No need for a valid signature on the executable (including loaders and other files)
    -Not going to make a port to 3.55 of this JFW DH, since it includes much more than 3.55
    -Support for peripherals is not licensed by sony in that medium 355 is eliminated leaving them unused
    -The only custom firmware can take the keys with a dual nand 3.6x (programmer) such as PNM and that allows the custom appldr redirect to another area of ​​the ram and so does not remove the old
    -Theme DHorg exclusive community that will change randomly each time the console or ignite the user cambiéis
    -More surprises:)

    If you would like to provide us with a better translation use this

    Source via DemonHades.org


    Before the upcoming release of this firmware, Demonhades.org has released a tool to check the lowest version of firmware that your PS3 Console can downgrade to!!

    quote below:

    Tutorial created by DeathHades.

    This tutorial will teach you to how to know the base firmware of your PS3 with a few steps and images.

    The first thing you must need is:

    - A PS3.
    - MinVerChk

    Here is the simple steps you need to follow:

    1 - Copy the MinVerChk to your USB stick, the same way as if it was an firmware upgrade.
    2 - Insert the USB stick into the PS3.
    3 - Start a firmware update like normal from XMB (Don’t worry, it will not update!)
    4 - It will shortly fail and display the Firmware Base Value

    Download - MinVerChk

  • Posted by PS3Hax Member News , on 16/07/2011 , @ 04:51pm


    Have you heard about the Dual-Firmware Theory? Now No_one has released info his latest developments and his future release of PNM, a PS3 NOR Manager. Everything is going to be open-source and will be released “in some weeks”.

    To quote

    Anonymous hacker releases explanations of DUAL NOR hardware.

    A hardware has been designed. Project codename: PNM (PS3 NOR Manager).
    It meets the following requirements:
    - copy/dump/update NOR FLASH,
    - static switch and dynamic switch between 2 NOR FLASH (sockets),
    - realtime spying the NOR activities.
    - …

    A PDF with all the explanations, schematics and so on will be provided very soon for release !
    …this is one of the page extracted from the PDF that will be released. This is a part of the PNM schematics:

    View higher quality pic

    I believe knowledge and information wants to be free.
    This is why I consider that this project is open-hardware and will be open-source !

    Learn what you can and help contribute to making the PS3 scene a better place.
    Released by No_One.

    PS: This the dynamic switch between the 2 NOR that will probably lead to 3.6x+ keys decryption/CFW but also to a TRUE dual firmware management ;-)
    PPS: No other hardware (Infectus, Progskeet…) can manage what PNM do.
    It is quite different than these products. Functions in PNM will be much more advanced.
    Again, everything will be FREE in some weeks !!!

    Source via Demonhades.org