Welcome to PS3Hax, your official PS3 hacks, PS3 Homebrew, and PS3 Downloads scene. Check back daily to keep up with the latest PS3 Hacks and drop by our forums for more PS3 Hacks discussions.
  • Posted by Pirate , on 18/10/2010 , @ 08:14am


    The latest Hermes v4 has been ported to Rockbox (PSGroove support for various devices).

    Supported Devices:

    - IPod 5G (Video)
    - IPod 4G (Photo)
    - IPod Mini 1G
    - IPod Mini 2G
    - IPod Nano 1G
    - Sansa C200V1
    - Sansa E20
    - Vibe 500
    - MROB 100
    - IRiver H10
    - IRiver H10 5G
    - GoGear HDD 6330
    - GoGear HDD 1630-1830
    - GoGear 9200 HD
    - Gigabeat

    [Download Rockbox Hermes v4]

  • Posted by Pirate , on 17/10/2010 , @ 02:23pm


    If your using the newest payloads that were released over the weekend (such as Hermes), then you should be using drizztbsd’s Gaia Backup Manager. (more…)

  • Posted by GregoryRasputin , on 17/10/2010 , @ 08:22am


    Yesterday we posted about KaKaRoTo discussing the payload mess here, he has since made a new blog post, explaining why he doesn’t like Hermes payload.

    First things first, the title says “why I don’t like the hermes Payload” so this has nothing to do with Hermes himself. I don’t know him, I never spoke to him, so I don’t know what kind of person he is and so I have no opinion on him personally.

    Now, I want to make some things clear, I’ve seen a lot of people criticize me for ‘bashing Hermes’, and many people seem to think that I’m trying to say “I’m better than him” or something. Also, it looks like I created some confusion with my comments from my previous blog post. So I want to apologize and make sure there is no confusion anymore :

    When I said that the hermes payload is ‘dangerous’, people misunderstood me.. no it is not specifically dangerous for your PS3, it won’t brick it or anything, the only ‘danger’ there is, is that it could (in some situations) crash… then you’d need to reboot, that’s it.. so don’t freak out about his work being harmful or anything, because as far as I know, it’s not!

    Some people also told me “give credit where its due”, and I want to do it, I’ve always given credit to people, every time I achieved something, I gave credit to those who helped me achieve it. I’m not looking for fame here (if I did, I would have announced PL3′s release 3 weeks ago when I created it) I’m just having some fun in my free time doing something that I like. Hermes did contribute some nice things, and I appreciate what he did, mainly he figured out how to fix the controller issues with some games, that was something very difficult to fix and I’m surprised at how fast he came up with a solution and it was a smart solution and all I can say is “good job”. The other stuff he did in his payload, I don’t like that much, and that’s what I want to cover in this post..

    I may have been ‘harsh’, but I don’t see the point in trying to be diplomatic, I’m a programmer, not a politician. I don’t like his code, and I speak my mind, I’m being honest, and I’m not trying to criticize him without any reason, as far as I know, I’ve stayed respectful and that’s all that matters to me.

    To those who don’t want to know about all the technical details, let me ‘conclude’ here by saying that if the hermes payload works for you, then good, use it, I’m not telling people to stop using it, I’m not saying that PL3 works better either, maybe his payload works better in some situations, maybe not, but overall, the user’s choice should always be “whatever works for you”. The PL3 initiative is about having a standard repository for payloads, and having a common code base for everyone to work on, so in the future, PL3 might evolve faster and have more features, or maybe it won’t, the thing to note is that it’s better for payload developers to base their work off PL3. But again, this is meaningless for most users, apart from maybe clearing up the confusion about all these payloads and nobody knows which one to use.

    Also, I talked about PL3, which is a common repository for contributors to work on, people seem to have nicknamed it “kakaroto’s payload” or “kakaroto’s pl3″, but I never said it was my payload, PL3 is PL3, it’s not all my work, and if you look at the commit log, you will see that I’m not the only contributor to it. PL3 itself integrates patches and solutions provided by Hermes, Waninkoko and Mathieulh, I improved some of their patches to make sure it works better for non-3.41 firmwares, but it’s still credited to be their work. PL3 is not my payload, PL3 is a payload repository for everyone. Also, PL3 as a project is a repository containing multiple payloads (default one, development one, dump_lv2, dump_elfs, etc..).

    PL3 is not perfect, nothing in the world is perfect, so it might have bugs, it might not work for some people, who knows what might happen. But I never said that it was perfect, so people should stop thinking that I said that. It’s written more cleanly, it’s better in terms of the infrastructure behind it, but that’s the only thing I can vouch for.

    Also for those complaining about me adding a donate button to the blog post, I don’t see how that’s relevant, I’m not begging people for money (and I haven’t received any donations in the last ~3 weeks just so you know). If you don’t want to donate, then don’t, no reason to bitch about it. I’ve put the button there so that people who appreciate the work and want to donate something have a way of doing it. I asked for donations before because I needed to buy a PS3 for development, I already raised enough money to buy it, so I don’t need any more donations, so I’m not asking people for donation money anymore, as simple as that.

    Anyways, here are the more detailed/technical explanations on the reasons why I don’t like his payload :

    First, the code is not clean, it’s unmaintainable. The fact that he gives his source code in .rar files instead of a git fork is the biggest issue I have with it. And yes, that does not matter for users, it only matters for developers. The problem with his method of delivery is that you have no way of knowing what he based his code off, so it’s hard to figure out what he changed.. also, when you find out his base, and do a diff, you get a huge diff for everything he did, all in one shot, and then you have to reverse engineer it to understand what he patched. That’s complicated and annoying for developers! For those who follow my twitter, you can see how many commits I do, I always like having “small commits” because each commit becomes independent, self explanatory and easy to review. It also makes things easier to integrate, if you want a specific thing, you just merge/cherry-pick that single commit, instead of copy/pasting code, and editing it to remove the clutter. The other reason I like git is that if he used it and I merge a commit from him, then the code stays credited to his name in the commit log, it allows me to have his code without ‘taking ownership’ of his work, it allows everyone to be credited for what they did, and I think it’s the first thing to have for an open source and community project.

    The reason why I said his code could crash is because his payload got too big and couldn’t fit anymore in the allocated memory we have in the kernel (1296 bytes), so he decided to just move the code to a random position (0x7fff000 I think). This means that his payload will work as long as no application, game or kernel allocates memory which ‘randomly’ ends up in that area.. if it does, then the payload would get overwritten and the kernel will crash. The proper way of doing it (PL3 does that) is to allocate memory during the initialization of the payload, copy the functions we want in that memory that we own, and write those functions to be position independent so they would work no matter where they are placed in RAM.

    Another reason is the way his syscall8 works, I tried to read his assembly and reverse engineer it, and I seriously was lost and couldn’t understand what was happening.. there are no comments (you’ll notice that my payload has a comment on almost every instruction), so how can I integrate his syscall if i don’t even know what it does… if at least it was on git, I could see the commit messages and understand what each chunk of code did, but he doesn’t use git, so…

    The way he fixed the controller issue was also not very good, he patched two offsets to jump to a function that decides on some kind of enum on what response to return and you controlled that with his own system call 8.. why do something like that? it makes the fix dependent on people using this new syscall, and it’s useless when you can just patch it directly to return the right value.

    I also didn’t like the fact that his code became a mess that is 3.41 independent, and it would have taken a huge amount of work just to try to make it work again on 3.15. I already spent time cleaning up the payloads and making them work for older firmwares, so why fork and write code that doesn’t integrate that, it just makes collaboration harder.

    There’s also the whole syscall 35 versus 36 issue, but that has nothing to do with his payload since I added sc35 after he released his payload. It’s not about his payload being bad because it doesn’t support it, it’s simply about PL3 having a ‘superior’ (if I may say so) system call. What it means for users? nothing at the moment, maybe it will be used for doing fancier stuff later on, maybe you can map a game to your bluray and a different game to /app_home, that could be useful for users, but for now, it’s simply more flexible and cleaner code.

    There are many other small things that I didn’t like, but it mostly just summarizes to “the code is not clean and it’s unmaintainable” and “he doesn’t use git”. Like I said, if you don’t care about that, then I see no reason for you not to use his payload. It doesn’t mean either that he’s not skilled, it simply means that he may lack experience in code sharing and experience in open source. But that doesn’t make his work any less valuable.

    I hope this clears things up a bit. I criticized his work, said what I thought of it and people over reacted, I wanted to make sure people didn’t misunderstand me, and didn’t think I don’t respect Hermes for what he’s done already. Everything else is just drama and people trying to get attention.

    If this post stirs up even more trouble, then so be it, I don’t think I have much more to say. I said what I think, people should take it or leave it. I do not however tolerate people insulting me for no reason at all. So please, criticize me all you want, just stay respectful.

    Thank you,



    A word of warning, any stupid posts, flaming either KaKaRoTo or Hermes, will be deleted, if you don’t have the brains to understand either of their work, dont bother posting insults, both these guys have done amazing work in the scene, so show them some respect, it gets a tad boring looking at forums, reading posts from ignorant people flaiming one of the devs.

  • Posted by Pirate , on 16/10/2010 , @ 07:13pm


    We reported yesterday of Hermes leaving the scene because of cloners, today he has released the final release of his PSGroove. (more…)

  • Posted by GregoryRasputin , on 15/10/2010 , @ 07:34pm


    Spanish Ps3 Dev Hermes, seems to have left the PS3 scene, due to a PS Jailbreak clone, using his name, it dosnt only use his name, but also uses the name PSGroove, a quote from PSX-Scene.

    The now famous Spanish hacker from Elotrolado has decided to quit the “scene”!

    When he saw that dongle he said (in spanish):

    Originally Posted by Hermes
    Esto debe ser una broma de mal gusto

    No solo se aprovechan del trabajo de los sceners, si no que encima tienen el descaro de tomar mi nick como referencia de un producto, que ya aviso que yo no tengo nada que ver con ellos. Pues si eso es lo que quieren, adelante: que vendan sus clones y se aprovechen todo lo que quieran, que yo paso de mantener a esta gentuza y aunque lo sienta por otros, aquí acabó mi aportación a la scene de PS3.


    Maybe you’ll need a translator to understand all correctly.

    Originally Posted by Google Translator

    This should be a sick joke!

    Not only take advantage of the work of sceners, if you have the nerve up to take my nickname as a reference to a product, and notice that I have nothing to do with them. Well if that’s what they want, go ahead! Selling their clones and seize whatever they want, I happened to keep the riffraff and although I feel for others, here ended my contribution to the scene of PS3.



    The Clone

    I personally don’t think he has left the scene, i think he made the post out of anger, i thin k that due to this, that the story has been taken out of context.

  • Posted by Pirate , on 15/10/2010 , @ 08:37am


    Confused on which HEX/PSGroove to use? Hermes? Waninkoko? Mathieulh? Lets use all three, the folks over at PS3ITA have released a compiled hex for various boards that brings Hermes v3 + Retail PKG installsupport +  Game Updates fix all in one  these are the latest HEX files so you should be using THESE if you have not upgraded your boards/device in a while.

    Download the file for the HEXs below (props to PS3-Hacks and PSX-Scene for compiled lists)

      • AT90USBKEY (AT90USB1287)
      • Minimus AVR USB (AT90USB162)
      • Maximus AVR USB (AT90USB162)
      • Olimex (AT90USB162 8Mhz)
      • Teensy 1.0 (AT90USB162)
      • Teensy++ 1.0 (AT90USB646)
      • Teensy 2.0 (ATMEGA32U4)
      • Teensy++ 2.0 (AT90USB1286)
      • AVRKey (ATMEGA32U2)
      • TI-84+ Calculator
      • PSFreedom
      • P3Hub1
      • P3Hub2
      • PIC18F2550
      • OpenKubus (ATMEGA16U4 8Mhz)
      • iPod Nano 1G
      • iPod Video 5G
      • Arduino Duemilanove
      • Arduino Mega

        Feel free to PM your updated source for this and I will add to download list/link.

        [DOWNLOAD PSGroove v3 HEX]

      • Posted by Pirate , on 10/10/2010 , @ 11:27am


        PS3Hax member NZHawk has released another app known as the, Awesome Peek Poker. . To quote:

        What is it? Awesome Peek Poker is a hombrew application that allows you to view/edit the lvl2 memory on the PS3 during runtime!

        What for? Well, we can then apply patches to the memory. Things such as Hermes controller fix, PSN (Need the offsets) etc.
        I presume as we find out more about the PS3 and lvl2 there will be more patches shared with the community.
        And to begin with, why wouldn’t you wanna play with the ram!?

        Note: Pressing square to dump lvl2 will save the dump to “/dev_hdd0/dump.bin” please use the ftp server app by blackbox or use Comgenie’s Awesome File Manager to copy this off to your pc. Please delete an existing dump before dumping again! It will increment to the file >.<!

        Yes, there are a lot of bugs at the moment. But the core functionality is there! I released this ‘early’ due to school work taking priority for a few days.

        You can grab future updates, and initial download release at his blog HERE.

      • Posted by Pirate , on 10/10/2010 , @ 10:16am


        Spanish hacker Waninkoko has released a modified version of PSGroove that allows us to now install retail PKG on to your jailbroken PS3. We were able to do this before, but it required converting to PKG’s, now all you have to simply do is copy it to your PS3 and install them as you did for debug packages.

        You can grab the source and HEX below, of course now we have to wait for many and many ports to be compiled, so post away your compiled links below and I will update the list here. I have not actually had time to personally test this, but try it out and let me (and others) know your results via reply as well.

        [Download Waninkoko PSGroove Source]
        [Download Waninkoko PSGroove HEX for USB Boards]
        [VIA Teknoconsolas]

        Port List:

        TI-84 Calculator

      • Posted by Pirate , on 08/10/2010 , @ 06:25pm


        The folks over at Elotrolado have modified Jurai2′s Sexy Manager to “Flex Manager”, making the interface similar to Netflix, except instead of movies, its your PS3 games stored on the HDD.

        Game covers should be placed in the following directory: /dev_hdd0/games/OMAN46756/covers/. They should be 348×400, title needs to be that of the game ID, and PNG reportedly does not work. This is compatible w/ v3 Hermes.

        You can grab more information at the soruce:


        Thanks to Samson for the tip

      • Posted by Pirate , on 08/10/2010 , @ 09:47am


        Here are more ports for Heremes V3 port: (more…)

      • Posted by Pirate , on 08/10/2010 , @ 09:35am


        Here is a massive update on the Hermes V3 port (split in various news posts). You can find tutorial for most of these devices in the tutorial section. This one here is for the iPhone 2g/3g, iTouch tutorial below.

        iPhone Hermes 3 Jailbreaking:

        iPhone/iTouch (Modified iPhoDroid image, download iPhoDroid here.):

        Note that your iPhone must be jailbroken with RedSn0w, reports have it that blackra1n does not work properly.

        Video Tutorial:

        iTouch Hermes Jailbreaking:

        iTouch users have to take a slightly longer route as iPhodroid does not work with this device.

        Download Heremes 3 iTouch:


        Please drop me a PM if you see anything wrong with the tutorials, I have not had time to test this personally.

      • Posted by Pirate , on 07/10/2010 , @ 10:11am


        It seems that Medal of Honor require FW 3.42 to play on the PS3. If you deny the update you are thrown back into XMB. But no worries, thanks to mikerock98 a bypass is available, and is quite simple :) (more…)

      • Posted by Pirate , on 05/10/2010 , @ 02:39pm


        Hermes has released v3 of his PSGroove out to the masses. His newest updates bring plenty of snazzy features, to quote: (more…)

      • Posted by Pirate , on 02/10/2010 , @ 11:18pm


        With all the new PSGroove payloads, and backup managers coming out its quickly becoming a blur on which is the hottest “PSGroove version” to be using. Well thankfully wanapaki from Elotrolado has released the the compiled Hermes v2 payload for many different boards.

        You can download the HermesV2 payload, and various other payloads for various other boards below:

        [Source: Eltrolado via PS3-Hacks]

      • Posted by Pirate , on 30/09/2010 , @ 08:19pm


        Another update  is out by the Spanish hacker Hermes, this time he has updated his original Hermes v1 PSGroove paypload to version 2. The newest payload supposidley fixes the controller issues with games such as F1 2010 and Street Fighter.

        To quote (translated):

        Useful information by Hermes Yesterday 19:09

        Looking looking, I’ve noticed where the problem that makes the game Formula1 2010, does not recognize the controls. This is a patch which is not its function, but removing it, I have not noticed anything unusual: perhaps a sort of check related to the modules that has USB and F1 games like this, do not recognize the command. Perhaps it is only relatively necessary in the initialization process and then beaten.

        Anyway, I uploaded an update to the source, but does not include that set off the patch, if marked with a warning (see line 169) and includes a define to disable the USB and also another DESTINATION, which states the address where the code is installed (and added a new patch file, if it stayed in another place)

        Here I note that we have a table (memory_patch_table) that is about to address 0×700710 (because we needed space) and that concerns me, because it may be crushed at any time if new modules are loaded (such may be best off finding another site or directly load the payload in another direction more convenient, at the end of the kernel (I’ve done this and it has worked, as it has worked to put the code in the DESTINATION so low that it appears aside in the source, but the same is not an appropriate place, of course)

        The fact is that there is another way to override the patch using the POKE role in eg open_manager:

        void pokeq( uint64_t addr, uint64_t val)
        system_call_2(7, addr, val);
        pokeq(0x80000000000505d0ULL, 0xE92296887C0802A6ULL);

        Adding that code to any program, you can disable that patch that prevents the proper functioning of at least F1 2010, without touching the payload.

        Requires that if your “spike” has the functionality peek / poke, because otherwise it will not work.

        The source of the second version you can download the first thread, but you know that it is not necessary actualicéis your “thorn”, as the modifications are more source code to allow the payload to carry any other direction.

        PS: I included hex teensy version with at90usb162.ñ In my case I use two LEDs, but that should be a issue!


        You can grab the latest update at the news source HERE.

        Thanks to mupet000 for the tip.

      • Posted by GregoryRasputin , on 24/09/2010 , @ 07:27am


        A few days ago i reported about the HTC Desire Recovery Mod by Klutsh, well Amon_RA has released his own version for you HTC Dream owners, a quote from the source:

        This is a custom recovery specifically for PS3 owners that want to run PSFreedom.
        PSFreedom was written by KaKaRoTo to implement the original PS Jailbreak exploit, based in part on reverse engineering efforts by the PSGroove project.

        The only firmware that is currently compatible with PSFreedom is 3.41

        Features :
        Default Android features :
        ALL features of my recovery for the Dream are supported (including ABD and Mass storage toggle).

        PSFreedom :
        A new menu-item called “- Run PSFreedom” can be found in the main menu.
        The menu-item will lead to a submenu allowing you to choose different payloads and even a test shellcode :

        * No Blu-Ray emulation (Hermes) : This is a modded PSGroove payload, which allows you to play backups without the need of a BluRay disc inside the PS3.
        * Blu-Ray emulation : This is the standard payload with Blu-Ray emulation support, which allows you to play backups.
        * Homebrew only : This is the standard payload without Blu-Ray emulation support. It does not allow you to play backups.
        * Blu-Ray emulation + peek/poke : This is the same as “Standard payload with BD-Emu”, with additional peek and poke system calls. It is based on the PSGroove payload. It is only needed by developers.
        * Homebrew only + peek/poke : This is the same as “Standard payload without BD-Emu”, with additional peek and poke system calls. It is based on the PSGroove payload. It is only needed by developers.
        * Test only shellcode : This is a test only shellcode that will force your PS3 to LV1 Panic (beeps, shuts down and blinks the red LED). It is useful to debug whether the shellcode gets executed or not, independently of the content of the payload.

        Usage on PS3 :

        1. First shut your PlayStation 3 down and then flip the power switch in the back to off (on Slim models, unplug the power cable). Disconnect all USB devices (controllers, USB hard drives, etc.) from the PlayStation 3.
        2. Boot your phone into recovery mode, select “- Run PSFreedom” and choose a payload.
        3. Now, plug your Dream into one of the USB ports and flip the PS3′s power switch back to the on position (or plug it back in). Do not turn the PS3 on with the power button yet.
        4. For the next step, timing is important. You will need to push the power button and then almost immediately after press the eject button, as if drumming your fingers across the two buttons. When you are successful, the PS3 will take a bit longer to start up.
        5. When XMB loads, under the “Game” menu there will be two new options, ★ /app_home/PS3_GAME and ★ Install Package Files. Congratulations, you’ve jailbroken your PS3. You’re ready to install homebrew applications.

        Installation on phone
        This recovery can be installed on any Dream, independent from the rom. Please follow the installation instruction of my regular recovery.