Welcome to PS3Hax, your official PS3 hacks, PS3 Homebrew, and PS3 Downloads scene. Check back daily to keep up with the latest PS3 Hacks and drop by our forums for more PS3 Hacks discussions.
  • Posted by Pirate , on 12/11/2010 , @ 09:02pm


    SKFU is still in the scene, and has released another app today known as the PSN tool. To quote:

    Feature list:

    - Patchscan in 45(!) PSN environments
    - Range & Bruteforce scan
    - Direct PKG file download
    - PSN Registration
    - Store Collection
    - User Info
    - User Trophy Info

    User Info & Trophy Info Details:

    To use those features you require keyfiles. For doubts about the legal situation we won’t include those in the download package.

    To get information/trophies about the user of your choice, enter his/her nickname in the “Input nickname here…” field, choose the region he lives in via the table next to it (USA/EU/JAP) and press “User Info” or “Trophy Info”.

    If we find the time we may release an update as there still a lot on the TODO-list:

    1) Implement PC<->PSN chat
    2) Search patch by gamename
    3) Show game rating
    4) Official PS3 Store via PC
    5) …


    Be sure you have installed:

    - Visual C++ 2008 Redistributables
    - OpenSSL 32Bit or OpenSSL 64Bit

    MIRROR 1
    MIRROR 2

    Have Fun!

    - SKFU & iQD

    [VIA SKFU Blog]

  • Posted by Pirate , on 11/10/2010 , @ 10:07am


    SKFU updated his blog with more information from the news we posted yesterday.

    To quote:

    All information should be free. So here another part of the Custom Firmware research.

    My previous post already explained some changes they enable. One nice one I didn’t mention yet is, that it activates the Debug Options.

    The options are enabled now, just the icon is missing. But there is a different way you can handle them. As we already knew, the xregistry.sys (dev_flash2/etc) stores all actual settings.

    With the changes mentioned in last post, if you tried those; you may have noticed a debug message in the upper right corner. This actually proves the debug options are unlocked to use.

    Just extract the xregistry.sys now and find the debug options. Activate them with a 1 instead a 0. I didn’t test all so far, but seems most is fine.

    Needa give credits to iQD, KrisAbsinthe, Stoker25 and Comgenie.

    - SKFU

    [VIA SKFU Blog]

    Thanks to noddy4life for the news tip.

  • Posted by Pirate , on 10/10/2010 , @ 03:14pm


    SKFU is still alive and kicking, and working on some pretty neat stuff. His latest project is what we all are eagerly waiting for, PS3 custom firmware (CFW).  SKFU, replaced firmware files with same files from v3.41 Debug and PS3 still work with the new integrated options. (more…)

  • Posted by GregoryRasputin , on 25/08/2010 , @ 06:16pm


    Yesterday, we reported here, that Spanish PS3 Scene Developer DemonHades had his website compromised and several of the files that resided on his server, were leaked and posted as one of his blog posts, unfortunately the files that were leaked were sensitive Sony files, that were illegal for DH to have, he claims that they weren’t his files, and stated that the hackers uploaded the files, to get him into trouble.
    Nobody knows for sure who hacked the DemonHades blog/forum, some claim it was the other scene devs he was publicly blasting and others think it was DH himself, that hacked his own blog, these are all just queses though.
    Long time PS3 Scene Dev SKFU(StreetskaterFU) has posted his theory/opinion, on his own blog, this is what it says:

    DemonHades - Victim or Offender ?
    Recently I talked to DemonHades, about the current situation of his blog and forum. As we all should know right now, it was hacked several times this month, the SQL DB of the forum was spread online and finally SONY internal LV3 documentation files were linked on the frontpage.

    Did DemonHades leak those files because he was mad or did the hacker put the files online to lead the community in a wrong direction against DemonHades, to finally let him shut up?

    DemonHades personally told me he had nothing to do with the leak. Neither I see a reason why he should do this. The forum/blog will be back as soon as he fixed his server issues.

    So why this attacks, which seem to be a private conflict between someone who wants DemonHades to give up and Demonhades himself?

    At the moment DH works together with Team Jungle (known in XBOX scene as drive hackers). The most recent conspicuous event was the PSJailbreak, which seems to be a direct enemy of team Jungle’s and DemonHades’ BD Drive Research. Maybe members of the PSJailbreak team are behind the attacks? Imagine your own opinion.

    Similar fights were and will always be part of the scene. Not everybody can be friends, I guess.


    These are just one persons thoughts/opinions, they are not fact, so read of it as you may.

  • Posted by Pirate , on 22/08/2010 , @ 06:57pm


    A hacker, whom wishes to remain unnamed, has released a PS3 Package GUI @ SKFU’s blog.

    To quote:

    The PS3 PacKaGe GUI is used as graphical extension for the make_package_npdrm.exe of SONY’s official PS3 SDK to let it look more user friendly. Perfect for people who want to make a first touch with their PSJailbreak stick @ PS3 development. The confidential SONY file mentioned above is NOT included! Get it your own way.

    [Download PS3 Package GUI]

  • Posted by Pirate , on 20/08/2010 , @ 11:41am


    Unless you have been sleeping under the rock for the last 24 hours, you most likely heard about PSJailbreak modchip which allows backups to be booted on PS3. Demonhades and SKFU provide their thoughts on PSJailbreak below:

    SKFU (via Blog)

    I just tested the software they uploaded and can confirm it works so far.

    I can tell a bit about the backup manager. It seems the software uses bd_emu features to manage the backups. The HDD to use, should have a modified bd emu format, which sets all backups on first position, so the PS3 detects ‘em all. Then you can choose the image to boot via the manager.

    To directly copy and boot a game, the software would need to decrypt all layers on the fly. Meaning it decrypts all executables somehow, else it won’t run. Even on a debug unit.

    The hardware look like a copy of the original PS3 jigstick, used in SONY service centers to repair broken PlayStation3 SKU’s. Someone internal leaked or sold a stick, so they had the chance to reverse and clone the hardware.

    The stick should boot before the normal firmware does, so it’s hard to patch it. Maybe SONY could update the bootcode to prevent it, set it to a revoke list.

    By the way, in all videos they use debug PS3′s to run the software. There is no video showing the actual process booting on a retail PS3 afaik. So I do not confirm that this is true, yet!

    If it’s as true as it looks this time, good job guys!

    Demonhades(via Blog)

    Well I see that recently raised a stir is mounted by a chip of course to load backups from a pendrive, at first glance one might say it’s fake if we did not know of studies conducted years ago and let us see many more hidden things that not all users can understand, in this case we speak of the card jig, the jig is used by the card sony sat for maintenance and restoration in ps3.

    In short, this jig card has been removed from the payment sony sat.. so now try to expand the money spent only and once recovered the money spent in obtaining this device the reproduction and cloning of the device will be imminent.

    When I saw the body of the above, first I noticed that the sample vsh known and used parts of a debug.. and of course if one is launching retail which does not make much sense, could only think one way quickly- THE CONVERTER RETAIL TO DEBUG.

    This converter is thought to sony and service for devs have this jig card (aka USB dongle), allowing this USB is that:

    Releasing the boot ini dev_usb0 and a sequence of buttons that change the state of syscon as we launch the initial boot usb dongle, then interprets the bootstrap and load the necessary files from the dongle itself temporarily leaving the ram doing a false reboot.

    According to the store have told the seller, no residue on the PS3.. so it fits the above description.

    The idea is quite clear gentlemen, emulates the fw of trm syscon and we have a debug interprets loading the kernel debug and providing all the features to debug vshmain time, this results in loading unsigned code.

    This allows us as I mentioned months ago to launch pkgs from ubs, since it has a browser for managing them.

    The official BDEMU disk loading before you activate the mediatype BD and then run the loader to the channel of communication with the real reader would be closed and only would use the BD-emu, emu and the bd can not share the same channel communication.

    In this case to remove the layer is used to extract cellftp to an external source of filesystems without pre-decoded and converted to debug layer.

    Executables can be created with the sdk, and generated their own loader which removes the layer of encryption (this if it will extract the discs, not linux), then the PS3Gen (published as a matter of 1 month) can be create iso patched with valid soft.esto itself mean that everything is made in the PS3 SDK (emulators, applications, etc) will be loaded without problems, as we are doing the same as the 360 with jtag hack it uses a core debug.

    The loader is loaded by the execution path that recognizes the actual application manager, loaded via app.




    In short, PS3 has fallen to the very tools you use in your SAT Sony… that if Sony can plug it into the next update.. just have to cancel the initial boot usb to close the bar, because the boss is syscon.

  • Posted by Pirate , on 20/06/2010 , @ 07:45pm


    Update: This is not an exploit, it will not lead to any actual hombrew.

    Esteemed reverse engineer SKFU is at it again, he has released an Exploit Loader and a hello world.

    Here is a quote from his blog:

    So here is the result of the simple idea. The first code which is 100% PS3 only compatible. No flash, no bd-java or similar.

    This is a beta version of the POC as I’m too tired to finish it now but I don’t wanna’ let you wait so long. Here you go:

    How 2 Use:

    1. Install loader.p3t like a common theme file.
    2. Put loadme.fu on an USB stick’s root dir.
    3. Insert USB device into any PS3 USB port.
    4. Enable the the theme you just installed before.
    5. Hello World.

    How It Works:

    The PS3 theme file is able to load the loadme.fu script from any USB port. The script is executed. The “loader” is for future-use aswell to load any .fu files which I’ll release.

    Stay tuned for updates!

    - SKFU

    StreetskaterFU’s Blog


  • Posted by GregoryRasputin , on 19/06/2010 , @ 11:38am


    It is un clear what SKFU is working on, he posted an image on his blog, stating that he will explain all later.

    Alycan has created a thread on this subject, so click here to say what you think it may be.

  • Posted by Pirate , on 22/09/2009 , @ 05:47pm


    Sinnerman has leaked images of the PS3 JIG, and reveals that he and StreetskaterFU are testing the PS3 Service Mode. Not much information (or results) are available yet, but this is a sign of hope for homebrew on the PS3 after a very long time. The picture below is used to create registry files to finilze the PS3 JIG process (SVC-H3A306SS).

    [ViA QJ and Haxnetwork]

  • Posted by Pirate , on 14/09/2009 , @ 01:20am


    StreetskaterFU has released his Mail Check and Info Reader, a project that was in works (but no longer is). For those interested in picking up the project he is asking for help so feel free to shoot him a email (posted below).

    Original Post:

    Back in June, iQD and me worked on a PC client messenger to write with people who are online via their PS3 in the PlayStation Network. Well, the sad truth is: The PSN uses a token system which we could not reverse fully yet. The most is done server- and firmware-side so nearly impossible except we could decrypt and analyse several firmware .sprx files. Anyway, now we release 2 parts of the full cake which will be used in the full program, if it ever will be finished. If not, you still can use those both as standalone applications.

    The first: PSN Account Mail Checker

    The mail checker is used to find out yout real username used by the PSN to get more information about your account and login several services. Here you just select your region and enter your PSN ID. After, a XML file will be created which contains your “real” PSN server side username.

    The syntax is like this: [email protected]

    The second: PSN Account Info Reader

    After you executed the first application and received your mail-like username, you can start the second program. Select your region again and input your “username”. Another XML file will be created, containing your actual PSN-comment, your main languages, your PSN avatar etc.

    To prevent legal problems, we don’t provide any keys for functioning properly (don’t even ask for it). Anyway we implemented a function which allows you to try any key-file which should be named key.txt. Place the key.txt in the same folder as the both executables -> done. If it’s the correct one, the appz will work :)

    If you are good with networking and want to take part in the messenger project to finally get all working mail me: [email protected]

    CJPC has provided the to get the program to work properly you can view it here.

    You can download the files via mirrors below:

    (Linux 64Bit & 32Bit)
    Mirror1 // Mirror2

    [VIA SKFU Blog]

  • Posted by Pirate , on 09/09/2009 , @ 07:12pm


    It seems like StreetskaterFU is at it again, SKFU posts on his blog that he ran across a bug on the PS3 NAT test that allows you to dump random data from HDD and RAM.

    To quote from his blog:

    There’s a little “bug” in the PlayStation3′s NAT test which causes that you can dump random data from the HDD and RAM. Why exactly this appears; I don’t know, yet. But well, it is interesting.

    The way how to do it is pretty simple. Set up Wireshark on the PC and activate ICS (Internet Connection Sharing). Connect the PS3 with the PC via LAN and start Wireshark’s logging/sniffing feature on the LAN device. Now go to Settings on the PS3 and start a Internet Connection Test in the Network option. When the PS3 starts the NAT testing it will send default STUN packets together with several IP Fragments. Those both packet types will contain random data which the PS3 grabs from the HDD and/or RAM.

    There you go.

    [VIA SKFU Blog]

  • Posted by Pirate , on 09/09/2009 , @ 09:00am


    StreetSkaterFU has decrypted the new animated PS3 themes to see what they really are made, to quote from his blog below:

    A quick look at the new animated themes shows that they are not really different to the common themes. I just downloaded the free theme from the japanese store and decrypted the HDD again to see what is inside the package file. Well, it is:

    1. JP9000-NPJQ00006_00-0000000000000000.p3t.edat

    You see a normal .p3t file which is the same type of data, the old themes use. It is just encrypted as .edat file which is decrypted and installed on the PS3 on the fly after downloading it.

    2. PS3LOGO.DAT

    The default picture you see in any game when you press triangle -> information about the game.

    That’s all. Wondering if there will be a homebrew program to develop your own animated themes soon, or even a SONY tool like the one for the old themes?!

    - SKFU

    [VIA SKFU Blog]

  • Posted by Pirate , on 15/08/2009 , @ 09:25pm


    SKFU posted on his blog today that he discovered unencrypted SPU binary in the Def Jam: Icon demo (NTSC) for PS3.

    Quote from his blog:

    When I was bored yesterday I dealed with HDD decryption again and looked through the game folders on the decrypted HDD. The Def Jam: Icon USA Demo seemed interesting as it only works on US consoles. While looking for the answer I noticed a folder dj3-ps3-opt in /USRDIR/spu/. In there are several files like elf_sputhreads_apply.bin. I opened some files in a simple HEX editor and noticed that the files are not encrypted.

    Aswell it looks like a binary. It does not have the default binary header used by SPU .self files compiled with the SONY PS3 SDK. It may be compiled with a third party compiler or with the IBM Cell SDK. I did not check that, yet. Well, come back to check for updates regarding the research!

    - SKFU

    [VIA SKFU Blog]

  • Posted by Pirate , on 29/06/2009 , @ 10:02pm


    A few new applications were released recently for the PS3. ifcaro has released a update for his HDD Toolbox, and PS3 Update Extractor.

    PS3 HDD Toolbox v0.94is a program to facilitate the encryption and decryption of the hard disk of the PS3. Grab the download here.

    PS3 Update Extractor v1.12, is used to extract recent PS3 updates files. Download it here.

    RichDevX has also released a modified version of StreetskaterFU’s PS3 Trophy Scanner, it has various new improvements and is more user friendly (and potentially easier to use). Download it here.

  • Posted by Pirate , on 22/05/2009 , @ 01:21am


    StreetskaterFU came out with a new program today called “Trophy Scanner” v1.0.

    Basically what this program does is that it scans for PS3 game trophy related files like icons and the description files containing the missions to unlock a trophy and it’s status.

    StreetSkaterFU Writes:

    The difference between the application and all the public websites which have trophy lists is, that it also will find trophies which are not released to the press people, yet. So you can be sure this will find trophies directly when they are online, even before the journalists get the info :)

    You need Linux with curl installed in order to use this, more info available via SKFU’s Blog or download link below.
    [Download PS3 Trophy Scanner v1.0]