Just recently, the indestructible phantom we call the PlayStation 3 was finally hacked by the homebrew scene. In short succession, costly third-party hardware solution were replaced by virtually free, open-source DIY alternatives. Now everyone with a computer and some rudimentary technical skills (or this tutorial) can hack their PlayStation 3 and run unsigned software with it.
What does it mean for you? Homebrew (amateur) applications can be run from the PlayStation, with virtually no restrictions. We’re talking about GBA emulators, FTP servers, video players with support for more codecs and, sadly, also piracy. That leads us to this disclaimer.
DISCLAIMER – Jailbreaking your PlayStation 3, even if you don’t use it for piracy, might be illegal in your country. Sony definitely doesn’t like it, and might ban you from the PlayStation Network account if you aren’t careful. Jailbreaking is done by choice and your actions are your own responsibility, as are any repercussions.
In truth, if you want to jailbreak a PlayStation 3, it’s a lot less risky than it was to put custom firmware on your PSP. There’s currently no real risk for your PlayStation 3 (save for the applications you download), and now that the U.S. Supreme Court considers iPhone jailbreaking ‘fair use’, legal consequences are not very likely. However, piracy is always a crime. Play it safe and disconnect your PlayStation 3 from the internet while using PSGroove to squelch the chances of getting banned.
1. A Short Recap Of PS3 Jailbreak History
The people who cracked the PlayStation 3’s defenses decided to get rich and released it as a particularly pricey USB-stick. With the stick inserted, your PlayStation can be jailbroken upon boot. The company behind the PSJailbreak got sued and shipping was stopped in its tracks, but a few samples had already been given out. One of those samples ended up in the hands of a programmer with a USB sniffer, a device that’s stuck in between the USB device and USB port, and takes note of the conversation.
In virtually no time, PSJailbreak was reverse engineered and an open source clone was released online. This open source version, called PSGroove, could be downloaded and programmed on a USB device for virtually no money, and worked the same as PSJailbreak, albeit with back-ups disabled in an effort to prevent piracy. Being open source, it didn’t take long for the back-up functionality to return.
2. How To Use PSGroove
- PlayStation 3 with firmware version 3.41.
- A PSGroove-compatible device.
As mentioned before, PSGroove works by programming a USB device and plugging it into PlayStation 3 with firmware version 3.41. Programming is not the same as copying files on it, so you’ll need a PSGroove-compatible device. Note that this method currently requires PlayStation 3 firmware version 3.41. If you’re below that, you’ll have to update manually. Otherwise, you’d best stop where you are and hope the homebrew scene catches up.
A hard reset and short succession of the power button and eject button will boot your PlayStation 3 in jailbroken mode, with the ability to install homebrew software. PSGroove actually uses a heap overflow attack which ultimately allows unsigned software to run. A more elaborate explanation can be found .
The beauty is that a simple reboot will return your PlayStation 3 to its natural state. Only this specific start-up sequence will give you a temporally jailbroken PlayStation 3. The downside is of course that you’ll need to plug in the PSGroove USB device every time again. Although PSGroove can be programmed on the Android, iPhone and even the PSP, this is highly unpractical, not advised, and will not be covered in this tutorial.
Your best option is to buy a PSGroove-compatible USB board, as shown below. These cost roughly $20 and can be left plugged into the back of the PlayStation 3.
Recommended USB Boards
- Teensy 1.0 & Blackcat (at90usb162 & 16MHz)
- Teensy++ 1.0 (at90usb646 & 16MHz)
- Teensy 2.0 (atmega32u4 & 16MHz)
- Teensy++ 2.0 (at90usb1286 & 16MHz)
- AT90USBKEY (at90usb1287 & 8MHz)
These boards can all be used with all operating systems and are by far the easiest to use. Alternative USB boards can be found on the PS3News forums.
3. Programming The USB Boards
All links in the article use Hermes’ branch of the PSGroove code, as it’s currently the most recent version. This branch supports booting backups without having a Blu-Ray disk inserted, but you still have to use the Backup Manager application to free backup functonality. As this article dates, it’s advised to Google, check the PS3 News forums, or PS3 QJ.net for new, more recent branches. The steps detailed below remain the same.
There are two ways of programming the USB board. The first and most conventional method is to adjust the PSGroove (Hermes) source code to fit it to your board. If you’ve got one of the boards specified above, these alternative MAKE settings can be easily found on the internet.
A more convenient way is to find the (already compiled) board-specific hex files. In a matter of minutes, these can be written to your USB board. No matter your operating system, hex application or USB board, the steps are the same. Connect your USB board, use the hex application to navigate to the corresponding hex file, and write it to your device.
This download only includes the HEX codes for the boards mentioned above. A Google search will yield the HEX codes for most other boards, though.
3.1 – Teensy Loader
The Teensy boards mentioned above use a different application, Teensy Loader. It’s available for all major operating systems and incredibly simple to use.
Connect your USB board to your computer, press the small black button at the end of the board, and open the Teensy Loader application. Consequently select File -> Open HEX File and Operations -> Program. That’s it!
3.2 – FLIP Tool or DFU Programmer
The AT90USBKEY board needs a different application, called FLIP tool, only available for Windows and Linux. Mac users can use DFU Programmer instead.
With Atmel Flip, press and hold the RST button, then press the HWD button. Release the RST button first, and then the HWD button. If Windows asks for a driver, point it to the USB folder inside your Flip application folder (e.g. C:\Program Files\Flip\USB ). Launch the Flip application, and select your device. Click the USB icon and select USB. Now select File -> Open and locate your HEX file, and subsequently click on Erase, Program, Verify and Run. You’re all set.
That’s it. Have you jailbroken your PlayStation 3 yet? Let us know about your experiences below.