Thread: Guide on JailBreaking a Demo PS3
11-19-2010 #1Haksam Guest
Guide on JailBreaking a Demo PS3
I know I might be a little late on the show, and people might have given up hope with their demo ps3's and sold them off so I hope its not too late.
Will post a guide soon including the demo update firmware 3.41 PUP which took me hell to search for.
so here's a preview of it.
- Join Date
- Apr 2005
I'm sure this will help some people with Demo consoles, as several have asked in the help section for the 3.41 Demo Firmware and nobody archived it so cool news indeed and +Rep.
11-19-2010 #3Haksam Guest
PS3 Kiosk/Demo Jailbreak Guide
I am not responsible if you fail to follow simple instructions and somehow bricked your ps3, or your own hand etc etc
What this is?
Its a quick starter guide for those who currently, have bought or given a ps3 demo unit and have no idea on jailbreaking it.
It also applies to normal ps3 owners who has no idea how to jailbreak and wants more info on this subject but this guide is specifically focused on PS3 demo units alone due to its different nature from retail and there are A LOT more guides out there for a standard ps3 console compared to the demo units.
I hope you enjoy reading from starting to finish and found it helpful
There are four simple steps involving lots of reading and understanding to becoming a successful ps3 kiosk/demo jailbreaker
Understanding the concept of PS3 Jailbreaking
If the user understands the concept of jailbreaking an iphone, or rooting an Android phone, then it should be easy to grasp immediately. It basically gives us a sort of "superuser" access to the system to run and install custom files that aren't approved by Sony. The most popular function of a jailbroken ps3 is the ability to rip your ps3 game and force the console to run the game fully from the harddrive, whether internally or externally. However, PS3 Jailbreaking is NOT PERMANENT and must be jailbroken again after every power cycle.
There are 3 most prominent forms of ps3 jailbreak that I know of,
PS3 Jailbreak, which was the original release, sold in a nice usb stick under its household name - PS3 Jailbreak. The development and updates are in-house and this company aims to provide a good and straightforward solution for a price.
PS Groove, which is an open source project borrowing the same concept applied from the original release and enables more flexibility in terms of hardware choices and gives the user the ability to program a jailbreak device themself. No one is SUPPOSE TO profit from this project but theres no stopping any company from trying.
PS Freedom, another major port from PSGroove headed by Kakaroto, which aims to support a lot more household electronic gadgets (mainly smartphones) that one may own, eg. iPod Touch, iPhone, Android phone etc.
For both PS Groove and PS Freedom, we rely on either of two different payloads that inject the exploit into the ps3 via the USB port,
Hermes or PL3
Both function the same but might offer different compatability with certain games (some games might not load from the HDD if the user is using a PL3 jailbreak)
The Teensy USB Development Board (pjrc.com/teensy/) is the most popular choice for homemade PS Groove device to inject either of the payloads mentioned above. There are many other clones out there but these are the main ones that most people obtain. They are easily re-programmable.
Hardware and sofware requirements
1 - PS3 Demo console
2 - USB Development Board
3 - Windows XP computer/laptop
4 - USB flash drive or hard drive with FAT32 partition
1. a ps3 demo unit with firmware 3.41 or below
*how to tell if its demo or retail and version?*
when you power on your ps3 from the switch at the back of the console, it will go to standby mode and only a red light should appear. Demo ps3 units will always automatically turn green and boot up immediately. After boot up on the main screen, at the bottom right, there will always be a message box saying "Playstation 3 Demonstration Firmware x.xx" where x.xx is the current firmware.
|-=STOP=-| right here, if your ps3 demo is 3.42 and above as I cannot help you at the moment. There are no jailbreaks at the moment that can go beyond 3.41, especially on demo ps3 units.
2. a choice of different USB development boards that YOU WILL NEED to obtain on your own.
Here's a list of boards that will work with the 3.41 demo ps3 exploit (courtesy of Mark Webber):
bentio at90usb162 16mhz
blackcat at90usb162 16mhz
maximus at90usb162 16mhz
minimus at90usb162 16mhz
olimex at90usb162 8mhz
teensy at90usb162 16mhz
teensy at90usb646 16mhz
teensy at90usb1286 16mhz
teensy atmega32u4 16mhz
usbkey at90usb1287 8mhz
usbkey atmega16u4 8mhz
usbtinymkii at90usb162 16mhz
xplain at90usb1287 8mhz
ok the above list looks horrible and confusing for anyone that is new. Basically, teensy, olimex, blackcat etc. just treat them like branded items that is using similar components sourced from the same manufacturer.
(If anyone is familiar with smartphones, here's my analogy again: blackcat, olimex, teensy = HTC, Motorola, Samsung and at90usb162 = Qualcomm Snapdragon QSD8250)
So lets streamline it to the most common models,
the letters AT depict a company name called Atmel followed by the model number. If you have a browse at the immense number of modchip suppliers, they will always have one of the above. If not, shoot them an email asking if they have any of the above (and it is ok to pick the cheapest one and any brand name is fine). As an example, I did not manage to find a Teensy board but a different brand from an online supplier,
*refer to the picture attached below*
I have no idea what the differences are in mhz but just keep in mind that there are only 2 known variants, 8mhz or 16mhz and these specs are important for you to remember. So for e.g. the device that I purchased shown in the picture, it is known as a AT90USB162 8mhz. It is imperative that you know your board model and type immediately, if not ask anyone here to identify for you.
3. a computer to program the USB board. I DO NOT recommend a windows 7 machine clearly because it did not allow me to install my USB board. If you have a laptop or netbook with windows xp, that would be the best.
In Windows XP, go to any folder, Tools->Folder Options->View and uncheck the box "Hide extensions for known file types"
why laptop? in my experience of flashing phones and other gadgets, the experts always warn of a power surge or failure from your main outlet and that may cause a "brick" on your poor device if it failed to flash completely, a laptop with a charged battery will prevent that from happening. Anyways, its not a necessary step, it is up to you.
4. USB flash drive or hard drive
USB flash drives are so dirt cheap these days theres no excuse for no access to one, 250mb or 512mb is more than enough.
Make sure it is FAT 32 partition
if you're not sure, plug it in, go My Computer and right click on your device and go Properties to check. You can format it to the correct partition from the right click menu as well.
Moving on to collecting all the software needed.
1 - 3.41 kiosk firmware
2 - Atmel FLIP software
3 - PL3 Payloads by Mark Webber
4 - Gaia Backup Manager (to rip and load ps3 games)
1. First and most important is the rare 3.41 demo firmware update file for your ps3 demo. Why is it rare? Sony stopped hosting old demo firmwares, and most jailbreaking sites hardly talked about demo units,
only retail units get the limelight. If you do not believe me, you wouldn't be bothered reading this guide
so here it is, in multiple hosting sites of your choice (courtesty of 100x100playstation.it, love them guys i could kiss them),
PS3 Demo 3.41 firmware: http://www.multiupload.com/2RMGONVY91
Extract the zip file. The folder structure will be IDU_IDU341\PS3\UPDATE
Inside the update folder will be a file called PS3UPDAT.PUP , which is similar to retail update pups. Do not worry, this firmware has a completely different MD5 checksum
To make sure that you have downloaded the file completely, it should unzip with no errors.
If you have a MD5 checker, the checksum of the PUP is 561B924D2B388FB920F3F7AB12C679CA
Copy or cut the PS3 folder into your USB Flash drive/hard drive.
2. Next is getting the Atmel software for your USB board. All Atmel chipsets, the ones beginning with AT can use this software called FLIP. It is available from Atmel themselves,
Atmel FLIP software: http://www.atmel.com/dyn/products/to...p?tool_id=3886
To be thorough, pick the one with JAVA runtime included and install it on your windows XP computer/laptop.
3. The PL3 payload edited by Mark Webber for various usb boards, specifically made for PS3 demo units (courtesy of Mark Webber),
PL3 Kiosk 3.41 payloads: http://www.multiupload.com/SALSJ3CWX6
extract it and you will get a main folder called "kiosk 3.41 PSGroove hex files". Inside this folder will be a lot of .hex files. Don't worry about it for now.
4.Gaia Manager 1.02 RC 3
This back up manager works immediately the moment I tested it, you can argue theres better ones out there, but I am merely providing this as a start, the choice is completely yours as I have not tested the other managers.
GAIA Manager 1.02: http://www.ps4news.com/forums/attach...chmentid=25678
extract it and you'll get a file named UP0001-GAIA01985_00-7679866932773369-BDRIPS.pkg
copy and paste this .pkg file in your USB flash drive.
Installation and setup process
Place the PS3 folder inside the root of any usb flash drive. So in your usb drive main screen, there should be a PS3 folder and its structure should be PS3\Update\PS3UPDAT.PUP
In your demo ps3 unit, I assume you know your unlock code for its current firmware version, if not look here: PS3 demo unlock codes
Fire up the ps3 demo, unlock it and insert your usb flash drive containing the ps3 folder.
Go to settings tab and on top select system update and pick update from storage media, it should detect the new firmware immediately and asks whether you would like to update to 3.41, yes on everything and
wait till it is complete (don't go crazy and switch off the ps3 or something lol)
Once the PS3 restarts, it should be on demo mode again and at the bottom it should say "Playstation 3 Demo Firmware 3.41"
Alright, half the puzzle is completed.
Next is programming your USB board.
Fire up the Atmel software and follow the excellent guide here
Atmel USB PSGroove guide: http://www.dukio.com/ps3-jailbreak/t...ntrollers.html
You are looking on how to create your own PS Jailbreak? Well, i have found a tutorial to install this little piece of greatness in Atmel USB PCB Controllers, credit to grecomafioso.
So when you want to install the devil, you need download it. Just go to the official download site for PSGroove http://github.com/psgroove/psgroove and download the PS Groove HEX file, psgroove.hex
Done? Ok, so we need one of these USB pcb controllers, it is very easy to find it online, just use your favorite search engine. You know what is search engine right?
Alright, so lets get started.
Device Firmware Upgrade
When you received your very own AtMel USB PCB Controller, the first thing to do is to load the HEX file into the on-chip flash memory of your microcontroller. The “Flip” Software is the tool been used to upgrade the device firmware (you can get it for free at USB CD-ROM or Atmel Website).
You must follow these steps carefully and should be completed to allow the device starting DFU (Device Firmware Upgrade) mode and then it will load the HEX file:
1. Install Flip software (Flip Version 3.0 or above is required).
2. Push the RST (Reset) button.
3. Connect the board to the PC using the USB Cable (Standard Ato Mini B)
4. Push the HWB (Hardware Bootloader) button.
5. Release the RST button.
6. Release the HWB button.
7. If your hardware conditions explained above are correct, a new device detection wizard will be displayed. This will happen if you are using Flip for the first time. Please follow the instructions (the INF file is located in the USB sub directory from Flip installation: (“install path:\ATMEL\FLIP\FLIPx.x.x\usb”)
New Device Detection Wizard
Now, on your PC screen, the New Device Detection Wizard will automatically open.
Select “Install from a specific location (Advanced)” and click on Next>
Select “Search for the best drivers in this locations.” and click on “Include this location in the search:”. Now Browse to the path C:\Program Files\ATMEL\FLIP 2.4.2\usb and click on Next>
Then, check your Device Manager. There should be a new icon with the description AT90USBxxx (where xxx is the number of your USB PCB Controller). If there is no icon show, you must start the procedure again.
Ok, now your Device is in DFU Mode. Launch the program Flip to proceed with the flashing process.
Click the chip-icon in the upper left corner and select your device from the up-poping list.
Now click on the USB-Cable icon in the upper left corner to select the communication mode. Select “USB”. In the up-poping window click on “Open” to open the communication port.
Now click on “File” “Load HEX File…” and browse to your ready psgroove.hex file.
Now Load the HEX File (in the Operations Flow Tab Check Erase,Program and Vertify,then Push Run button) A window will pop-up that shows the processes.
After all the processes are done click on the “Start Application” button in the right down corner.
The AT90USB boot loader will detach and jump into the user application when “Start Application” button is pressed.
Congratulations, now your very own PS Jailbreak clone is ready (It is without the Backup Manager support though)
PS: I know this tutorial is not perfect, will update it when neccessary. Thanks to grecomafioso for this.
Your USB board can be re-flashed with newer/different .hex files, just follow the same process again!
Once thats done, the hardest parts are completed, CONGRATS!
You can also build the latest (and future) version of .hex payloads by yourself for your own specific usb board using the site linked here:
Mark Webber has mentioned that KaKaRoTo has ported his code to the latest PL3 .hex payloads. I have not tested them so it will be up to you to experiment with it.
Running and maintaining a JB'ed Demo PS3
Running the jailbreak
Alright, jailbreaking a ps3, i think by now, everyone knows about it from youtube and stuff, off, unplug, plug in usb device, turn on, eject etc.
Ok here's the main twist for demo ps3s.
Remember they auto turn everytime you flip the switch? This is a very annoying limitation on the demo ps3 jailbreaking but the benefits still outweigh it so it won't matter, you'll get used to it.
so here's the coldbooting guide provided by Mark Webber,
- Put a disc into the drive (it can be ANY disc, also works with a blank CD-R)
- Turn the power switch off (the flip switch behind the left corner of the console)
- Turn it back on until you see the disc read blue light flash 1-2 times then turn the power off again
Nows the best time to insert the freshly made USB Development board into the USB slot. Please make sure there is NO OTHER USB devices connected
- Turn the power on one more time and the light should remain red.
- Now press the power button on the front, then the eject button and hold it until the disc comes out. A quick press of the eject button can stop it working for some reason.
OK ALL DONE. But wait! once you're on main screen, there seems to be NO DIFFERENCES in game tab. Go to settings -> security settings and unlock your ps3 again with the 3.41 unlock code 2998
Now go back to Game tab and you'll see 2 new options below!
install package files
Now insert your USB flash/hard drive again and select "install package files" and select the GAIA manager.pkg file. It should install in one second. In Game tab again there will be a new program called GAIA and it will be permanently there.
Insert a PS3 game disc and run GAIA to test it out. In Gaia manager you should be able to see the name of the game and you will have some options on the right to rip it to hdd0 (which is your internal ps3 drive).
Maintaining the PS3 demo JB
When you decide to turn off the ps3, the jailbreak will be gone and you need to do it again. This applies for ALL ps3 consoles not just demo units. To simplify the method, you can leave a disc inside the drive before turning it off and repeat the steps above. Its crappy and time consuming I know, plus those options only appear after putting the unlock code.
But heres some tips, GAIA manager will always appear there without needing to input the 4 digit code. Just press your controller PS button and launch it immediately after jailbreak.
Secondly, the unlock code can be changed to something easier, like 0000, just go to security settings and select "change password", this setting is permanent until you decide to update the firmware.
- Current Jailbreak limitations on the retail ps3 ALSO applies on demo units
- Android phones with PS Freedom does not seem to work on demo units
- Must have a disc in the drive to JB a ps3 demo on booting up
- Only PL3 payloads updated with Mark Webber's code works with ps3 demo
- Option to install new .pkg files only appear after unlocking with 4 digit code
- Loading ps3 back up still require a disc in the drive (this could be a back up manager or payload limitation as I have only tested Killzone 2 on GAIA 1.02 using PL3)
Mark Webber from psx-scene
- Join Date
- Apr 2005
Thanks for the Tutorial Haksam and +Rep! I have moved it to our Guides section now and will link it in our PS3 Hacks Sticky thread.
11-23-2010 #5Haksam Guest
i have played through ninja gaiden sigma 2 via hdd0 from chapter 1 till finish and happy to report the demo/kiosk ps 3 is chugging along just fine, have not tested the other games i have, mainly because i finished them early this year and too lazy to wait to rip them
(am busy with xbox 360 again due to new protection in update)
01-23-2011 #6noufal2787 Guest
my ps3 version is 3.50 i have a dongle (ps3 break v3.1) how to jailbreak ps3 or how to dowgrade 3.50 to 3.41? pls help