PS3 Jailbreak

It’s been just over a month since the sudden debut of the world’s first PS3 mod device. The original release was purely commercial and overpriced (around 150 USD for what is essentially a simple USB development board in a casing), and as a result it was quickly made obsolete by cheaper (and free) alternatives). Still, its spirit lives on in the countless clones that have since flooded the market and we owe the original creators for the breakthrough. If only they weren’t such greedy bastards.

Since the breakthrough, a PS3 homebrew community has blossomed overnight and, though it still has a long way to go, significant progress has been made. It’s really like the early days of PSP’s 1.5 firmware. Here’s a quick summary of the current state of PS3 homebrew.

Jailbreak Method

The method of jailbreaking itself has not fundamentally changed since the original PS Jailbreak was unveiled a month ago. The essential steps are:

  1. Have a PS3 (slim or original) with firmware 3.41.
  2. Switch off and on the PS3′s main power.
  3. Plug in the jailbreak USB device (this comes in many possible forms).
  4. Press the PS3′s power button followed immediately by the eject button.
  5. Jailbreak device does its magic.
  6. PS3 starts up in debug mode, allowing you to install and run all unsigned code.

The general idea is that Sony uses a proprietary dongle to repair and reflash bricked PS3s at their service centres, much like the Pandora battery for PSPs. The PS3 looks for such a dongle when the eject button is pressed immediately after powering on. The role of the jailbreak device is to emulate a USB hub with a USB device plugged into it that shares the same device ID as Sony’s service dongle. It doesn’t actually work as a service dongle, but it uses this access to execute some exploits that put the PS3 into debug mode. The exact payload used is described here for those who can understand it.

The jailbreak device itself has grown to include a whole variety of reprogrammable USB devices thanks to the PSGroove and PSFreedom projects. The list of compatible devices include:

This is of course not an exhaustive list. In addition to homemade solutions, there are various dedicated jailbreak devices, some of which are reprogrammable with a PC, such as PS3 Key and X3 Jailbreak.

Running the Jailbreak (TI-84 Plus)

I am using a TI-84 Plus because it’s the only compatible device I have on hand. I’ll probably be getting a dedicated dongle (PS3 Key in my case) soon because it’s somewhat troublesome to run the corresponding programme on the calculator each time I start up my PS3, plus the calculator requires four AAA batteries… Here’s how the process looks like:

PS3 Jailbreak
Run the installed programme on the TI-84+

PS3 Jailbreak
Ready to switch on PS3

PS3 Jailbreak
Eject button pressed

PS3 Jailbreak
Debug mode enabled, allowing you to install arbitrary .pkg files

PS3 Jailbreak
A FTP server for managing files on the PS3′s internal HDD, an example of a homebrew currently available

Backup Manager

Let’s face it: most people who jailbreak their PS3 are going to play pirated (“backup”) games. The Backup Manager is the tool that lets you do that. Indeed, it was the very first homebrew released for the PS3 and it was made by the original creators of the PS Jailbreak.

PS3 Jailbreak
Backup Manager, used to rip and load games off internal or external HDDs

That said, there are some very compelling legitimate reasons to use the Backup Manager over Blu-ray. Loading games off the HDD is many times faster than loading games off Blu-ray. The reduced load-time is especially noticeable in games like Bayonetta which suffer from extremely long loading screens. Loading a stage in Bayonetta from the internal HDD takes less than 10 seconds. Using the Backup Manager also reduces wear and tear of the Blu-ray drive. Given that DVD drive failure was the number one cause of PS2 mortality, this is an attractive advantage.

The Manager works by ripping wholesale the entire folder structure on the game Blu-ray disc onto either the internal HDD or an external USB HDD. This means that it will not produce an ISO image, but rather a folder of files and subfolders. There is currently no way to run a game off a Blu-ray ISO image, which is encrypted.

PS3 Jailbreak
Backup Manager menu. Note the lack of unicode support resulting in Tales of Vesperia having a blank title (still works otherwise)

PS3 Jailbreak
Upon loading a game, the Manager exits to the main menu. The current game disc is replaced by the loaded backup, much like in very early UMD loaders for the PSP

The PS3 does not support NTFS for external media and only accepts FAT. Since FAT only supports files up to 4GB in size, this may be problematic. However, since the Manager rips games into folders instead of a single ISO image, this is only a problem if the size of a single file in a game exceeds 4GB (usually a movie file) and it is not as common as you may imagine.

The PS3′s proprietary internal file system supports files of any size (at least for current-day purposes) and therefore has better compatibility with games. This serves as an incentive to upgrade your internal 2.5″ HDD. Furthermore, loading games off the internal HDD is significantly faster than loading games through the USB interface. The internal HDD also has better games compatibility, no doubt as a result of the difference in load time. A comprehensive list of compatible games can be found on Google Docs.

The first release of the Backup Manager requires any legitimate Blu-ray disc to be in the drive in order for backups to work, much like the first-generation PSP UMD loaders. A new release removes this requirement but appears to have poorer game compatibility.

Homebrew

Currently, the PS3 homebrew scene is still in its infancy. There are no comprehensive development environments or programming guides available and development is largely carried out by dedicated long-time veterans in the console homebrew community. The use of Sony’s official development kit to compile homebrew programmes also brings legality into question.

But still, impressive progress has been made in the span of one month. There are various proofs of concept such as Pong, a port of SNES9X SNES emulator, a port of NullDC Dreamcast emulator, a port of Yabause Saturn Emulator, a file manager, an FTP server, and various tools for PS3 development such as a registry editor.

The FTP server in particular is a god-sent because it allows direct access to the PS3′s internal HDD.

PS3 Jailbreak
blackb0x’s FTP Server running

PS3 Jailbreak
PS3′s root folder accessed using Filezilla

PS3 Jailbreak
Folders containing ripped games

I suspect the next homebrew breakthrough will be a full Linux distro. Sony previously removed the PS3′s OtherOS Linux support in firmware 3.21 due to concerns over Linux being used as a potential vector for exploiting PS3′s anti-piracy protection. This pissed off a lot of people who actually used the OtherOS for things like distributed computing. I am sure a successful Linux port would be too delicious an “up yours” for the dedicated hackers out there to ignore.

The Future of PS3 Jailbreak

Current jailbreak solutions offer no fundamental improvement over the original PS Jailbreak. The exploit used only works in PS3 firmware version 3.41 and older and no new exploit has yet been uncovered for firmwares 3.42 (which was released with the sole purpose of blocking the exploit) and 3.50 (which went one step further by blocking all unauthorized USB devices, including unlicensed third-party controllers).

Much like the early PSP homebrew scene’s reliance on PSP firmware 1.5, current PS3 homebrew development appears to be confined to 3.41. This problem was solved for the PSP with the discovery of new buffer overflow exploits in later firmware revisions and eventually by the Pandora battery hardware solution and the development of custom firmwares capable of spoofing official firmware versions. There is no guarantee that the same will happen with the PS3 due to the complexity of its hardware, but there is no indication that it is impossible either. We can only wait and see.

PS3 Jailbreak
PS3 Key, one of the more reputable jailbreak solutions currently available

For now, using the Backup Manager and homebrew solutions requires that you do not update your firmware beyond 3.41. This means that you will not be able to log on to PSN, but your PS3 can remain connected to the Internet as long as you disable auto-updating. Games released after September will also start to require firmware 3.42 or newer, which will pose a problem if no solution is found in the long run.

The Xbox 360 and Wii were successfully modded a long time ago and both have now developed more sophisticated jailbreak solutions than the initial exploits. If the same applies for the PS3, future developments will likely see the release of firmware loaders that allow the user to switch between different firmware revisions or custom firmwares that are capable of fooling the PSN and version-checkers that come with games.

However, there is no guarantee for this due to the PS3′s notoriously complex Cell architecture and the fact that it took three years to even produce one viable exploit. On the bright side, should such a solution come to be, most current jailbreak devices are easily re-programmable using a PC and you won’t have to pay for new mods.

Conclusion

I’ve been following the development of the PS3 jailbreak since the first batch of working samples was quietly mailed out to modchip vendors by the secretive people behind PS Jailbreak and subsequently reverse engineered by the community. This article serves as a summary of all the important milestones that have transpired so far.

If you are looking for a more instructional article, please look through PS3 Hacks or PSFreedom.

Tagged , , , , , ,
Trackback | Permalink

Follow DarkMirage on Twitter