Create an account


Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
How to Jailbreak Your PS3 + Spoof for online play! Modded Lobbies and all!

#1
Getting Started

One common question I find on here time and again is “Can I jailbreak my PS3?” The answer is simple. You MUST be on version 3.55, and you should have 2 PS3 consoles, just to make this easier on yourself (This isn't needed, but it helps so you can play regularly on one, and mod things on the other. It's completely up to you).

Some PS3 slim models will not be able to be downgraded, so please refer to the Next Steps part, and check the compatibility there. To check your current version, on the XMB(Main screen) navigate to Settings>System Settings>System Info. The “System Version” is where your current version will be. Consoles that have not at one time been on 3.55 cannot be jailbroken either. So, if you bought a PS3 from Walmart and it came out of the box on 3.60, your out of luck.

There is also a tool called MinVerChk, which searches for the firmware your system had installed when it left the factory. I recommend those on 25xx to run this package, as it will tell you what minimum firmware can be installed.
If it says 3.55 and lower, your system can be jailbroken.
If it says 3.55 and higher, your system cannot be jailbroken.


You may also check the requirements here.

Downgrading Step
If you are on 3.55 or lower, you are in luck, and are able to jailbreak! If you are on 3.56 - 4.60, you will need to downgrade with an E3Flasher or another hardware flasher of your choice, which the tutorial for the E3Flasher can be found below. Info on the E3Flasher can be found here. If you're having troubles, verify your downgrade.bin is up to date as well as your flasher software.

If your SKU model is NOR, you use an E3 Flasher. If it is NAND, use Progskeet.

Models CECHA. CECHB, CECHC, CECHE, and CECHG are NAND.
Models CECHH, CECHJ, CECHL, CECHM, CECHP, CECHQ, and all Slims are NOR.

Downgrading videos:





Progskeet Downgrade


CFW Choice Step:
Now that you have read the E3Flasher tutorial, and have downgraded your PS3, you can now proceed to the next step of actually jailbreaking. Jailbreaking can be accomplished by downloading any of the 3.55 CFW files, found: http://www.sickkilledu.com/thread-82855.html

The recommended CFW file is Kmeaw 3.55, as it is one of the more popular ones. You're not limited to it, as you can chose any CFW (Geohot for example).


The USB Step:
In order to jailbreak, download the Kmeaw 3.55 download, and plug in your USB flash drive. In your flash drive, right-click and format your flash drive to FAT32. Once that is done, go into your USB, and create a new folder. Name this folder “PS3” without the quotations. Inside the PS3 folder, create a folder called “Update” without the quotations. In this folder, you should place the PS3UPDAT.PUP, which is found in the download for the Kmeaw 3.55 download.
Your setup should be like this:
|PS3
|UPDATE
|PS3UPDAT.PUP

You can now safely eject your USB, and plug it into your PS3.


The Jailbreaking Step
Once your USB is plugged into your PS3, on the XMB, head over to System>System Update. In here, it will ask you to update OTA(Over the Air) or to update via storage media. Click on Update via storage media, and it shall say Kmeaw 3.55-jb, and click OK. Agree to the bullcrap (this is seriously bullcrap, go ahead and read it, it actually is amusing.) Let the update install (it shouldn’t take more than 5 minutes. After your PS3 has restarted, you should be back on the XMB, and you should see under the “Game” tab *Install Package Files and */App_Home/PS3_GAME/. This means you have successfully jailbroken your PS3!


ProTip: It is much easier after downgrading to install the OFW of 3.55 before installing the CFW, as it makes it faster and easier, which again can be found in Cash's download thread.

Should Look Like this:
[Image: 2011012014.48.351.jpg]


ODE Option
If you are unable to jailbreak, there is another solution to playing games or run homebrew on your system. That is the ODE, which can be used by soldering parts onto the motherboard.

Code:
Phat:
CECHA (PATA)
CECHB (PATA)
CECHC (PATA)
CECHE (PATA)
CECHG (PATA)
CECHH (PATA)
CECHK (PATA)
CECHL (SATA)

Slim:
CECH 2XXX (SATA)
CECH 21XX (SATA)
CECH 25XX (SATA)
CECH 3XXX (SATA)

Super Slim:
CECH 4XXX (SATA)


There's 3 major types of ODE:
Cobra ODE: http://www.cobra-ode.com/
3K3Y: http://www.3k3y.com/
E3 ODE: http://www.e3-tech.net/e3 ode pro.html


Spoofing
Spoofing allows you to trick your PS3 into thinking it is on the lastest version, and allows you to data transfer to your retail, resulting in PSN access. There are various ways to spoof to the latest version, including a REX toolbox, or just installing via storage media with your 4.50 CFW version. Downloads can be found in the download tab for both.

You may also ask, "which spoofing version is right for me? I've heard of CEX, DEX and REBUG, but which do I choose?" The answer is simple. CEX is the basic CFW version, which allows you to access basically anything. You're able to host modded lobbies, as well as download some pirated games. DEX on the other hand is Developer Firmware. This means it's usually only used when you are planning on making a game, or want to access other developing features such as enabling or disabling lvl2 patches. REBUG combines both of those, which makes it easier to switch from CEX to DEX with the click of a button rather than having to reinstall the firmware to switch. REBUG also comes with some fun features, such as unlocking trophies to trick your friends into thinking you're some trophy god or something like that.

An example of a spoofed PS3 version: (Rebug)
[Image: 2.jpg]


Spoofing - What's the difference?:
At some point in this thread, you've probably wondered: CFW is great and all, but which is for me? There's a simple way to answer this. First off, if you're asking yourself this in the first place, you should go with a simple firmware type, such as CEX. CEX is the basic any custom firmware can get, all it has is install package files, and root access, which is all you need.
DEX on the other hand is much more complicated. The only reason DEX is more popular than CEX is because CEX didn't have the ability to RTM on until recently with the release of CCAPI 2.00. Now that that's released, there really isn't a need to be on DEX, unless if your modding client is for DEX firmware only.
REX or REBUG is both of those put together, along with a few more debug options, like built in MAC and Console ID spoofing with REBUG Toolbox. I personally like the look of REBUG because it has more of a custom feeling to it, rather than the plain old XMB.
Stay away from SEX firmware. All it is is a kiosk firmware that shops use to install demos. There is literally nothing cool about it.

Getting Online:
CEX:
Getting online on CEX is pretty straightforward. If you have the new 4.55 Rogero installed, you should be good to just go ahead and sign in.
If you're on Rogero 4.55 or 4.50, there is something called ZOFMOD (link below) which will spoof you to 4.60. I suggest using PS Ninja to wipe your game history after you install it or with any homebrew.

DEX:
DEX is a little bit more complicated. Best way to explain this is by a video.




CEX To DEX Tutorial:

Things you will need:
Ps3 on 3.55 firmware
A USB device with at least 1GB free
jaicrab’s preloader
FactoryServiceMode tool
eEID_RKDumper
CEX2DEX tool

1. Install the FactoryServiceMode pkg on your PS3 and use it to boot your PS3 into Factory Service Mode. When done, confirm your console is in service mode by turning it on and seeing if the red box is there in the lower right hand corner. Power down your PS3.


2. Take all the files from Preloader.zip and extract them onto the root of your USB stick. Rename "Lv2diag.self.flash" to "Lv2diag.self".

3. Eject your USB from your PC and place it in the rightmost USB port of your PS3 (your PS3 needs to be turned off). Once it is securely in place, turn on the console. Nothing is going to come up on the screen, and eventually the PS3 power LED will start blinking. DO NOT TURN OFF THE CONSOLE, it is dumping your NAND/NOR. Wait for it to power down itself.

4. Once your console turns itself off, remove the USB from your PS3 and plug it back into your PC. There will now be a file on it named "Backuprflash.bin" (Note: You may have to enable displaying of system files in order for it to be shown). This is your dump of your NOR/NAND - if your console is NOR, the filesize should be 16mb. If your console is NAND, it will be 256mb.

5. On your USB, rename "Lv2diag.self" back to "Lv2diag.self.flash" and then rename "Lv2diag.self.exit" to "Lv2diag.self". Place the USB in the rightmost USB port of your PS3 (turned off), then turn it on. It should turn itself off after a few seconds. When it turns off, remove your USB and boot the PS3. It should now be out of factory service mode.

6. Install the eEID_RKDumper on your PS3. Run it, and it should cause your console to blackscreen. It will reboot after a few seconds, just give it it's time and don't interrupt it (it is dumping your root key). Once it reboots, proceed to the next step.

7. Use a filemanager or FTP server to retrieve your root key dump from your PS3 - it is located at dev_hdd0/tmp/eid_root_key. It should be 256kb. Get it onto your USB, it should be in the same directory as your Backuprflash.bin. Rename it to "dump" (no file extension).

9. Start up CEX2DEX again on your PC. For the NOR/NAND flash dump, select your Backuprflash.bin. For the METLDR dump, select your rootkey (file named "dump"). Click on CEX -> DEX, and when it prompts you save the new file as "rflash.bin" and put it onto the root of your USB stick. Your NOR/NAND dump is now fully converted to DEX, all that is left is to flash it back onto your PS3. The filesize for rflash.bin should be 16mb for NOR consoles and 256mb for NAND consoles.

10. On your PS3, use FactoryServiceMode Tool to boot into Factory Service Mode again. On your USB, rename "Lv2diag.self" to "Lv2diag.self.exit" and rename "Lv2diag.flash.self" to "Lv2diag.self". Delete the advance.cfg file from the USB, and put this one onto the root of it: advance.cfg

11. Make sure your PS3 is fully powered off, then plug your USB into the rightmost USB port. Turn on the PS3, and it will begin writing to your NAND/NOR. DO NOT TURN OFF THE PS3!!! If you do, it is a guaranteed brick. Just leave it alone until the PS3 turns itself off, it may take 15 minutes or more. Don't worry if it's taking too long, mine took about 40 minutes to write completely. Once your PS3 has powered itself off continue to the next step.

12. On your USB, rename "Lv2diag.self" back to "Lv2diag.self.flash" and then rename "Lv2diag.self.exit" to "Lv2diag.self". Place the USB in the rightmost USB port of your PS3 (turned off), then turn it on. It should turn itself off after a few seconds. When it turns off, remove your USB and boot the PS3. It should now be out of factory service mode. Congratulations, you are now ready to install DEX firmware. I would recommend downloading and installing this debug firmware, from there you can go to 4.20 debug or whatever other version you want.

Important Notes:
-Once you convert to DEX, your console can no longer access the Playstation Network. Your IDPS becomes invalid.
-You cannot data transfer from a DEX console to a CEX console.
-If you choose to install a debug update of version 3.56 or higher, Peek & Poke will be disabled. This will make certain homebrew applications no longer work.
-Most PKGs and homebrew applications will have to be resigned as debug files before they can be installed/run on DEX firmwares above 3.55.

Game Modding
With a now jailbroken system, you can now add whatever peripherals to any game (well sort of). Jailbroken systems are commonly associated with game modders, as in those people you see with aimbots annoying the piss out of you.

But, how do they do it you say? The answer is simple. With the more recent games (such as Call of Duty: Ghosts) those "aimbotters" use a console application called ConsoleControllAPI, which allows a connection from your PC to your PS3 via an ethernet cable to poke commands into a game. These commands are called offsets and look like for example: 0x01F134DC (offset to change in-game name).

Before I get more into detail than I should, here is a tutorial on how to host these lobbies, as well as a video tutorial. These lobbies can also be accomplished with an RTM tool, which can be found in their respective game modding forums here on Se7ensins.

Backups
What are they? Backups are an ability jailbroken systems have to backup or install a game disk so you may play it without the game disk. How you do this is by using Rogero's Backup Manager or Multiman in the downloads. Please note this version is not comparable with rebut, so it's only for a system on 3.55. Only for CFW.

Here is a tutorial on how to create and play backups on Multiman.

An example of backups via Multiman:
[Image: MultiMAN-1.09.03-Multifunctional-Filemanager.jpg]

To update a backup, just find your region code, and search the game you would like to update along with your region code. Your region code should be BLES/BLUSxxxxx. When you find the update, it should be in package form. Then just copy to your USB, plug it in to your system, then go to install package files and then install the package you just downloaded. You're now good to go.


How to update/install new CFW

You just install the package via storage media to update.

How to downgrade CFW
  • QA flagging your console is the fastest and easiest way to downgrade your CFW version. Note you MUST have a working Blu-Ray drive to QA flag.
  • Dehashing: uses "ros0" and "ros1", which takes your system back to it's original state. Use Rogero 999 Downgrader, then QA flag your console on 3.55CFW.

Regarding Banning
The only way to unban yourself is to obtain another legal console ID, which you can change in Rebug Toolbox or through another client. Keep in mind trading or selling console ID's is against 7s TOS. You will also need the PSID patch which is found in the downloads.

How to prevent banning:

Code:
Mostly Common Sense

   Never Mod new Games unless you are offline or you are certain that you will not get banned
   Never use mods online
   Only use mod for your own fun not to use it against people (who can then report you)
   Never use Homebrew for long periods or whilst connected to SEN
   Never use your main SEN Account on you're PS3
   Do NOT use pre-releases with your CFW and avoid playing online with them.
   Try not to use the Modded comment.
   Try and avoid staying online on your CFW. (Less Chance of a ban when you're not)
   Never Use the Sign in Automatically Option.
   Don't go crazy whilst RTEing.

How to prevent bricking:

Code:
   Only change files that you know
   Always Read a tutorial throughout and read as you do it.
   Never Turn you're PS3 off if you think you done something wrong (just find the original files)
   Always back up the files you are modding
   Never delete files from the system that you dont know


Emulators

Emulators can range from the SNES system to running PS2 games on an 80GB system or newer.

SNES Example:

With that said, the downloads are in the downloads folder for the emulator and the ROMS for it.

To run this, you need to download the manager for it, first the base then the real thing. I added both links in the 'downloads' tab below.

Quote: 4.60 Spoof for 4.55 (Works only on CEX, not compatible with DEX, Cobra, or Rebug):


4.65 Spoof for 4.50/4.55/4.60 (CEX Only)


Rogero 999 Downgrader:


QA Flag pkg:


PSID Patch:


3.55 OFW:


3.55 Kmwae:


4.60 HABIB CEX:


4.65 HABIB CEX:


Multiman 4.60 BASE:



Any questions? Please comment below. Let me know how it works for you!
[Image: 8OHl5AB.png]
Reply



Forum Jump:


Users browsing this thread:
1 Guest(s)

Forum software by © MyBB Theme © iAndrew 2016