PlayStation 3 Jailbreak

From Wikipedia, the free encyclopedia
  (Redirected from PlayStation Jailbreak)
Jump to navigation Jump to search
A PSJailb
A PS Jailbreak USB dongle

PlayStation Jailbreak was the first Universal Serial Bus chipset that allows unauthorized code execution, such as homebrew, on the PlayStation 3. It bypasses a system security check using a memory exploit (heap overflow) which occurs with USB devices that allows the execution of unsigned code. One of the most popular pieces of homebrew software used with the device is Backup Manager, which allows users to copy game titles from the optical media to the hard drive of the PlayStation 3. Backup Manager can also be used to run homebrew applications that are created to run in the console's native mode.

Multiple devices to perform code execution exist, such as the open sourced versions (e.g. PSgroove, PSfreedom). Most of these only work on PlayStation 3 system software v3.41 or lower as PlayStation's System Software v3.42 patches the mod chip exploit on the console. The creators of PS3 Jailbreak also released PSDowngrade which enables downgrading of PlayStation 3's System Software to v3.41 (Or lower) from v3.42, v3.50, and v3.55.

Present and future support[edit]

In August, 2011, information about hardware that was downgrading PlayStations on system software v3.70 was being released.[citation needed] These hardware mods were NAND/NOR chip flashers that would either be soldered or clipped onto the PlayStation's chips on NAND/NOR chip located on the PlayStation's motherboard.[citation needed] It would then flash the memory off the chip and backup the PlayStation's firmware hence downgrading the console when the hard-drive was formatted.[citation needed] These flashers still work on the latest system software version and can be purchased online.[citation needed]

On September of 2011 a "Alleged" Lulzsec Cody Kretsinger was arrested Thursday morning for attacking Sony pictures website that had previously been taken offline by a DDOS attack lasting over 2 months, Kretsinger had found level 0 security codes that and released them that could be used to run unauthorized firmware known as CFW ("Custom Firmware")today.[citation needed] These were the same keys that would have allowed a Chinese hacking group known as "BlueDisk" to release a purchasable CFW (custom firmware) for 4.21 and above.[citation needed] Shortly after, a well-known PlayStation 3 developer, "Rogero," released his free of charge 4.21 CFW.[citation needed] There are now different developers releasing CFWs for the latest versions of PlayStation 3's firmware.[citation needed] These custom firmware render the PlayStation Jailbreak obsolete.[citation needed] They cannot, however, be installed unless the PlayStation 3 is on system software version 3.55 or below.[citation needed]

On June 26, 2013, the 3.60+ loader keys were released to the public by "The Great Unicorns" and on the same day hard-drive encryption for PHAT consoles were released by a developer called "flatz."[citation needed] Following this the Lv1ldr crypto keys were released for 4.21-4.46.[citation needed]

Dec 2020 Websites such as PSX-PLACE are still working on exploiting the vulnerabilities to install CFW on super slim consoles. They are able to run homebrew applications on any version of Playstation 3 by exploiting some vulnerabilities in official firmware of the console.

Inner workings[edit]

The PS3JailBreak effectively exploits the PS3 by using a heap overflow. When the dongle is plugged into a PS3 (all models-"Fat" and "Slim) its device descriptors notify the PS3 that it is a 6-port USB hub. After memory is allocated for the device the "6-port USB hub", the PS3JailBreak then tells tells the PS3 that a USB device has been plugged into port 1 of the hub. This device contains the payload that will run after the exploit is complete. This device has normal device descriptors for a typical USB device. After memory has been allocated for the payload USB device on port 1, the PS3JailBreak then tells the PS3 that another USB device has been plugged into port 2. This "device" does not hold any data related to the exploit and has typical device descriptors. Next, the PS3JailBreak says that another device has been plugged into port 3. This device is very important as it causes a heap exploit later in the process. The port 3 "device" contains unusually large device descriptors. After memory has been allocated for the port 3, the PS3JailBreak then tells the PS3 that the device in port 2 has been removed. This frees up the memory that was used to allocate the device descriptors. After this, another "device" is plugged into port 4 which holds 3 configuration descriptors with the third holding PowerPC shellcode (which is used to exploit the system and forces the system to run the payload in port 1). In port 5 another "device" is plugged in which emulates the "PS3 Service Jig", a device used to recover corrupted or non-functional PS3's at Sony factories. This device matches device descriptors and configuration descriptors as the real "Jig" When the PS3 tries to allocate memory to check if the "Jig" is authentic, it fails as a heap overflow occurs - the 64 bytes that has to be allocated points to the next free memory address which is actually not free as it was overwritten earlier in the process. This means that the shellcode gets sent to the CPU to be executed (this exploit passed the unsigned code check) and starts executed as soon as the PS3 detects removal of "devices" in the "USB hub". The shellcode then tells the CPU to read and execute the payload on the first port which effectively allows unsigned code to run on the system.


  • PS3 Jailbreak was outlawed in Australia as it was considered to be in violation of copyright law. The ban states that PS Jailbreak cannot be imported, distributed to another person or offered to the public.[1]
  • However, no case has been made against an individual by the Sony corporation on the matter of downgrading one's PS3.[citation needed] Nor has any development team that works on downgrading tools (downgrading to the jailbreak capable 3.55 OFW) been presented with litigation by Sony (E3 Flasher Limited, Progskeet, etc.)[citation needed] However Sony attempted to sue GeoHot for his 3.55 Jailbreak.

Sony, after questionable collection of IP addresses and personal information of users even just viewing any of Hotz's sites, Twitter, Facebook, etc., reached settlement with Hotz out of court.[citation needed]

See also[edit]


  1. ^ "PS3 Modchipserritories like the US, Europe, and Asia to block its sale. Suits are filed against retailers selling the device".