PS3 Jailbreaking       Thread starter PSXHAX       3113       1

PSXHAX

Staff Member
Moderator
Contributor
Verified
Following the PS3 HFW (Hybrid Firmware), today a PS3HEN Homebrew ENabler for PlayStation 3 consoles that couldn't run Custom Firmware (CFW) previously including SuperSlim models is available for those who still own a PS3 entertainment system followed by PS3HEN 2.0.0 and more updates via Github for those on 4.84 HFW. :ninja:

Download: PS3HEN_V1.0.0.zip (182.98 MB) / PS3HEN_V1.0.0.zip (Mirror) / PS3HEN_V1.0.0.zip (Mirror #2) / PS3HEN_V1.0.1.zip (188.7 MB) / IRISMAN_VER484_HENtai_rev6.pkg (2.29 MB via aldostools) / HAN_Toolbox_HEN_TEST.pkg (931.56 KB) / PS3HEN_files_extract_to_USB.zip (52.1 KB) / boot_plugins_nocobra.txt (36 Bytes) / webMAN_MOD_1.47.18_Installer.pkg (5.27 MB) / PS3HEN_V1.0.2.zip (188.8 MB) / PS3HEN_2.0.0.zip / HEN_v2.0.1_Offline_Installer_Stock_HDD_XAI.pkg_signed.pkg (9.5 MB - Unofficial) / HEN_v2.0.1_Offline_Installer_REBUG_HDD_XAI.pkg_signed.pkg (8.8 MB - Unofficial) / PS3HEN_2.0.2.zip / PS3HEN_2.1.0.zip / GIT

MD5 Hashes:
  • PS3HEN_V1.0.0.zip: D8FB9B490BC4EE9AA01FEC1BECECFD7A
  • ps3hen_v1.0.1.zip: 948427CD24A221978169156EFD7642CB
  • PS3HEN_2.0.2.zip: 2C07BA29B19C4455A0B86F8B920A916E
  • PS3HEN_2.1.0.zip: 17F997123EE10D48E0432C6D86B623D3
  • PS3HEN.BIN: B7FD3F7840E6A0B26061CC8972D15DC2
  • stackframe.bin: 3A3D83A101F9EEF892748ED2238066D3
Below are the related Tweets, and from the included Readme.txt via esc0rtd3w to quote: Requirement For All

1) Place PS3HENTAI_signed.pkg on dev_usb000
2) Run /html/han_flash_mount.html
3) Install PS3HENTAI_signed.pkg
4) Reboot PS3

Quick Setup USB

1) Place boot_plugins_nocobra.txt on dev_usb000 if using plugins
2) Place PS3HEN.BIN and stackframe.bin on dev_usb000
3) Run /html/ps3hen.html

Quick Setup Offline USB

Requirement:


1) Place HEN_Offline_Installer_signed.pkg on dev_usb000
2) Run /html/han_flash_mount.html
3) Install HEN_Offline_Installer_signed.pkg
4) Reboot PS3

How To Use:

1) Place boot_plugins_nocobra.txt on dev_usb000 if using plugins
2) Place PS3HEN.BIN and stackframe.bin on dev_usb000
3) Use "Enable HEN" icon under game colum to launch HEN

Quick Setup Offline HDD

Requirement:


1) Place HEN_Offline_Installer_HDD_signed.pkg on dev_usb000
2) Run /html/han_flash_mount.html
3) Install HEN_Offline_Installer_HDD_signed.pkg
4) Reboot PS3

How To Use:

1) Place boot_plugins_nocobra.txt on dev_usb000 if using plugins
2) Use "Enable HEN" icon under game colum to launch HEN

WHAT IS HEN:

HEN stands for Homebrew ENabler. it also consists of much more new functions relatively close to a CFW

HOW DOES IT WORK?:

Install HAN Enabler. Copy PS3HEN.BIN, HENTAI.pkg and stackframe.bin(READ:rename) to /dev_usb000 and run the HTML. Once done, go to Package manager and install the HENTAI.pkg and reboot console. From now on to enable HEN simply use usb000 stackframe.bin and PS3HEN.BIN and run html... HEN ENABLED!

FEATURES OF V1.00:
  • Managunz backup manager works best for jb rips(ISO not supported)!
  • MULTIMAN works too but compatibility is not the same.
  • PSXISO Support is there!!!!
  • BD/DVD Region patches
  • BDISO support(stutter with xmb, use showtime)
  • BOOTPLUGINS WORK location "/dev_usb000/boot_plugins_nocobra.txt"(Use webman original one and not the mod one. also disable content scan on boot in settings)
  • Discless games work with disc icon!
  • Syscall 6 added
  • Syscall 7 added(address>0x8000000000352230) and disabled overwriting syscall 0->15
  • Syscall 15 added
  • Syscall 8 opcodes added for detection HEN and for advanced lv2 poke(read DEVELOPER SECTION)
  • Whole kernel memory RWX(execute kernel payload like this at high locations or hook syscalls etc)
  • PS3MAPI support for modding
  • Debug PKG install
  • Homebrew resigned for 3.55 and less support!
  • Homebrew Root Flags enabled!
  • HAN PKG insall support
  • PSN Connectivity
  • All process executed after HEN have rwx permissions!
  • HAN Enabled by default!
CFW PATCHES:
  • CFW settings
  • Retail/DEBUG pkg installation
  • Unlink to Delete
  • Remote play with PC
  • Download debug pkg on retail
  • Remote play ignores SFO check
  • Cinavia protection
  • videoplayer_plugin
  • DVD region check (not cracking RCE)
  • REBUG themed RCO & XML
  • AIO copy
NOTES:
  • If you get error 80010017 launching homebrew that simply means HEN failure, restart console and try again! (restart is important!)
  • Also try deleting cache, browsing data, cookies and the likes from browser, make the exploit page the home page
DEVELOPERS:
Code:
#define SYSCALL8_OPCODE_IS_HEN                        0x1337
using this if return 0x1337 its hen

ADVANCED POKE:syscall8(0x7003, addr, value);
this allows poking any location in lv2 memory BUT you have to restore original value before exiting to another application or exiting to xmb.USE WISELY OTHERWISE PS3 SHUTS DOWN

BDMIRROR: Managunz FTW! (please use Cobra payload because by default its MULTIMAN)
NOTE: mounting dev_blind will actually mount dev_flash. change files directly from dev_flash instead or hdd0/plugins/CFW/

Kernel Mode returns 0x53434500 on success to user webkit 0x8a000000. its good to measure HEN success. right now hen is already close to or is 100%
:alert: WARNING: :alert:
  • DO NOT UNDER ANY CIRCUMSTANCES ENABLE FSM ON A PS3 WITH PS3HEN!
  • CONNECTION TO PSN SHOULD BE DONE AT YOUR OWN RISK. DISABLING CFW SYSCALLS MAY NOT HIDE YOUR HEN WHILE ON PSN
  • DO NOT INSTALL CCAPI (ControlConsole API)
Also from esc0rtd3w are some PS3HEN All-In-One (AIO) Offline Packages with details below to quote:

All files are from original PS3HENtai package mixed with offline enablers by lmn7

The 4.82 webkit has also replaced the 4.84 one, under /dev_hdd0/plugins/CFW/vsh/module/silk_webkit.sprx

REQUIRED: Run HAN Installer Before Beginning, To Get Package Manager

1) Run HAN Enabler + Flash Mounter
2) Install AIO Package of Your Choice
3) Reboot Console
4) Use "Enable HEN" link on game column

Run From HDD (Recommended Method)

This method will store payload and stackframe in /dev_hdd0/hen/
To use plugins, put boot_plugins_nocobra.txt on /dev_usb000/
Load Plugins From HDD

This will load plugins from /dev_hdd0/hen/boot_plugins_nocobra.txt

WARNING: Loading bad plugins can force a firmware reinstall!

To change plugins, edit the boot_plugins_nocobra.txt file and use FTP to transfer new file, then reboot and enable HEN again to activate plugins. Only install one package, not both!
Run From USB

This method requires you to put payload and stackframe in /dev_usb000/
To use plugins, put boot_plugins_nocobra.txt on /dev_usb000/
For Devs:

Run From HDD


Debug payloads allow capturing output using socat and other tools
These methods will store payload and stackframe in /dev_hdd0/hen/
Load Plugins From HDD

This will load plugins from /dev_hdd0/hen/boot_plugins_nocobra.txt

WARNING: Loading bad plugins can force a firmware reinstall!

To change plugins, edit the boot_plugins_nocobra.txt file and use FTP to transfer new file, then reboot and enable HEN again to activate plugins
:arrow: And from the included PS3HEN v2.0.0 ReadMe.txt:
  • Compatible with 4.84 HFW ONLY
WHAT IS HEN:

HEN stands for Homebrew ENabler. it also consists of much more new functions relatively close to a CFW

HOW DOES IT WORK?:

Copy PS3HEN.BIN and stackframe.bin to /dev_usb000/ and run the /html/ps3hen.html

File Hash Verify
  • PS3HEN.BIN 8bb70295550bb1f92e8c37b39ad23f84
  • stackframe.bin 08d6299d3788486cb7596f4a5857c01f
Plugins Support (Online and Offline Methods):
  • Place boot_plugins.txt on dev_usb000 if using plugins
  • Place boot_plugins_kernel.txt on dev_usb000 if using kernel plugins
HEN status is now verified with both online & offline methods, and will display an error if HEN does not load

Offline HEN Setup Instructions

REQUIRED BEFORE STARTING

Run From Hard Drive (Recommended):

1) Run /html/han_flash_mount.html
2) Install HEN_v2_Offline_Installer_HDD_signed.pkg
3) Reboot PS3
4) Launch From New "Enable HEN" XMB Icon, Under Game Column

Run From USB:
  • This method requires that the USB drive be plugged in to load PS3HEN
  • Some USB drives are not compatible and will not work
  • If PS3HEN.BIN is missing, you will get a failed message and need to reboot console
  • If stackframe.bin is missing, your console will freeze, and you will need to reboot
1) Run /html/han_flash_mount.html
2) Install HEN_v2_Offline_Installer_USB_signed.pkg
3) Reboot PS3
4) Place PS3HEN.BIN and stackframe.bin on dev_usb000
5) Launch From New "Enable HEN" XMB Icon, Under Game Column

CFW PATCHES:
  • CFW settings
  • Retail/DEBUG pkg installation
  • Unlink to Delete
  • Remote play with PC
  • Download debug pkg on retail
  • Remote play ignores SFO check
  • Cinavia protection
  • videoplayer_plugin
  • DVD region check (not cracking RCE)
  • REBUG themed RCO & XML
  • AIO copy
NOTES:
  • if you get error 80010017 launching homebrew that simply means HEN failure, restart console and try again!(restart is important!)
  • also try deleting cache, browsing data, cookies and the likes from browser, make the exploit page the home page
DEVELOPERS:
Code:
#define SYSCALL8_OPCODE_IS_HEN                       0x1337
using this if return 0x1337 its hen
Code:
ADVANCED POKE:syscall8(0x7003, addr, value);
this allows poking any location in lv2 memory BUT you have to restore original value before exiting to another application or exiting to xmb.USE WISELY OTHERWISE PS3 SHUTS DOWN

BDMIRROR: Managunz FTW! (please use Cobra payload because by default its MULTIMAN)

NOTE: mounting dev_blind will actually mount dev_flash. change files directly from dev_flash instead or hdd0/plugins/CFW/

Kernel Mode returns 0x53434500 on success to user webkit 0x8a000000. its good to measure HEN success. right now hen is already close to or is 100%

Changelogs:

v1.0.1

  • Renamed stackframe_v11.bin to stackframe.bin
  • Added boot_plugins_nocobra.txt
  • Added USB and HDD offline packages
  • HAN-signed PS3HENtai package
v1.0.2
  • Fixed missing "Enable HEN" icon while CFW files are being used, with new USB and HDD offline packages
v2.0.0
  • Fake flash is no longer used, in favor of on-the-fly patching
  • Fixed blackscreen crashes
  • Fixed random recovery kicks
  • ISO support added
  • PS3MAPI support can now read/set process mem using webman
  • KW stealth extensions added
  • Random lv2 panic fixed
  • Added check in html for hen success
  • Kernel plugins support
  • Photo gui opcode support for webman
  • Syscall 389/409 product mode check disabled
  • Opcode 1339 added, returns HEN version (0x0200)
Notes:

WebmanMOD tested with 1.47.17 and 1.47.19, with fan control and PS3MAPI working

v2.0.1 (Unofficial) via Joonie: Here's a little update.

Aldostools implemented auto-refresh on start-up so that way both webMAN Games and Hybrid Firmware Settings under Network Category would remain hidden by default which avoids unnecessary crash from loading both HEN plugins without HEN enabled.

Unofficial PS3HEN 2.0.1 Beta Change note (based on aldo's fork):

1. mappath is used for enabling xai_plugin so it wouldn't appear on fresh boot.
2. Remote Play with PC restriction removed
3. DeViL303's extended download_plugin support added
4. Hybrid Firmware Tools (equivalent to CFW settings with less features)
5. Both Stock and REBUG edition (theme) available.
6. webMAN MOD 1.47.20 beta integrated (auto-refresh Game and Network Categories)

Special thanks to Aldostools, esc0rtd3w, habib, DeViL303, ShaolinAssassin, lmn7

P.S. This isn't an official update, features can be added or removed in the future.

v2.0.2

Stackframe Binary

  • - C00 unlocker activated by default
PS3HEN Payload
  • - RAP activation on the fly, default path : usb000/exdata/<rap> or usb001/exdata/<rap>
  • - Fixed issue with official NPDRM content rif deletion and unable to boot error
  • - PS2 classics launcher support
  • - Added DeViL303's advanced download plugin patches
  • - Fixed Install All Packages
  • - Fixed explore_plugin patches
  • - App restriction on RemotePlay with PC removed
  • - Improved games compatibilty e.g COD3
  • - Enabling dev_blind by default
  • - Multiple path on boot_plugins & boot_plugins_kernel (HDD & USB) Thanks to aldostools
  • - Hybrid Firmware Tools available when HEN's activated (Enable HEN to use this feature) *
    *Only available via PS3HEN PKG installation
Resources
  • - Fixed infinite spinning wheel when in-game
  • - Both REBUG and Stock Edition available
  • - Hybrid Firmware Tools available via PKG installation
  • - HEN updater support available under Network Category
  • - Official firmware updates via internet blocked
v2.1.0

Many thanks to Habib who accidentally released v1.0.0 as anonymous ;)
;)


PS3HEN Payload
  • - Payload size is reduced by 20kb
  • - Advanced QA Flag. This DOES NOT allow downgrading!
  • - Debug Settings Enabler added (QA flag needs to be enabled)
  • - AES calculation now uses internal library from LV2
  • - RAP can now be loaded / accessed from dev_hdd0/exdata
Resources
  • - Added Update Themes option to PS3HEN Updater menu
  • - Added theme pack by "Itroublve Hacker" to PS3HEN Updater -> Update Themes
  • - Small text edit on "Theme selector" is now "Theme Selector" under Hybrid Firmware Tool
Spoiler: Tweets

How To Install PS3Hen On Any PS3 Console
PS3 HEN (Homebrew Enabler) for HFW 4.84
Code:
   .text
   .section .start,"ax",@progbits
   .align 3

   .global _start

#include <lv2/macros.h.S>
#include <lv2/symbols.h>

#define CALL_NORET(addr) \
   MEM_BASE(%r0); \
   LOAD_LABEL(%r0, %r0, addr); \
   mtctr    %r0; \
   bctr;

#define CALL(addr) \
   MEM_BASE(%r0); \
   LOAD_LABEL(%r0, %r0, addr); \
   mtctr    %r0; \
   bctrl;

_start:
   mflr    %r0
   std     %r0, 0x10(%sp)
   stdu     %sp, -0x80(%sp)
   std        %r28, 0x78(%sp)
   std        %r27, 0x70(%sp)
   std        %r26, 0x68(%sp)

1:
   li %r4, 0
   lis %r4, 0x8000
   sldi %r4, %r4, 32
   oris %r4, %r4, 0x7e
   ori %r4, %r4, 0
   li %r3,0
   lis %r3, 0x8d00
   ori %r3, %r3, 0x500
   li %r5, 4
   CALL(copy_from_user_symbol)
   li %r3, 0
   lis %r3, 0x8000
   sldi %r3, %r3, 32
   oris %r3, %r3, 0x7e
   ld %r28, 0(%r3) #our config handle

   li %r4, 0
   lis %r4, 0x8000
   sldi %r4, %r4, 32
   oris %r4, %r4, 0x7e
   ori %r4, %r4, 0x10
   li %r3, 0
   lis %r3, 0x8d0f
   ori %r3, %r3, 0xf050
   li %r5, 4
   CALL(copy_from_user_symbol)
   li %r3, 0
   lis %r3, 0x8000
   sldi %r3, %r3, 32
   oris %r3, %r3, 0x7e
   ori %r3, %r3, 0x10
   mr %r27, %r3 #our services

   mr %r3, %r28
   lwz %r4, 0(%r27)
   stdu      %r1, -0xC0(%r1)
   std       %r27, 0x98(%r1)
   mr %r27, %r3
   li %r3, 0
   std       %r28, 0xA0(%r1)
   std       %r29, 0xA8(%r1)
   std       %r31, 0xB8(%r1)
   mr        %r28, %r4
   li %r26, 0
   lis %r26, 0x8000
   sldi %r26, %r26, 32
   oris %r26, %r26, [email protected]
   ori %r26, %r26, [email protected]
   std %r26, 0xd0(%r1)
   MEM_BASE(%r0)
   LOAD_LABEL(%r0, %r0, 0xa0374)
   mtctr    %r0
   bctrl

2:
   mr %r3, %r28
   lwz %r4, 4(%r27)
   stdu      %r1, -0xC0(%r1)
   std       %r27, 0x98(%r1)
   mr %r27, %r3
   li %r3, 0
   std       %r28, 0xA0(%r1)
   std       %r29, 0xA8(%r1)
   std       %r31, 0xB8(%r1)
   mr        %r28, %r4
   li %r26, 0
   lis %r26, 0x8000
   sldi %r26, %r26, 32
   oris %r26, %r26, [email protected]
   ori %r26, %r26, [email protected]
   std %r26, 0xd0(%r1)
   MEM_BASE(%r0)
   LOAD_LABEL(%r0, %r0, 0xa0374)
   mtctr    %r0
   bctrl

3:
   mr %r3, %r28
   lwz %r4, 8(%r27)
   stdu      %r1, -0xC0(%r1)
   std       %r27, 0x98(%r1)
   mr %r27, %r3
   li %r3, 0
   std       %r28, 0xA0(%r1)
   std       %r29, 0xA8(%r1)
   std       %r31, 0xB8(%r1)
   mr        %r28, %r4
   li %r26, 0
   lis %r26, 0x8000
   sldi %r26, %r26, 32
   oris %r26, %r26, [email protected]
   ori %r26, %r26, [email protected]
   std %r26, 0xd0(%r1)
   MEM_BASE(%r0)
   LOAD_LABEL(%r0, %r0, 0xa0374)
   mtctr    %r0
   bctrl

4:
   mr %r3, %r28
   lwz %r4, 0xc(%r27)
   stdu      %r1, -0xC0(%r1)
   std       %r27, 0x98(%r1)
   mr %r27, %r3
   li %r3, 0
   std       %r28, 0xA0(%r1)
   std       %r29, 0xA8(%r1)
   std       %r31, 0xB8(%r1)
   mr        %r28, %r4
   li %r26, 0
   lis %r26, 0x8000
   sldi %r26, %r26, 32
   oris %r26, %r26, [email protected]
   ori %r26, %r26, [email protected]
   std %r26, 0xd0(%r1)
   MEM_BASE(%r0)
   LOAD_LABEL(%r0, %r0, 0xa0374)
   mtctr    %r0
   bctrl

5:
   mr %r3, %r28
   lwz %r4, 0x10(%r27)
   stdu      %r1, -0xC0(%r1)
   std       %r27, 0x98(%r1)
   mr %r27, %r3
   li %r3, 0
   std       %r28, 0xA0(%r1)
   std       %r29, 0xA8(%r1)
   std       %r31, 0xB8(%r1)
   mr        %r28, %r4
   li %r26, 0
   lis %r26, 0x8000
   sldi %r26, %r26, 32
   oris %r26, %r26, [email protected]
   ori %r26, %r26, [email protected]
   std %r26, 0xd0(%r1)
   MEM_BASE(%r0)
   LOAD_LABEL(%r0, %r0, 0xa0374)
   mtctr    %r0
   bctrl

6:
   mr %r3, %r28
   CALL(0xA0C90)

   ld        %r28, 0x78(%sp)
   ld        %r27, 0x70(%sp)
   ld        %r26, 0x68(%sp)

7:
   li %r3,0
   lis %r3, 0x5343
   ori %r3, %r3, 0x4500
   li %r4, 0
   lis %r4, 0x8a00
   stw %r3,0x60(%r1)
   addi %r3, %r1, 0x60
   li %r5,4
   CALL(copy_to_user_symbol)
   std     %rtoc, 0x28(%sp)
   clrrdi     %rtoc, %rtoc, 32
   oris     %rtoc, %rtoc, [email protected]
   ori     %rtoc, %rtoc, [email protected]
   bl     main
   ld    %rtoc, 0x28(%sp)
   addi     %sp, %sp, 0x80
   ld     %r0, 0x10(%sp)

   mfsprg0 %r9
   ld %r3, 0x68(%r9)
   ld %r3, 0(%r3)
   ld %r1, 0x50(%r3)
   addi %r1, %r1, 0xd40
   ld %r3, -0x1e88(%r2)
   li %r5,0
   li %r6,0
   CALL_NORET(0x123fa0)
How To Install Multiman File Manager On Your Modded PS3
PS3 HEN 4.84 Version 2.0
PS3Hen Update 2.0.0 HFW 4.84.2 PS3 2019
PS3 Jailbreak - Update from 4.83 OFW to 4.84.2 HFW and Installing 4.84.2 CFW

Spoiler
 

hakanucak

Contributor
hen and multiman installed. I turned it off and turned it on. Now connect the controller using the USB cable, and then press the PS button. do you have a solution? model 3000 series
 
Recent Articles
PS4Modding.net: PS4 Cheats and Modding Platform Trainers with Tools
Since the release of PS4 Reaper (debugger and trainer maker) the goal was to gather modders and gamers around one passion. Today we've come along way: 3 Universal Trainers (PC, Android, iOS)...
Orbis MSX Super Laydock: Mission Striker PS4 Homebrew PKG
Proceeding the MSXORBIS MSX Core from BigBoss and recent Resident Evil CODE: Vita PS4 homebrew game in development by @Markus95, this weekend @oneman123 shared on Twitter a shoot 'em up Orbis MSX...
Golem Gates PS4 Launch Trailer, Hits PlayStation 4 on May 28th
Arriving to PlayStation 4 later this month on May 28th comes Golem Gates, a post-apocalyptic sci-fi blend of action-strategy and card battler pitting conjured armies against otherworldly forces...
Everybody's Golf VR Tees Off in New PlayStation Games Next Week
Fore! Swing for the flag with your PS Move motion controller or DualShock 4 wireless controller in Everybody's Golf VR which tees off as part of the new PlayStation video game releases next week...
Top