Category PS3 Jailbreaking       Thread starter PSXHAX       Start date Mar 3, 2018 at 9:03 PM       107,419       150            
Following PS3Xploit Tools v2.0 for PS3 CFW on 4.82 OFW consoles, 4.81 / 4.82 PS3 Backup Injection, the work-in-progress PS3 Transferring Games from USB to HDD guide, recent PETT (PS3 Exploitation Tutorial Template) and Github via @esc0rtd3w this weekend a new Custom PKG demonstration video is available of PS3Xploit Tools v3.0 (slated for a March release) which aims to be compatible with PlayStation 3 SuperSlim / 3K consoles with feature details below. :ninja:

Also available is PS3Xploit Resigner tool source code from @smhabib for developers to resign PS2 / PS3/ PSX / PSP content for use with PS3 etHANol 4.82.

To quote from @Joonie / @DeViL303 via STLcardsWS on the PS3 Xploit v3.0 POC Teaser (Super Slim and 3K compatible) video:

Tested on CECHE01 w/ OFW 4.82

1. Verifying the firmware is the latest OFW,
2. Downloading a demo PS3 game from PSN
3. Running the original
4. Enabling IPF [install Package Files]
5. Verifying the mod content cannot be installed
6. HAXing it to allow custom PKG
7. Installing the custom mod
8. Running the modded content.

What will this future exploit provide?
  • "Install PKG Files" unlocked on XMB (Retail / Debug PKGs,) *No PS3 Homebrew Support
  • PS1 Emulator Support
  • PS2 Emulator Support
  • PSP Emulator Support
  • PS3 Backup Support (Convert your PS3 Game to Digital PKG - npdrm* (requires game update for disc game backups to work))
  • New Resigning Tools
What you need to know about the legacy PlayStation emulators?
  • PS1 emulation is very good on the PS3, most games will play fine
  • Ps2 emulation is hit and miss on the PS3 (slightly more then half PS2 titles will work fine)
  • PSP emulation is roughly about a 40% success rate for the PS3
  • PS3 Backups - Require a Game Update
Here was a short interview with one of the devs of PS3Xploit Team (@bguerville)

What type of exploit is this project based on?
  • The project is relying on userland exploitation only.
What's the word on Homebrew (HEN) for NoN-CFW Compatible Models?
  • Given the results of our research so far, we do not think that we can solve the PS3 homebrew hurdle from userland (unless we find some unexpected vulnerability, chances of that are ultra slim though!). It's clear that s#ny"s implementation makes running homebrew difficult without defeating lv2 whereas they have been careless with various other aspects such as npdrm handling....
Do you see any more possibilities in Userland exploitation?
  • There is actually so much more that could be done from userland in my opinion. More potential features could be potentially added...
Future Plans on this exploit?
  • I don't think we will be the ones developing the technique further & adding features. It will be up to the community devs to do it... This project will actually be provided as a base for the community, it gives users some basic features that have been denied to them on non-cfw compatibles thus far but more importantly imho it provides devs with methods they can replicate to offer new features for those consoles. We are hoping devs will update their existing tools to support ofw & maybe improve the project we are to release soon.
  • We will not be offering technical support on this project (except for interested Devs). We hope the community will take care of it.
  • The new ROP framework functions I wrote these past weeks basically take care of all the javascript implementation of the rop chains, no complicated unescape strings & juggling with long hex chains anymore, all that stuff is now generated automatically in the background. It makes using ROP extremely easy in practice BUT... devs will still need to use IDA & reverse vsh or modules in order to find patches & implement new features. ppc seems daunting but like I said before any decent C/C++ dev could learn enough to get their first patches done if they just spent a couple of weeks working with IDA, ProDG & the pett tutorial.. We would make ourselves available to help as well.
Will user's be able to create their own Custom packages if tools are supported?
  • Yes, users should be able to make emu pkgs. Some Ps2 homebrew will also be supported that way. Ps1 & ps2 are currently fully supported. PSP support still need a little work but we believe this will be supported as well once the release is ready.
From the PS3xploit Resigner

A tool to resign PS2 / PS3/ PSX / PSP content for use with PS3 etHANol 4.82. To resign RIF file you need act.dat, idps.hex and a rap file. output will be signed_act.dat and rif

PKG files are resigned when converting from debug to HAN style PKG but seperate resigning for .ENC/.EDAT/CONFIG is supported PKG resigning is supported including every PKG type i could find

PS3 HEN OFW 4.82 Demo via in1975
PoC - Ps3Xploit 3.0 (4.82 OFW Super Slim) via Sakimotor
In related PlayStation 3 news, here's PSNStuff_BDU_1.00_[20180224].pkg via PSNStuff-BDU Github by pink1stools for those interested!

Also from XMB Package Downloader's YouTube Channel: PS3 Xploit v3.0 on OFW 4.82 showing PS1/PSP and PS2-SNES!
PS3 Demo Downloader v1.0 First look! (4.82 OFW)
Installing packages over 4GB from PC using a webserver
PS3 Superslim Install Game CFW2OFW PKG with PS3Xploit via sonicps can
And from Github comes pkg_link_maker with details below from the


Package link maker made by Alex_1985 and In1975.

This tool automatically scan lan, find pkgs in currentdir, extract content-id from pkgs, replace whitespaces in package's names (they are critical), automatically create package_link.xml with package's names and their content-id. After tool run HFS.exe with list of packages.


Python (add path workdir python) or use build

Prepare with Ps3Xploit:
  • copy category_game.xml to PS3
    • add file from dir "pett_mount_and_copy" to hfs.exe
    • copy file from dir "to usb" to usb000
    • on PS3 goto local server (ex.
    • check USB (in PHOTO/VIDEO)
    • Run lite version of PETT:
      • Press "1. Mount...", if OK "Press after 1 and 2" - Flsh1 FAT mount to /dev/blind
      • After mounting run exploit again and press "2. Copy file" if OK "Press after 1 and 2".
      • Restart.
    You need be careful because size of category_game.xml and right port are critical.
    Paths and size are written in file.js
  • just put *.pkg or pkgs in directory
  • run
  • copy after package_link.xml in usb (01 or 00)
  • put usb in PS3
  • Install pkg
  • enjoy
:arrow: Update: From DeViL303 comes HAN Toolbox and details from bguerville on PS3Xploit Tools v3.0 HAN (etHANol) NoN CFW Compatible Slim & SuperSlim Models, to quote:

Download: (5.70 MB) / HAN Toolbox Beta v0.1.pkg (100 KB) / HAN Toolbox Beta v0.2.pkg (100 KB) / HAN Toolbox Beta v0.2.pkg (Mirror) / HAN_Toolbox_v0.3.pkg (100 KB) / HAN_Toolbox_v0.4.pkg (100 KB) / HAN_Toolbox_v0.5.pkg (296 KB) / HAN Toolbox (Latest Version) by ShaolinAssassin

PS3Xploit Tools v3.0 is a suite of 6 tools supporting both official firmware versions 4.81 & 4.82. The only pre-requirement to use HAN is to have an activated PSN user account. It's recommended not to use your main PSN account but rather a spare one. The principle behind HAN is quite simple, due to a vulnerability in the way npdrm content is managed, it is possible to resign game related files with custom keys, patch vsh & install resigned pkg from XMB.

The first tool, on the PC side, ps3xploit_rifgen_edatresign.exe should be used to generate rif files and create new signed_act.dat. You should place the act.dat/idps.hex, previously dumped with HAN ACT/IDPS Dumper, in the resigner directory and drag matching rap file for your game onto the executable file. Then rename the new "signed_act.dat" to "act.dat" and place it on USB drive along with the new rif file. The files are now ready to be pushed to the PS3 using the HAN ACT/RIF Copier.
  • It is recommended to resign all the pkgs that require Han enabler with this tool
  • Packages which are converts and packages which needs rif activation
  • Keep original act.dat in a safe place
On the PS3 side, the other 5 PS3xploit tools are:

1. HAN Installer - Copies necessary system files to PS3 to run HAN.
2. HAN Enabler - Enables the HAN patches
3. HAN ACT/IDPS Dumper - Dumps current user profile user act.dat & PS3 IDPS to USB.
4. HAN ACT/RIF Copier - Copies the resigned act.dat & generated rif file from USB to the current user profile.
5. HAN Debug PKG Enabler - Provided optionally for users wishing to install debug pkg.

The 'HAN' project is solely relying on userland exploitation to provide digital backups support for the majority of PS3 Games as well as PS1/PS2/PSP Emulators (within the ps3 firmware) and the ability to install PKG files from USB. PS3 PKG Game backups need to be prepared with TABR and only ps3 games having an available "game update" are supported.

PKG files are installed from the Games XMB column, using a version of the Rebug Package Manager tweaked for this project. On USB of course, the FAT32 limitation of 4Gb is still in effect, it's a partition type limitation, nothing we can do about that. However workarounds using a local server can be used to remedy the situation if required.


To get best results initializing the exploit from a remote website like, remember to load the pages directly. Don't browse to an exploit page from other pages. Use a blank homepage & create favorites to HAN Enabler & the other pages. Use the favorites to access any page from complete scratch. Reload the browser between exploits.

PS3Xploit Tools v3.0 Overview

1. HAN style packages allowed (Patched external modules ecdsa)
2. PSX/PSP Free license type allowed (Patched sceNpdrmHeader check)
3. Resigned ACT.DAT & RIF allowed
4. Cinavia protection removed on HDD content
5. OFW Package Manager
6. Debug pkg file support added (optional)
7. reactPSN alternative solution for OFW users

Instructions for Each Tool in v3.0

PS3 HAN Installer

This tool will copy files from USB to Flash Memory to install OFW Package Manager.
  • Extract all files from "" on target USB drive root
  • Load Exploit Page
  • Select Root Path where these files are (default /dev_usb000/)
  • Click "Initialize HAN Installer" button
  • When init ready, click "Launch HAN Installation" button to copy files to flash and reboot
  • Once rebooted, you can now use the HAN Enabler and Debug Package Enabler
PS3 HAN Enabler

This tool will enable the HAN patches.
  • Load Exploit Page
  • Click "Initialize HAN Enabler" button
  • When init ready, click "Enable HAN" button to activate patches
  • Once browser closes (default option) you can install HAN packages from XMB

This tool will dump your activation file (act.dat) and your IDPS.
  • Load Exploit Page
  • Select Dump Path From Dropdown Box (default /dev_usb000/)
  • Click "Initialize ACT/IDPS Dumper" button
  • When init ready, click "Dump ACT.DAT & IDPS" button
  • The browser will close automatically by default

This tool will write back to the PS3 a modified act.dat and *.rif file
  • Load Exploit Page
  • Change RIF File Name to match your target, example PS2 Placeholder: 2P0001-PS2U10000_00-0000111122223333
  • Select Root Path where act.dat/*.rif is located (default /dev_usb000/)
  • Click "Initialize AC/RIF Copier" button
  • When init ready, click "Copy Files" button to transfer to HDD
PS3 HAN Debug PKG Enabler

This tool will allow Debug Package types to be installed
  • Load Exploit Page
  • Click "Initialize HAN Debug PKG Enabler" button
  • When init ready, click "Enable Debug PKG" button to activate patches.
  • Once browser closes (default option) you can install Debug pkg packages from XMB.
And some new video demos from XMB Package Downloader's YouTube Channel:
HAN Toolbox (Unofficial addon for Xploit v3.0)
HAN Toolbox (Unofficial addon for Xploit v3.0) Vid 2
PS3 Xploit v3.0 Basic Instructions
PS3 PKG Linker v1.0 / 2.0 Usage Instructions (HAN Toolbox OFW 4.82)
:arrow: Update #2: From pink1 (Twitter) comes PKG Linker v1.0 / 2.0 to Scan & Serve PKGs to PS3 from PC (CFW & PS3Xploit HAN) with a demo video below.

Download: PKG Linker.exe (18.7 MB) / PKG_Linker_V2.0_Installer.exe (39.5 MB) / PKG_Linker_V2.0_Installer.exe (Mirror)

What does it do?
  • Scans the program folder for pkg's, extracts the icons & creates a package_link.xml.
  • Creates a pkg with a package_link.xml to remove the need for putting a new xml on the usb.
  • Patches category_game.xml to look for package_link.xml & add pkg folders in package manager.
  • Comes with a portable Apache HTTPD server and sets it up to host your pkg's.
  • One click mode to scan, create the files & start the server.
  • Manual mode scans the folder, lets you select the pkg's you want, export the files, patch category_game.xml & start/stop the server.
You can host with your own server but no one click mode or start/stop the server.

Windows 10 users! If you are on Windows 10 then you might need to do this as it has a service that uses port 80:
  • Go to Start, type in services.msc
  • Scroll down in the Services window to find the World Wide Web Publishing Service.
  • Right click on it and select Stop.
PS3 PKG Linker v1.0 Usage Instructions (HAN Toolbox OFW 4.82)
PKG Linker 2.0 First Look, Initial Setup and More! (Xploit 3.0/HAN/CFW)
HAN Toolbox v0.3 (The Unoffical Xploit 3.0 Companion)
HAN Toolbox v0.4 - File Injector, Local xploits and Demo Downloader Added
Also available from habib is a Super Nintendo (SNES Station) Emulator for PS3Xploit HAN (via PS2 Emulation) with a demo video below.

Download: ps2-emulator-no-roms-etHANol.iso (292.34 MB)

This is tested and works
PS3 Xploit v3.0 on OFW 4.82 showing PS1/PSP and PS2-SNES!
And from NiHuShu comes more PS2 homebrew ports for PS3 including Sega Genesis (P-GEN) for PS3Xploit HAN via uLaunchELF using PS2 Emulation running at 50 FPS, to quote:

Prepare P-GEN for use on PS3Xploit HAN:
  • Download This ISO (Emulators V1.7z - It's 1GB ISO packed to 23MB :D)
  • Download UltraISO
  • Open Downloaded ISO with UltraISO
  • Put Your Roms Inside Roms folder
  • You Can Test Other Emulators By Putting Them Into Emulators Folder
  • Then Save ISO
  • Convert It With PS2Classics GUI
  • Sign With Resigner
  • Transfer it To PS3
  • Install
  • D-pad = D-pad
  • [ ] = A
  • O = B
  • X = C
  • / \ = X
  • R1 = Y
  • R2 = Z
PS3Xploit v3 HAN PETT PoC XMB Menu Preview [Open Source]
From Ezio comes the RetroArch 1.7.1 Extended Version, to quote: Hi guys, today I'm happy to share this new version of RetroaArch for PS3 which includes, for the first time, 44 cores.

This result has been possible thanks to excellent work of my friend Zar who unlocked most part of new cores, during a shared work project and started together some months ago.

Download: RetroArch.1.7.1.Extended.Version.DEX.PS3.pkg (636.0 MB) / RetroArch.1.7.1.Extended.Version.CEX.PS3.pkg (389.1 MB) / RetroArch.1.7.1.Extended.Version.ODE.PS3.iso (407.6 MB)

  • Improved stability
  • 14 new cores compared to 1.6.7 version: atari800, bluemsx, dosbox, fmsx, freeintv, hatari, lutro, mednafen_snes, pokemini, puae, snes9x, snes9x2005, vicex64
  • Includes snes9x core with latest source: you should now be able to play Far East of Eden - Tengai Makyou Zero
  • Added downloads folder, it includes freeware and shareware contents: cave story, doom, quake
  • Ode build: savestates, savefiles, playlists, configs, bios, favourite now should work on usb0001
  • Updated frontend, assets, cores, database, info files to the latest available source
  • Libretro developers team
  • Libretro and RetroArch contributors
  • Emu developers behind the cores
  • Zar for his great work
HOW to CONVERT PS2 ISO/BIN to PS3 PKG for HAN via WickedGames
PS3Xploit Rap Tool

Download: (5.86 MB)
  • Put your idps.hex and act.dat near the app db file from psndlv3
  • Click on 1st button import db
  • Use filter to select your region and type of license
  • Click on 2nd button to generate rap file
  • Third to gen rif pkggen for signed pkg
Download: (8.95 MB) / (4.28 MB) / / / Make PKG HAN Tools 3.0 setup.exe / GIT by nikolaevich23


make pkg bat made by Alex_1985 and modified by in1975, ErikPshat.
  • Many thanks to: hexcsl!
  • Credits: BIG thanks for PS3XPLOIT TEAM
  • For HAN tools by W, escortd3w, bguerville, habib and Specialy Joonie
  • For PSPx Team for this utility: in1975, hexcsl, Alex_1985, ErikPshat
Usage: English
  • Put the game folders next to the program.
  • Put *.pkg CWF files in the folder to try fix it (need game update).
  • Put act.dat and idps.hex in the same directory.
  • Run program EXE and select the desired action.
For test you can load v.1.8 with 4 folders.

Also from esc0rtd3w: PS3Xploit v3 HAN Cold Boot Installer [raf/ac3]

PS3Xploit v3 HAN Cold Boot Installer Final Preview [Tested On SuperSlim 4201A]

How To Use:
  • Download Cold Boot Installer ZIP archive
  • Extract the files
  • Place coldboot.raf, coldboot_multi.ac3, and coldboot_stereo.ac3 on USB flash drive or select one of the internal HDD options
  • Navigate to this link or use local files above and a webserver
  • Run the exploit from page and allow console to reboot fully
  • Done! Enjoy your new boot logo and sounds :D
For custom files, simply replace with valid files/proper names and they should work!

Big thanks to StarMelter for providing the default image and d1mtr7 for providing the sound!

And from esc0rtd3w alongside the updated UP042 0-PS3PETXMB_00-PS3XPLOIT420PETT_signed.pkg, to quote: PS3Xploit v3 HAN XMB Waves Installer [lines.qrc]

How To Use:

  • Download XMB Wave Installer ZIP archive
  • Extract the files
  • Place lines.qrc on USB flash drive or select one of the internal HDD options
  • Navigate to this link or use local files above and a webserver
  • Run the exploit from page and allow console to reboot fully
  • Done! Enjoy your new XMB Wave :D
For custom files, simply replace with valid files/proper names and they should work!

Also from esc0rtd3w comes a PS3Xploit v3 SSL Certificate Injector/Remover with details below, to quote:

This tool will allow you to add new SSL certs to flash, and remove any added ones from flash. This is more for curious people who want to dabble with maybe fixing some cert issues with old WebKit.
  • HAN "DOES NOT" Need Enabled For This!
  • Default certificates end at "CA59.cer" and all added ones use "CA60.cer" and higher for both injector and remover.
How To Use Injector:
  • Download SSL Certificate Injector/Replacer ZIP archive
  • Extract the files
  • Place desired cert file on USB flash drive or select one of the internal HDD options**
  • Select certificate from dropdown box to match filename on USB
  • Navigate to this link or use local files above and a webserver
  • Run the exploit from page
  • Done! Browser will exit by default :D
How To Use Remover:
  • Use same archive as injector for files, if hosting locally
  • Navigate to this link or use local files above and a webserver
  • Select certificate to remove from dropdown box
  • Run the exploit from page
  • Done! Browser will exit by default :D
** You can also create a package that holds resources or files to copy using Extra Tools and use this instead of USB as source. Default directories are /dev_hdd0/game/PS3XPLOIT/extras/ and /dev_hdd0/game/HANTOOLBX/files/

And from esc0rtd3w comes a PS3Xploit v3 HAN SPRX Module and Library Replacer as detailed below, to quote:

This is a set of 3 tools for replacing SPRX Modules and Libraries in flash

:alert: WARNING! This has the potential to corrupt your system and require you to install OFW (Original Firmware) if not used correctly! USE AT YOUR OWN RISK!



SUPPORTS OFW and CFW - HAN "DOES NOT" Need Enabled For This!

How To Use:
  • Download SPRX Replacer ZIP archive
  • Extract the files
  • Place desired SPRX file on USB flash drive or select one of the internal HDD options**

    For VSH Modules:
  • Navigate to this link or use local files above and a webserver

    For Internal Libraries:
  • Navigate to this link or use local files above and a webserver

    For External Libraries:
  • Navigate to this link or use local files above and a webserver
  • Select SPRX from dropdown box to match file on USB
  • Run the exploit from page and allow console to reboot fully
  • Done! New SPRX will take effect after reboot :D
** You can also create a package that holds resources or files to copy using Extra Tools and use this instead of USB as source. Default directories are /dev_hdd0/game/PS3XPLOIT/extras/ and /dev_hdd0/game/HANTOOLBX/files/

Cheers to @Jaroslav01 for the heads-up in the PSXHAX Shoutbox earlier today! :beer:
PS3Xploit Tools v3.0 Demo for PS3 SuperSlim  3K and Resigner Code.jpg


Recent Articles
PSXHAX Member Verification & PS4 Fake PKG (FPKG) Sharing Guide
Since the 6.72 PS4JB release last month we've received several requests to make a detailed guide for getting Verified on PSXHAX and sharing PS4 Fake PKG (FPKG) backports / dumps with other...
State of Play August 2020 Features New Godfall PS5 Gameplay and More!
Following the last PlayStation State of Play event, the Godfall PS5 Reveal Trailer and the Godfall PS5 Box Art here's a recap of the latest State of Play for August 2020 featuring a new Godfall...
Black PS5 DualSense Wireless Controller Images Surface, Prototype Leak?
Proceeding the leaked images of PS5 Swappable White Console Plates, Sony's confirmation that PS4 Peripherals & Accessories Are Not Compatible with PS5 Games and the PS5 News of Updatable DualSense...
New PSN Titles Join PlayStation Store's Summer Sale Promotion
Headlining Sony's latest PlayStation Store Summer Sale promotion are more sizzling hot PSN titles including Final Fantasy VII Remake, Doom Eternal and World War Z. :fire: Here's more from...