Hi,

I’ve got some great news for those of you who have not updated your PS3 firmware! I have just succeeded in adding Firmware 3.01 support into PSFreedom. I’ve pushed the latest code to github and you can now download the source and compile PSFreedom for 3.01.
For now, you will need to edit config.h and change the FIRMWARE_3_41 into FIRMWARE_3_01, then recompile. However, I will soon add support for dynamically choosing the target firmware version by simply doing a :
echo 3.01 > /proc/psfreedom/fw_version

I will soon add support for firmware 3.10 and 3.15, so be patient, and you will be rewarded. I would like to thank Klutsh as well as Philippe Hug who helped me achieve this port to 3.01.
The new payload changes are available in the PL3 github and any project/port that is also using PL3 should automatically gain support for the 3.01 firmware.
You will also be able to enjoy some new ‘tools’ in PL3 that will allow you to dump the LV2 kernel as well as the decrypted ELF files of the XMB and other configuration files it uses. The ethernet dumping is also now compatible with PS3 Slim models.

Update:
Philhug and I have worked together recently to make PL3 compatible with 3.15, and it is now done, working and ready for you to use. I have just pushed the latest changes to github, so just update both PSFreedom and PL3, and define FIRMWARE_3_15 in PSFreedom’s config.h and recompile. You will then be able to enjoy your unrestricted PS3 on 3.15 firmwares. Enjoy!

Update 2:
I have just added support for firmware 3.10 to PL3. You can get it by upgrading to the latest git version of PL3. There are however some changes in there that might break PSFreedom, so wait until I update PSFreedom tomorrow to be compatible with the latest PL3 changes!
I have also added a HOWTO file that explains the steps required to port PSFreedom to an exploitable firmware. Enjoy

I would like to thank, again, those who have donated. For the others, you can still donate, if you appreciate the work I’ve done.

Enjoy!
KaKaRoTo

Tagged with:  

70 Responses to PSFreedom now supports firmware 3.01, 3.10 and 3.15

  1. Alex says:

    ok you found out how to change to how it works on a firmware…good, but if you know how to do that why don’t you make a 3.50fw compible? it makes sense…

  2. kakaroto says:

    because 3.50 fixes the exploit, you need an exploitable firmware to be able to add support for it..

  3. rpgdude says:

    I compiled PSFreedom for N900 using the 3.15 firmware config option, and when I tried to use the exploit, nothing happened.

  4. Rob says:

    Kakaroto, I’d like to give my most sincere thanks for your work.

    Like many people I want to be able to run Linux on my PS3, and thanks to your efforts I can now run homebrew as well.

    Thanks again and take care,
    Rob

  5. Paul says:

    This is driving me crazy.

    Does anyone have a compiled version of PSFreedom for iPod Touch 1g that has Hermes v2 or 3, or 3.15 support

  6. Harlan Rasco says:

    The level of resistance that you deal with physically in the work out center and the challenge that you deal with in existence can only build a strong character

  7. haute says:

    Hi kakaroto, sorry for my english, i use your lv2 analyzer idc file to disasemble de lv2 kernel. If i load de lv2 in 0×0000000000000000 it work fine, but the reference of the sting to a function is not property.

    You can modifi the idc file to detect the syscall and toc to run lv2 in 0×8000000000000000. Because is the real memory of lv2.

    actually if i run lv2 in 0×8000000000000000 the script file dont detect any syscall and toc tables.

    thx

  8. J1M says:

    Hi, I´m working to port your latest branch to psgroopic. I was having problems (ps didnt want to boot, init black screen). Cause your prior version was working right I´ve decided to rollin´ back to find what was the problem. I´ve found that this was the problematic change:
    http://github.com/kakaroto/PL3/commit/1d5a9fc587c027b10a54bb10670edfc7d1333608?locale=en

    I´ve reverted and now it is working fine. Could you tell me why¿?¿

    Best regards :)

  9. kakaroto says:

    @haute: yeah, it’s not going to work, I just load it at 0×00.. if you load it at 0×80.., then IDA will just not work right.. scrollbars will even stop working, so it’s better not to bother with that…

    @JIM: humm.. I admit it’s untested, but i just spent 10 minutes looking at that change, and it makes no sense that it would stop working… are you sure that only that specific change breaks it ?

  10. Wooyang says:

    Anyway to implement Hermes new payload with yours for 3.15 fw support?

  11. ps3n0oB says:

    Hi,
    I have some questions regarding your HOWTO:
    Do you have to mod your hardware in order to port to versions prior 3.01?
    If that’s so, I assume that Linux + the toolkit is required too?
    Or is this a method involving only the usb hub?
    Thank you for your help!

  12. kakaroto says:

    no modding required, if you read the HOWTO, you’d have realized it by now.

  13. ps3n0oB says:

    Thanks, I read it for third time now, but I’m not very savvy at this point. I’ll try harder and read more and hopefully will be able to contribute.

  14. fearhq says:

    I managed to dump my FW (2.76), then dump the first set of elfs using the payload_dump_elfs_X_YZ – neat!

    And now, I’m stuck =( Seems the 2.76 elf1 is quite different, and I can’t find one of the offsets in it since I don’t have a 3.41 (or any of the supported firmwares) elf1 file. Could someone dump the “a0556f3d002cb8fd” and “6b70280200020017″ files from a 3.41 system?

  15. kakaroto says:

    @fearhq: nice! :) so I guess the HOWTO is useful after all, hehe..
    How did you get the elfs dump without a 3.41 dump? it’s almost impossible to figure out the right offsets without comparing, and if you can’t compare, you can’t patch the right functions needed to dump the elfs…

    anyways, for the elf1/elf2, if the search string I suggested in the HOWTO doesn’t work, then you’d need to compare the actual functions…

    I can’t provide you with 3.41 elfs since those files are sony’s property/copyright, and i can’t share them (also, I don’t have 3.41 anymore).
    Let me know how it goes..

    Good luck!

  16. fearhq says:

    @kakaroto Yes, the HOWTO was very useful, though it definitely doesn’t take 2 hours to port to a new firmware (at least not for me ;) )

    I actually had access to a 3.41 LV2 dump, but I don’t have access to a 3.41 box (or any supported firmware) to dump the elf1/elf2 files. Is there a way for me to extract them based on the LV2 dump? (my guess is no, else you would not go to the trouble of writing new payloads to get them)

    After this is done, I’ll have some updates you can apply to PL3 and Jevinskie can apply to PSGroove (minor bugs)

    I’ll take any help I can get to figure out the elf1/elf2 offsets =)

  17. kakaroto says:

    @fearhq: try to maybe contact me on IRC, I’ll see if I can help.
    You’ll find me as KaKaRoTo on Freenode and EFNet.

  18. newmallard says:

    I have a question was just wondering, if there is any way to get the psn spoof on a 3.01 ps3. I have two devices that I can use to jailbreak my ps3. I have an android with psfmod, so I should be able to load a bin, or a ti-84 plus silver edition.

    So I was wondering where could I find the bin or 8xv for 3.01 psn spoof, would really like to play cod black ops

  19. [...] here to donate to Klutsh Click here to donate to KaKaRoTo (Scroll down to find the button) To donate to Koush purchase one of his great app’s from the [...]