How to Jailbreak a PS3?

When people talk about jailbreaking a PS3 what they are really referring to is more accurately called privilege escalation. Since the PS3 was first launched back in 2006 its been well known that it has some of the most secure security features ever seen in the console. With secure key encryption meaning only code signed using the private keys can be executed by the cell processor and the Hypervisor locking access to any in use memory cracking the console was always going to be a tough challenge.

The first real challenge to the PS3’s security came from the PS Jailbreak dongle manufacturers, an unknown company thought to originate from China had somehow managed to lay their hands on a so called service jig for the PS3. At this time service jigs were a USB type dongle used to put the machine into service mode and as such disabling some of the inbuilt security features of the console. By reverse engineering the official service jig the dongle makes managed to get the console to run ‘unsigned’ code. In their case the unsigned code in question was their backup manager. While looking back now the original backup manager was a simple utility with none of the bells and whistles we have come to expect from the more modern backup managers such as Multiman or Iris Manager it was a huge step forward. Over night the PS3 modding scene was born with many original developers looking to reverse engineer the PSJailbreak dongle to see how it performed its tricks.

From this came the Scenes own free answer in the form of PSGroove. This was based on the Tiny USB development boards available quite easily at the time. With the code to load on the USB boards now being freely available to download on the internet most stockist soon saw a massive rise in demand for their development boards. This resulted in a 400% rise in the price of the USB developer boards.

Even though the free version has held off from using the word jailbreak in its name the phrase continued to be used by people wishing to run backups from USB. While not strictly a jailbreak method its a name that has stuck. The question of how to jailbreak ps3 hardware gained media popularity a little latter when Geohot joined the scene. Geohot was already well known for his iphone untethered jailbreak method he had released the year previously so his media courting only helped to maintain the incorrect jailbreak label.

By the 27th Chaos Communication Congress the following Christmas that year Wii hackers fail0verflow has discovered the fatal flaw in Sony’s private key encryption. A maths fail that anyone that actually listened in algebra class could see was a major mistake. It was in fact almost unbelievable that a massive global corporation such as Sony would make such a schoolboy error in the key creation algorithm. But this is what did indeed happen and brought a working ps3 jailbreak to the masses. What this gave the scene was an easy way to decrypt the official PS3 firmware updates, modify them to give peek and poke access to the consoles RAM before resigning the update with the calculated keys. This is more accurately called Custom Firmware and in something previously seen in the PSP scene. While not strictly speaking a jailbreak, custom firmware provides the same end results – to run unsigned code.

Backups aside the most interesting thing that this ability brought to PS3 users was that of homebrew. Something the real scene quickly took up by porting many of the popular open source retro emulators available at the time to the PS3. If memory serves right then Snes9x was the first emulator for the PS3 with many more quickly following. Although we are still waiting for the once rumored N64 emulator to be released, we may never see this though due to memory limitations of the PS3.

Two years on and new users will still ask how to jailbreak a ps3 rather than how to install custom firmware on the PS3 – Presumably because a PS3 Jailbreak sounds way more cooler than PS3 Custom Firmware.