OK. That’s not actually true. You couldn’t really hack the PS3 with a Ham and Cheese Sandwich. But there was a point in PS3’s hacking history where it seemed sending payloads to the console with the craziest devices possible was almost a contest for hackers. This is the story of PSGroove and PSJailbreak, or how the PS3 homebrew community thwarted the plans of some underground group to become rich on the back of PS3 piracy.

Crazy Hacks – What’s this all about?

In this series of articles, we’ll be discussing imaginative hacks for various consoles and devices. Some became instantly popular at the time of their release, others were a bit obscure or got forgotten with time, but all of them were really crazy in this writer’s humble opinion. From “It’s so dumb it can’t possibly work” to “wait, how did they even think of that?” and everything in between, we hope you’ll enjoy this series.

PSJailbreak: How the first PS3 piracy dongle came to be

Like all modern consoles, the PS3 was far from being hacked on day one.

The PS3 came out in 2006, and it took several years for the first piracy dongle to see the light of day. Between 2006 and 2010, multiple hackers and teams looked into the console, but most of the released hacks in these first few years were concentrated on Linux (the PS3 originally allowed dual boot with Linux through its OtherOS feature), PS2 backup loading and/or emulation (some PS3 models had PS2 backwards compatibility), Java homebrew, or hardware mods not directly related to piracy or homebrew.

But 2010 came, and that year was a turning point in the PS3 hacking scene for multiple reasons.

In January, a USB dongle named “Zpack” pretended to allow PS3 games backup loading (a.k.a. piracy), and was one of the first credible rumors on the topic (late 2009, a group named Belzar had similar claims, but that never saw the light of day).

 

January 2010 was also the time that famous hacker Geohot hacked the PS3 Hypervisor, with a hardware glitching hack that worked on PS3 firmware 3.10. There’s no doubt that this exploit paved the way for future PS3 hacking, but it’s important to note that as far as end users were concerned, this release was not for them.

2010 is also the year Sony announced they would remove the OtherOS feature, which according to some is what really triggered a lot of hackers to release exploits in retaliation. It’s more likely Sony saw the OtherOS feature as a threat because it allowed hackers such as Geohot to play in a sandbox that could potentially be escaped, for deeper access to the hardware.

In August 2010, the first really legit-looking PS3 piracy dongle was announced, named PSJailbreak.  This is what their original announce looked like:

• PS Jailbreak is a USB plug and play solution that installs in seconds, keeping your valid warranty seal in tact.
• Easy to use installer and GUI takes you step by step. Compatible with all production models FAT and SLIM. Supports all regions: USA, JAP, PAL and KOREA
• PS Jailbreak disables forced software updates and will never brick your console.
• Supports all games (it does not allow backups of bluray movies , dvd movies , or past consoles games)
• Backup games to your internal hard drive or external hard drive through USB, and boot directly off GUI. Eliminating the need for expensive blueray burners and costly blank media.
• Play backups off your hard drives 2x as fast as off the blueray drive. This eliminates lags and glitches to provide you with smoother game play.
• Open up your console to a new generation of homebrew applications. Load homebrew apps/games off any USB hard drive/flash drive.
• Fully updatable with new features/updates by connecting PS Jailbreak to any computers USB port.

This sounded a lot like previous “usb piracy dongle” announcements the scene had seen before, like Belzar and ZPack mentioned above, but PSJailbreak turned out to be the real deal.

Multiple PS3 hackers at the time confirmed this was the real thing. There were also strong rumors that PSJailbreak relied on official tools from Sony, that might have been stolen, or purchased illegally.

And as soon as preorders for PSJailbreak hit the market, the device started selling like hotcakes, despite its steep retail price of more than $150.

Sony successfully sued some of the retailers of the device very shortly after its announcement, and even before it started selling, for example in Australia. Whether this contributed to some Streisand effect or not we can’t tell for sure, but wherever it was still on sale, legally or not, PSJailbreak sold really well, especially considering its price. To be clear, the piracy group behind PSJailbreak leveraged the fact that the were the only ones on the market. You were paying $150 so that you could pirate thousands of dollars worth of video games, nothing else. The hardware this thing ran on, cost at most $5 to produce.

PSGroove: Your expensive Jailbreak dongle is now free

Obviously, how PSJailbreak worked was a close-kept secret. It was the group’s golden goose and they were not going to open source it. Especially if the rumors of it using stolen Sony code were true.

Multiple hackers in the homebrew scene wanted to reverse engineer PSJailbreak for multiple reasons. Some believed that making money on the back of piracy is one of the worst offence possible as a hacker. Others had reasons to think PSJailbreak was using open source code without authorization. For some, it was the technical challenge. Last but not least, people wanted to reuse the PSJailbreak features to do more than piracy with it. Running emulators and homebrews was such a close possibility we could almost taste it.

In a surprisingly short amount of time, a team of PS3 homebrew developers reverse-engineered the PSJailbreak dongle, and released an open source equivalent, named PSGroove.

This was actually reverse engineered so fast that some people hadn’t received their preordered PSJailbreak dongle by the time PS Groove was out. (On a side note, this was an opportunity for mainstream media to blur the lines and mangle the two projects as if they were the same thing.)

PSJailbreak was still successful, though. For legal and ethical reasons, PSGroove did not ship with the piracy functionality embedded on PSJailbreak (although of course that functionality quickly got added back by other hackers), and it would be naïve to think this wasn’t a big selling point of PSJailbreak. There was also an aura of belief that a “commercial” product such as PSJailbreak was easier to use and came with added guarantee that it would work on future firmwares (there was no such guarantee, and never is, with piracy dongles).

Also, PSJailbreak worked out of the box, while you had to compile and install PSGroove manually on some specialized hardware devices such as a Teensy++ development board. Not dramatically complicated, but when the alternative is a USB key you plug into your console, something needed to be done for PSGroove.

Respite was short for the PSJailbreak though: it didn’t take long for the homebrew community to port PSGroove to other USB devices. To the point that it almost felt like a meta game for the scene: port PSGroove to the craziest USB-compatible device you can think of, to earn scene credit. (It’s worth mentioning at this point that the device needed USBHost functionality and computing power to inject the exploit, so your typical USB key was not an option. The PSJailbreak looked like a USB Key, but had a microcontroller embedded).

PS Groove got ported to then popular TI-84 calculator, to the iPod, PIC microcontrollers, Android phones and other popular smartphones of the era, or even to the PS3’s own Sixaxis controller! (although that one required some additional hardware modifications).

This stream of ports of PSGroove to the craziest, most obscure devices triggered a bunch of clickbait titles from mainstream websites, along the lines of “PS3 Jailbroken with a pocket calculator”. This made me jokingly post a video stating I had ported PSGroove to a Ham and Cheese sandwich. (And yeah, some people got angry thinking I was really trying to pass it as an actual release…)

 

And this is how, before it actually hit retail, the commercial PS3 hacking dongle PSJailbreak was beaten by an open source solution, PSGroove.

PSJailbreak vs PSGroove. The epilogue

Firmware 3.41, on which PSJailbreak and PSGroove were running, became the “golden” firmware of PS3 hacking for a very short while. Shortly after these devices got out, we saw an increase in homebrew and emulator releases from the P3 Scene.

In September, very shortly after the PSJailbreak announcement, Sony published firmware 3.42, which blocked the exploit. PSJailbreak later on released support for firmware 3.42 and 3.5, but the cat and mouse game confirmed Sony could fairly easily patch such exploits involving software vulnerabilities.

Ultimately, these “early” PS3 hacks became irrelevant after the 3.55 Jailbreak was released just a few months later in early 2011, with 3.55 becoming the new golden firmware for PS3 hacking.

PSGroove can still be found on github, although of course it’s mostly useless nowadays, given that newer jailbreaking tools exist for more recent PS3 firmwares. Similarly, you can also find the PSJailbreak device for sale on some sites, although I fail to see why you’d want to buy it nowadays, except for archival purposes.

Mathieulh, one of the main developer behind PSGroove, remained extremely active on the PS3/PSP scene, and, although less openly, on the PS4 scene as well. To my knowledge, we don’t know to this day who was behind PSJailbreak.

Crazy hacks – What’s coming next for Sony?

There is something really fascinating about Nintendo’s weakness against very common objects. Who knows if their next console will be hacked with a pen and a stick of gum. What other crazy hacks have you witnessed? Let us know in the comments!

A quick conclusion (please read!)

Before you leave, a few notes:

• A lot of specific details (in particular the timeline of events) came from Gregory Rasputin’s “The complete history of PS3” ebook. It’s not the easiest read, a bit dry, but probably the most complete book on PS3’s history you’ll ever find, with very precise dates and events, covering both the “official” PS3 releases as well as the scene. Greg was a pillar of the PS3 homebrew scene and knows his stuff.
• I’ve done my best to tell the stories in all articles of this series as accurately as possible. In most cases, I was there when these things happened, covering them live here on wololo.net. With that being said, these events happened years (sometimes decades!) ago, and of course I had to look back at many sources to refresh my memory. If anything in these articles is inaccurate or simply wrong, please drop a comment below and I’ll do my best to fix it!

More from the “Crazy Hacks” Series

If you enjoyed this article, please check all articles in the series:

• Crazy hacks #1 – What do you mean I have to die to hack my PSP? (PSP)
• Crazy hacks #2 – Drill a hole in your chip and find out (XBox 360)
• Crazy Hacks #3: How 3 of Nintendo’s consoles got defeated by everyday-life household items (Wii, 3DS, Nintendo Switch)
• Crazy Hacks #4: When the PS3 was so weak you could even hack it with a Ham and Cheese sandwich (PS3)