iLLNESS's PSGrooPIC Hexes and Information Thread

[iLLNESS]

You can now follow my twitter to see what im doing! I'll be posting updates in regards to my releases/etc there.
Follow me @ Twitter

First off and most importantly, a BIG BIG thanks to the people responsible for PSGrooPIC. To follow their work and to find the latest sources/hexes please visit PSGrooPIC. If it wasn't for them, we wouldn't be able to use our retired PIC's or boards sitting around collecting dust. I don't want anyone to feel obligated but they take donations if anyone is interested (Please don't ask for my information for donations I will not take any). Also, I just want to let you know, you are free to use the compiled hexes directly from PSGrooPIC. There is a good chance they will work for you, and no reason why not if you follow their latest schematics and hexes. The only big difference between my hexes and theirs is the LED output. Their LED output is only compatible with their hexes. I have tried to make a single hex work for as many boards as possible so this is why I release them. Maybe in time, the PSGrooPIC team will compile their own hexes that output LED to many pins instead of just one so I don't need to compile anymore.

So secondly, Why am I making this thread? Isn't there enough of these already? Yes, but after having to answer the same questions over and over, and having requests for numerous pic setups I've decided to make a one stop shop for people using my schematic and the bootloader I'm using. I will also try and make it clear to users the different things they can use and still be compatible with my hexes. Also, please refrain from posting random schematics/hexes/etc etc. I'm hoping to keep this thread clear cut with no confusion using as little variables as possible. Thanks again to the people trying to help out I hope you understand.

In this thread you will find:
Schematics
Boot loaders
Latest HEX files I compile for PSGrooPIC

First off, the schematic I personally use. Please view the datasheet for these PIC's here for full pinouts.

The GND/BOOT is the jumper to enter bootloader mode. For my hex it is pins RC6 to GND (pin17 on 28 pin PICs and pin25 on 40 pin PICs).

Oscillator: Just want to make things clear. You can use any frequency resonator you want as long as its divisible by 4 and is between 4 and 48mhz. I use 12mhz because thats what I have laying around. As you see by my schematic, I use a resonator as well. It's simpler and its cheap. You can use a crystal instead, but you need to use 2 capacitors as well with it increasing your board size and the complexity of the circuit. If you do use crystals, you must make sure the crystals connect to the OSC1 and OSC2 legs of the PIC as well the capacitors for this crystal connect to one leg each of the crystal with the other leg to gnd. It will be up to you to figure out which capacitors are needed for your crystal and exactly how to wire that up. You could likely find images on google for this.

Capacitors:
For the capacitor between pins VDD (pin20/32) and VSS (pin19/31), i strongly suggest you match the one i use. It is a decoupling capacitor and should be placed closest to the PIC as possible. "A decoupling capacitor is a capacitor used to decouple one part of an electrical network (circuit) from another. Noise caused by other circuit elements is shunted through the capacitor, reducing the effect they have on the rest of the circuit." This circuit is simple enough that you may get away with not using this capacitor, but I highly recomend it.
For the capacitor between pins VUSB (pin14/18) and VSS (pin8/12) you can use a capacitor between 220nF to 470nF. This capacitor is used to stabalize the the 3.3v from the internal regulator. It is very necessary.

LED/Resistor: I've marked the LED compatible output pins in YELLOW so it's easy to see, as well as added a second type of LED marked in BLUE, RC1. This pin is explained below. Because I'm stubborn and made a few of these boards for friends, for the simplicity of not having to change them or have multiple board types that I personally program I have kept the LED connected to output pin RB5. For your sake and with my HEXes you can use RB1, RB4, RB5 or RC0 for LED output as well as RC1 (only for successful jailbreak. this LED was added for support with users using two LED's on RC0 and RC1). If you have an LED setup you want supported please feel free to reply to this thread with your suggestion. I've only added these because these are the only ones i've seen schematics for. RB5 may not be a good output pin to use if you require LVP to program. I will get into this later. LED size can be whatever you want, and resistance can be whatever works. Most LED's you buy will have all the information you need on the packaging for what you need to find out which resistor you want to use. There is a great site you can check out by clicking the link here to find out which resistor you need for your LED. The source voltage is the voltage coming out of the output pin on the PIC which should be close to 5V. Please match this value as best you can so you don't burn your LED out. The tolerance for your LED should also be stated on the packaging but if its not a good rule of thumb is %5.

USB Connection: I'm not going to dive too deep into this one as its fairly straight forward. But when wiring your USB connector a good site to use would be this one

LVP/RB5: LVP as we all should know stands for Low Voltage Programming. It is a type of interface to initially program your PIC. There are numerous programmers out there the simplest for LVP being the art2003. I will not cover how to build this, but I will tell you you can find a schematic for it here. I personally do not use LVP to program my PIC so have absolutely no experience with LVP. Also, LVP mode shares its toggle with output pin RB5. This is why if you require LVP you CANNOT use RB5 for your LED.
If you do use LVP to program your PIC then its a MUST to use the schematic on the right to build. There is a very good reason for this. When you program a PIC with LVP enabled (aka checkmarked in winpic800) but do not ground the LVP pin using a 10kohm resistor (i have heard 4.7k ohm resistor will work too) the PIC may randomly enter LVP mode (the result is your pic will constantly be recognized then not recognized over usb). A downside to using LVP is if you have LVP disabled (aka unchecked in winpic800) and you require LVP to program, you will lock yourself out of that PIC and will require a different method to flash the PIC with your programmer.

MCLR: If you follow my hexes exactly and do not hold pin1 high, then make sure MCLR is disabled. MCLR is the pin that resets the PIC or enables the PIC. This is commonly used with a switch or button to reset your PIC after you have toggled the bootloader pin. This is not needed at all and is only a luxury. I have not included MCLR in my schematics for simplicity of the build. If for some reason you do want a reset button on your board, simply enable MCLR in your bootloader (checkmark in winpic800) and add a switch between the MCLR pin and 5V (VDD on PIC). A push button can be used if its an always closed/always on pushbutton (aka, the connection is ALWAYS made). Pressing a push button would break the line and cause the PIC to reboot. This item is important because like LVP, if you have it enabled in your bootloader but do not have it wired on your PIC the PIC will randomly reboot causing a major headache to troubleshoot if you don't know about it (i personally spent about 2 days ripping my hair out over this).

Flashing the Bootloader: First, you can find the boot loader i use in the reply below along with the latest hexes or click here (iLLNESS's PSGrooPIC Hexes and Information Thread) if your lazy. I don't want to cover this too much because there are so many different ways to do this as well there are many different board settings. All I will recommend for now is to make sure LVP and MCLR are toggled correctly, and make sure your oscillator is set properly (the divider) to match whatever resonator/crystal frequency your using to build your board. Here is a picture to represent the settings you may or may not need to toggle:


Updating over USB: Using the bootloader I provide, you can update your PIC over USB using a program called PICDEM FS USB Demo Tool. It is provided by Microchip Technology and is an awesome tool. Under Windows 7, when you insert your PIC board while in bootloader mode, Windows 7 will search for the drivers for you and provide a link to download them. I have attached the drivers and programmer here for you but you are free to obtain it wherever you like. One thing that is very important with this is when loading a HEX in this app, make sure to hit cancel if it gives you an error. There's a good reason for this error and why to hit cancel. If you load a hex and it errors it is because the config bits in the HEX your loading and the config bits flashed to your PIC currently for the bootloader DO NOT MATCH. The hex I provided should prevent you from overwriting the config bits and possibly the bootloader but its best to make sure you click cancel. When the hex has loaded, please make sure the data is starting at 0800 as seen below:

The HEX data above that is just the string that allows programs like PDFUSB to recognize where the data goes. Disregard this, this is strictly for people who compile their own HEXes. Also, My HEXes are only compatible with bootloaders smaller then 800bytes (or whatever size it is). If you try and flash my HEXes to a bootloader that is larger then you may run into issues. I may in the future experiment with other bootloaders and possibly make my hexes compatible with these as well I just base all my work around what my PIC's used to be used for: 360 USB SPI Flashers.


Compatible HEXes: Obviously all hexes I use will be compatible in the future as long as you stick to what I've talked about in this thread. If you use my bootloader (or anyone elses bootloader) and flash using the PICDEM program then you will never have to worry. Just follow my guidelines and you won't have a problem.

Compatible PICs: Just about any PIC18F chip is compatible with PSGrooPIC and the bootloader/hex I provide. This includes but is not limited to the PIC18F2455, PIC18F2550, PIC18F4455 and PIC18F4550. Pretty much any PIC18F related to this family. Feel free to try it out on your PIC

Latest HEX Files: The next post is reserved for all the compiled HEX files I make. Please look there in the future for updates after PSGrooPIC releases the sources.

BOOTLOADER SUPPORT
Microchip MCHPUSB Bootloader here: This is the bootloader used as a base for your PIC board. It is needed to update your PIC with the application PICDEM FS USB Demo Tool.

Microchip MCHPHID Bootloader: The same applies as the MCHPUSB bootloader, DO NOT overwrite the config bits (make sure it is unchecked).

There is also a GREAT writeup by skygunner on this forum explaining some other stuff too. I also recommend you follow his first few posts in there to catch anything I miss (he explains how to update using various devices/software). You can find his thread here (PIC PSGrooPIC flashing/DIY guide, FAQ and hex files collections).

If there is anything you feel I should add just message me and I'll do my best to keep things updated.

EDITS:
October 6th 2010 11:21PM; updated schematic for 40pin PIC users.
October 7th 2010 04:04PM; added MCLR info
October 8th 2010 04:47PM; updated LED info. MetalPhreak's schematic with dual LED's is now semi supported. LED on RC0 will blink during activity then turn solid when jailbroken, and LED on RC1 will not blink during activity but turn solid when jailbreak is successful. So two LED's means jailbreak is good Also, updated schematic fixing a misplacement of RC0 as well as adding RC1 to reflect the changes for the two LED setup.
October 15th 2010 04:20PM; sources section added as well as USBHID support added in post 3.

[iLLNESS]

The latest compiles I have made for PICDEM USB Bootloader users are here. Click the firmware revision you are currently running on your PS3 to download the file.

NEWEST HEXES

Generic HEX for Hex File Payload Tool by Maximus
Features:

• None! These hexes do not contain ANY payload. They are only to be used as an 'Acceptor' (Destination) file for the Hex File Payload Tool by Maximus 1.0
• Contains my usual LED outputs for USBHID/PICDEM and P3FREE users
• PICDEM users must drag their output.hex onto the batch file included to properly load in PICDEM FS USB TOOL!
• Each hex is compatible with both Hermes payloads and PL3 payloads. Possibly other payloads too but I have not tested this.
• The source for these hexes can be found here

Due to the recent amount of PSN access requests and hexes I'm going to say USE AT YOUR OWN RISK! I do not develop the payloads I compile, so do not hold me responsible for anything that happens to you or your PS3. Always use any of my hexes at your own risk.

PSGrooPIC-iLLNESS-PL3 All available firmwares for its function. Dev/Default/NUS Payloads
commit: Nov 03 2010-753eade44e2eb9fcf2a5
PSN Access (Debugging Station 0x82) (CECH20A / CECH20B (120GB/250GB Slim) - DYN-001 0x09) + ECO Mod (Firmware 3.50 Spoof) 3.41 ONLY! This also spoofs to be a debugging station, as well it has the 3.50 spoof so you dont need to edit param.sfo or the metadata to get things like netflix or call of duty black ops working.

commit: Nov 03 2010-753eade44e2eb9fcf2a5
PSN Access FW3.15 and 3.41 ONLY!!!! This spoofs your ps3 to be a debugging station to gain access to PSN.

• Based off Kakarotos PL3 Source
• NUS has new no_unauth_syscall: A payload that disables the patch for unauthorized syscalls. This is equivalent to the 'patched mode' of hermes payloads. If you have problems with this NUS PL3 please try using the pkg file located here (PL3 Updated – MOH Now Running Without Need of Game Updates) to fix file permissions so this PL3 can access it.
• dev_payload is like normal default_payload but has peek/poke
• default_payload is recommended for most all users. Use only other payloads if you know what they are for.
• If you are unfamiliar with PL3 payloads, please read around to find out exactly what they are. You can find the commit history here!

PSGrooPIC-iLLNESS Hermes
V4b PSN 3.41 -> 3.50 SPOOF: USE AT YOUR OWN RISK!!! Allows you to login to PSN. This spoofs your PS3 to be a debugging station. This hex also spoofs your PS3 firmware to read 3.50 so you don't need to edit param.sfo or metadata for things like netflix to work. Confirmed working only on netflix.

V4b PSN 3.41: USE AT YOUR OWN RISK!!! Allows you to login to PSN. This spoofs your PS3 to be a debugging station. It DOES NOT spoof your firmware to be 3.50. This feature has not been implemented yet for hermes source.

V4b 3.41:
THIS RELEASE FROM HERMES IS NOW KNOWN TO CAUSE FILE PERMISSION ISSUES WITH CERTAIN GAME UPDATES. SOME GAMES UPDATED USING THIS CAN CAUSE INCOMPATIBILITY WITH BOTH RETAIL MODE (NO JAILBREAK AT ALL) AND KAKAROTO NUS PL3. USE THIS ONLY IF YOU DON'T CARE ABOUT RETAIL MODE.

• Fixed an issue with default port1_config_descriptor.h in hermesv4 source. It was NFG.
• Same features as official HermesV4b release for PSGroove.
• This supports Syscall36 so older managers work.
• Mounts games to dev_bdvd (for games that require a disc to play)
• Mounts games to app_home (for games that do not need a disc to play)
• Allow all previous games that booted to use game updates (will install with no issue when prompted to update)
• Compatible with your purchased games or using any loader/homebrew. DOES NOT require any 3rd party application to allow retail updates to work.

iLLNESS-XOEO 3.15/3.41 ONLY:

Xoeo on the a9vg forum has decided to share his own custom version of the PL3 payload to the community. According to him, this payload has the following features:

• Based on the PL3 code structure, but contains implementation of Hermes for increased stability.
• Allows playing of PS1/PS2 games in JB mode
• Enables Life with Playstation in JB Mode
• PSN Access (Different implementation from what's out there right now)
• 3.50 Spoof
• Fixed the bug of Linux menu disappearing under XMB
• 3.41 support added thanks to evilsperm/cyberskunk. 3.41 based off commit a541147d1fb3198574b9. please report any issues with compatibility when using 3.41 to the this thread http://psx-scene.com/forums/f165/ce-...payload-70896/

OUTDATED HEXES:

PSGrooPIC-iLLNESS-PL3 All available firmwares for its function. Dev/Default/NUS Payloads
commit: Nov 03 2010-753eade44e2eb9fcf2a5
Fix USBRegisterDriver offset for FW 3.15 (2.76 users, this hex does not work. I'm aware of the issue, sorry for not posting it sooner)

commit: Oct 31 2010-d60cc7da54cc1be1a9be
copy_from_user and copy_to_user and some ident. (2.76 users, this hex does not work. I'm aware of the issue, sorry for not posting it sooner)

• Based off Kakarotos PL3 Source
• NUS has new no_unauth_syscall: A payload that disables the patch for unauthorized syscalls. This is equivalent to the 'patched mode' of hermes payloads. If you have problems with this NUS PL3 please try using the pkg file located here (PL3 Updated – MOH Now Running Without Need of Game Updates) to fix file permissions so this PL3 can access it.
• dev_payload is like normal default_payload but has peek/poke
• default_payload is recommended for most all users. Use only other payloads if you know what they are for.
• If you are unfamiliar with PL3 payloads, please read around to find out exactly what they are. You can find the commit history here!

EDITS:
October 7th 2010 04:47PM; added PSGrooPIC1.6c hexes.
October 8th 2010 04:42PM; updated PSGrooPIC 1.6c and 1.7a hexes to enable LED output on C0 upon successful jailbreak.
October 9th 2010 11:16AM; added PSGrooPIC 1.6d. Moved 1.7a to older hexes due to 1.6d having all features of 1.7a and then some.
October 11th 2010 02:20PM; added latest PSGroove port based off commit 23b36aff5c66c584db43
October 14th 2010 07:25PM; added the latest hex. full featured to date. no PSGrooPIC source released for this *yet*. Removed 'outdated' hex links. There was no need to have the clog up the attachments since there was no advantage to using the old hexes anymore.
October 17th 2010 06:30PM; added my 1.0b hex.
October 23rd 2010 04:45PM; added iLLNESS 1.0c
October 23rd 2010 07:25PM; updated iLLNESS 1.0c uses no_unauth_syscall now.

[iLLNESS]

The latest compiles I have made for USBHID Bootloader Users are here. Click the firmware revision you are currently running on your PS3 to download the file.


NEWEST HEXES

Generic HEX for Hex File Payload Tool by Maximus
Features:

• None! These hexes do not contain ANY payload. They are only to be used as an 'Acceptor' (Destination) file for the Hex File Payload Tool by Maximus 1.0
• Contains my usual LED outputs for USBHID/PICDEM and P3FREE users
• PICDEM users must drag their output.hex onto the batch file included to properly load in PICDEM FS USB TOOL!
• Each hex is compatible with both Hermes payloads and PL3 payloads. Possibly other payloads too but I have not tested this.
• The source for these hexes can be found here

Due to the recent amount of PSN access requests and hexes I'm going to say USE AT YOUR OWN RISK! I do not develop the payloads I compile, so do not hold me responsible for anything that happens to you or your PS3. Always use any of my hexes at your own risk.

PSGrooPIC-iLLNESS-PL3 All available firmwares for its function. Dev/Default/NUS Payloads
commit: Nov 03 2010-753eade44e2eb9fcf2a5
PSN Access (Debugging Station 0x82) (CECH20A / CECH20B (120GB/250GB Slim) - DYN-001 0x09)+ ECO Mod (Firmware 3.50 Spoof) 3.41 ONLY! This also spoofs to be a debugging station, as well it has the 3.50 spoof so you dont need to edit param.sfo or the metadata to get things like netflix or call of duty black ops working.

commit: Nov 03 2010-753eade44e2eb9fcf2a5
PSN Access (Debugging Station 0x82). This spoofs your ps3 to be a debugging station to gain access to PSN.

• Based off Kakarotos PL3 Source
• NUS has new no_unauth_syscall: A payload that disables the patch for unauthorized syscalls. This is equivalent to the 'patched mode' of hermes payloads. If you have problems with this NUS PL3 please try using the pkg file located here (PL3 Updated – MOH Now Running Without Need of Game Updates) to fix file permissions so this PL3 can access it.
• dev_payload is like normal default_payload but has peek/poke
• default_payload is recommended for most all users. Use only other payloads if you know what they are for.
• If you are unfamiliar with PL3 payloads, please read around to find out exactly what they are. You can find the commit history here!

PSGrooPIC-iLLNESS Hermes
V4b PSN 3.41 -> 3.50 SPOOF: USE AT YOUR OWN RISK!!! Allows you to login to PSN. This spoofs your PS3 to be a debugging station. This hex also spoofs your PS3 firmware to read 3.50 so you don't need to edit param.sfo or metadata for things like netflix to work. Confirmed working only on netflix.

V4b PSN 3.41: USE AT YOUR OWN RISK!!! Allows you to login to PSN. This spoofs your PS3 to be a debugging station. It DOES NOT spoof your firmware to be 3.50. This feature has not been implemented yet for hermes source.

V4b 3.41:
THIS RELEASE FROM HERMES IS NOW KNOWN TO CAUSE FILE PERMISSION ISSUES WITH CERTAIN GAME UPDATES. SOME GAMES UPDATED USING THIS CAN CAUSE INCOMPATIBILITY WITH BOTH RETAIL MODE (NO JAILBREAK AT ALL) AND KAKAROTO NUS PL3. USE THIS ONLY IF YOU DON'T CARE ABOUT RETAIL MODE.

• Fixed an issue with default port1_config_descriptor.h in hermesv4 source. It was NFG.
• Same features as official HermesV4b release for PSGroove.
• This supports Syscall36 so older managers work.
• Mounts games to dev_bdvd (for games that require a disc to play)
• Mounts games to app_home (for games that do not need a disc to play)
• Allow all previous games that booted to use game updates (will install with no issue when prompted to update)
• Compatible with your purchased games or using any loader/homebrew. DOES NOT require any 3rd party application to allow retail updates to work.

iLLNESS-XOEO 3.15/3.41 ONLY:

Xoeo on the a9vg forum has decided to share his own custom version of the PL3 payload to the community. According to him, this payload has the following features:

• Based on the PL3 code structure, but contains implementation of Hermes for increased stability.
• Allows playing of PS1/PS2 games in JB mode
• Enables Life with Playstation in JB Mode
• PSN Access (Different implementation from what's out there right now)
• 3.50 Spoof
• Fixed the bug of Linux menu disappearing under XMB
• 3.41 support added thanks to evilsperm/cyberskunk. 3.41 based off commit a541147d1fb3198574b9. please report any issues with compatibility when using 3.41 to the this thread http://psx-scene.com/forums/f165/ce-...payload-70896/

OUTDATED HEXES

PSGrooPIC-iLLNESS-PL3 All available firmwares for its function. Dev/Default/NUS Payloads
commit: Nov 03 2010-753eade44e2eb9fcf2a5
Fix USBRegisterDriver offset for FW 3.15 (2.76 users, this hex does not work. I'm aware of the issue, sorry for not posting it sooner)
commit: Oct 31 2010-d60cc7da54cc1be1a9be
copy_from_user and copy_to_user and some ident. (2.76 users, this hex does not work. I'm aware of the issue, sorry for not posting it sooner)

• Based off Kakarotos PL3 Source
• NUS has new no_unauth_syscall: A payload that disables the patch for unauthorized syscalls. This is equivalent to the 'patched mode' of hermes payloads. If you have problems with this NUS PL3 please try using the pkg file located here (PL3 Updated – MOH Now Running Without Need of Game Updates) to fix file permissions so this PL3 can access it.
• dev_payload is like normal default_payload but has peek/poke
• default_payload is recommended for most all users. Use only other payloads if you know what they are for.
• If you are unfamiliar with PL3 payloads, please read around to find out exactly what they are. You can find the commit history here!

October 14th 2010 07:25PM; added the latest hex 1.0a. full featured to date. no PSGrooPIC source released for this *yet*.
October 17th 2010 06:30PM; added my 1.0b hex.
October 18th 2010 05:10PM; updated hermesv4 source. it is now fixed.
October 23rd 2010 04:40PM; added iLLNESS 1.0c
October 23rd 2010 07:20PM; updated iLLNESS 1.0c to use no unauth syscall

[iLLNESS]

P3Free HEXES

After receiving a sample of the P3FREE PIC based jailbreak device, I am now fully supporting the device. You can find hexes compatible with this device below. These hexes will have activity on the RED LED with jailbreak success on the GREEN LED (RED LED turns off). An unsuccessful jailbreak will result with both LED's being off.

LATEST HEXES

Generic HEX for Hex File Payload Tool by Maximus
Features:

• None! These hexes do not contain ANY payload. They are only to be used as an 'Acceptor' (Destination) file for the Hex File Payload Tool by Maximus 1.0
• Contains my usual LED outputs for USBHID/PICDEM and P3FREE users
• PICDEM users must drag their output.hex onto the batch file included to properly load in PICDEM FS USB TOOL!
• Each hex is compatible with both Hermes payloads and PL3 payloads. Possibly other payloads too but I have not tested this.
• The source for these hexes can be found here

Due to the recent amount of PSN access requests and hexes I'm going to say USE AT YOUR OWN RISK! I do not develop the payloads I compile, so do not hold me responsible for anything that happens to you or your PS3. Always use any of my hexes at your own risk.

PSGrooPIC-iLLNESS-PL3 All available firmwares for its function. Dev/Default/NUS Payloads
commit: Nov 03 2010-753eade44e2eb9fcf2a5
PSN Access (Debugging Station 0x82) (CECH20A / CECH20B (120GB/250GB Slim) - DYN-001 0x09)+ ECO Mod (Firmware 3.50 Spoof) 3.41 ONLY! This also spoofs to be a debugging station, as well it has the 3.50 spoof so you dont need to edit param.sfo or the metadata to get things like netflix or call of duty black ops working.

commit: Nov 03 2010-753eade44e2eb9fcf2a5
PSN Access + Fix USBRegisterDriver offset for FW 3.15. This spoofs your ps3 to be a debugging station to gain access to PSN.

• Based off Kakarotos PL3 Source
• NUS has new no_unauth_syscall: A payload that disables the patch for unauthorized syscalls. This is equivalent to the 'patched mode' of hermes payloads. If you have problems with this NUS PL3 please try using the pkg file located here (PL3 Updated – MOH Now Running Without Need of Game Updates) to fix file permissions so this PL3 can access it.
• dev_payload is like normal default_payload but has peek/poke
• default_payload is recommended for most all users. Use only other payloads if you know what they are for.
• If you are unfamiliar with PL3 payloads, please read around to find out exactly what they are. You can find the commit history here!

P3Free-iLLNESS Hermes
V4b PSN 3.41 -> 3.50 SPOOF: USE AT YOUR OWN RISK!!! Allows you to login to PSN. This spoofs your PS3 to be a debugging station. This hex also spoofs your PS3 firmware to read 3.50 so you don't need to edit param.sfo or metadata for things like netflix to work. Confirmed working only on netflix.

V4b PSN 3.41: USE AT YOUR OWN RISK!!! Allows you to login to PSN. This spoofs your PS3 to be a debugging station. It DOES NOT spoof your firmware to be 3.50. This feature has not been implemented yet for hermes source.

V4b 3.41:
THIS RELEASE FROM HERMES IS NOW KNOWN TO CAUSE FILE PERMISSION ISSUES WITH CERTAIN GAME UPDATES. SOME GAMES UPDATED USING THIS CAN CAUSE INCOMPATIBILITY WITH BOTH RETAIL MODE (NO JAILBREAK AT ALL) AND KAKAROTO NUS PL3. USE THIS ONLY IF YOU DON'T CARE ABOUT RETAIL MODE.

• Fixed an issue with default port1_config_descriptor.h in hermesv4 source. It was NFG.
• Same features as official HermesV4b release for PSGroove.
• This supports Syscall36 so older managers work.
• Mounts games to dev_bdvd (for games that require a disc to play)
• Mounts games to app_home (for games that do not need a disc to play)
• Allow all previous games that booted to use game updates (will install with no issue when prompted to update)
• Compatible with your purchased games or using any loader/homebrew. DOES NOT require any 3rd party application to allow retail updates to work.

iLLNESS-XOEO 3.15/3.41 ONLY:

Xoeo on the a9vg forum has decided to share his own custom version of the PL3 payload to the community. According to him, this payload has the following features:

• Based on the PL3 code structure, but contains implementation of Hermes for increased stability.
• Allows playing of PS1/PS2 games in JB mode
• Enables Life with Playstation in JB Mode
• PSN Access (Different implementation from what's out there right now)
• 3.50 Spoof
• Fixed the bug of Linux menu disappearing under XMB
• 3.41 support added thanks to evilsperm/cyberskunk. 3.41 based off commit a541147d1fb3198574b9. please report any issues with compatibility when using 3.41 to the this thread http://psx-scene.com/forums/f165/ce-...payload-70896/

OUTDATED HEXES

PSGrooPIC-iLLNESS-PL3 All available firmwares. Dev/Default/NUS Payloads

commit: Nov 03 2010-753eade44e2eb9fcf2a5
Fix USBRegisterDriver offset for FW 3.15 (2.76 users, this hex does not work. I'm aware of the issue, sorry for not posting it sooner)
commit: Oct 31 2010-d60cc7da54cc1be1a9be
copy_from_user and copy_to_user and some ident. (2.76 users, this hex does not work. I'm aware of the issue, sorry for not posting it sooner)

• Based off Kakarotos PL3 Source
• NUS has new no_unauth_syscall: A payload that disables the patch for unauthorized syscalls. This is equivalent to the 'patched mode' of hermes payloads. If you have problems with this NUS PL3 please try using the pkg file located here (PL3 Updated – MOH Now Running Without Need of Game Updates) to fix file permissions so this PL3 can access it.
• dev_payload is like normal default_payload but has peek/poke
• default_payload is recommended for most all users. Use only other payloads if you know what they are for.
• If you are unfamiliar with PL3 payloads, please read around to find out exactly what they are. You can find the commit history here!

Updates:
October 23rd 2010 07:15PM; updated my 1.0c release. no uses proper syscall.

[iLLNESS]

Custom Sources

Here you will find sources which I have deemed good enough to post. You will not find PSGrooPIC sources here, get them from their blog. You will only find sources that are not provided by PSGrooPIC themselves. If PSGrooPIC does release a source that is similar to one here, it will be removed to keep things clean.

Thanks to Noltari and his great work, I can now supply a service mode source with my usual LED settings/etc. His work is great and we should all appreciate his hard work. You can find his source codes here.

Custom PSGradePIC (Noltari) Source by iLLNESS 1.3:

• Same as my 1.2 source except a single tweak:
  

  if(WaitJig) {
  int n = 0;
  if(WaitJig == 1) {
  if(usb_kbhit(2)) {
  Chirp();
  
  usb_get_packet(2, jig_response + nJigs * 8, 8);
  delay_us(18000);
  nJigs++;

• %100 success on both PHAT and SLIM models, both models turn off now after successful payload where as before SLIM would not.
• The bold line in the code is the only thing changed from 1.2 to 1.3
• delay_us can be set much much longer. my released hexes use 100000 for compatibility with users using extension cables.

Custom PSGradePIC (Noltari) Source by iLLNESS 1.2:

• Same as my 1.1 source except a few tweaks:
  

  if(WaitJig) {
  int n = 0; //Re-added this, it used to give compile errors but no longer does
  if(WaitJig == 1) {
  if(usb_kbhit(2)) {
  Chirp();
  
  usb_get_packet(2, jig_response + nJigs * 8, 8);
  delay_us(25); // ADDED THIS DELAY
  nJigs++;

• Thanks to sam23 for the initial heads up, and releva for forcing me to re-attempt this fix
• the delay_us(25) can be changed. I have tried 50, and 100. If you have some issues you could try playing with this delay

Custom PSGradePIC (Noltari) Source by iLLNESS 1.1:

• Based off Noltari PSGradePIC source commit 5e05446b93260774a30d
• Includes the port back to PS3Break code and fixed port1 (hub) descriptor.
• Modified source to be more user friendly for GUI compilers.
• LED settings moved to external file in the folder boards. Please view the headers in this folder to get a good idea on how the LED settings work.
• I was unable to toggle LED's that were previously on to the off position for success. Perhaps if someone who is better with PIC compiling could fill me on after looking at my source why i'm having this issue.
• No changes to the payload/etc made. This should function the exact same as Noltari's source except for LED settings/etc.

PSGrooPIC-iLLNESS PL3:
Still based off PSGrooPIC 1.6d, heavily modified.
PSN PL3 + 3.50 HEADERS:
Very similar to my original PL3 source except precompiled headers included with proper PSN security bypass (sets model to debugging station). I've included the 3.41 headers that also spoof to 3.50 as a separate file.

I'm not going into too much detail on what this is or what it does because I expect the features of PL3 to change in the future. I will say it is setup to be compatible with the 3 types of hexes I release both compiling manually and compiling with batch files. Please read the readme.txt inside the file for some more details.
This is not the cleanest source ever, but it looks to be a little better then the source from the PSGrooPIC blog. I'm not bashing their source at all I just prefer the source I've made. For a really nice source take a look at https://github.com/Noltari/PSGrooPIC. Only issue with this source is its for USBHID users only
Again, props to the originals, PSGrooPIC! Without your source to begin with, who knows where PIC users would be right now.
Feel free to distribute this source all you want. Just make sure you remember to mention where you got it from.
Please look through the header files in this source to get a feel for how its setup!

iLLNESS PSGrooPIC HermesV4-FIXED
HermesV4b PSN+ 3.50fw spoof usb_desc.h: Same as PSN PL3 except with hermes payload. usb_desc.h attached as a separate link with 3.50 fw spoof (eco mod).

THIS RELEASE FROM HERMES IS NOW KNOWN TO CAUSE FILE PERMISSION ISSUES WITH CERTAIN GAME UPDATES. SOME GAMES UPDATED USING THIS CAN CAUSE INCOMPATIBILITY WITH BOTH RETAIL MODE (NO JAILBREAK AT ALL) AND KAKAROTO NUS PL3. USE THIS ONLY IF YOU DON'T CARE ABOUT RETAIL MODE.

• A port from HermesV4 to PSGrooPIC 1.5 (it is the same as hermesv4b)
• default hermesv4 port1_config_descriptor.h was bad/needed recompile
• Source moved to PSGrooPIC 1.5 base for simplicity. All hermes releases should be compatible with this source by simply copying and pasting descriptor.
• this is about as basic as the ports get

iLLNESS-XOEO 3.15/3.41 ONLY:

default_payload_3_xx.h files included for 3.15 and 3.41. 3.15 compiled from xoeo's original source and 3.41 come from evilsperm/cyberskunk port to 3.41 from xoeos 3.15 source. Use these headers with my PSNPL3 source or any other PL3 compatible PIC source.

Xoeo on the a9vg forum has decided to share his own custom version of the PL3 payload to the community. According to him, this payload has the following features:

• Based on the PL3 code structure, but contains implementation of Hermes for increased stability.
• Allows playing of PS1/PS2 games in JB mode
• Enables Life with Playstation in JB Mode
• PSN Access (Different implementation from what's out there right now)
• 3.50 Spoof
• Fixed the bug of Linux menu disappearing under XMB
• 3.41 support added thanks to evilsperm/cyberskunk. 3.41 based off commit a541147d1fb3198574b9. please report any issues with compatibility when using 3.41 to the this thread http://psx-scene.com/forums/f165/ce-...payload-70896/

Generic Source for Hex File Payload Tool by Maximus
Features:

• None! This source does not contain ANY payload. It is only to be used as an 'Acceptor' (Destination) file for the Hex File Payload Tool by Maximus 1.0
• Contains my usual LED outputs for USBHID/PICDEM and P3FREE users
• PICDEM users must drag their output.hex onto the batch file included to properly load in PICDEM FS USB TOOL!
• This source is compatible with both Hermes payloads and PL3 payloads. Possibly other payloads too but I have not tested this.
• There is no need to edit usb_desc.h at all. Only edit the main.c to add your board settings or change bootloader. Please checkout the header files in the folder boards to see how LED settings can be changed to match your board.

OUTDATED SOURCES

Custom PSGradePIC (Noltari) Source by iLLNESS 1.0:

• Based off Noltari PSGradePIC source commit e75e2ad0f741c8c723f5
• Modified source to be more user friendly for GUI compilers.
• LED settings moved to external file in the folder boards. Please view the headers in this folder to get a good idea on how the LED settings work.
• I was unable to toggle LED's that were previously on to the off position for success. Perhaps if someone who is better with PIC compiling could fill me on after looking at my source why i'm having this issue.
• No changes to the payload/etc made. This should function the exact same as Noltari's source except for LED settings/etc.

Updates:
October 19th 2010 05:40AM; updated 1.0b source. should be easier for users to update to new PL3 payloads.
October 23rd 2010 04:55PM; added iLLNESS 1.0c source
November 2nd 2010 08:45PM; added my latest PL3 source. Removed old outdated source due to there being no need to have them anymore.

[iLLNESS]

SERVICE MODE HEXES


All zip files in this section will contain all hexes I make. There will be no separate links for USBHID/PICDEM/P3FREE.

EDIT: It has come to my attention some users are having issues flashing the USBHID hex with Microchip USB HID Bootloader 2.x apps. I am unsure of why, and did not notice this as I use a different app. Please try using this app to flash the hex.

Thanks to Noltari and his great work, I can now supply service mode hexes with my usual LED settings/etc. His work is great and we should all appreciate his hard work. You can find his source codes here.

iLLNESS-PSGradePIC 1.3:

• Same as my 1.2 Hexes except for a few minor tweaks
• Service mode entry should be %100 now.
• Fixes the issue with some SLIM models not turning off after success
• All PS3 models should now turn off shortly after the payload was successful. Remove the dongle once PS3 is off and turn on the PS3 normally (power only, no eject). You should now be in service mode
• LED's should blink and turn solid after a successful payload. They will turn off completely afterwards due to the PS3 turning off.
• Hopefully this will be my last PSGradePIC release!
• Delay set to 100 000 to increase compatibility with users using extension cables. Thanks to sam23 for the input.

iLLNESS-PSGradePIC 1.2:

• Same as my 1.1 Hexes except for a few minor tweaks
• Service mode entry should be %100 now.
• For some PS3's (mostly SLIM) it is necessary after you boot with the dongle to manually turn off the PS3 (if it doesnt automatically) then turn it back on normally to enter service mode. (Tested on a CECH-2501B slim)
• Please comment on your success rate in this thread.

iLLNESS-PSGradePIC 1.1:

• Based off Noltari PSGradePIC source commit 5e05446b93260774a30d
• Includes the port back to PS3Break code and fixed port1 (hub) descriptor.
• Modified source to be more user friendly for GUI compilers.
• LED settings moved to external file in the folder boards. Please view the headers in this folder to get a good idea on how the LED settings work.
• I was unable to toggle LED's that were previously on to the off position for success. Perhaps if someone who is better with PIC compiling could fill me on after looking at my source why i'm having this issue.
• No changes to the payload/etc made. This should function the exact same as Noltari's source except for LED settings/etc.

iLLNESS-PSGradePIC 1.0:

• Based off Noltari PSGradePIC source commit e75e2ad0f741c8c723f5
• LED settings changed to reflect my usual board settings
• 4LED1 has LED's on RB1 RB4 RB5 and RC0 blink during activity and turn solid when payload was a success. RC1 also turns solid when there is success but is not active during activity.
• P3FREE hex uses RB1 for activity and turns solid for jailbreak. RA1 is not used for activity but turns solid for jailbreak. (Had troubles turning RB1 OFF for success, so it is not like my usual P3FREE hexes. Both LED's will be solid ON when successful)
• No other changes made to source/payload.

When entering service mode, if the payload is successful your PS3 will shut off on its own with nothing on screen. You can now remove your dongle and press power to turn on your ps3 again. You should now be in service mode.

DISCLAIMER:
PLEASE read the thread here (WARNING! RED ALERT! DOWNGRADING KILLS BLU-RAY MOVIE PLAYBACK!) about issues that can happen while using the downgrader on your PS3. I recommend you downgrade to 3.15 firmware from 3.42/3.50 and NOT to any 3.41 firmware unless it is a legit sony firmware (DO NOT USE THE PS3UPDAT.PUP FROM DOWNGRADE PACKAGES, IT IS KNOWN TO CAUSE ISSUES WITH BLURAY MOVIE PLAYBACK). I recommend 3.15 because I know personally you can downgrade to it from 3.50 and some have issues downgrading to 3.41.
Once downgraded to 3.15, do not use the service mode to upgrade to any other firmware, instead put the pup in PS3/UPDATE on a usb stick and use the built in upgrade function in the PS3 menu. Please read the various threads/guides on how to use the service mode properly. Please try to avoid using this thread as a thread for service mode troubles.


i am not responsible for the legalities of any files found in this thread. What you do with them is your own issue. do not try to hold me responsible. by downloading any of the files i have linked in this thread you acknowledge that you are fully responsible for the use of the files and will not use them for any purpose that is against the law.

[KoukiMonster]

Awsome work! thanks and post has been bookmarked

[keropi666]

awesome tutorial, many thanks for this!!!

[WwDesi]

i wish there was a thanks button this is going to be bookmarked for sure great wk bro...

[itajackass]

only one little question:
in your schematics pin 1 (MCLR) have no 10k connected to VCC... for flashing bootloader, i need MCLRE checked (like pictures) or UNchecked on winpic800?!