Homebrew software was first used on the PlayStation 3 by a group of hackers called "Team Ice." They used a weakness in the game Resistance: Fall of Man to run the software. After other hacks using Linux, Sony updated their system in the 3.21 firmware to stop users from installing another operating system. This change upset hacker groups. Eventually, the group Fail0verflow discovered a problem with how encryption keys were created. They used this flaw to restore the ability to install Linux. George Hotz, sometimes incorrectly called the creator of homebrew on the PS3, later made the first homebrew software signed with a private "metldr" encryption key. He shared the key online, which led Sony to sue him. The case was settled without going to court. Hotz was legally required to stop trying to understand the console's inner workings in the future.

Private key compromised

At the 2010 Chaos Communication Congress (CCC) in Berlin, a group named fail0verflow reported that they had found a way to get around several security features on the PlayStation 3. This allowed software that was not officially approved by Sony to run on the device without needing a special hardware tool called a dongle. They also explained that a mistake in how Sony used a security method called Elliptic Curve DSA (ECDSA) made it possible to find the private key Sony used to sign software. This key was important because it could be used to create software that could run on any PlayStation 3. However, fail0verflow decided not to share the key because it was not needed to run unofficial software. Sharing the key would have allowed anyone to create and run their own software on any PlayStation 3. This would have made it impossible for Sony to update the system to stop unofficial software without also breaking older software, since there would be no way to tell the difference between official and unofficial programs. The public part of the key is built into the PlayStation 3's bootloader, which cannot be changed once a console is sold. This means updates could not fix the issue on existing devices. On January 3, 2011, a person named geohot shared the private key, written in hexadecimal as C5 B2 BF A1 A4 13 DD 16 F2 6D 31 C0 F2 ED 47 20 DC FB 06 70, along with a simple program called "Hello world" for the PS3. On January 12, 2011, Sony Computer Entertainment America filed lawsuits against fail0verflow and geohot for breaking laws related to digital rights and computer access. The case against geohot was resolved in March 2011, with geohot agreeing to stop sharing the key permanently.

Custom firmware (CFW)

To allow users to install custom software using newly discovered encryption keys, several modified versions of system update 3.55 were released by Geohot and others. A common feature in these versions was the addition of an "App Loader," which enabled users to install homebrew apps as signed DLC-like packages. At the time, Backup Managers could run but could not load games until some progress was made by making backups appear like DLC games and signing them. Later, an LV2 patch was released to allow Backup Managers to load game backups. This patch was later included directly in the Backup Managers, so it no longer needed to be run every time the PS3 restarted.

PS3 System Software update 3.56 attempted to fix an exploit in version 3.55, but within a day, the system was bypassed again. This led Sony to release another update, version 3.60, which was secure against such bypasses.

Users who chose not to update could still run games requiring a firmware version above 3.55 by patching them to work on older versions. Soon after version 3.60 was released, updates to the PlayStation Network blocked access for users running firmware older than the required official version (v4.92 as of March 2025). This prevented users who avoided updates from accessing the network.

On existing systems, the update only blocked the ability to install modified firmware using the normal system update process. Because the bootloader cannot be changed, if users found a way to write modified firmware to the console's flash memory, it would still work even if the console was updated to version 3.60 or higher. However, consoles originally shipped with version 3.60 or above used a new bootloader version, which prevented them from booting modified firmware.

A custom firmware called "Rebug," released on March 31, 2011, gave retail PS3s most of the features of debug/developer PS3 units. A week later, tutorials appeared that allowed users to download PlayStation Network content for free using fake credit card numbers. A report on April 12 described hackers using jailbroken firmware to access the dev-PSN and regain access to games like Call of Duty, with reports of cheating. While some sources blamed Rebug for later security issues, Time's "Techland" described these claims as highly speculative.

In late 2017, a tool was released to convert PS3 firmware version 4.82 to custom firmware. In 2020, a new exploit toolset called the Bguerville Toolset (BG Toolset) was released, allowing firmware versions 4.75 to 4.92 to be patched. Sony has repeatedly tried to fix the BG Toolset, but as of June 20, 2024, it remains the main method for installing custom firmware on PlayStation 3. The tool works by modifying the system update process. After installing the patch and restarting the system, users can install custom firmware as a system update, similar to how it was done on firmware 3.55 and below.

In early March 2023, a flash writer for firmware 4.90 was released for the PlayStation 3, requiring a specific firmware to be installed. This method used a web server to host exploit files. This tool was released after the BG Toolset's websites were taken down, along with other jailbreaking sites. The tool was later updated to support firmware version 4.91. While this tool used a different vulnerability as its starting point, it also applied the same system update patch, enabling custom firmware installation through the system update process.

Using one of these methods, as of October 2024, all PlayStation 3 consoles originally shipped with firmware version 3.56 or below can be modified with custom firmware, regardless of the firmware version currently installed.

Homebrew enabler (HEN)

In 2019, a tool named PS3HEN was introduced. It works with all PS3 models and allows consoles that cannot use custom firmware (CFW) to run homebrew software by providing access to a key part of the console's system called the LV2 kernel. Each time the console restarts, PS3HEN must be loaded, but this process only takes a few seconds. When first released, PS3HEN had some problems, but by 2022, it became very reliable. Many homebrew applications, such as multiMAN, now use PS3HEN to check for LV2 kernel access and operate correctly. PS3HEN includes most features found in CFW, making it a good option for later models like the 25xx and 30xx Slim series and all Super Slim models to run homebrew software.

Hypervisor Exploit

In March 2025, a security issue called "BadHTAB" was discovered in the PlayStation 3. This issue uses a method that combines hardware (which must be attached to the console's board using special tools) and software. By causing the console's memory to act unpredictably at a specific time, the method can write any data into a section of the system's core software memory. This allows running code at a very high level of control within the system, even on models that cannot normally install custom software.

As of April 2025, the method works only about 5% to 10% of the time, so it often needs to be used many times to succeed. It is not permanent, meaning it must be repeated after each time the console is turned off and on again. While most custom programs and features are already possible through another method called HEN, this exploit allows copying the system's core memory data and could enable running OtherOS on all PlayStation 3 models.