Update - Exclusive - Full QA Flagging Method and Tools Revealed - Button Combo, Token, and Tutorial

Published on 06-21-2011 08:00 PM

68 Comments

A few weeks ago, several steps were revealed in the process of unlocking a special Quality Assurance (QA) mode on your PS3 console. The special mode is typically only meant for official Sony testers. Unfortunately, the steps revealed were only part of the process. Developers were scrambling to figure out the button combo that unlocked the special QA mode. In addition, developers still needed to figure out what to change in the QA dummy token. These two mysteries prevented developers from unlocking the mode.

Attachment 1316

Today however, the Quality Assurance mystery comes to an end. An anonymous and reputable source exclusively revealed to us the two remaining steps. The secret button combination that unlocks the hidden QA mode was revealed to us as being L1+L2+L3+R1+R2+dpad down. Furthermore, the anonymous source told us that users need to change byte 48 of the token seed to 0x02.

Combining this new information with the previously released QA information, developers have everything they need to unlock the mode. Please note, this is not to be attempted by beginners. However, with all of the information revealed here, developers will be able to create an application or custom firmware that automates the QA process.

Information courtesy of anonymous source:

Change byte 48 of the token seed to 0x02, hash it, encrypt it, write it to eeprom and flag yourself. Button combo is L1+L2+L3+R1+R2+dpad down. Only works on retail firmware.

By byte 48, I mean the 48th byte. Note that in programming the array of the token seed begins with index 0. So the 48th byte would be seed[47];

this info is more than enough to get someone to make an app.

Previously released information regarding QA Mode:

Code:

erk: 0x34, 0x18, 0x12, 0x37, 0x62, 0x91, 0x37, 0x1C, 0x8B, 0xC7, 0x56,   0xFF, 0xFC, 0x61, 0x15, 0x25, 0x40, 0x3F, 0x95, 0xA8, 0xEF, 0x9D, 0x0C,   0x99, 0x64, 0x82, 0xEE, 0xC2, 0x16, 0xB5, 0x62, 0xED

iv: 0xE8, 0x66, 0x3A, 0x69, 0xCD, 0x1A, 0x5C, 0x45, 0x4A, 0x76, 0x1E, 0x72, 0x8C, 0x7C, 0x25, 0x4E

hmac: 0xCC, 0x30, 0xC4, 0x22, 0x91, 0x13, 0xDB, 0x25, 0x73, 0x35, 0x53,   0xAF, 0xD0, 0x6E, 0x87, 0x62, 0xB3, 0x72, 0x9D, 0x9E, 0xFA, 0xA6, 0xD5,   0xF3, 0x5A, 0x6F, 0x58, 0xBF, 0x38, 0xFF, 0x8B, 0x5F,0x58, 0xA2, 0x5B,   0xD9, 0xC9, 0xB5, 0x0B, 0x01, 0xD1, 0xAB, 0x40, 0x28, 0x67, 0x69,  0x68,  0xEA, 0xC7, 0xF8, 0x88, 0x33, 0xB6, 0x62, 0x93, 0x5D, 0x75, 0x06,  0xA6,  0xB5, 0xE0, 0xF9, 0xD9, 0x7A

*runs away before the lawsuits come flooding in*

hmac to make the 20 byte digest at the end of the token and erk/iv to decrypt/encrypt it with aes256cbc.

2 more steps to go. Need the button combo and what to change in the dummy token.

Update - Tutorial and Tools via coderslynk.blogspot.com:

There are many methods to accomplish qa and I'm too lazy to document them all so I'll tell you one way. Linux.

PS3
Step 1) Install OtherOS++, install linux, make sure to enable the ps3 modules when compiling the kernel.

Step 2) Download, and compile the ps3dm utils

PC
Step 3) Download my tokenator

PS3
Step 4) Dump your eid by running ./ps3dm_iim /dev/ps3dmproxy get_data 0x0>dump

Step 5) Set your flag by running ./ps3dm_um /dev/ps3dmproxy write_eprom 0x48C0A 0x00

PC
Step 6) Open your dump in a hex editor and type in the first 16 bytes into tokenator

PS3
Step 7) Run the script it spits out

PS3 Step 8) Restart your ps3. Go to the Network Settings options and press L1 + L2 + L3 + R1 + R2 + D-Pad Down

Have fun. It doesn't work on rebug yet. There are other flags to set for debug firmwares and rebug is pseudo debug.

Share
- Share this post on
- Digg
- Del.icio.us
- Technorati
- Twitter

Categories:

68 Comments

happyface-PSG - 06-21-2011, 09:13 PM
- Reply
OOOHHHH snap!............................

Hollywood - 06-21-2011, 09:18 PM
- Reply
So Math wasn't talking out of his *** if this is accurate? Just a matter of it not being released, at least "someone" did.

grandy - 06-21-2011, 09:18 PM
- Reply
Of course it's accurate, when have I let you guys down before?

cloud41269-PSG - 06-21-2011, 09:20 PM
- Reply
from what i read ages ago all you needed was the button combo on untouched firmware, so i guess Math modified 3.55 and then upgraded. Id rather be on 3.56 or 3.60 and be able to just button combo.

heyyoudienow - 06-21-2011, 09:34 PM
- Reply
this is how we going to get the keyssome one make how to for dummys please youtube works

cothdor - 06-21-2011, 09:37 PM
- Reply
Wow talk about big news. I'm on 3.55, but this can potentially help a lot of people.. Or I think it can?

You guys think this would be possible to do on a 3.60/5 console without the need of opening the PS3 or doing anything overly complicated, for those people who just recently bought a PS3 or just only heard it is hacked?

MadnessImport - 06-21-2011, 10:37 PM
- Reply
I thought Mathieulh meant the combo was put in with the D-pad or analog stick...I still don't get the difference between Sixaxis and DS3

ALSO how did he do this with one hand in that video?

Whitty-PSG - 06-21-2011, 11:14 PM
- Reply
Finally, some serious news. This is nice. Will be even better if a dev can create an app to automate it like the post suggests... Ill be waiting.

Has it been 100% confirmed that once you QA Flag a console, it will remain that way after updating to 3.60/5? Im really hoping this could be the answer to our new game woes.

boogalooshrimp74 - 06-22-2011, 12:33 AM
- Reply
I say **** Math, and his pompous attitude. Why even bother telling everyone you can or know how to do something, then not tell how to do it??? OH yeah, I was in the 3rd grade once too. Either Math is still in the 3rd grade or he just likes acting like his is. So I say go **** yourself, the PS3 world will be better off without your sorry ***.

gsharpshooter80 - 06-22-2011, 12:50 AM
- Reply
Originally Posted by boogalooshrimp74

I say **** Math, and his pompous attitude. Why even bother telling everyone you can or know how to do something, then not tell how to do it??? OH yeah, I was in the 3rd grade once too. Either Math is still in the 3rd grade or he just likes acting like his is. So I say go **** yourself, the PS3 world will be better off without your sorry ***.

Dude we don't need you either, wtf have you contributed besides a useless comment, whether its coming from Geohot, Math, Graf, I don't give a fu*k who it is, you owe your thanks if your running a CFW, many got sued/or close for helping us and we are so freaken lucky to still have this guy at least giving us hints or help while the need to protect his wanted a$$ from b!tcha$$ Sony.

Obid - 06-22-2011, 12:56 AM
- Reply
son of a *****!it doesn't work on 3.60!noooooo!wtf?i thought it's will be the thing that can help me,nooooooooooooooooooooooo!

MadnessImport - 06-22-2011, 12:57 AM
- Reply
Everyone took his hinting as teasing

He hint

Someone ask a question about what he actually meant dealing with the hint or important work

He ignores replies and gives in to trolls

lol the trolls weren't being banned either...funny stuff

Hollywood - 06-22-2011, 01:02 AM
- Reply
Originally Posted by grandy

Of course it's accurate, when have I let you guys down before?

Lol, sorry, wasn't questioning you. I meant if it was the same thing Math was saying was possible, and eluding how to do a while ago. Also if we can do the same things with it that he originally said.

SonicASD-PSG - 06-22-2011, 01:20 AM
- Reply
Still nothing on FW 3.6x huh? Well the scene is won't be progressing any further I guess...

boogalooshrimp74 - 06-22-2011, 01:58 AM
- Reply
Originally Posted by gsharpshooter80

Dude we don't need you either, wtf have you contributed besides a useless comment, whether its coming from Geohot, Math, Graf, I don't give a fu*k who it is, you owe your thanks if your running a CFW, many got sued/or close for helping us and we are so freaken lucky to still have this guy at least giving us hints or help while the need to protect his wanted a$$ from b!tcha$$ Sony.

Speaking of contributing.. WTF did you do? Let me guess about as much as I have. So you can go **** yourself as well. As for the people whom did contribute I give thanks, for what they gave us, not what the said they could do, and rub it in our faces. I am sure that they new the risks when publishing this info. So if you can't stand the heat... Get out of the........

terminus - 06-22-2011, 02:34 AM
- Reply
This may be a long shot of a question but, will this be useful for users who suffer from the RSOD? I have a console that I am able to get in/out of service mode, downgrade successfully (according to the log) but still end up with the RSOD. Lowest FW I can downgrade to is 2.50 if that's any help.

cybersau - 06-22-2011, 02:48 AM
- Reply
OH MY GOSH! OH MY GOSH! OH MY GOSH! OH MY GOSH! finally! something new from the scene!

Whitty-PSG - 06-22-2011, 02:52 AM
- Reply
Originally Posted by SonicASD

Still nothing on FW 3.6x huh? Well the scene is won't be progressing any further I guess...

-1.

Very tired of seeing posts like this... and posts like im about to make.

The scenes not dead. If it was, you wouldnt have this news piece here to comment on to begin with. Theres more to the scene than FWs. And if/when a 3.60+ CFW comes out, or ability for 3.55 to play all the new games somehow... we'll love it, and laugh at people like you.

I wasnt even here for the 3.41 period... but they were saying the same thing you are now. HAVE PATIENCE PEOPLE. A SCENES NOT DEAD JUST BECAUSE A NEW FWs NOT OUT EVERY MONTH.

Take advancements like this... OtherOS, DOS, random homebrews... and be happy people are developing and releasing them for free for you, or revert back to OFW and let the scene work its magic.

/rant

@boogaloo and anyone else preparing to flame Matt:

Give it a rest. Be glad the guys even giving hints, and sharing any information at all. If it were your *** on risk to be sued and/or jailed by Sony... just to help people you dont know on the internet... youd act the same way... or be less helpful and contribute nothing (kinda like youre already doing, as already stated) Do I think its cool Matts dangling things in front of us? No. Am I gonna whine about it like a butthurt child? No. If he wants to help, in whatever ways possible, im grateful. If he wants to protect himself, I certainly dont blame him.

I swear... its like people dont understand how serious Sonys cracking down on people. Or that Matts an actual PERSON. Just as vunerable as Graf or Geo to Sonys war on us.

/rant 2

Back to the original topic:

No one answered my question. lol
I wonder how long itll take for a dev to make this available to the every day user... I hate when im here to see a big update like this, and have to wait to see what comes of it. Must... remain... patient...

itzViolence - 06-22-2011, 03:18 AM
- Reply
http://coderslynk.blogspot.com/2011/06/qa-tutorial.html check this out guys!!WOOOT WOOT

Tranced - 06-22-2011, 03:22 AM
- Reply
Thanks to mathieulh & the anon dev for the release!I'm too tired of the constant flaming of mathieulh. If I was knowledgeable as he was and had the many kiddies on all these PS3 sites whining and crying with every release or non release I had, I would probably react the same. Only difference is I would release anon.He doesn't release anon due to efame. We all like a little efame here and then hence the reason for him releasing hints and letting the rest of the devs do the rest. He still gets all the credit and not the anon dev that released this. (Although the anon dev could be him anyway)

**LOL@heyyoudienow, added to my blog.