[negativeimg]http://members.ps3-tools.de/NEWS/ps3qaflag.jpg[/negativeimg]
Mathieulh hat vor ein paar Wochen ein Video veröffentlicht, bei dem er an einer PS3 ein QA flag Duchführte
Diese Ermöglicht versteckte Optionen Sichtbar zu machen und aus einer normalen PS3 eine debug PS3 zu machen.
Dies könnte in Zukunft zu einer komplett offenen PS3 führen
squarepusher 2 hat sich damit Beschäftigt und nun die Informationen zu QA flag veröffentlicht.
Das Ganze sollte aber nur von Leuten getestet werden, die sich damit etwas Auskennen. Es ist z.Z. immer noch work in progress
--------------------------
Remember a few weeks ago Mathieulh released a video of the QA flagged PS3? To refresh your memories; the QA flag is the internal console flag used by Sony, it enables hidden options and removes restrictions for both retail and debug consoles alike. It is used for QA centers and the R&D Department (there are 2 levels of QA flags, Minimum and Advanced). In short it could lead to a complete open PS3…and yes all the CFW, homebrew and backup manager your little heart desires.
Well the method of how to “QA flag” your PS3 was never posted/revealed but since then plenty of hints have been given in attempts for the “scene”, and one of the first steps was to figure out the secret button combo. Well after weeks of people trying and moaning, the man behind the emulators – squarepusher 2 has released/posted information on exactly what that button combo was. Noobs do not try this – the guide below is still a work in progress and QA flag button combo is the icing on the cake.
How to QA Flag your PS3, the button combo:
Be on 3.55 OFW (no rebug), download here.
Move the PS3 cursor/select “Network Setting“
Punch the following button combo with your PS3 controller: L2 + L1 + R1 + R2 + L3 + D-pad Down
Thats it, the “Edy Viewer”, “Debug Settings”, “Install Package” Menu will now appear.
Notes and disclaimers:
Install Package is useless and can’t install homebrew at the moment – only signed PKGs (and the first one in root of USB only).
This is not all that is needed to QA flag your PS3, but its a big start for the community – we still need all the pieces to fully QA flag the PS3 and its the scenes job to “figure out the rest”.
Thanks to munky875821417 for news tip.
UPDATE 1:
And now within hours, more information is being leaked and it seems that now that developers have all the pieces of the missing puzzle to create an application to automate the QA Flagging process (courtesy to an anonymous tip from PSGroove for the following information):
Change byte 48 of the token seed to 0×02, hash it, encrypt it, write it to eeprom and flag yourself. Button combo is L1+L2+L3+R1+R2+dpad down. Only works on retail firmware.
By byte 48, I mean the 48th byte. Note that in programming the array of the token seed begins with index 0. So the 48th byte would be seed[47];
this info is more than enough to get someone to make an app.
Previously known information on QA:
erk: 0x34, 0x18, 0x12, 0x37, 0x62, 0x91, 0x37, 0x1C, 0x8B, 0xC7, 0x56, 0xFF, 0xFC, 0x61, 0x15, 0x25, 0x40, 0x3F, 0x95, 0xA8, 0xEF, 0x9D, 0x0C, 0x99, 0x64, 0x82, 0xEE, 0xC2, 0x16, 0xB5, 0x62, 0xED
iv: 0xE8, 0x66, 0x3A, 0x69, 0xCD, 0x1A, 0x5C, 0x45, 0x4A, 0x76, 0x1E, 0x72, 0x8C, 0x7C, 0x25, 0x4E
hmac: 0xCC, 0x30, 0xC4, 0x22, 0x91, 0x13, 0xDB, 0x25, 0x73, 0x35, 0x53, 0xAF, 0xD0, 0x6E, 0x87, 0x62, 0xB3, 0x72, 0x9D, 0x9E, 0xFA, 0xA6, 0xD5, 0xF3, 0x5A, 0x6F, 0x58, 0xBF, 0x38, 0xFF, 0x8B, 0x5F,0x58, 0xA2, 0x5B, 0xD9, 0xC9, 0xB5, 0x0B, 0x01, 0xD1, 0xAB, 0x40, 0x28, 0x67, 0x69, 0x68, 0xEA, 0xC7, 0xF8, 0x88, 0x33, 0xB6, 0x62, 0x93, 0x5D, 0x75, 0x06, 0xA6, 0xB5, 0xE0, 0xF9, 0xD9, 0x7A
And:
*runs away before the lawsuits come flooding in*
hmac to make the 20 byte digest at the end of the token and erk/iv to decrypt/encrypt it with aes256cbc.
2 more steps to go. Need the button combo and what to change in the dummy token.
Exciting times
Quelle: ps3hax.net
Das ist ja mal das Geilste was es Gibt !!