PS4 News on Facebook! PS4 News on Twitter! PS4 News on YouTube! PS4 News RSS Feed!

Home PS4 News - Latest PlayStation 4 and PS3 News

June 21, 2011 // 7:22 pm - Following up on the previous article, today the full PS3 QA Flagging Method has been revealed including the button combo and token alongisde a PS3 QA Tutorial from Slynk.

To quote: A few weeks ago, several steps were revealed in the process of unlocking a special Quality Assurance (QA) mode on your PS3 console. The mode unlocks a special mode, which is typically only meant for official Sony testers.

Unfortunately, the steps revealed were only part of the process. Developers were scrambling to figure out the button combo that unlocked the special QA mode. In addition, developers still needed to figure out what to change in the QA dummy token. These two mysteries prevented developers from unlocking the mode.

Today however, the Quality Assurance mystery comes to an end. An anonymous and reputable source exclusively revealed to us the two remaining steps. The secret button combination that unlocks the hidden QA mode was revealed to us as being L1+L2+L3+R1+R2+dpad down. Furthermore, the anonymous source told us that users need to change byte 48 of the token seed to 0x02.

Combining this new information with the previously released QA information, developers have everything they need to unlock the mode. Please note, this is not to be attempted by beginners. However, with all of the information revealed here, developers will be able to create an application or custom firmware that automates the QA process.

Information courtesy of anonymous source: Change byte 48 of the token seed to 0x02, hash it, encrypt it, write it to eeprom and flag yourself. Button combo is L1+L2+L3+R1+R2+dpad down. Only works on retail firmware.

By byte 48, I mean the 48th byte. Note that in programming the array of the token seed begins with index 0. So the 48th byte would be seed[47];

This info is more than enough to get someone to make an app.

Previously released information regarding QA Mode:

[Register or Login to view code]

*runs away before the lawsuits come flooding in*

HMAC to make the 20 byte digest at the end of the token and erk/iv to decrypt/encrypt it with aes256cbc.

2 more steps to go. Need the button combo and what to change in the dummy token.

Brief Guide on How to QA Flag your PS3:

  • Be on 3.55 OFW (not Kmeaw or Rebug CFW)
  • Move the PS3 cursor/select “Network Setting”
  • Punch the following button combo with your PS3 controller: L2 + L1 + R1 + R2 + L3 + D-pad Down
  • That's it, the “Edy Viewer”, “Debug Settings”, “Install Package” Menu will now appear.

Notes: Install Package is useless and can’t install homebrew at the moment – only signed PKGs (and the first one in root of USB only).

Finally, to quote from squarepusher2: So since this QA thing is worthless anyway - here is the button combo - you need to have the cursor on 'Network Settings' - (it needs to be 3.55 OFW BTW - Rebug won't work - I've already established that) - and do the following button combo - L2 + L1 + R1 + R2 + L3 + D-pad Down.

There's your button combo. 'Edy Viewer' will pop up - Debug Settings will pop up - Install Package will pop up (but it's kinda useless anyway since only retail packages will install, and only the first PKG on the root of the USB stick - yes - seriously). Now you only need to figure out the rest. Yes, this one works - don't worry about it - just go figure out the rest.

BTW - in case some people immediately start trying this out and telling me 'Hey Square - this doesn't bleepin* work' - remember - there are still some pieces of the puzzle missing - the 'community' needs to figure these out. But the button combo is in the bag - don't worry about it anymore, don't go fruitlessly reversing anymore looking for a possible sign of life of this 'button combo' - you've got it. Now figure out the rest.

Full PS3 QA Flagging Method Revealed - Button Combo and Token

Full PS3 QA Flagging Method Revealed - Button Combo and Token

PlayStation Follow us on Twitter, Facebook and join us at our new site WWW.PSXHAX.COM!

#45 - lolwaow - May 29, 2011 // 5:25 am
lolwaow's Avatar
I bring you (what I think) are the keys. I found these from a user named Slynk:

[Register or Login to view code]

*runs away before the lawsuits come flooding in*

hmac to make the 20 byte digest at the end of the token and erk/iv to decrypt/encrypt it with aes256cbc.

2 more steps to go. Need the button combo and what to change in the dummy token.

Also in the spirit of sharing, the dummy token decrypts to:

00 00 00 01
... (all 00)
20 bytes of digest

It's 80 bytes long.

More about the key from that user Slynk, apparently this is the new dummy code, anyone care to verify?
EDIT: There's no ecdsa so there's no public private. The other key is the hmac. Man must I be tired >.<

Already decrypted it. And I know the token has 20 bytes of hmac-sha1 at the end before encryption. ^^

But I still need: "What to change to make an "advanced" token" and "The button combo to test it out". ^^

EDIT: btw it's aes256cbc, sames as self crypto for the curious. Yes, it's the hmac key.

The encryption is straight forward, very easy to figure out, and obviously not the hard part.

As to the dummy token, it's nothing more than the first few bytes of the EID0 followed by 00s (which I call flags array) and a hmac-sha1 of the actual token.

The hard part is knowing what values to change, and what to.

#44 - NTA - May 17, 2011 // 3:03 am
NTA's Avatar
lol that guy... leaving... LOL!

Fake Free Space- Hilarious

#43 - syphonlord - May 16, 2011 // 6:36 pm
syphonlord's Avatar
Yeah until some one else releases the keys then he will reappear back on the scene to try and take all the glory.

#42 - PS4 News - May 16, 2011 // 12:40 am
PS4 News's Avatar
Quote Originally Posted by alwayshungry View Post
I wonder if we got to him this time! It seems he opened this ears!

I'd say common sense more than anything else got the best of him... if he's 26 years old and sitting on the Internet playing "Sony hacker" for attention it's quite sad indeed, perhaps he realized the only thing he can gain from that is being hit with a lawsuit these days.

From IRC:

but I stopped doing ps3 stuffs anyway
starting today
I anounced it on twitter
you won't be comin' back to PS3?
ps3 is boring
what would I be comming back for ?

#41 - alwayshungry - May 15, 2011 // 11:19 pm
alwayshungry's Avatar
Mathieulh: Message to everyone following me, I am done twitting about Sony related stuff, for good this time. That's a personal decision.
3 hours ago

I wonder if we got to him this time! It seems he opened this ears! HAHAHHAHAHAH

#40 - elser1 - May 14, 2011 // 8:25 pm
elser1's Avatar
my 40 gig is the metal gear solid limited edition console also so i guess its QA flagged.. if this helps anyone pm me... because i sure don't know what to do with it.. LOL.

#39 - Preceptor - May 14, 2011 // 5:18 pm
Preceptor's Avatar
Here goes another holy grail quest... I'm not putting my hopes up for this. Math won't release, the people who know enough to release it won't due to either moral concepts or fear of Sony.

So IMHO we're out of luck and just back to the pre psjb days if we keep babbling nonsense ideas on how to do this.

#38 - momipopi - May 14, 2011 // 3:59 pm
momipopi's Avatar
i hope it will leaked to the net soon...

#37 - almoront - May 14, 2011 // 1:36 pm
almoront's Avatar
Even if he never releases anyting ever again and disappears there is still what to gain from his findings. He has informed us of an existing hole or flaw which gives hope and a reason for those with knowledge to poke further instead of giving up or looking in the wrong places.

it's like when you're starving and someone tells you food exists somewhere inside of a house you may have given up but now knowing it is there will make you go and search for it.. any information is always welcome.

#36 - uklee - May 14, 2011 // 12:20 pm
uklee's Avatar
same old same with this guy, won't put it past me he works for them why he won't share out and he get to no stuff before everyone.

p.s love this commnet didn't take nostradamus to see that coming...