The Quality Assurance (QA) mode in the PS3 which every has been buzzing about in the scene for a while has now been discovered by an Anonymous source. More information below.
Change byte 48 of the token seed to 0×02, hash it, encrypt it, write it to eeprom and flag yourself. Button combo is L1+L2+L3+R1+R2+dpad down. Only works on retail firmware.
By byte 48, I mean the 48th byte. Note that in programming the array of the token seed begins with index 0. So the 48th byte would be seed;
The information above is enough to get a kick start on a full working app for the PS3.
Previously, the scene had this information regarding the QA flags:
erk: 0×34, 0×18, 0×12, 0×37, 0×62, 0×91, 0×37, 0x1C, 0x8B, 0xC7, 0×56, 0xFF, 0xFC, 0×61, 0×15, 0×25, 0×40, 0x3F, 0×95, 0xA8, 0xEF, 0x9D, 0x0C, 0×99, 0×64, 0×82, 0xEE, 0xC2, 0×16, 0xB5, 0×62, 0xED
iv: 0xE8, 0×66, 0x3A, 0×69, 0xCD, 0x1A, 0x5C, 0×45, 0x4A, 0×76, 0x1E, 0×72, 0x8C, 0x7C, 0×25, 0x4E
hmac: 0xCC, 0×30, 0xC4, 0×22, 0×91, 0×13, 0xDB, 0×25, 0×73, 0×35, 0×53, 0xAF, 0xD
So, how to QA flag your PS3? Squarepusher has posted the combo but still, it wouldn’t be advisable for beginners to try this yet because it certainly asked you to go back into an official firmware. This is a guide taken from PS3Hax:
How to QA Flag your PS3, the button combo:
- Be on 3.55 OFW (no rebug), download here.
- Move the PS3 cursor/select “Network Setting“
- Punch the following button combo with your PS3 controller: L2 + L1 + R1 + R2 + L3 + D-pad Down
- Thats it, the “Edy Viewer”, “Debug Settings”, “Install Package” Menu will now appear.
Notes and disclaimers:
Install Package is useless and can’t install homebrew at the moment – only signed PKGs (and the first one in root of USB only).
This is not all that is needed to QA flag your PS3, but its a big start for the community – we still need all the pieces to fully QA flag the PS3 and its the scenes job to “figure out the rest”.
Last month, Mathieulh has surprised everyone with his video that first demonstrates the QA flagging method in action. The video basically shows the instances where he converted his retail console to a QA console which can only be found in Sony’s Quality Assurance centers and their R&D department.
With a QA console, several restrictions will be unlocked and according to Mathieulh himself, it could only lead to more piracy. To quote from Mathieulh before:
The QA flag happens to remove a bunch of restrictions that have the side effect of preventing you to warez.
The original video by Mathieulh has been set to “private” but IddyHacks has the backup.
One interesting notion to note with the QA flags method is the fact that it will stays even after the PS3 console itself has been updated. Now, with the recent discoveries of the method’s code, it will just be a matter of time before we’ll see a new CFW up and running to automate all the process involved.
Developers could also take this as an ingredient for a fully working 3.61 CFW. Whatever it is, we should just wait and see more of the updates that surrounding this kind of jailbreak, soon.
UPDATE: Apparently, it would not work with the newer firmwares other than 3.55 because from what i have read, it has been changed. So, unless someone come up with a new idea, we’re stuck with 3.55 CFW. Thanks to TLDK for the tip!