1. Forums /
  2. Gaming Lounge /
  3. PS3 /
  4. PS3 Mods and Cheats /
  5. PS3 SIXAXIS CONTROLLER OFFSETS (help in the discover of the button combo QA flagging)
Post: PS3 SIXAXIS CONTROLLER OFFSETS (help in the discover of the button combo QA flagging)
06-05-2011, 12:14 PM #1
Default Avatar
iknowitsme
Guest
(adsbygoogle = window.adsbygoogle || []).push({}); DIRECTION PAD
BYTE
SELECT = 0x01
BTN_L3 = 0x02
BTN_R3 = 0x04
START = 0x08
UP = 0x10
RIGHT = 0x20
DOWN = 0x40
LEFT = 0x80

BUTTON PAD
BYTE
LEFT2 = 0x01
RIGHT2 = 0x02
LEFT1 = 0x04
RIGHT1 = 0x08
TRIANGLE = 0x10
CIRCLE = 0x20
CROSS = 0x40
SQUARE = 0x80

I obtained this information using USBTrace, (a program used to analyse USB Output)
Now all we have to do is reverse the vsh.self , in order to find the combo.... Smile


You must login or register to view this content.

You must login or register to view this content.
You must login or register to view this content.
(adsbygoogle = window.adsbygoogle || []).push({});

The following 9 users say thank you to iknowitsme for this useful post:

b0snian, jakeyboy2172, Kill_tony485, Monster-Energy, nch90, SilentStorm1011, ThisIsBio, xK-ayne, Zatox-

The following 2 users groaned at iknowitsme for this awful post:

Kylee.
06-06-2011, 12:17 PM #11
Default Avatar
iknowitsme
Guest
Originally posted by jakeyboy2172 View Post
Have a look at this thread im not sure if the combos match up but you can try and work it out this is apprently the actual button combo in it encripted form

You must login or register to view this content.

thanx, i shall look into it Smile

The following user groaned iknowitsme for this awful post:

Kylee.
06-06-2011, 12:35 PM #12
Bush.'s Avatar
Bush.
Long Gone Day
Originally posted by iknowitsme View Post
DIRECTION PAD
BYTE
SELECT = 0x01
BTN_L3 = 0x02
BTN_R3 = 0x04
START = 0x08
UP = 0x10
RIGHT = 0x20
DOWN = 0x40
LEFT = 0x80

BUTTON PAD
BYTE
LEFT2 = 0x01
RIGHT2 = 0x02
LEFT1 = 0x04
RIGHT1 = 0x08
TRIANGLE = 0x10
CIRCLE = 0x20
CROSS = 0x40
SQUARE = 0x80

I obtained this information using USBTrace, (a program used to analyse USB Output)
Now all we have to do is reverse the vsh.self , in order to find the combo.... Smile


You must login or register to view this content.

You must login or register to view this content.
You must login or register to view this content.


now whats the CROSS?
06-06-2011, 12:51 PM #13
Default Avatar
iknowitsme
Guest
Originally posted by iknowyounot88 View Post
now whats the CROSS?

CROSS= the X button on SIXAXIS PS3 controller

The following 2 users say thank you to iknowitsme for this useful post:

MW3Glitchers, Post Count

The following user groaned iknowitsme for this awful post:

Kylee.
06-06-2011, 01:18 PM #14
Technoash's Avatar
Technoash
Pokemon Trainer
Decrypt that shit. I don't know how.

key: 34-18-12-37-62-91-37-1C-8B-C7-56-FF-FC-61-15-25-40-3F-95-A8-EF-9D-0C-99-64-82-EE-C2-16-B5-62-ED
iv: E8-66-3A-69-CD-1A-5C-45-4A-76-1E-72-8C-7C-25-4E

If your IDPS was
0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF
Encrypted Token (Dummy)

0x96, 0x6D, 0x15, 0xCC, 0x15, 0x32, 0x8C, 0x6A,
0xC9, 0xED, 0xC4, 0xFA, 0x7E, 0xAB, 0x8E, 0xA7,
0xEF, 0x38, 0x12, 0x91, 0xE9, 0x57, 0x02, 0x29,
0xF2, 0x9D, 0x1C, 0x6B, 0x09, 0xDA, 0x4B, 0x36,
0xC1, 0x91, 0x7F, 0xB4, 0x52, 0x80, 0xB3, 0x72,
0xDC, 0x14, 0x03, 0x30, 0x4B, 0xB2, 0xA9, 0x5D,
0x51, 0x9B, 0x91, 0xE2, 0x54, 0xAC, 0x09, 0x5D,
0x08, 0xEE, 0x28, 0x66, 0x74, 0x0A, 0xF7, 0xDC,
0xB6, 0xD3, 0x89, 0x2C, 0x85, 0x2B, 0xC7, 0xCC,
0xAB, 0x82, 0xD8, 0xB5, 0xEA, 0xAC, 0xFB, 0xDA

Decrypted Token (Dummy)

0x00, 0x00, 0x00, 0x01, 0x00, 0x11, 0x22, 0x33,
0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB,
0xCC, 0xDD, 0xEE, 0xFF, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x19, 0x4A, 0x4B, 0xBA,
0x15, 0x97, 0xAE, 0x71, 0x36, 0xCC, 0xB6, 0x65,
0x7F, 0xC3, 0xB5, 0x3F, 0x49, 0x22, 0x2F, 0xB1

Source You must login or register to view this content.
06-06-2011, 03:20 PM #15
Default Avatar
iknowitsme
Guest
Originally posted by Technoash View Post
Decrypt that shit. I don't know how.

key: 34-18-12-37-62-91-37-1C-8B-C7-56-FF-FC-61-15-25-40-3F-95-A8-EF-9D-0C-99-64-82-EE-C2-16-B5-62-ED
iv: E8-66-3A-69-CD-1A-5C-45-4A-76-1E-72-8C-7C-25-4E

If your IDPS was
0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF
Encrypted Token (Dummy)

0x96, 0x6D, 0x15, 0xCC, 0x15, 0x32, 0x8C, 0x6A,
0xC9, 0xED, 0xC4, 0xFA, 0x7E, 0xAB, 0x8E, 0xA7,
0xEF, 0x38, 0x12, 0x91, 0xE9, 0x57, 0x02, 0x29,
0xF2, 0x9D, 0x1C, 0x6B, 0x09, 0xDA, 0x4B, 0x36,
0xC1, 0x91, 0x7F, 0xB4, 0x52, 0x80, 0xB3, 0x72,
0xDC, 0x14, 0x03, 0x30, 0x4B, 0xB2, 0xA9, 0x5D,
0x51, 0x9B, 0x91, 0xE2, 0x54, 0xAC, 0x09, 0x5D,
0x08, 0xEE, 0x28, 0x66, 0x74, 0x0A, 0xF7, 0xDC,
0xB6, 0xD3, 0x89, 0x2C, 0x85, 0x2B, 0xC7, 0xCC,
0xAB, 0x82, 0xD8, 0xB5, 0xEA, 0xAC, 0xFB, 0xDA

Decrypted Token (Dummy)

0x00, 0x00, 0x00, 0x01, 0x00, 0x11, 0x22, 0x33,
0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB,
0xCC, 0xDD, 0xEE, 0xFF, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x19, 0x4A, 0x4B, 0xBA,
0x15, 0x97, 0xAE, 0x71, 0x36, 0xCC, 0xB6, 0x65,
0x7F, 0xC3, 0xB5, 0x3F, 0x49, 0x22, 0x2F, 0xB1

Source You must login or register to view this content.


No, that is the algo for the dummy token which is found in Spu_token_processor . the button combo what I am interested in is found in vsh.elf , I need to find the combo in there by reverse engineering

The following 2 users say thank you to iknowitsme for this useful post:

MW3Glitchers, Post Count
06-06-2011, 03:47 PM #16
mysteryhacker's Avatar
mysteryhacker
Do a barrel roll!
so how do you get to the point to where you can enter the button combo on 3.61 Awesome face
06-06-2011, 03:59 PM #17
Default Avatar
iknowitsme
Guest
Originally posted by mysteryhacker View Post
so how do you get to the point to where you can enter the button combo on 3.61 Awesome face


When you have set the token, QA flag

The following 2 users say thank you to iknowitsme for this useful post:

MW3Glitchers, Post Count
06-06-2011, 04:37 PM #18
mysteryhacker's Avatar
mysteryhacker
Do a barrel roll!
Originally posted by iknowitsme View Post
When you have set the token, QA flag


and how do you set the token? lol srry
06-06-2011, 04:49 PM #19
Default Avatar
iknowitsme
Guest
Originally posted by mysteryhacker View Post
and how do you set the token? lol srry


By setting the QA flag(set by a token) in SC EEPROM at Teh address 0x48C0A. Then when this flag is set, the token is read from SYSCON and decrypted, this then gets passed to many modules to unlock certain functionality.

The following 3 users say thank you to iknowitsme for this useful post:

Kill_tony485, MW3Glitchers, Post Count

Copyright © 2026, NextGenUpdate.
All Rights Reserved.

Gray NextGenUpdate Logo