(adsbygoogle = window.adsbygoogle || []).push({}); To quote You must login or register to view this content.: A few weeks ago, several steps were revealed in the process of unlocking a special Quality Assurance (QA) mode on your PS3 console. The mode unlocks a special mode, which is typically only meant for official Sony testers. Unfortunately, the steps revealed were only part of the process. Developers were scrambling to figure out the button combo that unlocked the special QA mode. In addition, developers still needed to figure out what to change in the QA dummy token. These two mysteries prevented developers from unlocking the mode. Today however, the Quality Assurance mystery comes to an end.



An anonymous and reputable source exclusively revealed to us the two remaining steps. The secret button combination that unlocks the hidden QA mode was revealed to us as being L1+L2+L3+R1+R2+dpad down.

From PSX-SCENE Thread: You must login or register to view this content.
You must login or register to view this content. Originally Posted by squarepusher2 You must login or register to view this content.
Alright, I got a bit sick and tired of this little game - 84 pages ongoing and still no progress.

So since this QA thing is worthless anyway - here is the button combo -

you need to have the cursor on 'Network Settings' - (it needs to be 3.55 OFW BTW - Rebug won't work - I've already established that) - and do the following button combo -

L2 + L1 + R1 + R2 + L3 + D-pad Down.

There's your button combo.'Edy Viewer' will pop up - Debug Settings will pop up - Install Package will pop up (but it's kinda useless anyway since only retail packages will install, and only the first PKG on the root of the USB stick - yes - seriously). Now you only need to figure out the rest. Yes, this one works - don't worry about it - just go figure out the rest.

BTW - in case some people immediately start trying this out and telling me 'Hey Square - this doesn't bleepin* work' - remember - there are still some pieces of the puzzle missing - the 'community' needs to figure these out. But the button combo is in the bag - don't worry about it anymore, don't go fruitlessly reversing anymore looking for a possible sign of life of this 'button combo' - you've got it. Now figure out the rest.



Furthermore, the anonymous source told us that users need to change byte 48 of the token seed to 0x02.

Information courtesy of anonymous source:
Change byte 48 of the token seed to 0x02, hash it, encrypt it, write it to eeprom and flag yourself. Button combo is L1+L2+L3+R1+R2+dpad down. Only works on retail firmware.

By byte 48, I mean the 48th byte. Note that in programming the array of the token seed begins with index 0. So the 48th byte would be seed[47];

this info is more than enough to get someone to make an app.


Combining this new information with the previously released QA information, developers have everything they need to unlock the mode. Please note, this is not to be attempted by beginners. However, with all of the information revealed here, developers will be able to create an application or custom firmware that automates the QA process.

Previously released information regarding QA Mode:
Code:
erk: 0x34, 0x18, 0x12, 0x37, 0x62, 0x91, 0x37, 0x1C, 0x8B, 0xC7, 0x56, 0xFF, 0xFC, 0x61, 0x15, 0x25, 0x40, 0x3F, 0x95, 0xA8, 0xEF, 0x9D, 0x0C, 0x99, 0x64, 0x82, 0xEE, 0xC2, 0x16, 0xB5, 0x62, 0xED iv: 0xE8, 0x66, 0x3A, 0x69, 0xCD, 0x1A, 0x5C, 0x45, 0x4A, 0x76, 0x1E, 0x72, 0x8C, 0x7C, 0x25, 0x4E hmac: 0xCC, 0x30, 0xC4, 0x22, 0x91, 0x13, 0xDB, 0x25, 0x73, 0x35, 0x53, 0xAF, 0xD0, 0x6E, 0x87, 0x62, 0xB3, 0x72, 0x9D, 0x9E, 0xFA, 0xA6, 0xD5, 0xF3, 0x5A, 0x6F, 0x58, 0xBF, 0x38, 0xFF, 0x8B, 0x5F,0x58, 0xA2, 0x5B, 0xD9, 0xC9, 0xB5, 0x0B, 0x01, 0xD1, 0xAB, 0x40, 0x28, 0x67, 0x69, 0x68, 0xEA, 0xC7, 0xF8, 0x88, 0x33, 0xB6, 0x62, 0x93, 0x5D, 0x75, 0x06, 0xA6, 0xB5, 0xE0, 0xF9, 0xD9, 0x7A
*runs away before the lawsuits come flooding in*

hmac to make the 20 byte digest at the end of the token and erk/iv to decrypt/encrypt it with aes256cbc.

2 more steps to go. Need the button combo and what to change in the dummy token.


Source: You must login or register to view this content.

and may i know how is this a "ps3 hacks QUESTION"?

nice one mate thanks

Misposted somehow..

a post about this has already been made in the right section mate

will it work on ps3 3.65 ofw!!!!

No, not yet. And there's a good chance it won't until a 3.65 CFW is released.