(adsbygoogle = window.adsbygoogle || []).push({}); Heyya NGU
I know many people are posting different things about the exciting release of QA FLAG, sooo im here to add all the stuff we know into 1 post.
[multipage=What Is QA Flagging]
-QA flag is the internal console flag used by Sony, it enables hidden options for retail consoles and debug consoles. It is used for QA centers and the R& Department, there are 2 levels of QA flags, Minimum and Advanced.

-A QA flag removes all restrictions in your PS3, sort of like a Jailbreak but with developer options, such as the expected downgrade.

-You need to have a QA token, which is randomly generated, and it's specualted that it is generated by the hypervisor. This tolken unlocks the QA menu, but doesn't actually install it. You have to enter a combination on the Sixaxis controller. This will be discused on the next page.

[multipage=Button Combo]
Well the method of how to “QA flag” your PS3 was never posted/revealed but since then plenty of hints have been given in attempts for the “scene”, and one of the first steps was to figure out the secret button combo. Well after weeks of people trying and moaning, the man behind the emulators – squarepusher 2 has released/posted information on exactly what that button combo was. Noobs do not try this – the guide below is still a work in progress and QA flag button combo is the icing on the cake.

You must login or register to view this content.

How to QA Flag your PS3, the button combo:
1. Be on 3.55 OFW (no rebug),
2. Move the PS3 cursor/select “Network Setting“
3. Punch the following button combo with your PS3 controller: L2 + L1 + R1 + R2 + L3 + D-pad Down
4.Thats it, the “Edy Viewer”, “ebug Settings”, “Install Package” Menu will now appear.
Notes and disclaimers:

Install Package is useless and can’t install homebrew at the moment – only signed PKGs (and the first one in root of USB only).
This is not all that is needed to QA flag your PS3, but its a big start for the community – we still need all the pieces to fully QA flag the PS3 and its the scenes job to “figure out the rest”.

Thanks to munky875821417 for news tip.

[multipage=Extra Info]

Change byte 48 of the token seed to 0×02, hash it, encrypt it, write it to eeprom and flag yourself. Button combo is L1+L2+L3+R1+R2+dpad down. Only works on retail firmware.

By byte 48, I mean the 48th byte. Note that in programming the array of the token seed begins with index 0. So the 48th byte would be seed[47];

this info is more than enough to get someone to make an app.


erk: 0x34, 0x18, 0x12, 0x37, 0x62, 0x91, 0x37, 0x1C, 0x8B, 0xC7, 0x56, 0xFF, 0xFC, 0x61, 0x15, 0x25, 0x40, 0x3F, 0x95, 0xA8, 0xEF, 0x9D, 0x0C, 0x99, 0x64, 0x82, 0xEE, 0xC2, 0x16, 0xB5, 0x62, 0xED
iv: 0xE8, 0x66, 0x3A, 0x69, 0xCD, 0x1A, 0x5C, 0x45, 0x4A, 0x76, 0x1E, 0x72, 0x8C, 0x7C, 0x25, 0x4E
hmac: 0xCC, 0x30, 0xC4, 0x22, 0x91, 0x13, 0xDB, 0x25, 0x73, 0x35, 0x53, 0xAF, 0xD0, 0x6E

*runs away before the lawsuits come flooding in*

hmac to make the 20 byte digest at the end of the token and erk/iv to decrypt/encrypt it with aes256cbc.

2 more steps to go. Need the button combo and what to change in the dummy token.

[multipage=Linux Tutorial]

PS3
Step 1) Install OtherOS++, install linux, make sure to enable the ps3 modules when compiling the kernel.

Step 2) Download, and compile the ps3dm utils

PC
Step 3) Download my tokenator

PS3
Step 4) Dump your eid by running ./ps3dm_iim /dev/ps3dmproxy get_data 0×0>dump

Step 5) Set your flag by running ./ps3dm_um /dev/ps3dmproxy write_eprom 0x48C0A 0×00

PC
Step 6) Open your dump in a hex editor and type in the first 16 bytes into tokenator

PS3
Step 7) Run the script it spits out

PS3 Step Restart your ps3. Go to the Network Settings options and press L1 + L2 + L3 + R1 + R2 + D-Pad Down

Have fun. It doesn’t work on rebug yet. There are other flags to set for debug firmwares and rebug is pseudo debug.

[multipage=QA Flag setup with Grafs Payload]

First you have to dump your Flash -> Extract EID -> Extract EID0 and EID4 -> put them on eid.c

To do this you can use Hardware_flashing, Linux with graf_chokolo kernel with acces to /dev/ps3nflasha Links_to_precompiled_stuff or using this payload uncommenting dump_dev_flash()
More info in Flash
Once you are set

Use the payloads in the following order uncommenting the required function
Set the QA flag
update_mgr_qa_flag()
Calculate the token
update_mgr_calc_token()
Verify token
update_mgr_verify_token()
Set the calculated and verified token in update_mgr_set_token.c
update_mgr_set_token()
You should use wireshark or tcpdump to capture the responses

Thanks to manster for tip, more info as it comes in
[multipage=QA Flag Features]

-Edy Viewer

-install pkg files.

-debug settings are as followed

-DTCP-IP
Digital Transmission Content Protection over Internet Protocol, a specification for copy protection of copyrighted content that is transferred over digital interfaces in home networks that adhere to IP. Allows you to turn it on or off for PS3.
-ATRAC
Adaptive TRansform Acoustic Coding is a family of proprietary audio compression algorithms developed by Sony. Allows you to enable or disable ATRAC playback for your PS3 system.
-WMA
Windows Media Audio is an audio data compression technology developed by Microsoft. Allows you to enable or disable WMA playback for your PS3 system.
-NP Environment
Allows you to change which environment your PS3 connects. Known enviroments are: C1-NP, D2-NP, D2-PMGT, D2-PQA, D2-SPINT, D3-NP, D3-PMGT, D3-PQA, D3-SPINT, D-NP, D-PMGT, D-PQA, D-SPINT, EI-NP, EI-PMGT, EI-PQA, EI-SPINT, HF, HF-NP, HF-PMGT, HF-PQA, HF-SPINT, H-NP, H-PMGT, H-PQA, H-SPINT, MGMT (Management), NP (Retail), PMGT, PQA, PROD-QA (Quality Assurance), Q2, Q2-NP, Q2-PMGT, Q2-PQA, Q2-SPINT, Q-NP, Q-PMGT, Q-PQA, Q-SPINT, RC, RC-NP, R-NP, R-PMGT, R-PQA, R-SPINT, SP-INT (Developer). There might be even more of different environments
-Fake Free Space (for CEX)
Use with Fake Limit Size to artificially set the free space on the PS3.
-Fake Limit Size
Amount of free space left (in MB).
-NP Debug

-NPDRM Debug

-Edy Debug
Edy is a payment service in Japan, allows you to enable or disable debugging for Edy Viewer.

-Nav-only NP

-Cdda Server

-Crash Report

-Crash reporter Status

-VSH Crash Dump Generator

-System Update Debug
Allows you to enable or disable system update debug, which lets you to downgrade with official Sony update manager.
-Information Board QA Server

-Format Marlin Personal Data

-PlaystationRStore Ad Clock

-Geo Filtering for PlaystationRStore

-Remove Game License

-Home Debug

-Delete Trophy Personal Data

-GameUpdate Impose Test

-Network Emulation Setting

-Auto-Off Debug

-WLAN Device

-NAT Traversal Information

-Internet Browser Debug

-SMSS Result Output

-Adhoc SSID Prefix

-Disc Auto-Start at System Startup

-3D Video Output

-Fake NP SNS Throttle

-Debug for HDD Exchange Utility

-Fake Plus

-Push Console Binding

-Automatic Download

-Motion Controller Calibration Result

-VideoEditor Delete Preset BGM
[multipage=QA Flagging Tool]

Instructions
1)Run qa_flag.pkg if you hear a beep, it worked. If not dump your debug messages via udp_printf on linux and send to us to fix.
2)Reboot the ps3
3)Go to network settings (Do not enter it) and hit or hold
L1+L2+L3+R1+R2+down on the dpad
4)QA auto flagging is now done.

[multipage=QA FLAG Reset Tool]


You must login or register to view this content.



[multipage=QA Flag Downgrade]

Download These


1. Install CFW355-OTHEROS++-SPECIAL.pup (Doesn’t matter what version you are 3.41, 3.50 etc etc)
2. Install qa_flag_extra.pkg
3. Run qa_flag (It will show up as this, that is fine)
4. If you hear the beeps, continue. If you don’t hear the beeps start over.
5. Reboot
6. Go into recovery menu and Update your ps3 with the firmware that you want (3.15, 3.41 etc)
7. Have it install


[multipage=Sources And Thanks ]

1.NGU
2.PS3Hax.net
3.PS3DevWiki

I would like to thank the following people

1. xxmcvapourxx‎
2. dubeyduck‎
3. slynk
4. ☢Scorpion☯Wins♥
5.ClutchLikeDemon

Thanks Guys

I was getting confused on some other post buy after I posted that I realized that you can't install otheros++ on OFW. Sorry for my mistake.

People are not sure about firmware above 3.60, people belive Sony changed the combo and the QA flag token, we will have to wait and see what occurs.

Apparantly you can't go above 3.56 with this QA Flag because Sony has changed various things in 3.60+

are you sure about the update then downgrade?
also you would get alot of rep from a tut:carling:

Does This Stay Once you Do It Once? and also Does it do anything Permanent to the Console?

yes im sure about the downgrade lol and yes it stays once you do it.

I don't think so. From what I have read, when you update, the flag stays but the token is invalid because the keys for 3.55+ have changed so i wouldn't recommend updating as soon as you qa flag. We should just wait and be patient a while longer for anyone out there making some sort of progress. I'm not saying this isn't great but we need keys lol i wish i knew how to do this crap >.<.

I read so many things about that qa flaq confirmed etc. but am I wrong or why nobody has done it?

its all still a work in progress guys. most people are waiting a little longer.