Editing QA Flagging

Jump to navigation Jump to search
Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.

Latest revision Your text
Line 1: Line 1:
{{Wikify}}
[[Category:Software]]
= QA Flag =
= QA Flag =
A QA flag is a value set in [[SC EEPROM]] at address 0x48C0A. When this flag is set, the token is read from SYSCON and decrypted, this gets passed to various modules to unlock certain functionality.
A QA flag is a value set in [[SC EEPROM]] at address 0x48C0A. When this flag is set, the token is read from SYSCON and decrypted, this gets passed to various modules to unlock certain functionality.
Line 10: Line 10:


<pre>
<pre>
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
0x00, 0x00, 0x00, 0x01, 0x00, 0x11, 0x22, 0x33,
 
0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB,
00000000  00 00 00 01 00 11 22 33 44 55 66 77 88 99 AA BB
0xCC, 0xDD, 0xEE, 0xFF, 0x00, 0x00, 0x00, 0x00,
00000010  CC DD EE FF 00 00 00 00 00 00 00 00 00 00 00 00
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
00000020  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
00000030  00 00 00 00 00 00 00 00 00 00 00 00 19 4A 4B BA
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
00000040  15 97 AE 71 36 CC B6 65 7F C3 B5 3F 49 22 2F B1
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x19, 0x4A, 0x4B, 0xBA,
0x15, 0x97, 0xAE, 0x71, 0x36, 0xCC, 0xB6, 0x65,
0x7F, 0xC3, 0xB5, 0x3F, 0x49, 0x22, 0x2F, 0xB1
</pre>
</pre>


Line 25: Line 28:
| 0x00 || 0x4 || 0x01 || QA-Flag Version
| 0x00 || 0x4 || 0x01 || QA-Flag Version
|-
|-
| 0x04 || 0x10 || 0x00112233445566778899AABBCCDDEEFF || [[IDPS]]
| 0x04 || 0x14 || 0x112233445566778899AABBCCDDEEFF || [[IDPS]]
|-
|-
| 0x14 || 0x20 || 0x00 || [[#Token Flags|Token Flags]]
| 0x14 || 0x3C || 0x00 || [[#Token Flags|Token Flags]]
|-
|-
| 0x34 || 0x8 || 0x00 || padding
| 0x3C || 0x50 || 0x194A4BBA1597Ae7136CCB6657FC33F49222FB1 || digest
|-
| 0x3C || 0x14 || 0x194A4BBA1597Ae7136CCB6657FC33F49222FB1 || digest
|}
|}


Line 39: Line 40:


== Token Flags ==
== Token Flags ==
The flags are a 32 (0x20) bytes value containing a set of flags that enable specific features on the PS3 console. These flags are largely unknown.
The flags are a 40 byte value containing a set of flags that enable specific features on the PS3 console. These flags are largely unknown.


{|class="wikitable"
{|class="wikitable"
|-
|-
! Location !! Value (Binary OR assigned) !! Description
! Location !! Value (Binary OR assigned) !! Description
|-
| 0x14 byte(21) || 2 bytes || BDP CONTROL - Checked by appldr, isoldr.
0x1 DEH_DEBUG_DISABLE<br>
0x2 DEX_DEBUG_DISABLE<br>
0x4 ALL_DEBUG_DISABLE<br>
0x8 DEH_BOOT_ENABLE<br>
0x10 DEX_BOOT_ENABLE<br>
0x20 CEX_BOOT_ENABLE<br>
0x40 ARCADE_BOOT_ENABLE
|-
| 0x16 byte(23) || 2 bytes || CONNECT_CONTROL - Checked by appldr, isoldr.
0x1 DEH_DEBUG_DISABLE<br>
0x2 DEX_DEBUG_DISABLE <br>
0x4 ALL_DEBUG_DISABLE<br>
0x8 DEH_BOOT_ENABLE <br>
0x10 DEX_BOOT_ENABLE <br>
0x20 CEX_BOOT_ENABLE <br>
0x40 ARCADE_BOOT_ENABLE<br>
|-
| 0x24 byte(36) || 0x1 / 0x2 / 0x4 / 0x8 || QA_FLAG_RESERVED_FOR_VSH
|-
| 0x24 byte(36) || 0x1 || QA_FLAG_RESERVED_FOR_VSH0
|-
| 0x24 byte(36) || 0x2 || QA_FLAG_RESERVED_FOR_VSH1
|-
| 0x24 byte(36) || 0x4 || QA_FLAG_RESERVED_FOR_VSH2
|-
| 0x24 byte(36) || 0x8 || QA_FLAG_RESERVED_FOR_VSH3
|-
|-
| 0x27 byte(39) || 0x1 ||  QA_FLAG_EXAM_API_ENABLE
| 0x27 byte(39) || 0x1 ||  QA_FLAG_EXAM_API_ENABLE
|-
|-
| 0x27 byte(39) || 0x2 ||  QA_FLAG_QA_MODE_ENABLE
| 0x27 byte(39) || 0x2 ||  QA_FLAG_QA_MODE_ENABLE
|-
| 0x2B byte(43) || 0x1 || System Debug (lv1ldr decrypts token and send it to lv0, lv0 sets sys.ac.sd repo node)
|-
| 0x2B byte(43) || 0x2 || LV2 System App Debug
|-
|-
| 0x2C byte(44) || 0x9 || Advanced Token Flag!!
| 0x2C byte(44) || 0x9 || Advanced Token Flag!!
|-
|-
| 0x2F byte(47) || 0x1 / 0x2 / 0x3 / 0x4 ||  QA-Token-Flag: (0x01 : Minimum) (0x02 : Advanced) (0x03 : undocumented)  
| 0x2F byte(47) || 0x1 / 0x2 / 0x3 ||  QA-Token-Flag: (0x01 : Minimum) (0x02 : Advanced) (0x03 : undocumented)  
|-
|-
| 0x2F byte(47) || 0x1 || QA_FLAG_SPECIAL_I
| 0x2F byte(47) || 0x4 || checked by lv2_kernel.self and sys_init_osd.self maybe allows sys_init_osd.self to run from /app_home
it allows isoldr(and may be other loaders) to use second key_table
|-
|-
| 0x2F byte(47) || 0x2 || QA_FLAG_ALLOW_TEST_APP
| 0x33 byte(51) || 0x1 || QA_FLAG_ALLOW_NON_QA
|-
| 0x2F byte(47) || 0x4 || QA_FLAG_ALLOW_REMOTE_SPAWN
internal mode(QA flag minimum or advanced): Allows lv2_kernel.self to run sys_init_osd.self, liblv2.sprx and sys_init_osd.self to run vsh.self and sys_audio.self from /app_home/
|-
| 0x33 byte(51) || 0x1 || QA_FLAG_ALLOW_NON_QA  
special execution mode: Allows sys_init_osd.self to run either 2nd_image_writer.self or cellftp.self (copy_script.txt), setmonitor.self (monitor.conf) and lv2diag2.self to run from /dev_usb000/
<!-- there's also a 2nd way to launch lv2diag2.self and a way to launch /app_home/uinit_app.elf instead of sys_agent.self ???-->
|-
|-
| 0x33 byte(51) || 0x2 || QA_FLAG_FORCE_UPDATE
| 0x33 byte(51) || 0x2 || QA_FLAG_FORCE_UPDATE
updates to any firmware, ignoring version checks
|}
|}


Line 118: Line 78:
  Type it into my app in the format I provided, click the button, and run that command. Should work.  
  Type it into my app in the format I provided, click the button, and run that command. Should work.  
  [http://www.multiupload.com/N3365C67ZT Tokenator.7z (26.42 KB)]
  [http://www.multiupload.com/N3365C67ZT Tokenator.7z (26.42 KB)]
[https://mega.co.nz/#!ogMSUADB!WF274UWZDKIszA-5hwkTPgfVL5FOq8KuZ_k52o82564 Tokenator mirror(with src included)]
  [http://psx-scene.com/forums/f149/qa-flags-discussion-86504/index92.html#post842118 Slynk]
  [http://psx-scene.com/forums/f149/qa-flags-discussion-86504/index92.html#post842118 Slynk]


Line 153: Line 112:


=== Getting the QA flag menu ===
=== Getting the QA flag menu ===
Set your cursor '''on''' (not ''in'') Network Settings and press the key combo (all at the same time): {{dpadd}} + {{padl1}} + {{padl2}} + {{padr1}} + {{padr2}} + {{padl3}}
<div style="float:right">[[File:PS3-sixaxis-dualshock-controller-buttons.gif|200px|thumb|left|PS3 Sixaxis + dualshock - controller - buttons]]</div>
 
Set your cursor '''on''' (not ''in'') Network Settings and press the key combo (all at the same time):
<pre>L1 + L2 + L3 (press left stick) + R1 + R2 + dpad_down</pre>


You should see Edy Viewer, Debug Settings, and Install Package Files if done correctly.
You should see Edy Viewer, Debug Settings, and Install Package Files if done correctly.
Line 170: Line 132:
*Prebuild packages :
*Prebuild packages :
http://store.brewology.com/ahomebrew.php?brewid=214
**[http://gitbrew.org/~glevand/ps3/pkgs/qa_flag.pkg qa_flag.pkg] // (mirror:[http://www.multiupload.com/P5Q2R5R1YG qa_flag.pkg (69.92 KB)]) (to enable QA)
**[http://gitbrew.org/~glevand/ps3/pkgs/qa_flag.pkg qa_flag.pkg] // (mirror:[http://www.multiupload.com/P5Q2R5R1YG qa_flag.pkg (69.92 KB)]) (to enable QA)
**[http://gitbrew.org/~glevand/ps3/pkgs/qa_flag_extra.pkg qa_flag_extra.pkg] // (mirror:[http://psx-scene.com/forums/attachments/f177/37188d1345489767-help-finding-qa-flag-extra-qa_flag_extra.pkg qa_flag_extra.pkg (69.98 KB)]) (to enable QA with downgrade)
**[http://gitbrew.org/~glevand/ps3/pkgs/qa_flag_extra.pkg qa_flag_extra.pkg] // (mirror:[http://www.multiupload.com/KAGDSQ9QG9 qa_flag_extra.pkg (69.98 KB)]) (to enable QA with downgrade)
**[http://gitbrew.org/~glevand/ps3/pkgs/reset_qa_flag.pkg reset_qa_flag.pkg] // (mirrors: [http://www.multiupload.com/VEUMEDINGU] [http://www.multiupload.nl/QGB1Z6W5U9]) (to reset the QA flags back to default - virtually ''never'' needed, there is '''''no benefit removing it''''')
**[http://gitbrew.org/~glevand/ps3/pkgs/reset_qa_flag.pkg reset_qa_flag.pkg] // (mirror:[http://www.multiupload.com/VEUMEDINGU reset_qa_flag.pkg (70.05 KB)]) (to reset the QA flags back to default)
**[http://gitbrew.org/~glevand/ps3/pkgs/get_token_seed.pkg get_token_seed.pkg] // (mirror:[http://www.multiupload.com/G8GBEIABKT get_token_seed.pkg (59.73 KB)])
**[http://gitbrew.org/~glevand/ps3/pkgs/get_token_seed.pkg get_token_seed.pkg] // (mirror:[http://www.multiupload.com/G8GBEIABKT get_token_seed.pkg (59.73 KB)])
**[http://gitbrew.org/~glevand/ps3/pkgs/get_applicable_version.pkg get_applicable_version.pkg] // (mirror:[http://www.multiupload.com/GXERV38F5A get_applicable_version.pkg (69.3 KB)])  (to get the low/high version lock via Debug UDP)
**[http://gitbrew.org/~glevand/ps3/pkgs/get_applicable_version.pkg get_applicable_version.pkg] // (mirror:[http://www.multiupload.com/GXERV38F5A get_applicable_version.pkg (69.3 KB)])  (to get the low/high version lock via Debug UDP)
Line 203: Line 163:
This is compatible with Kmeaw CFW and {{RogeroFirmware}}.
This is compatible with Kmeaw CFW and {{RogeroFirmware}}.


http://rebug.me/?p=1358 / backup/mirror : [http://www.mediafire.com/download/jjb74lyoe4irzn8/toggle_qa.pkg toggle_qa.pkg (94.22 KB)]
http://rebug.me/?p=1358 / backup/mirror : [http://www.ps3devwiki.com/files/flash/Tools/toggle-qa/ toggle_qa.pkg (94.22 KB)]


other mirrors:  
other mirrors:  
* {{google|FB11BEC5A0DDE6600BAEE0CC36742D54}}
* http://www.mirrorcreator.com/files/0ZE0MRTW/toggle-qa.rar_links
* http://www.mirrorcreator.com/files/1IJBH6QZ/toggle-qa_0.rar_links
* http://www.mirrorcreator.com/files/1NMAFKTA/toggle-qa_1.rar_links
<!--//http://ps3bins.com/rebug/pkg/toggle_qa.pkg
http://ps3bins.org/rebug/pkg/toggle_qa.pkg
http://ps3bins.net/rebug/pkg/toggle_qa.pkg//-->


=QA Flags Features=
=QA Flags Features=
Line 241: Line 206:
These tools COULD format your ps3. (which means Any and ALL psn / downloaded data could be erased)
These tools COULD format your ps3. (which means Any and ALL psn / downloaded data could be erased)


note: several people noted that they did not suffer from dataloss even after several downgrades, but its good measure to backup before downgrading (esp. ACT.DAT which DO get erased)
note: several people noted that they did not suffer from dataloss even after several downgrades, but its good measure to backup before downgrading {esp. ACT.DAT which DO get erased)


== Tools Needed ==
== Tools Needed ==
Line 264: Line 229:
== Known Issues with QA flag / QA downgrades ==
== Known Issues with QA flag / QA downgrades ==


=== act.dat (PSN activation) gets deleted ===
=== Act.dat (PSN activation) gets deleted ===
Make sure you backup the file before enabling QA-extra flag and downgrade. There have been reports of ACT.DAT ("home/000000XX/exdata/act.dat") get's deleted. So make sure to backup that entire folder before flagging/downgrading.
Make sure you backup the file before enabling QA-extra flag and downgrade. There have been reports of ACT.DAT ("home/000000XX/exdata/act.dat") get's deleted. So make sure to backup that entire folder before flagging/downgrading.


* http://rebug.me/xreg-plus-v1-0/
[http://www.ps3crunch.net/forum/threads/230-Restore-act.dat-Homebrew-to-help-with-copying-your-PSN-activation-files! Restore act.dat - Homebrew to help with copying your PSN activation files]
* http://www.maxconsole.com/maxcon_forums/threads/270400-Restore-act-dat-Homebrew-to-help-with-copying-your-PSN-activation-files!
 
= Useful links =
 
* https://rmscrypt.wordpress.com/
 
 
{{Reverse engineering}}<noinclude>[[Category:Main]]</noinclude>
Please note that all contributions to PS3 Developer wiki are considered to be released under the GNU Free Documentation License 1.2 (see PS3 Developer wiki:Copyrights for details). If you do not want your writing to be edited mercilessly and redistributed at will, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource. Do not submit copyrighted work without permission!

To protect the wiki against automated edit spam, we kindly ask you to solve the following hCaptcha:

Cancel Editing help (opens in new window)