QA Flagging

From PS3 Developer wiki
Revision as of 21:19, 30 May 2011 by Defyboy (talk | contribs)
Jump to navigation Jump to search

QA Flag

A QA flag is a value set in SC EEPROM at address 0x48C0A. When this flag is set, the token is read from SYSCON and decrypted, this gets passed to various modules to unlock certain functionality.

QA Token

A QA token is a 80 byte value that determines amount of functionality on your console. It is signed with a 20 byte SHA1 key then encrypted using AES256CBC. Please see the keys page.

Unencrypted Token Structure

0x00, 0x00, 0x00, 0x01, 0x00, 0x11, 0x22, 0x33,
0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB,
0xCC, 0xDD, 0xEE, 0xFF, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x19, 0x4A, 0x4B, 0xBA,
0x15, 0x97, 0xAE, 0x71, 0x36, 0xCC, 0xB6, 0x65,
0x7F, 0xC3, 0xB5, 0x3F, 0x49, 0x22, 0x2F, 0xB1
Address Length Value Description
0x00 0x4 0x01 Unknown (Static)
0x04 0x14 0x112233445566778899AABBCCDDEEFF IDPS
0x14 0x3C 0x00 Token Flags
0x3C 0x80 0x194A4BBA1597Ae7136CCB6657FC33F49222FB1 digest

Encrypted Token

The entire token is then encrypted with AES256CBC. You will find the keys on the keys page. This is then stored on SC EEPROM at 0x48D3E

Token Flags

The flags are a 40 byte value containing a set of flags that enable specific features on the PS3 console. These flags are largely unknown. 

QA_FLAG_ALLOW_NON_QA = byte 0x33, bit 0 
QA_FLAG_FORCE_UPDATE = byte 0x33, bit 1 
QA_FLAG_EXAM_API_ENABLE = byte 0x27, bit 0
QA_FLAG_QA_MODE_ENABLE = byte 0x27, bit 2
Retrieved from "http://www.psdevwiki.com/ps3/index.php?title=QA_Flagging&oldid=1904"