Início
Nº Mensagens![[ Ps3G-News ] Cobinação de botões parcialmente descoberta UPDATE 25-06-2011 Imagesphp](https://2img.net/r/ihimizer/img146/4121/imagesphp.jpg)
Lembram se deste tópico
Onde o Mathieulh mostrava a Ps3 em modo de testes onde era possível fazer upgrade e downgrade do FW da maneira que quisemos...
Pois bem hoje parte da combinação de teclas foi descoberta..
Button combo is L1+L2+L3+R1+R2+dpad down. Only works on retail firmware
Deixo aqui a noticia na integra mas em inglês...
- Spoiler:
- A few weeks ago, several steps were revealed in the process of unlocking a special Quality Assurance (QA) mode on your PS3 console. The mode unlocks a special mode, which is typically only meant for official Sony testers.
Unfortunately, the steps revealed were only part of the process. Developers were scrambling to figure out the button combo that unlocked the special QA mode. In addition, developers still needed to figure out what to change in the QA dummy token. These two mysteries prevented developers from unlocking the mode.
Today however, the Quality Assurance mystery comes to an end. An anonymous and reputable source exclusively revealed to us the two remaining steps. The secret button combination that unlocks the hidden QA mode was revealed to us as being L1+L2+L3+R1+R2+dpad down. Furthermore, the anonymous source told us that users need to change byte 48 of the token seed to 0x02.
Combining this new information with the previously released QA information, developers have everything they need to unlock the mode. Please note, this is not to be attempted by beginners. However, with all of the information revealed here, developers will be able to create an application or custom firmware that automates the QA process.
Information courtesy of anonymous source: Change byte 48 of the token seed to 0x02, hash it, encrypt it, write it to eeprom and flag yourself. Button combo is L1+L2+L3+R1+R2+dpad down. Only works on retail firmware.
By byte 48, I mean the 48th byte. Note that in programming the array of the token seed begins with index 0. So the 48th byte would be seed[47];
this info is more than enough to get someone to make an app.
Previously released information regarding QA Mode:
Code:
erk: 0x34, 0x18, 0x12, 0x37, 0x62, 0x91, 0x37, 0x1C, 0x8B, 0xC7, 0x56, 0xFF, 0xFC, 0x61, 0x15, 0x25, 0x40, 0x3F, 0x95, 0xA8, 0xEF, 0x9D, 0x0C, 0x99, 0x64, 0x82, 0xEE, 0xC2, 0x16, 0xB5, 0x62, 0xED
iv: 0xE8, 0x66, 0x3A, 0x69, 0xCD, 0x1A, 0x5C, 0x45, 0x4A, 0x76, 0x1E, 0x72, 0x8C, 0x7C, 0x25, 0x4E
hmac: 0xCC, 0x30, 0xC4, 0x22, 0x91, 0x13, 0xDB, 0x25, 0x73, 0x35, 0x53, 0xAF, 0xD0, 0x6E, 0x87, 0x62, 0xB3, 0x72, 0x9D, 0x9E, 0xFA, 0xA6, 0xD5, 0xF3, 0x5A, 0x6F, 0x58, 0xBF, 0x38, 0xFF, 0x8B, 0x5F,0x58, 0xA2, 0x5B, 0xD9, 0xC9, 0xB5, 0x0B, 0x01, 0xD1, 0xAB, 0x40, 0x28, 0x67, 0x69, 0x68, 0xEA, 0xC7, 0xF8, 0x88, 0x33, 0xB6, 0x62, 0x93, 0x5D, 0x75, 0x06, 0xA6, 0xB5, 0xE0, 0xF9, 0xD9, 0x7A
*runs away before the lawsuits come flooding in*
hmac to make the 20 byte digest at the end of the token and erk/iv to decrypt/encrypt it with aes256cbc.
2 more steps to go. Need the button combo and what to change in the dummy token.
Finally, to quote from [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] So since this QA thing is worthless anyway - here is the button combo - you need to have the cursor on 'Network Settings' - (it needs to be 3.55 OFW BTW - Rebug won't work - I've already established that) - and do the following button combo - L2 + L1 + R1 + R2 + L3 + D-pad Down.
There's your button combo.'Edy Viewer' will pop up - Debug Settings will pop up - Install Package will pop up (but it's kinda useless anyway since only retail packages will install, and only the first PKG on the root of the USB stick - yes - seriously). Now you only need to figure out the rest. Yes, this one works - don't worry about it - just go figure out the rest.
UPDATE
The button combination is as follows: (OFW 3.55 only)
Browse to Settings -> Network Settings (leave the cursor highlighted on this item)
Press L2 + L1 + R1 + R2 + L3 + D-pad Down
That'll reveal "Edy Viewer", "Debug Settings", and "Install Packages."
Now don't bother running to your console to try this -- it won't work. Like I said we're still missing a major piece -- the token/flag part. Also, "Install Packages" will not install unsigned packages, which again adds to its uselessness. And besides, 3.55 is hacked to the max already and this [unknown] method does not work on 3.55+.
Update: The missing piece? Courtesy of some anonymous being, by way of psgroove:
Change byte 48 of the token seed to 0x02, hash it, encrypt it, write it to eeprom and flag yourself. By byte 48, I mean the 48th byte. Note that in programming the array of the token seed begins with index 0. So the 48th byte would be seed[47];
Última edição por djmpd21 em Qua 22 Jun 2011 - 13:58, editado 1 vez(es)
