PSN 패치 v2.47

kw군이 PSN 패치를 오랜만에 업뎃했군요.^^ 진짜 IDPS를 보여주는 기능 외에 코브라펌 유저들을 위해 ps2 emu관련 기능들이 업뎃 되었네요.^^

 

PSNpatch v2.47:

  • Displays “real” IDPS (from eid0);
    (EID0로부터 진짜 IDPS를 보여줌)
  • PS2EMU switching updated for bc, semi-bc and non-bc consoles (Habib 4.55 1.03+);
    (해빕/코브라 4.55 v1.03 유저들을 위해 PS2 EMU 변환이 업뎃됨)
  • PSNPATCH plugin shows startup message with version and currently available cobra mode;
    (PSN패치 플러긴이 시작할 때 현재 버전과 가능한 코브라 모드를 보여줌)
  • Some additional messages adjustments;
    (몇몇 메시지 추가)
  • Improved Semi-permanent “OFW mode”;
    (지난 버전에서 문제되었던 정펌 모드를 향상시킴)
    *정펌모드에서 디스크로도 제대로 동작하지 않은 게임이 있었어요.^^
  • rap import directory is temporary forced to /usbxxx/exdata.
    (RAP파일을 넣어야 하는 디렉토리가 일단 usbXXX/exdata로 임시 고정되었다는군요)



NOTE:
DON’T USE HABIB PLUGIN with PSNPATCH Cobra Stealth extensions, as the plugin may hang waiting for dev_habib (writable flash – disabled by stealth extensions). The ps2emu switching is already included inside PSNPatch “cobra toolbox” menu (accessible by pressing SELECT in the main menu).
(해빕 플러긴을 코브라 스탤스 익스텐션과 사용하지 말라는 것이로군요. 해빕 플러긴 문제, 즉  ps2 emu관련 기능은 PSN패치의 코브라 툴박스 메뉴에서 설치할 수 있으니 플러긴을 쓰지 말라네요.^^)

 

다운로드는 여기입니다.  MD5 – b427db5912a7ab0b64b045d6fc243b3f

출처는 여기입니다.^^

 

 

 

조조의 희한한 모험 올스타 대전 유럽판

일본판은 전에 나왔었죠?^^ 유럽판 BLES01986입니다.

 

JoJos Bizarre Adventure AllStar Battle PS3-DUPLEX

 

magnet:?xt=urn:btih:3f7a96fda4980c1d31d81013491fdb7de03888ba&dn=JoJos+Bizarre+Adventure+AllStar+Battle+PS3-DUPLEX&tr=udp%3A%2F%2Ftracker.openbittorrent.com%3A80&tr=udp%3A%2F%2Ftracker.publicbt.com%3A80&tr=udp%3A%2F%2Ftracker.istole.it%3A6969&tr=udp%3A%2F%2Ftracker.ccc.de%3A80&tr=udp%3A%2F%2Fopen.demonii.com%3A1337

 

여기까지 드래그해서 복사하세요.^^

놀라운 거미아저씨2 DLC

2MB 파일이네요.^^

The Amazing Spider-Man 2 Electro Proof Suit DLC PS3-DUPLEX

 

magnet:?xt=urn:btih:3CD53DEFAAEF2D1FF104301DF03736B3F6964787&dn=the+amazing+spider+man+2+electro+proof+suit+dlc+ps3+duplex&tr=udp%3A%2F%2Ftracker.istole.it%3A80%2Fannounce&tr=udp%3A%2F%2Fopen.demonii.com%3A1337

 

 

여기까지 드래그해서 복사하세요.^^

QA flag이 궁금해 미치게써(영문)

QA flag에 대해 질문하시는 분들 요청으로 관련 글들을 모아봤어요.^^ 출처는 여기리벅 홈이에요.

전문 번역은 귀찮아서 패스. 어렵지 않으니 천천히 읽어보세요. 빨간 색 부분이 중요하니 잘 읽어보세요.^^

 What Is QA Flagging

-QA flag is the internal console flag used by Sony, it enables hidden options for retail consoles and debug consoles. It is used for QA centers and the R&D Department, there are 2 levels of QA flags, Minimum and Advanced.

-A QA flag removes all restrictions in your PS3, sort of like a Jailbreak but with developer options, such as the expected downgrade.

-You need to have a QA token, which is randomly generated, and it’s specualted that it is generated by the hypervisor. This tolken unlocks the QA menu, but doesn’t actually install it. You have to enter a combination on the Sixaxis controller.

Well the method of how to “QA flag” your PS3 was never posted/revealed but since then plenty of hints have been given in attempts for the “scene”, and one of the first steps was to figure out the secret button combo. Well after weeks of people trying and moaning, the man behind the emulators – squarepusher 2 has released/posted information on exactly what that button combo was. Noobs do not try this – the guide below is still a work in progress and QA flag button combo is the icing on the cake.
(이 부분은 2011년에 쓰여진거라 그래요. 이걸 간편하게 만들어 실행한 것이 리벅팀의 Toggle QA랍니다^^)

How to QA Flag your PS3, the button combo:
1. Be on 3.55 OFW (no rebug),
2. Move the PS3 cursor/select “Network Setting“
3. Punch the following button combo with your PS3 controller: L2 + L1 + R1 + R2 + L3 + D-pad Down
4.Thats it, the “Edy Viewer”, “Debug Settings”, “Install Package” Menu will now appear.

Notes and disclaimers:

Install Package is useless and can’t install homebrew at the moment – only signed PKGs (and the first one in root of USB only).
This is not all that is needed to QA flag your PS3, but its a big start for the community – we still need all the pieces to fully QA flag the PS3 and its the scenes job to “figure out the rest”.
Change byte 48 of the token seed to 0×02, hash it, encrypt it, write it to eeprom and flag yourself. Button combo is L1+L2+L3+R1+R2+dpad down. Only works on retail firmware.

By byte 48, I mean the 48th byte. Note that in programming the array of the token seed begins with index 0. So the 48th byte would be seed[47];

this info is more than enough to get someone to make an app.
erk: 0x34, 0x18, 0x12, 0x37, 0x62, 0x91, 0x37, 0x1C, 0x8B, 0xC7, 0x56, 0xFF, 0xFC, 0x61, 0x15, 0x25, 0x40, 0x3F, 0x95, 0xA8, 0xEF, 0x9D, 0x0C, 0x99, 0x64, 0x82, 0xEE, 0xC2, 0x16, 0xB5, 0x62, 0xED
iv: 0xE8, 0x66, 0x3A, 0x69, 0xCD, 0x1A, 0x5C, 0x45, 0x4A, 0x76, 0x1E, 0x72, 0x8C, 0x7C, 0x25, 0x4E
hmac: 0xCC, 0x30, 0xC4, 0x22, 0x91, 0x13, 0xDB, 0x25, 0x73, 0x35, 0x53, 0xAF, 0xD0, 0x6E

*runs away before the lawsuits come flooding in*

hmac to make the 20 byte digest at the end of the token and erk/iv to decrypt/encrypt it with aes256cbc.

2 more steps to go. Need the button combo and what to change in the dummy token.

 

아래는 otherOS와 리눅스를 사용한 방법인데 현재는 거의 사용하지 않아요.^^

Linux Tutorial

PS3
Step 1) Install OtherOS++, install linux, make sure to enable the ps3 modules when compiling the kernel.

Step 2) Download, and compile the ps3dm utils

PC
Step 3) Download my tokenator

PS3
Step 4) Dump your eid by running ./ps3dm_iim /dev/ps3dmproxy get_data 0×0>dump

Step 5) Set your flag by running ./ps3dm_um /dev/ps3dmproxy write_eprom 0x48C0A 0×00

PC
Step 6) Open your dump in a hex editor and type in the first 16 bytes into tokenator

PS3
Step 7) Run the script it spits out

PS3 Step Restart your ps3. Go to the Network Settings options and press L1 + L2 + L3 + R1 + R2 + D-Pad Down

Have fun. It doesn’t work on rebug yet. There are other flags to set for debug firmwares and rebug is pseudo debug.

 

QA Flag setup with Grafs Payload

First you have to dump your Flash -> Extract EID -> Extract EID0 and EID4 -> put them on eid.c

To do this you can use Hardware_flashing, Linux with graf_chokolo kernel with acces to /dev/ps3nflasha Links_to_precompiled_stuff or using this payload uncommenting dump_dev_flash()
More info in Flash
Once you are set

Use the payloads in the following order uncommenting the required function
Set the QA flag
update_mgr_qa_flag()
Calculate the token
update_mgr_calc_token()
Verify token
update_mgr_verify_token()
Set the calculated and verified token in update_mgr_set_token.c
update_mgr_set_token()
You should use wireshark or tcpdump to capture the responses

 

QA Flag Features (단지 기능만 나열함)

-Edy Viewer

-install pkg files.

-debug settings are as followed

-DTCP-IP
-ATRAC
-WMA
-NP Environment
-Fake Free Space (for CEX)
-Fake Limit Size
-NP Debug

-NPDRM Debug

-Edy Debug
-Nav-only NP

-Cdda Server

-Crash Report

-Crash reporter Status

-VSH Crash Dump Generator

-System Update Debug
-Information Board QA Server

-Format Marlin Personal Data

-PlaystationRStore Ad Clock

-Geo Filtering for PlaystationRStore

-Remove Game License

-Home Debug

-Delete Trophy Personal Data

-GameUpdate Impose Test

-Network Emulation Setting

-Auto-Off Debug

-WLAN Device

-NAT Traversal Information

-Internet Browser Debug

-SMSS Result Output

-Adhoc SSID Prefix

-Disc Auto-Start at System Startup

-3D Video Output

-Fake NP SNS Throttle

-Debug for HDD Exchange Utility

-Fake Plus

-Push Console Binding

-Automatic Download

-Motion Controller Calibration Result

-VideoEditor Delete Preset BGM

 

아래는 우리가 주로 쓰는 리벅 toggle QA에 관한 설명이죠. 

**** THIS SOFTWARE WRITES TO THE PS3 EEPROM – USE AT YOUR OWN RISK ****
(이건 내장하드와 관련 없고 플삼이 EEPROM에 기록돼요^^)

After having to QA a few PS3 in a row. Then installing a different firmware straight after, it was time to cut out the middleman.

Toggle QA will SET/RESET the QA Flag and Token on any 3.41 or 3.55 firmware that has lv1 mmap and lv2 peek and poke patches (which is most of them).

When you run the app it first detects if the PS3 is 3.41 or 3.55. Next it will check if your firmware has any of the required lv1 patches already and only patch the hypervisor (이 부분이 QA flagging이 가능한 조건이죠) with the ones you need. After it finishes patching Toggle QA will check the status of the QA Flag and SET/RESET it accordingly. Then once the QA SET/RESET is done any lv1 patches made will be removed.

참고로 이걸 하는 가장 큰 이유는 플삼이의 펌웨어 변경과 관련된 것이겠죠?^^ 어떤 사람들은 System Update Debug이 마치 필수인양 말하는데, 전문 링크를 잘 읽어보면 toggle QA 가 설치되고 실행되면 Recovery reinstall without hash check and enabling downgrades 부분은 이미 셋업이 된거라 볼 수 있어요. 그러니까 system update debug은 하드 드라이브 내에 PUP파일을 복사해 놓고 작업을 하기 위한 옵션에 불과하지 이걸 꼭 해야만 하위펌 설치가 잘되는건 아니랍니다.^^

이해에 도움이 되었으면 하네요.^^ 정말 깊이 이해하려면 Flag, Token 등에 대한 기본적인 개념이 있어야 하겠죠.^^ 관련된 전문적인 글을 원하시면 여기를 참고하세요.^^