QA flag에 대해 질문하시는 분들 요청으로 관련 글들을 모아봤어요.^^ 출처는 여기와 리벅 홈이에요.
전문 번역은 귀찮아서 패스. 어렵지 않으니 천천히 읽어보세요. 빨간 색 부분이 중요하니 잘 읽어보세요.^^
What Is QA Flagging
-QA flag is the internal console flag used by Sony, it enables hidden options for retail consoles and debug consoles. It is used for QA centers and the R&D Department, there are 2 levels of QA flags, Minimum and Advanced.
-A QA flag removes all restrictions in your PS3, sort of like a Jailbreak but with developer options, such as the expected downgrade.
-You need to have a QA token, which is randomly generated, and it’s specualted that it is generated by the hypervisor. This tolken unlocks the QA menu, but doesn’t actually install it. You have to enter a combination on the Sixaxis controller.
Well the method of how to “QA flag” your PS3 was never posted/revealed but since then plenty of hints have been given in attempts for the “scene”, and one of the first steps was to figure out the secret button combo. Well after weeks of people trying and moaning, the man behind the emulators – squarepusher 2 has released/posted information on exactly what that button combo was. Noobs do not try this – the guide below is still a work in progress and QA flag button combo is the icing on the cake.
(이 부분은 2011년에 쓰여진거라 그래요. 이걸 간편하게 만들어 실행한 것이 리벅팀의 Toggle QA랍니다^^)
How to QA Flag your PS3, the button combo:
1. Be on 3.55 OFW (no rebug),
2. Move the PS3 cursor/select “Network Setting“
3. Punch the following button combo with your PS3 controller: L2 + L1 + R1 + R2 + L3 + D-pad Down
4.Thats it, the “Edy Viewer”, “Debug Settings”, “Install Package” Menu will now appear.
Notes and disclaimers:
Install Package is useless and can’t install homebrew at the moment – only signed PKGs (and the first one in root of USB only).
This is not all that is needed to QA flag your PS3, but its a big start for the community – we still need all the pieces to fully QA flag the PS3 and its the scenes job to “figure out the rest”.
Change byte 48 of the token seed to 0×02, hash it, encrypt it, write it to eeprom and flag yourself. Button combo is L1+L2+L3+R1+R2+dpad down. Only works on retail firmware.
By byte 48, I mean the 48th byte. Note that in programming the array of the token seed begins with index 0. So the 48th byte would be seed;
this info is more than enough to get someone to make an app.
erk: 0x34, 0x18, 0x12, 0x37, 0x62, 0x91, 0x37, 0x1C, 0x8B, 0xC7, 0x56, 0xFF, 0xFC, 0x61, 0x15, 0x25, 0x40, 0x3F, 0x95, 0xA8, 0xEF, 0x9D, 0x0C, 0x99, 0x64, 0x82, 0xEE, 0xC2, 0x16, 0xB5, 0x62, 0xED
iv: 0xE8, 0x66, 0x3A, 0x69, 0xCD, 0x1A, 0x5C, 0x45, 0x4A, 0x76, 0x1E, 0x72, 0x8C, 0x7C, 0x25, 0x4E
hmac: 0xCC, 0x30, 0xC4, 0x22, 0x91, 0x13, 0xDB, 0x25, 0x73, 0x35, 0x53, 0xAF, 0xD0, 0x6E
*runs away before the lawsuits come flooding in*
hmac to make the 20 byte digest at the end of the token and erk/iv to decrypt/encrypt it with aes256cbc.
2 more steps to go. Need the button combo and what to change in the dummy token.
아래는 otherOS와 리눅스를 사용한 방법인데 현재는 거의 사용하지 않아요.^^
Step 1) Install OtherOS++, install linux, make sure to enable the ps3 modules when compiling the kernel.
Step 2) Download, and compile the ps3dm utils
Step 3) Download my tokenator
Step 4) Dump your eid by running ./ps3dm_iim /dev/ps3dmproxy get_data 0×0>dump
Step 5) Set your flag by running ./ps3dm_um /dev/ps3dmproxy write_eprom 0x48C0A 0×00
Step 6) Open your dump in a hex editor and type in the first 16 bytes into tokenator
Step 7) Run the script it spits out
PS3 Step Restart your ps3. Go to the Network Settings options and press L1 + L2 + L3 + R1 + R2 + D-Pad Down
Have fun. It doesn’t work on rebug yet. There are other flags to set for debug firmwares and rebug is pseudo debug.
QA Flag setup with Grafs Payload
First you have to dump your Flash -> Extract EID -> Extract EID0 and EID4 -> put them on eid.c
To do this you can use Hardware_flashing, Linux with graf_chokolo kernel with acces to /dev/ps3nflasha Links_to_precompiled_stuff or using this payload uncommenting dump_dev_flash()
More info in Flash
Once you are set
Use the payloads in the following order uncommenting the required function
Set the QA flag
Calculate the token
Set the calculated and verified token in update_mgr_set_token.c
You should use wireshark or tcpdump to capture the responses
QA Flag Features (단지 기능만 나열함)
-install pkg files.
-debug settings are as followed
-Fake Free Space (for CEX)
-Fake Limit Size
-Crash reporter Status
-VSH Crash Dump Generator
-System Update Debug
-Information Board QA Server
-Format Marlin Personal Data
-PlaystationRStore Ad Clock
-Geo Filtering for PlaystationRStore
-Remove Game License
-Delete Trophy Personal Data
-GameUpdate Impose Test
-Network Emulation Setting
-NAT Traversal Information
-Internet Browser Debug
-SMSS Result Output
-Adhoc SSID Prefix
-Disc Auto-Start at System Startup
-3D Video Output
-Fake NP SNS Throttle
-Debug for HDD Exchange Utility
-Push Console Binding
-Motion Controller Calibration Result
-VideoEditor Delete Preset BGM
아래는 우리가 주로 쓰는 리벅 toggle QA에 관한 설명이죠.
**** THIS SOFTWARE WRITES TO THE PS3 EEPROM – USE AT YOUR OWN RISK ****
(이건 내장하드와 관련 없고 플삼이 EEPROM에 기록돼요^^)
After having to QA a few PS3 in a row. Then installing a different firmware straight after, it was time to cut out the middleman.
Toggle QA will SET/RESET the QA Flag and Token on any 3.41 or 3.55 firmware that has lv1 mmap and lv2 peek and poke patches (which is most of them).
When you run the app it first detects if the PS3 is 3.41 or 3.55. Next it will check if your firmware has any of the required lv1 patches already and only patch the hypervisor (이 부분이 QA flagging이 가능한 조건이죠) with the ones you need. After it finishes patching Toggle QA will check the status of the QA Flag and SET/RESET it accordingly. Then once the QA SET/RESET is done any lv1 patches made will be removed.
참고로 이걸 하는 가장 큰 이유는 플삼이의 펌웨어 변경과 관련된 것이겠죠?^^ 어떤 사람들은 System Update Debug이 마치 필수인양 말하는데, 전문 링크를 잘 읽어보면 toggle QA 가 설치되고 실행되면 Recovery reinstall without hash check and enabling downgrades 부분은 이미 셋업이 된거라 볼 수 있어요. 그러니까 system update debug은 하드 드라이브 내에 PUP파일을 복사해 놓고 작업을 하기 위한 옵션에 불과하지 이걸 꼭 해야만 하위펌 설치가 잘되는건 아니랍니다.^^
이해에 도움이 되었으면 하네요.^^ 정말 깊이 이해하려면 Flag, Token 등에 대한 기본적인 개념이 있어야 하겠죠.^^ 관련된 전문적인 글을 원하시면 여기를 참고하세요.^^