http://jailbreakscene.com/main/2011/06/bre...ombo-and-token/Remember the QA Flagging method? Well not too long ago Mathieulh showed us a video and told us bout QA Flagging. Everyone was rushing to find out how to create the token and the unknown button combo. An anonymous and reputable source has revealed the long awaited button combo and how to create the token needed. The button combo was revealed as L1+L2+L3+R1+R2+dpad down. As for the token, the users needs to change byte 48 of the token seed to 0?02. With this information, developers have everything they need to unlock the mode. This should not be attempted by beginners.
Information from anonymous source:
Change byte 48 of the token seed to 0?02, hash it, encrypt it, write it to eeprom and flag yourself. Button combo is L1+L2+L3+R1+R2+dpad down. Only works on retail firmware.
By byte 48, I mean the 48th byte. Note that in programming the array of the token seed begins with index 0. So the 48th byte would be seed[47];
this info is more than enough to get someone to make an app.
Previous information regarding QA Mode:
erk: 0?34, 0?18, 0?12, 0?37, 0?62, 0?91, 0?37, 0x1C, 0x8B, 0xC7, 0?56, 0xFF, 0xFC, 0?61, 0?15, 0?25, 0?40, 0x3F, 0?95, 0xA8, 0xEF, 0x9D, 0x0C, 0?99, 0?64, 0?82, 0xEE, 0xC2, 0?16, 0xB5, 0?62, 0xED
iv: 0xE8, 0?66, 0x3A, 0?69, 0xCD, 0x1A, 0x5C, 0?45, 0x4A, 0?76, 0x1E, 0?72, 0x8C, 0x7C, 0?25, 0x4E
hmac: 0xCC, 0?30, 0xC4, 0?22, 0?91, 0?13, 0xDB, 0?25, 0?73, 0?35, 0?53, 0xAF, 0xD0, 0x6E, 0?87, 0?62, 0xB3, 0?72, 0x9D, 0x9E, 0xFA, 0xA6, 0xD5, 0xF3, 0x5A, 0x6F, 0?58, 0xBF, 0?38, 0xFF, 0x8B, 0x5F,0?58, 0xA2, 0x5B, 0xD9, 0xC9, 0xB5, 0x0B, 0?01, 0xD1, 0xAB, 0?40, 0?28, 0?67, 0?69, 0?68, 0xEA, 0xC7, 0xF8, 0?88, 0?33, 0xB6, 0?62, 0?93, 0x5D, 0?75, 0?06, 0xA6, 0xB5, 0xE0, 0xF9, 0xD9, 0x7A
Quoted:
*runs away before the lawsuits come flooding in*
hmac to make the 20 byte digest at the end of the token and erk/iv to decrypt/encrypt it with aes256cbc.
2 more steps to go. Need the button combo and what to change in the dummy token.
It seems that squarepusher2 was the one that came out and revealed the button combo. It seems with this mode however, it still takes a lot of work for developers to get what they want it to do. Now it is time for other PS3 developers to step up to the challenge and see if they can figure this all out.
Squarepusher2 says:
Alright, I got a bit sick and tired of this little game – 84 pages ongoing and still no progress.
So since this QA thing is worthless anyway – here is the button combo -
you need to have the cursor on ‘Network Settings’ – (it needs to be 3.55 OFW BTW – Rebug won’t work – I’ve already established that) – and do the following button combo -
L2 + L1 + R1 + R2 + L3 + D-pad Down.
There’s your button combo.’Edy Viewer’ will pop up – Debug Settings will pop up – Install Package will pop up (but it’s kinda useless anyway since only retail packages will install, and only the first PKG on the root of the USB stick – yes – seriously). Now you only need to figure out the rest. Yes, this one works – don’t worry about it – just go figure out the rest.
BTW – in case some people immediately start trying this out and telling me ‘Hey Square – this doesn’t bleepin* work’ – remember – there are still some pieces of the puzzle missing – the ‘community’ needs to figure these out. But the button combo is in the bag – don’t worry about it anymore, don’t go fruitlessly reversing anymore looking for a possible sign of life of this ‘button combo’ – you’ve got it. Now figure out the rest.
UPDATE: Slynk has released his app called Tokenator. Of course to follow Slynk’s QA Tutorial, it will be required for your PS3 to have Linux or Graf’s payloads.
Slynk says:
Here’s my app. I’d have a full tutorial but I’m having to deal with some bullshit right now. Sorry guys.
I’ll make a better tutorial later but basically. Flag yourself. Dump your idps (that’s the first 16 bytes of your eid0). Type it into my app in the format I provided, click the button, and run that command. Should work.
