Ps3 firm 3.65 downgradeable ?

copy paste de psgroove:


[spoiler]A few weeks ago, several steps were revealed in the process of unlocking a special Quality Assurance (QA) mode
on your PS3 console. The special mode is typically only meant for
official Sony testers. Unfortunately, the steps revealed were only part
of the process. Developers were scrambling to figure out the button
combo that unlocked the special QA mode. In addition, developers still
needed to figure out what to change in the QA dummy token. These two
mysteries prevented developers from unlocking the mode.

Today however, the Quality Assurance
mystery comes to an end. An anonymous and reputable source exclusively
revealed to us the two remaining steps. The secret button combination
that unlocks the hidden QA mode
was revealed to us as being L1+L2+L3+R1+R2+dpad down. Furthermore, the
anonymous source told us that users need to change byte 48 of the token seed to 0x02.

Combining this new information with the previously released QA
information, developers have everything they need to unlock the mode.
Please note, this is not to be attempted by beginners. However, with
all of the information revealed here, developers will be able to create
an application or custom firmware that automates the QA process.


Information courtesy of anonymous source:

Change byte 48 of the token seed to 0x02, hash it, encrypt it, write
it to eeprom and flag yourself. Button combo is L1+L2+L3+R1+R2+dpad
down. Only works on retail firmware.

By byte 48, I mean the 48th byte. Note that in programming the array of the token seed begins with index 0. So the 48th byte would be seed[47];

this info is more than enough to get someone to make an app.

Previously released information regarding QA Mode:

Code: erk: 0x34, 0x18, 0x12, 0x37, 0x62, 0x91, 0x37, 0x1C, 0x8B, 0xC7, 0x56, 0xFF, 0xFC, 0x61, 0x15, 0x25, 0x40, 0x3F, 0x95, 0xA8, 0xEF, 0x9D, 0x0C, 0x99, 0x64, 0x82, 0xEE, 0xC2, 0x16, 0xB5, 0x62, 0xED iv: 0xE8, 0x66, 0x3A, 0x69, 0xCD, 0x1A, 0x5C, 0x45, 0x4A, 0x76, 0x1E, 0x72, 0x8C, 0x7C, 0x25, 0x4E hmac: 0xCC, 0x30, 0xC4, 0x22, 0x91, 0x13, 0xDB, 0x25, 0x73, 0x35, 0x53, 0xAF, 0xD0, 0x6E, 0x87, 0x62, 0xB3, 0x72, 0x9D, 0x9E, 0xFA, 0xA6, 0xD5, 0xF3, 0x5A, 0x6F, 0x58, 0xBF, 0x38, 0xFF, 0x8B, 0x5F,0x58, 0xA2, 0x5B, 0xD9, 0xC9, 0xB5, 0x0B, 0x01, 0xD1, 0xAB, 0x40, 0x28, 0x67, 0x69, 0x68, 0xEA, 0xC7, 0xF8, 0x88, 0x33, 0xB6, 0x62, 0x93, 0x5D, 0x75, 0x06, 0xA6, 0xB5, 0xE0, 0xF9, 0xD9, 0x7A

*runs away before the lawsuits come flooding in*

hmac to make the 20 byte digest at the end of the token and erk/iv to decrypt/encrypt it with aes256cbc.

2 more steps to go. Need the button combo and what to change in the dummy token.

Update - Tutorial and Tools via

There are many methods to accomplish qa and I'm too lazy to document them all so I'll tell you one way. Linux.

Step 1) Install OtherOS++, install linux, make sure to enable the ps3 modules when compiling the kernel.

Step 2) Download, and compile the ps3dm utils

Step 3) Download my tokenator

Step 4) Dump your eid by running ./ps3dm_iim /dev/ps3dmproxy get_data 0x0>dump

Step 5) Set your flag by running ./ps3dm_um /dev/ps3dmproxy write_eprom 0x48C0A 0x00

Step 6) Open your dump in a hex editor and type in the first 16 bytes into tokenator

Step 7) Run the script it spits out

PS3 Step 8) Restart your ps3. Go to the Network Settings options and press L1 + L2 + L3 + R1 + R2 + D-Pad Down

Have fun. It doesn't work on rebug yet. There are other flags to set for debug firmwares and rebug is pseudo debug.[spoiler]



En principio con esto podemos hackear y deshackear nuestra ps3 a gusto del consumidor ... no se me parece un gran avance... a ver si alguien sabe explicarlo bien porque yo la verdad en mitad del texto acabo un pelin perdido... se inglés pero no hasta estos niveles

Mis juguetitos:

Wii :  wii PSP Fat :  psp fat  PS3 Slim : ps3 slim  MSI GE 600 : msi ge 600 HTC Wildfire : htc wildfire

Anuncios Google

Opciones de visualización de comentarios

Seleccione la forma que prefiera para mostrar los comentarios y haga clic en «Guardar las opciones» para activar los cambios.


No, esto solo sirve para 3.55

Opciones de visualización de comentarios

Seleccione la forma que prefiera para mostrar los comentarios y haga clic en «Guardar las opciones» para activar los cambios.