Welcome to PS3Hax, your official PS3 hacks, PS3 Homebrew, and PS3 Downloads scene. Check back daily to keep up with the latest PS3 Hacks and drop by our forums for more PS3 Hacks discussions.
  • Posted by PS3Hax Member News , on 30/06/2011 , @ 10:41am


    A complete new version of PS3 Multi Tools for Windows is released!
    The new version is now called PS3 Multi Tools for Win&Mac … why? Read!

    Here are the changelogs from v2.5 to v3.0 (7, XP , Vista & Mac):
    - You can now search minor/security updates for PS3 Multi Tools for Windows v3.X.X
    - Complete new XMB design
    - Now running on Mac OS X Snow Leopard
    - Offcial Firmware 3.41, 3.55 & 3.66 added
    - Package signing fixed (Not working on Mac)
    - Kmeaw 3.55 CFW added
    - Detailed game description will be shown
    - Added CFW355-OTHEROS++-SPECIAL Custom Firmware
    - Added more Homebrew:
    -> OpenPS3FTP always the newest version (Kmeaw & Geohot)
    -> QA Flagging Tools: flag, reset flag & extra flag
    - New Settings added: Show MD5 Hashes

    Additional changelogs only for Windows 7 Users:
    - Added more Taskbar icons
    -> Download latest version of MultiMAN
    -> Load news
    -> Search updates

    Requirements for Windows 7:
    - .Net Framework 4.0

    Requirements for Windows Vista & XP:
    - .Net Framework 2.0

    Requirements for Mac OS X Snow Leopard:
    - Wine with .Net Framework 2.0
    - Crossover with Runtime: .Net Framework 2.0

    Screenshots: (Windows) (Mac OS X)

    Windows 7
    Windows Vista, XP & Mac
    Crossover (Mac users only)
    Wine (Mac users only)

  • Posted by PS3Hax Member News , on 30/06/2011 , @ 10:38am


    Many people (the more advanced hackers), already know this but there still is some blurriness on what Linux OS works on 3.55 and what does not.  For those of you who are living under a rock the last few weeks, OtherOS was restored on post 3.15 consoles. OS is basically a program in which will let you turn you PS3 into a computer. It allows you to run some programs that you wouldn’t be able to without OS. Some popular ones are Linux and Ubuntu. Various information, tutorials on installing Linux can be found here.

    And as of right now, it seems like the PS3 firmware 3.55 will run most OS out there. As you can see in the chart below, there are still some OS that have NOT been tested for the 3.55 firmware.

    Chart from Gitbrew:

    If you want Gitbrew to try an OS that is not listed, let them know. Also, if an OS is not listed and you are certain it works, message them and they will add it to the list.

  • Posted by PS3Hax Member News , on 29/06/2011 , @ 01:12pm


    An Update of the famous PS3 Media Player Showtime has been released. Thanks to Andreas Öman for his great Application!

    A list of changes since 2.99.401 release:

    Popup menu redesigned a bit
    Add support for Windows 1251 codepage
    upnp: Make sure that we really find subtitles when doing a blind probe. This bug has caused problems for some people making some video not start at all.
    Make it possible to enter credentials in the auth popup that is not saved to disk
    Add support for passing mimetypes internally. This speed up media loading and playback start.
    ps3: Update XMB icon (better centered)
    Make SRT subtitle discovery better
    Add support for setting subtitle output delay
    Add seek-by-thumbnail in the command popup menu (looks very bad on ps3 at the moment though)
    ui: Redesign the auth popup
    Improve the setting views
    ps3: Add support for BD remote
    Add support for cycling between audio and subtitle tracks using a single button
    Make presentation of audio and subtitle tracks better
    Improve subtitle rendering. There is a lot of changes here. see bc0cf58e and 76142920
    ps3: Display all reasonable entries found in system VFS root as services on their own
    ps3: If display operates in non-square pixel 16:9 mode, scale UI accordingly
    Use libav.org’s recently released 0.7 version (with a couple of bug fixes on top)


    Download Showtime 2.99.534

    Usage Guide and FAQ


  • Posted by PS3Hax Member News , on 29/06/2011 , @ 09:33am


    If your a Mortal Combat fan, a new hack is out which enables you to unlock Skarlet, all the bosses, and all classic costumes from Mortal Kombat 1 and 3. Scorpion2k7 brings you the latest tutorial and video below:


    01) Replace your current MK9 file from the last mod with the original file located in “Mortal_Kombat_9_-_Bosses_


    02) Delete all of your Game Data for Mortal Kombat on your PS3 by going to “Game Data Utility” and “Saved Data

    Utility.” If you have anything saved, you must delete and start fresh.


    03) Go to “Mortal_Kombat_9_-_Bosses_+_Skarlet_+_Classic_Costumes_ModBosses_Mod(Your Game Region)” and replace the

    Following files:

    04) Go to “Mortal_Kombat_9_-_Bosses_+_Skarlet_+_Classic_Costumes_ModBosses_Mod” and replace the following files:


    05) Go to “Mortal_Kombat_9_-_Bosses_+_Skarlet_+_Classic_Costumes_ModMK9_1.02_Retail_Update” in your Package

    Manager and install the following file:
    - MK9_1.02_Retail_Update.pkg


    06) Now, depending on your game region(BLUS OR BLES), install the following file from your Package Manager located

    in “Mortal_Kombat_9_-_Bosses_+_Skarlet_+_Classic_Costumes_ModCharacter_+_Costumes_Mod”:
    - MK9_Character_+_Costumes_Mod.pkg

    07) Now, once again, depending on your game region(BLUS OR BLES), install the following file from your Package

    Manager located in “Mortal_Kombat_9_-_Bosses_+_Skarlet_+_Classic_Costumes_ModBosses_Mod”:
    - MK9_Bosses_Mod_Fix.pkg

    08) COMPLETE! Now just run MultiMAN or whatever your preferred manager is and refresh the game list if it doesn’t

    do it for you, then play!


    • Goro
    Fatality: (Close): ˄ ˄ ˄ ˄ BP
    Fatality: (Close): ˄ ˄ ˄ ˄ FP

    • Kintaro
    Fatality: (Close): ˄ ˄ ˄ ˄ BP
    Fatality: (Close): ˄ ˄ ˄ ˄ FP

    • Shao Kahn
    Fatality: (Close) ˃ ˂ ˃ ˂ BK
    Babality: ˄ ˂ ˂ ˅ BK

    Download Bosses Skarlet Classic Customs Mod
    Download Mileena Toilet Paper Costumes Mod

  • Posted by PS3Hax Member News , on 29/06/2011 , @ 09:27am


    A fix is out for another new PS3 title, Ape Escape (PS Move game). Simply replace the files to fix the game. Download fix here.

  • Posted by Pirate , on 28/06/2011 , @ 05:09pm


    You may have to read the title of this article a few times to soak in what I just said. Spanish hacker and PS3Hax member, dospiedras1973, has released a method he has been working on for 2 months to downgrade 265mb NAND PS3s, aka Phat PS3′s from firmware 3.6x. His method requires fancy flashing, and the use of the Infectus mod chip for PS3…so it requires soldering skills and is no “easy feat”. This also fixes the Waninkoko brick that many people had issues with a while back.

    To quote (translated):

    Hello, I’ve been working on this project about two months nowsince I’ve gotten to work as public so that everyone can use,this tutorial is for consoles with 256MB NAND flash does not mean it does not work in 16MB in itself is changed almostthe same in those with normal flash, but because even I havemy fat fucking 16mb 80GB I have not been able to neither prove nor verified.

    Nougat (the phrase I owe to some forero around here that I really liked the expression):

    With INFECTUS flash0.bin and we get our nand flash1.bin asin the tutorial to repair bad lukin nands do the same process until we get our dump flashfinal.bin 256MB

    nand we open this with a simple hex editor and look for this part editor

    00 00 00 00 00 00 00 00 00 00 00 00 00 6F FF E0

    ay you will see that just under a very similar line, I find this datain the offset 000C0020 may vary according to the nand andthe party starts here:-D

    EVEN replace that line with the file if you use the hxd1patchcos.bin get in the first 0 of the line -> right click and paste writing before you have to have an open 1patchcos.binhxd in hex ​​and copy its contents to can paste .[ps3hax.net]

    “00 00 00 00 00 00 10 10 00 00 00 00 00 00 10 10 00 00 00 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 40″

    and in the same way as the first patched patched this alsocojemos 2patchtrvk.bin pack the file and replace the entire contents including the “00 00 00 00 00 00 10 10 00 00 00 00 00 00 10 10 00 00 00 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 40

    then we take the option we use reescramble flowrebuilder thisdump so we rebuild our flash0.ECC.bin and flash1.ECC.bin

    and flash the result, when you finish you will notice that the PS3 now has a nice on but black screen, it cojemos ourfactory jig to put it into service mode and put it in factory, thenthe typical cojemos lv2diag of yore and the pup you please

    (NOTE: the first pup that metais will stay in the console as the minimum version that you can downgrade then, if you want tolose 3.55 to 3.41 then you will have to put the pup up to 3.41before 3.55 or 3.55 will remain in that if cost will not rewrite thedump again to downgrade to lower the pup that you put thefirst time.)

    then you put your factory lv2diag to leave the service and you’re good

    Note: this applies to repair the brick Waninkoko NAND NOTDONATED plates even sem-001 (tested) (and stepdowngrade xD)

    Thanks to:
    all channel # irc-hispano darkps3 for supporting me for so long
    to donate the INFECTUS austaquio32 to achieve to continuewith my project
    to Nodial2ne paid for the help locating files in the nand
    to robs1 for helping throughout the process with ideas tomake this possible

    and everyone who was patient and not by private haunts mexD

    Download files you need for downgrade HERE.

    Below is a pic of the infectus modchip install (so you can get an idea of kind of soldering skills required):

    Maybe not the way some of you were expecting, but nevertheless, here it is! Infectus has been around since the start of PS3 so you can do some searching on old guides (disregard the old downgrades tutorials), and install videos. No doubt you will be seeing new and fresh tutorials from us related to the install, and full step by step, noob friendly guides on how to do this. This obviously enables a huge chunk of the scene that left or don’t have access to CFW to once again come back :) . Slim PS3 owners, hold tight  - there just might be light at the end of your tunnel too.

    [VIA Elotrolado] - Thanks totenshou for news tip.

    Stay tuned for more updates from PS3Hax.net, your FASTEST source for PS3 hacking news :)

    Places you can buy a Infectus 2 chip: here or here.

  • Posted by GregoryRasputin , on 28/06/2011 , @ 02:48pm


    The French Ps3 development team, known as Team PS3-Devs Addict have released a second version of their 3.55 CFW, which is said to have the same stability as Kmeaw, here is a quote from the Change Log:

    Changelog Rev.2:

    • add new lv1 lv2 peek & poke for otheros & more + + new patch
    • New user Icons
    • Package Manager by Rebug
    • Included BDemu v2 & OpenFTP by axtux
    • Add Heavy Rain theme
    • Spoof 3.66
    • add 22GB for otheros, just Need to install petiboot
    • Support for otheros + + (bug no trophy)

    Special Thanks: Kakaroto for Ps3MFW, Glevand For patch Rebug, Dudu_clx for testing and user image … & More

    A quote from the source:

    Some of you probably noticed that it only supports CFW activation QA Flag as I have clearly said that the new CFW PS3A permitted. Actually after further testing we realized that this patch made inoperative trophies and as a result prevented the games run. We therefore preferred to remove this feature. In short it does not install the pkg from QA by QA if the cons has been previously activated it will remain active.

    That’s if you have any ideas or desires for the next version of our CFW, you express

    They also added this update:

    Follow-up testing by some members and myself, what a CFW product “BlueScreen” on PS3 with a 40GB hard drive. If others encounter similar problem going through the recovery mode and then returned it. Go to the forum to notify me your problem.
    But the good news that his CFW supports the downgrade without you change the CFW-otheros Special order downgraded, I would like to thank the entire community of PS3A to follow us every day.

    Source PS3-Addict.

    Download From Source.

    Thanks to CrystalWolf for the tip via PM.


    3.66 Spoof, just stops you accidentally updating your PS3, it will NOT get you PSN

  • Posted by PS3Hax Member News , on 27/06/2011 , @ 02:59pm


    Well, this is interesting it appears are friends at Gitbrew are working on a possible 3.56+ exploit. From the QA Flag PKG, to the downgrade method by these fellas, it would be very interesting to see if they can pull it off.

    To quote, via Twitter:

    Stay tuned to PS3Hax.net - Your fastest PS3 scene news source.

    Have you QA Flagged your PS3?

    View Results

    Loading ... Loading ...

  • Posted by Pirate , on 26/06/2011 , @ 10:03am


    If you have been keeping up to date with us, you probably heard of the QA Flagging news. Well the folks at Gitbrew have released their downgrade, and you can find out how to downgrade your PS3 Firmware 3.55 to 3.41 or 3.15.

    Download these:

    Note: These tools COULD format your ps3. (which means Any and ALL psn / downloaded data should be erased)


    1. Install CFW355-OTHEROS++-SPECIAL.pup (Doesn’t matter what version you are 3.41, 3.50 etc etc)
    2. Install qa_flag_extra.pkg
    3. Run qa_flag (It will show up as this, that is fine)
    4. If you hear the beeps, continue. If you don’t hear the beeps start over.
    5. Reboot
    6. Go into recovery menu and Update your ps3 with the firmware that you want (3.15, 3.41 etc)
    7. Have it install

  • Posted by PS3Hax Member News , on 26/06/2011 , @ 06:38am


    Bitcoin Mining is now possible on the PS3 Console via Linux.


    This is a Bitcoin miner for the Cell Broadband Engine Architecture (CBEA). It

    was developed on a PS3 using Debian GNU/Linux 6.0.1.

    Bitcoin donations accepted: 18xDLQsJ94ihhx5YovqAhVY2b9SC5b81h



    Debian Packages [aptitude install ...]


    * make

    * gcc

    * binutils-spu

    * ruby1.9.1-dev

    * libspe2-dev

    > gcc-spu

    > binutils

    > ruby1.9.1

    > libspe2-2

    (packages marked > should be included automatically as dependencies of

    packages marked *)

    Ruby Gems [gem1.9.1 install ...]


    * net-http-persistent



    In order to make use of your SPEs under Linux, you must have spufs mounted on

    /spu. For example:

    # mount -t spufs spufs /spu

    Or equivalently, ensure /etc/fstab contains a line similar to the following:

    spufs /spu spufs defaults 0 0



    $ make



    $ ./cellminer -help

    RPC username and password will default to those found in


    Auto Installer

    Git repository


    Source Gitbrew

    To understand what Bitcoin/Bitcoin Mining is, watch this video:

    Or check this link.

  • Posted by Pirate , on 25/06/2011 , @ 12:30pm


    michaelscz and S4W, two members from PS3ISO, have released (or discovered) fixes for 2 new releases which will now work on CFW 3.41/3.55. Again these are playable because the new updates were used with the old keys so the latest keys are still not known yet…and CFW still survives on luck for new titles ;)

    Installation can be found in download links below:

    [Download Transformers Dark of the Moon Fix]
    [Download Street Fighter Arcade Fix]

  • Posted by PS3Hax Member News , on 24/06/2011 , @ 04:24pm


    Updates follow below. Alright Ladies and Gentlemen Fresh from Gitbrew we have a QA flagging tool in the form of a .pkg. This .pkg was coded by Glevand.

    Quote from Gitbrew’s Wiki, and Twitter:


    What we have tested on so far

    • 3.55
    • 3.41
      • Run qa_flag.pkg if you hear a beep, it worked. If not dump your debug messages via udp_printf on linux and send to us to fix.
        • go to network settings (Do not enter it) and hit or hold
          • L1+L2+L3+R1+R2+down on the d-pad

    QA flagging is now done.


    This does all the work for you as well. Also has Slynk’s 16 byte console specific code “tokenator” if i recall it’s name.

    Thanks Gitbrew and Glevand!! Also folks remember If it didn’t work, dump your debug messages via udp_printf on linux and send to us to fix.

    [Download QA Flagging Tools]

    Update 1:

    And a CFW/Other OS PUP (aka CFW/firmware)  arrives, which is confirmed to be working with QA Flag, to quote:

    Confirmed working with QA Auto Flag. Flash, Run, Reflash to your CFWs (kmeaw, waninkoko etc etc) adding support soon!

    [Download CFW355-OTHEROS++-SPECIAL PUP]

    Stay tuned to PS3Hax.net for your fastest PS3 scene updates!

    UPDATE 2:

    More details and questions answered have been posted by Gitbrew over at their wiki. First off, for newbs, this is not useful yet so don’t bother QA flagging the PS3 unless you have some experience - this is mainly for DEVs at this stage. It does not do anything useful that Kmeaw or Rebug CFW don’t currently do (and backed up games don’t work yet).

    Second those who wish to QA Flag your PS3, you have to have THIS CFW installed. The other Kmeaw/Rebug/geohot/waninkoko do NOT work yet. You can install the QA Flag CFW, then flash back to any other CFW without loosing the QA flag features.

    Mini Tutorial on how to QA Flag your PS3:

    1. Download this. (Also qa_extra_flag.pkg for advanced devs ONLY)
    2. Run qa_flag.pkg if you hear a beep, it worked. If not dump your debug messages via udp_printf_client on linux and send it to us.
    3. Reboot the ps3
    4. Go to network settings (Do not enter it) and hit or hold
    5. L1+L2+L3+R1+R2+down on the dpad

    Your PS3 is now QA Flagged.

    Mini Tutorial on how to REMOVE QA Flag from your PS3:

    1. Download this PKG.
    2. Run reset_qa_flag.pkg , If you hear a beep it worked. If not dump your debug messages via udp_printf_client in linux and send it to us.
    3. Reboot the ps3
    4. QA Flag is now set to default (Off) Your PS3 is now normal again.

    Also and 2 pretty important Tweets by Gitbrew that you should read :)

    Currently 3.56 and above can not be flagged. We don’t have the 3.56+ keys to do so.

    3.55 Downgrade to older firmwares, Now confirmed possible. Howto soon, QA flagging needed.

  • Posted by PS3Hax Member News , on 24/06/2011 , @ 02:29pm


    Ps3 Dev jaicrab has released dumps of the CobraUSB Dongle. However, these dumps are not confirmed to be working on any dongle, but it is a step forward to playing your PSX ISO as well as watching region free BLU-RAY on all PS3 models including SLIMS. And PS2 ISO compatibility on BC PS3(launch PS3s).

    Here is a quote from the source:

    This belongs to all of us, so let’s enjoy it.

    Cobra 1.2 http://www.megaupload.com/?d=MKF02IXN
    Cobra 2.0 http://www.megaupload.com/?d=NEP6CVW7
    Kernel is “3.41v2 Original”.

    My support goes out to Graf_Chokolo. Go help him.

    This was translated by jean945

    The original can be found at the source




    Also thanks to manster for being the original source, by posting them here , and IRC.

  • Posted by GregoryRasputin , on 23/06/2011 , @ 09:14pm


    Well it cant come as much of a surprise, to see a class action lawsuit being filled, yet again, against SCEA, for something they did, or didn’t do.

    With all the problems with the hacking of PSN and various other Websites, we knew it wouldn’t belong before someone complained, whilst there was a few cases brought up during the PSN outage, this is the first since PSN has been restored.

    On the 20th of June 2011 Felix Cortorreal, Jacques Daoud jr. and Jimmy Cortorreal, filled a class action complaint, against Sony Corporation of America, Sony Computer Entertainment of America, Sony Picture Entertainment and Sony Network Entertainment International, here is a small quote from the court document:

    To read the full document, download here.

  • Posted by PS3Hax Member News , on 23/06/2011 , @ 03:50pm


    Mr Wicked has released his SACD ripping software for the PS3.

    Originally Posted by Mr Wicked

    First of all my apologies for my post from half a year ago. At that time of writing I thought I had it all figured out, but I was far far away from reality. Now, a half year later I can tell you that PS3 SACD ripping is finally possible and works with a natively build PS3 application (NO linux required).

    It really has been a rollercoaster ride and without the release of PS3 keys this would not have been possible. It all came together at the right time, but it required alot of reverse engineering, learning the internals of the PS3 and last but not least writing code to see code!!: (http://code.google.com/p/ida-spu) Yes, too much time of my life has gone into this, but I don’t regret any of it..
    Although still in alpha successful dumps are being made as we speak. But due to legal reasons I will not spread binaries and I’ll leave that up to others. The user interface is simple but it will allow you to dump DSDIFF, DSF, ISO in both multi and stereo channels and it also creates the necessary ID3 tags so your track/disc information is not lost. Remember the software is still in ALPHA, but it’s way more than just a proof of concept… let the testing begin!
    Installation information:

    Project page:


    Thanks to an anonymous friend for releasing the packages (from here)

    Download SACD-ripper (geohot CFW)

    Download SACD-ripper

    Download PS3 keys …. Download 3.60 Keys here


    For those unable to use Google, here is what SACD is.

    Super Audio CD (SACD) is a high-resolution, read-only optical disc for audio storage. Sony and Philips Electronics jointly developed the technology, and publicized it in 1999.[citation needed] It is designated as the Scarlet Book standard. Sony and Philips previously collaborated to define the Compact Disc standard (as well as the S/PDIF digital audio cable specification). The SACD medium supersedes the storage capacity, fidelity, dynamic range, and stereo imaging capabilities of the Compact Disc.

    To read more, check the source of that information here.

    EDIT 2
    For backwards compatible PS3′s only, check this site for more information on SACD.

  • Posted by PS3Hax Member News , on 23/06/2011 , @ 03:48pm


    Now before i start dont flame as i am not sure how relevant this is to the future of ps3 hacking but it may be of some possible use, Free MC Boot author jimmikaelkael has put up the source to his ps3mca-tool.

    Originally Posted by jimmikaekael

    We recently found a new way to install FMCB with the PlayStation3 Memory Card Adaptor (CECHZM1) connected to your PC. Since this device is somewhat cheap, it could be a good alternate way for those who don’t have access to an already hacked PS2.

    The method consist of a command line software and using set of commands (or scripts) in order to install the fmcb hack properly. It also has the advantage to do a multi region/models installation. One restriction is that the software doesn’t work with datel’s mc (mainly related with setting a proper termination code for comunications) and maybe with some other brands, however it was tested successfully with official 8MB Memory Cards and with some crappy chinese clones too.

    Currently the FMCB loader being installed is v1.8c which contain an important kernel fix for the 10K.

    The util to allow to communicate and sign the file for the MC was made by me and “someone who wants to stay anonymous”. Note that without this anonymous contributor it would have been impossible to achieve it.

    sony has already challenged the git but it is now back up.


    more info can be found@psxscene


    another thread with a build of ps3mca-tool and windows driver


    with the cobra usb keys cracked and currently being worked on this tool could come in very handy and i am sure some of you guy will find it somewhat interesting.

  • Posted by PS3Hax Member News , on 22/06/2011 , @ 09:30pm


    A new PS3 system software update, v3.66, will be released is released a few hours ago. With this minor update, system stability during use of PS3 format software and network services has been improved.

    Will you be updating to FW 3.66?

    View Results

    Loading ... Loading ...

    [VIA PSBlog]

    Update: Its live, download below (if you dare to update):

    [Download PS3 FW v.366]

  • Posted by Pirate , on 21/06/2011 , @ 07:55pm


    [Update#3 at bottom] Remember a few weeks ago Mathieulh released a video of the QA flagged PS3? To refresh your memories; the QA flag is the internal console flag used by Sony, it enables hidden options and removes restrictions for both retail and debug consoles alike. It is used for QA centers and the R&D Department (there are 2 levels of QA flags, Minimum and Advanced). In short it could lead to a complete open PS3…and yes all the CFW, homebrew and backup manager your little heart desires.

    Well the method of how to “QA flag” your PS3 was never posted/revealed but since then plenty of hints have been given in attempts for the “scene”, and one of the first steps was to figure out the secret button combo. Well after weeks of people trying and moaning, the man behind the emulators - squarepusher 2 has released/posted information on exactly what that button combo was. Noobs do not try this - the guide below is still a work in progress and QA flag button combo is the icing on the cake.

    How to QA Flag your PS3, the button combo:

    1. Be on 3.55 OFW (no rebug), download here.
    2. Move the PS3 cursor/select “Network Setting
    3. Punch the following button combo with your PS3 controller: L2 + L1 + R1 + R2 + L3 + D-pad Down
    4. Thats it, the “Edy Viewer”, “Debug Settings”, “Install Package” Menu will now appear.

    Notes and disclaimers:

    • Install Package is useless and can’t install homebrew at the moment - only signed PKGs (and the first one in root of USB only).

    This is not all that is needed to QA flag your PS3, but its a big start for the community - we still need all the pieces to fully QA flag the PS3 and its the scenes job to “figure out the rest”.

    Thanks to munky875821417 for news tip.

    UPDATE 1:

    And now within hours, more information is being leaked and it seems that now that developers have all the pieces of the missing puzzle to create an application to automate the QA Flagging process (courtesy to an anonymous tip from PSGroove for the following information):

    Change byte 48 of the token seed to 0×02, hash it, encrypt it, write it to eeprom and flag yourself. Button combo is L1+L2+L3+R1+R2+dpad down. Only works on retail firmware.

    By byte 48, I mean the 48th byte. Note that in programming the array of the token seed begins with index 0. So the 48th byte would be seed[47];

    this info is more than enough to get someone to make an app.

    Previously known information on QA:

    erk: 0x34, 0x18, 0x12, 0x37, 0x62, 0x91, 0x37, 0x1C, 0x8B, 0xC7, 0x56,   0xFF, 0xFC, 0x61, 0x15, 0x25, 0x40, 0x3F, 0x95, 0xA8, 0xEF, 0x9D, 0x0C,   0x99, 0x64, 0x82, 0xEE, 0xC2, 0x16, 0xB5, 0x62, 0xED
    iv: 0xE8, 0x66, 0x3A, 0x69, 0xCD, 0x1A, 0x5C, 0x45, 0x4A, 0x76, 0x1E, 0x72, 0x8C, 0x7C, 0x25, 0x4E
    hmac: 0xCC, 0x30, 0xC4, 0x22, 0x91, 0x13, 0xDB, 0x25, 0x73, 0x35, 0x53,   0xAF, 0xD0, 0x6E, 0x87, 0x62, 0xB3, 0x72, 0x9D, 0x9E, 0xFA, 0xA6, 0xD5,   0xF3, 0x5A, 0x6F, 0x58, 0xBF, 0x38, 0xFF, 0x8B, 0x5F,0x58, 0xA2, 0x5B,   0xD9, 0xC9, 0xB5, 0x0B, 0x01, 0xD1, 0xAB, 0x40, 0x28, 0x67, 0x69,  0x68,  0xEA, 0xC7, 0xF8, 0x88, 0x33, 0xB6, 0x62, 0x93, 0x5D, 0x75, 0x06,  0xA6,  0xB5, 0xE0, 0xF9, 0xD9, 0x7A


    *runs away before the lawsuits come flooding in*

    hmac to make the 20 byte digest at the end of the token and erk/iv to decrypt/encrypt it with aes256cbc.

    2 more steps to go. Need the button combo and what to change in the dummy token.

    Exciting times :)

    Update 2 - The Tutorial (Linux):

    Slynk has posted a tutorial on how to QA flag your PS3 via Linux. There are more than one ways to accomplish a QA flagged PS3, but this is just one of them.

    To quote:

    There are many methods to accomplish qa and I’m too lazy to document them all so I’ll tell you one way. Linux.

    Step 1) Install OtherOS++, install linux, make sure to enable the ps3 modules when compiling the kernel.

    Step 2) Download, and compile the ps3dm utils

    Step 3) Download my tokenator

    Step 4) Dump your eid by running ./ps3dm_iim /dev/ps3dmproxy get_data 0×0>dump

    Step 5) Set your flag by running ./ps3dm_um /dev/ps3dmproxy write_eprom 0x48C0A 0×00

    Step 6) Open your dump in a hex editor and type in the first 16 bytes into tokenator

    Step 7) Run the script it spits out

    PS3 Step 8) Restart your ps3. Go to the Network Settings options and press L1 + L2 + L3 + R1 + R2 + D-Pad Down

    Have fun. It doesn’t work on rebug yet. There are other flags to set for debug firmwares and rebug is pseudo debug.

    Progress is still being made, so keep checking back for updates :) . We will have a nice easy to follow tutorial once all the details are ironed out.

    Update 3, Game OS App WIP, Debug setting details, QA Flag setup with Grafs Payload:

    Even more updates for you guys. A GameOS solution is being worked on to QA Flag your PS3. It could use improvements and you can grab the source code HERE, and the makefile here.

    Further information related to the debug settings can be found at the PS3 dev wiki located HERE.

    How to setup QA Flag with Grafs Payload:

    First you have to dump your Flash -> Extract EID -> Extract EID0 and EID4 -> put them on eid.c

    • To do this you can use Hardware_flashing, Linux with graf_chokolo kernel with acces to /dev/ps3nflasha Links_to_precompiled_stuff or using this payload uncommenting dump_dev_flash()
    • More info in Flash

    Once you are set

    Use the payloads in the following order uncommenting the required function

    • Set the QA flag
      • update_mgr_qa_flag()
    • Calculate the token
      • update_mgr_calc_token()
    • Verify token
      • update_mgr_verify_token()
    • Set the calculated and verified token in update_mgr_set_token.c
      • update_mgr_set_token()

    You should use wireshark or tcpdump to capture the responses

    Thanks to manster for tip, more info as it comes in :)