Editing Talk:QA Flagging
Jump to navigation
Jump to search
The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.
Latest revision | Your text | ||
Line 1: | Line 1: | ||
---- | |||
if someone is interested on a GameOS app to QA-flag : http://www.pastie.org/2105541 you can finish this one :D | |||
it "should" work.. but I havent tested it.. it is already too late for me :S ~~PsiCoLeo | |||
<pre> | <pre> | ||
0x14 = | /* | ||
* Based on glevands product mode toogle | |||
* PsiCoLeO 2011 | |||
*/ | |||
/* | |||
* This program is free software; you can redistribute it and/or modify | |||
* it under the terms of the GNU General Public License as published by | |||
* the Free Software Foundation; version 2 of the License. | |||
* | |||
* This program is distributed in the hope that it will be useful, | |||
* but WITHOUT ANY WARRANTY; without even the implied warranty of | |||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |||
* GNU General Public License for more details. | |||
* | |||
* You should have received a copy of the GNU General Public License | |||
* along with this program; if not, write to the Free Software | |||
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA | |||
*/ | |||
#include <stdio.h> | |||
#include <string.h> | |||
#include <unistd.h> | |||
#include <psl1ght/lv2/net.h> | |||
#include <lv2_syscall.h> | |||
#include <udp_printf.h> | |||
#define UPDATE_MGR_PACKET_ID_READ_EPROM 0x600b | |||
#define UPDATE_MGR_PACKET_ID_WRITE_EPROM 0x600c | |||
#define EPROM_QA_FLAG_OFFSET 0x48c0a | |||
#define EPROM_QA_Token_OFFSET 0x48D3E | |||
/* | |||
* Set your encrypted token | |||
* Calculated with Slynk Tokenator | |||
*/ | |||
static uint8_t qa_token[0x50] = | |||
{ | |||
0xF6, 0x58, 0xDB, 0xAC, 0x63, 0xEB, 0x47, 0x99, 0xE2, 0x63, | |||
0xC0, 0x10, 0x66, 0x42, 0x3D, 0xF7, 0x34, 0x29, 0x90, 0x61, | |||
0x23, 0xED, 0x89, 0xEC, 0x21, 0x9E, 0xE2, 0x8B, 0x83, 0xF9, | |||
0x87, 0x2F, 0x32, 0x50, 0xEC, 0xC3, 0xD0, 0x3D, 0xEA, 0x6E, | |||
0x14, 0xE0, 0x81, 0xA2, 0x67, 0xCE, 0x86, 0xF7, 0x7A, 0xFE, | |||
0xDF, 0x11, 0xAB, 0x39, 0xE1, 0xCE, 0x57, 0x06, 0x42, 0xC0, | |||
0x2B, 0xB2, 0x3F, 0x49, 0x04, 0xC7, 0xE7, 0x58, 0x70, 0x19, | |||
0x6A, 0xF1, 0xE4, 0x94, 0x32, 0x36, 0x61, 0xB0, 0xA6, 0xB5, | |||
}; | |||
/* | |||
* main | |||
*/ | |||
int main(int argc, char **argv) | |||
{ | |||
uint8_t value; | |||
int result; | |||
int n; | |||
netInitialize(); | |||
udp_printf_init(); | |||
PRINTF("%s:%d: start\n", __func__, __LINE__); | |||
result = lv2_ss_update_mgr_if(UPDATE_MGR_PACKET_ID_READ_EPROM, | |||
EPROM_QA_FLAG_OFFSET, (uint64_t) &value, 0, 0, 0, 0); | |||
if (result) { | |||
PRINTF("%s:%d: lv1_ss_update_mgr_if(READ_EPROM) failed (0x%08x)\n", | |||
__func__, __LINE__, result); | |||
goto done; | |||
} | |||
PRINTF("%s:%d: current qa flag mode 0x%02x\n", __func__, __LINE__, value); | |||
if (value == 0xff) { | |||
/* enable */ | |||
PRINTF("%s:%d: enabling qa flag mode\n", __func__, __LINE__); | |||
value = 0x0; | |||
result = lv2_ss_update_mgr_if(UPDATE_MGR_PACKET_ID_WRITE_EPROM, | |||
EPROM_QA_FLAG_OFFSET, value, 0, 0, 0, 0); | |||
if (result) { | |||
PRINTF("%s:%d: lv2_ss_update_mgr_if(WRITE_EPROM) failed (0x%08x)\n", | |||
__func__, __LINE__, result); | |||
goto done; | |||
} | |||
} else { | |||
/* disable */ | |||
PRINTF("%s:%d: disabling qa flag mode\n", __func__, __LINE__); | |||
= | value = 0xff; | ||
result = lv2_ss_update_mgr_if(UPDATE_MGR_PACKET_ID_WRITE_EPROM, | |||
EPROM_QA_FLAG_OFFSET, value, 0, 0, 0, 0); | |||
if (result) { | |||
PRINTF("%s:%d: lv2_ss_update_mgr_if(WRITE_EPROM) failed (0x%08x)\n", | |||
__func__, __LINE__, result); | |||
goto done; | |||
} | |||
} | |||
PRINTF("%s:%d: end\n", __func__, __LINE__); | |||
= | lv2_sm_ring_buzzer(0x1004, 0xa, 0x1b6); | ||
/* Setting the QA token */ | |||
for ( n=0 ; n<80 ; n++ ) | |||
{ | |||
PRINTF("Setting QA token bit\n"); | |||
value = qa_token[n]; | |||
= | result = lv2_ss_update_mgr_if(UPDATE_MGR_PACKET_ID_WRITE_EPROM, | ||
EPROM_QA_Token_OFFSET+n, value, 0, 0, 0, 0); | |||
if (result) { | |||
PRINTF("%s:%d: lv2_ss_update_mgr_if(WRITE_EPROM) failed (0x%08x)\n", | |||
__func__, __LINE__, result); | |||
goto done; | |||
} | |||
lv2_sm_ring_buzzer(0x1004, 0xa, 0x1b6); | |||
done: | |||
udp_printf_deinit(); | |||
netDeinitialize(); | |||
return 0; | |||
} | |||
</pre> | |||
---- | ---- | ||
Line 66: | Line 161: | ||
index3: 0x42 (L3 0x02 + dpad_down 0x40) | index3: 0x42 (L3 0x02 + dpad_down 0x40) | ||
Advanced token flag is at offset 0x2C (byte 44) within the decrypted token/flag array. Still don't know which bits to set. | |||
---- | ---- | ||
Line 81: | Line 169: | ||
sys_init_osd.self checks QA-seed/token | sys_init_osd.self checks QA-seed/token | ||
== Debug output == | |||
The qa flag has some options to enable some debug output. | |||
Does anybody know or has an idea about: | |||
*In real life how does /sony/ retrieve the debug information? do they use proDG? | |||
**So does it open the required ports to connect using prodg? | |||