Talk:QA Flagging
Jump to navigation
Jump to search
if someone is interested on a GameOS app to QA-flag : http://www.pastie.org/2105541 you can finish this one :D
it "should" work.. but I havent tested it.. it is already too late for me :S ~~PsiCoLeo
/*
* Based on glevands product mode toogle
* PsiCoLeO 2011
*/
/*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; version 2 of the License.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#include <stdio.h>
#include <string.h>
#include <unistd.h>
#include <psl1ght/lv2/net.h>
#include <lv2_syscall.h>
#include <udp_printf.h>
#define UPDATE_MGR_PACKET_ID_READ_EPROM 0x600b
#define UPDATE_MGR_PACKET_ID_WRITE_EPROM 0x600c
#define EPROM_QA_FLAG_OFFSET 0x48c0a
#define EPROM_QA_Token_OFFSET 0x48D3E
/*
* Set your encrypted token
* Calculated with Slynk Tokenator
*/
static uint8_t qa_token[0x50] =
{
0xF6, 0x58, 0xDB, 0xAC, 0x63, 0xEB, 0x47, 0x99, 0xE2, 0x63,
0xC0, 0x10, 0x66, 0x42, 0x3D, 0xF7, 0x34, 0x29, 0x90, 0x61,
0x23, 0xED, 0x89, 0xEC, 0x21, 0x9E, 0xE2, 0x8B, 0x83, 0xF9,
0x87, 0x2F, 0x32, 0x50, 0xEC, 0xC3, 0xD0, 0x3D, 0xEA, 0x6E,
0x14, 0xE0, 0x81, 0xA2, 0x67, 0xCE, 0x86, 0xF7, 0x7A, 0xFE,
0xDF, 0x11, 0xAB, 0x39, 0xE1, 0xCE, 0x57, 0x06, 0x42, 0xC0,
0x2B, 0xB2, 0x3F, 0x49, 0x04, 0xC7, 0xE7, 0x58, 0x70, 0x19,
0x6A, 0xF1, 0xE4, 0x94, 0x32, 0x36, 0x61, 0xB0, 0xA6, 0xB5,
};
/*
* main
*/
int main(int argc, char **argv)
{
uint8_t value;
int result;
int n;
netInitialize();
udp_printf_init();
PRINTF("%s:%d: start\n", __func__, __LINE__);
result = lv2_ss_update_mgr_if(UPDATE_MGR_PACKET_ID_READ_EPROM,
EPROM_QA_FLAG_OFFSET, (uint64_t) &value, 0, 0, 0, 0);
if (result) {
PRINTF("%s:%d: lv1_ss_update_mgr_if(READ_EPROM) failed (0x%08x)\n",
__func__, __LINE__, result);
goto done;
}
PRINTF("%s:%d: current qa flag mode 0x%02x\n", __func__, __LINE__, value);
if (value == 0xff) {
/* enable */
PRINTF("%s:%d: enabling qa flag mode\n", __func__, __LINE__);
value = 0x0;
result = lv2_ss_update_mgr_if(UPDATE_MGR_PACKET_ID_WRITE_EPROM,
EPROM_QA_FLAG_OFFSET, value, 0, 0, 0, 0);
if (result) {
PRINTF("%s:%d: lv2_ss_update_mgr_if(WRITE_EPROM) failed (0x%08x)\n",
__func__, __LINE__, result);
goto done;
}
} else {
/* disable */
PRINTF("%s:%d: disabling qa flag mode\n", __func__, __LINE__);
value = 0xff;
result = lv2_ss_update_mgr_if(UPDATE_MGR_PACKET_ID_WRITE_EPROM,
EPROM_QA_FLAG_OFFSET, value, 0, 0, 0, 0);
if (result) {
PRINTF("%s:%d: lv2_ss_update_mgr_if(WRITE_EPROM) failed (0x%08x)\n",
__func__, __LINE__, result);
goto done;
}
}
PRINTF("%s:%d: end\n", __func__, __LINE__);
lv2_sm_ring_buzzer(0x1004, 0xa, 0x1b6);
/* Setting the QA token */
for ( n=0 ; n<80 ; n++ )
{
PRINTF("Setting QA token bit\n");
value = qa_token[n];
result = lv2_ss_update_mgr_if(UPDATE_MGR_PACKET_ID_WRITE_EPROM,
EPROM_QA_Token_OFFSET+n, value, 0, 0, 0, 0);
if (result) {
PRINTF("%s:%d: lv2_ss_update_mgr_if(WRITE_EPROM) failed (0x%08x)\n",
__func__, __LINE__, result);
goto done;
}
lv2_sm_ring_buzzer(0x1004, 0xa, 0x1b6);
done:
udp_printf_deinit();
netDeinitialize();
return 0;
}
Here's my app. I'd have a full tutorial but I'm having to deal with some bullshit right now. Sorry guys. I'll make a better tutorial later but basically. Flag yourself. Dump your idps (that's the first 16 bytes of your eid0). Type it into my app in the format I provided, click the button, and run that command. Should work. Tokenator.7z (26.42 KB) Slynk
button combo: L2+R2+L1+R1+L3+dpad_down
index0: 0x00 index1: 0x00 index2: 0x0F (L2 0x01 + R2 0x02 + L1 0x04 + R1 0x08) index3: 0x42 (L3 0x02 + dpad_down 0x40)
Advanced token flag is at offset 0x2C (byte 44) within the decrypted token/flag array. Still don't know which bits to set.
vsh.self checks pad combo
sys_init_osd.self checks QA-seed/token