Rumour: PS3 hacked again

At the end of last year, the PS3 was essentially hacked wide open when a group of hackers known as fail0verflow revealed to the world that there was a way to calculate the private keys on the PS3 used to digitally sign everything from games to firmware updates. This allowed people to create custom firmwares, run homebrew software and, of course, pirate games.

After several lawsuits and a couple of firmware updates from Sony, things seemed to have finally died down for the technology company. The last exploitable firmware was version 3.55 and subsequent versions whitelisted all content so that no "homebrew" would run. Encryption techniques, loading processes were changed and, for the most part, the PS3 was secure once more.

Even after the massive PSN outage Sony suffered earlier this year, the PS3 console itself remained more or less secure, however that looks to have changed once again.

Just over a month ago, notorious PS3 hacker Mathieulh posted a video on Youtube showing his console as "QA flagged". The video has since been removed, but essentially it showed a series of debug menus and options hidden within the PS3's XMB. Mathieulh never shared the method he used to unlock these options, although he did drop a few hints. But what exactly is a "QA flag"?

Aside from the retail models you would buy in any good electronics store, there are different PS3 models out there. For example, there are debug or "test" PS3s that will run unsigned code. As you might imagine, developers use these to test games with. The console itself is no different than a retail PS3, it just has different "flags" set within its EEPROM. In fact, the first PS3 hacks that appeared last year worked mostly by manipulating these flags in memory to make a retail PS3 act like a debug unit. The QA flag is a special flag that removes many of the restrictions placed within a PS3. Downloaded content wont be checked for a valid license, programs wont be checked if they're digitally signed, an option appears that allows you to downgrade your console and so on, all on an unmodified retail firmware. The purpose of the flag is simply for testing - as you might have already guessed, "QA" means Quality Assurance. Furthermore, and more worryingly for Sony, the flag is persistent even after the firmware of the console is updated.

As you might imagine, setting the QA flag isn't as simple as flipping a switch. Another well known PS3 hacker, known as rms, wrote an article about the process shortly after Mathieulh twetted his video. In it, he said -

"Now, let me tell you one thing, it’s so not easy. Besides, if you want to use the QA flag, you have to have a valid QA token, and you have to be on a specific firmware range. [...] Besides, the fancy menu requires a very weird key combo on the Sixaxis, and it only works on retails. On debugs, it just removes all restrictions."

It's the last line, however, that Sony should be most worried about -

"So, in the end QA flagging = (Piracy*Warez)++;. Don’t do it."

Luckily for Sony, many of the talented individuals capable of such things aren't interested in piracy, however there are always exceptions and an anonymous source has leaked to various websites the method used to QA flag a console. The button combination, for example, has been revealed as L1+L2+L3+R1+R2+dpad down. Due to the nature of this, it wouldn't be right to link to directly to the source, however the news is spreading fast amongst various PS3 related sites.

It appears as though it's just a matter of time before someone releases an easy method to QA flag just about any PS3. Although it remains to be seen if it will be possible on the latest firmware or not, those on older versions may well be able to update their consoles with the flag intact, allowing piracy onto the PSN once more. Expect a firmware update from Sony soon.

Report a problem with article
Previous Story

Rumor: Amazon to launch tablet device in August-September?

Next Story

Plants vs Zombies now available for Windows Phone

15 Comments

I give it 2 weeks before the ps3 gets another firmware update that removes any trace od debug fetures and emergency recovery features.

And i actually have respect for Mathieulh, the tools he release activly make it hard to use warez, at least on the psp.

Aghares said,
Well, Sony will always have the firmware update.
Maybe you missed this part:
Furthermore, and more worryingly for Sony, the flag is persistent even after the firmware of the console is updated.

Aghares said,
Well, Sony will always have the firmware update.

not necessary.. they already changed it for 3.60+ according to another site

Now watch how many people go OH COOL unlock my ps3 forever with the persistant after firmware update ...then watch next firmware ...sony will do 1 of two things patch it and change the combination or 2 go well ur console is QA well no PSN for u and have machine flagged server side so they can log MAC/User etc etc etc and me will just sit and watch the flame wars begin ...

yes i use to like homebrew etcetc but nowadays bth its not realy worth it now ...yes fair enough to get the Linux feature back .. but other apps (homebrew) will mostly be made to aid piracy which will only make sony secure the console more,.

gunny2k6 said,
Now watch how many people go OH COOL unlock my ps3 forever with the persistant after firmware update ...then watch next firmware ...sony will do 1 of two things patch it and change the combination or 2 go well ur console is QA well no PSN for u and have machine flagged server side so they can log MAC/User etc etc etc and me will just sit and watch the flame wars begin ...

yes i use to like homebrew etcetc but nowadays bth its not realy worth it now ...yes fair enough to get the Linux feature back .. but other apps (homebrew) will mostly be made to aid piracy which will only make sony secure the console more,.

The QA flag shouldn't be present in retail consoles period, and yes, debug machines should have been locked out of all production access at the get-go. It's amateur not to do so.

Looking at this it still requires a 3.55 firmware or older to do this at all. Still nada for anyone on newer firmwares. I don't really care that much about it anymore although it was nice for a bit to play old SNES games on a large 40" screen without distortions or anything. My system runs with all prior modifications reverted and on firmware 3.65 quite happily.

shinji257 said,
Looking at this it still requires a 3.55 firmware or older to do this at all. Still nada for anyone on newer firmwares. I don't really care that much about it anymore although it was nice for a bit to play old SNES games on a large 40" screen without distortions or anything. My system runs with all prior modifications reverted and on firmware 3.65 quite happily.

I'm still on 3.60 but heard 3.65 screwing up some users on older ps3 systems. Are you getting any such thing or any improvement over 3.60?

This shouldn't really surprise anyone. Like someone else said it's cat and mouse. A group of very talented individuals finds a way to do things like this, Sony finds a way to stop it. Another group (or the same group) finds another way to do it, Sony finds a way to stop it and so on.

Downloaded content wont be checked for a valid license, programs wont be checked if they're digitally signed, an option appears that allows you to downgrade your console and so on, all on an unmodified retail firmware.

Really, Neowin? Who the hell is editing your articles, ****-chucking apes?

Commenting is disabled on this article.