At the end of last year, the PS3 was essentially hacked wide open when a group of hackers known as fail0verflow revealed to the world that there was a way to calculate the private keys on the PS3 used to digitally sign everything from games to firmware updates. This allowed people to create custom firmwares, run homebrew software and, of course, pirate games.
After several lawsuits and a couple of firmware updates from Sony, things seemed to have finally died down for the technology company. The last exploitable firmware was version 3.55 and subsequent versions whitelisted all content so that no "homebrew" would run. Encryption techniques, loading processes were changed and, for the most part, the PS3 was secure once more.
Even after the massive PSN outage Sony suffered earlier this year, the PS3 console itself remained more or less secure, however that looks to have changed once again.
Just over a month ago, notorious PS3 hacker Mathieulh posted a video on Youtube showing his console as "QA flagged". The video has since been removed, but essentially it showed a series of debug menus and options hidden within the PS3's XMB. Mathieulh never shared the method he used to unlock these options, although he did drop a few hints. But what exactly is a "QA flag"?
Aside from the retail models you would buy in any good electronics store, there are different PS3 models out there. For example, there are debug or "test" PS3s that will run unsigned code. As you might imagine, developers use these to test games with. The console itself is no different than a retail PS3, it just has different "flags" set within its EEPROM. In fact, the first PS3 hacks that appeared last year worked mostly by manipulating these flags in memory to make a retail PS3 act like a debug unit. The QA flag is a special flag that removes many of the restrictions placed within a PS3. Downloaded content wont be checked for a valid license, programs wont be checked if they're digitally signed, an option appears that allows you to downgrade your console and so on, all on an unmodified retail firmware. The purpose of the flag is simply for testing - as you might have already guessed, "QA" means Quality Assurance. Furthermore, and more worryingly for Sony, the flag is persistent even after the firmware of the console is updated.
As you might imagine, setting the QA flag isn't as simple as flipping a switch. Another well known PS3 hacker, known as rms, wrote an article about the process shortly after Mathieulh twetted his video. In it, he said -
"Now, let me tell you one thing, it’s so not easy. Besides, if you want to use the QA flag, you have to have a valid QA token, and you have to be on a specific firmware range. [...] Besides, the fancy menu requires a very weird key combo on the Sixaxis, and it only works on retails. On debugs, it just removes all restrictions."
It's the last line, however, that Sony should be most worried about -
"So, in the end QA flagging = (Piracy*Warez)++;. Don’t do it."
Luckily for Sony, many of the talented individuals capable of such things aren't interested in piracy, however there are always exceptions and an anonymous source has leaked to various websites the method used to QA flag a console. The button combination, for example, has been revealed as L1+L2+L3+R1+R2+dpad down. Due to the nature of this, it wouldn't be right to link to directly to the source, however the news is spreading fast amongst various PS3 related sites.
It appears as though it's just a matter of time before someone releases an easy method to QA flag just about any PS3. Although it remains to be seen if it will be possible on the latest firmware or not, those on older versions may well be able to update their consoles with the flag intact, allowing piracy onto the PSN once more. Expect a firmware update from Sony soon.
15 Comments - Add comment