Join Us and become a Member for a Verified Badge to access private areas with the latest PS4 PKGs.
Status
Not open for further replies.
Following their PS4 NMount Payload and his help in both the CE-32875-5_Fix.bin and EapDev, PlayStation 4 developer VVildCard777 via zecoxao shared a video on Jose Coixao's YouTube Channel spotlighting Wildcard's Debug Settings in PS4 1.01 OFW. :D

As noted in the YouTube video's comments by @DarkElementPL, at 1:35 a Toggle_QA.PKG MEME makes a quick appearance before jumping to the Add Content Manager's Entitlement Control screen, to which @GrimDoe replies "~PS3~" as fast as it disappears. :ninja:

From the video's caption, to quote: wildcard debugsettings 101

Debug settings from my friend wildcard in console with 1.01 version. Since 1.01 does not have store mode in it, he cannot patch it so he uses the combo from the wiki instead (that IDC has mentioned on Twitter)

PS4 flag enabler. should in theory enable all qa and utoken flags. for some reason it doesn't work with 9.00, but it likely works on older firmwares. i already sent the source to AlAzif so she can check it for mistakes

Download: ps4-flag_enabler.bin (0.01 MB)
ok, so it seems that the flags have to be different, as enabling them makes the apps not launch. further kernel reversing needs to be done on the RCMgr functions
as for the qa flags themselves, it's a matter of the user trying. i'll provide the source code so that people can experiment to see if they can get some flags working. enabling all flags with ff doesn't work for now
Download: ps4-flag_enabler.rar (0.05 MB - ps4-flag_enabler.bin flag enabler, not working currently) / ps4-payload-sdk.rar (0.73 MB - payload ***, adapted to use flag enabler)
to start testing flags, modify the value of uint8_t flags[0x10] =
Code:
{
  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
  };
to something that you're sure it'll work (additionally you can add a second variable and split utoken/qa)
there are 16 bytes of flags for each utoken and qa, split into 4 groups of 4 uint32_t each. if a flag requires & 02 of the first group for example you must do something like
Code:
02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 to test it
if it's of the third group and it's & 0x10, you must do something like
Code:
00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00
Hidden Feature Video #4 - QA Flags and Utoken Flags on the PS4

Yet another hidden feature video. This one is for the PS4 and encompasses the QA Flags and UToken Flags found in the system. Spoofing these flags in the kernel memory can lead to some fun stuff :)

Dedicated to Flatz.

Magic:
Code:
2F B0 9F D1 DE 76 96 7D EB 94 7B 51 EC 82 78 1E
Kernel Dumper can be found in AlAzif's released payloads.

Note: Enabling all flags as FF won't work (I've tried) so I'll have to test manually each one until I find a suitable combination. Expect more news soon.

Setting QA Flags on the PS4 Kernel

Spoiler

yes, there are some flags on ps4 that let you downgrade as well
on ps4, a specific qa flag called force_update exists. if this flag is set, updating ignores system version when doing so. this means downgrade is possible if the flag set.
this flag exists on all 3 major firmware consoles (the ps3, the psvita and the ps4, of course) and it might also exist on the ps5 as well...
yeah, when Zer0xFF released the method, they permanently patched the method. now it requires psn to set the time. same for ps5
PS4 Debug Settings in v1.01 with Toggle_QA.PKG MEME by VVildCard777.jpg
 

Comments

PSXHAX

Staff Member
Moderator
Verified
A PS3 Toggle_QA.PKG is easier to believe indeed... maybe he'll confirm on Twitter what was shown in the video demo :unsure:
 

GrimDoe

Game Mod Developer
Developer
Senior Member
Contributor
Verified
Of course the (Toggle QA) was for the (PS3) its a PKG. File
I put all of My pkg. Files on one usb.
If it was not Toggle QA then it would have been Multiman pkg.
With speculations lmfao come on yall for real. lol #MEME
 

PSXHAX

Staff Member
Moderator
Verified
Typically lower versions are less secure, so when holes are found in them the devs try and make use of those in higher Firmware basically.
 
Status
Not open for further replies.
Top