Homebrew SigHax Updates and Discussion Thread

Kingy

Kingy

Well-Known Member
Member
Level 13
Joined
Feb 21, 2016
Messages
959
Trophies
1
Location
England I guess
XP
3,795
Country
United Kingdom
GerbilSoft said:
This is quite possibly the dumbest thing I've read all day.

The boot ROM has a vulnerability in its RSA signature verification; therefore, something that takes advantage of it is a boot ROM exploit. What else would it be, an Internet Explorer exploit?

...unless you're trying to say that the only possible "boot ROM exploit" is a way to dump the boot ROM.

EDIT: Oh, so you're trying to be pedantic by claiming the signature patch itself isn't an "exploit", but the program used to generate the patch is. Or something like that; I don't speak fluent noob.
Click to expand...
Oh my fucking god, this is cancer in post form. When did I ever say that 'only possible "boot ROM exploit" is a way to dump the boot ROM.'? The fucking sigpatch patches the FW USING something that has been exploited by the bootrom exploit, while the bootrom exploit, which has yet to be released to the public, exploits the bootrom.
 
Last edited by Kingy,
GerbilSoft

GerbilSoft

Well-Known Member
Member
Level 14
Joined
Mar 8, 2012
Messages
2,395
Trophies
2
Age
35
XP
4,269
Country
United States
TheKingy34 said:
Oh my fucking god, this is cancer in post form. When did I ever say that 'only possible "boot ROM exploit" is a way to dump the boot ROM.'? The fucking sigpatch patches the FW, while the bootrom exploit, which has yet to be released to the public, exploits the bootrom.
Click to expand...
Are you intentionally trying to confuse Process9 signature check patching (which is already a thing) with sighax, which is an exploit that takes advantage of broken RSA verification in the boot ROM?

Other than that, I have no idea what you're trying to say.
 
Last edited by GerbilSoft, , Reason: s/Kernel9/Process9/
The Catboy

The Catboy

GBAtemp Official Catboy™: Savior of the broken
Member
Level 40
Joined
Sep 13, 2009
Messages
28,033
Trophies
4
Location
Making a non-binary fuss
XP
39,642
Country
Antarctica
metroid maniac said:
Who is we? The community, or the handful of people who are hoarding bootrom dumps? :P
Click to expand...
We as a community are about to have more control over our systems. Once Sighax becomes a thing, we are actually going to get something better than A9LH and that is awesome.
 
  • Like
Reactions: adrifcastr
M

metroid maniac

An idiot with an opinion
Member
Level 11
Joined
May 16, 2009
Messages
2,089
Trophies
2
XP
2,682
Country
Crystal the Glaceon said:
We as a community are about to have more control over our systems. Once Sighax becomes a thing, we are actually going to get something better than A9LH and that is awesome.
Click to expand...

You're right, I was pretty doubtful that something better than A9LH was even possible and it's nice to see something even more flexible become possible.

But that's only if the bootrom goes public.
 
  • Like
Reactions: adrifcastr
Kingy

Kingy

Well-Known Member
Member
Level 13
Joined
Feb 21, 2016
Messages
959
Trophies
1
Location
England I guess
XP
3,795
Country
United Kingdom
GerbilSoft said:
Are you intentionally trying to confuse Kernel9 sigpatching (which is already a thing) with sighax, which is an exploit that takes advantage of broken RSA verification in the boot ROM?

Other than that, I have no idea what you're trying to say.
Click to expand...
Ok, fucking hell.
Let me explain again, The sighax, s-i-g-h-a-x, not kernel9, SIGHAX patches the FW USING (u-s-i-n-g) the RSA code (In the bootrom) which the bootrom (b-o-o-t-r-o-m) is exploited by a bootrom exploit (NOT bootrom, but the exploit, NOT SIGHAX) which has NOT been released to the public (here, this is the public) exploits the bootrom (With the RSA code) so the sighax is able to well, do it's thing.
Simple enough?
 
Last edited by Kingy,
  • Like
Reactions: Eastonator12
Jacklack3

Jacklack3

( ゚ヮ゚) buddie was here
Member
Level 13
Joined
Oct 6, 2015
Messages
1,863
Trophies
1
Location
Canada
Website
jackomix.neocities.org
XP
3,808
Country
Canada
Crystal the Glaceon said:
What's up with the scene lately? Everyone has become such naysayers. Like this is cool stuff! Another means of booting into CFW? And even faster than A9LH! That's cool as hell!
I don't remember this much pissing and moaning when A9LH was revealed.
Click to expand...
Here's some reasons why.

1. Faster than A9LH. While this is small, some people are pretty happy to have this. Even though the speed of sighax better than A9LH is smaller than A9LH faster than menuhax it's still a good difference.

2. Unpatchable. I'm not kidding, Nintendo can do NOTHING about this. Unless they got hands on your console they can do nothing about it.

3. Earlier than A9LH. Now you might not know what I mean but instead of hacking the Arm9 process it hacks the process after that, now I don't know what it is but (someone correct me if i'm wrong) you know when the light turns on and it takes a bit to turn the screen on? Well it hacks the process at the black screen. (I'm assuming, i may be wrong but it is earlier than A9LH.)

4. 3DS is FULLY hacked! The 3DS is COMPLETELY taken over, if someone goes "Well we can't control this part of the 3DS-" Yes we fucking can.

dere ya g0

(feel free to correct me if i'm wrong on something.)
 
  • Like
Reactions: Deleted User, jtvjan and Ricken
GerbilSoft

GerbilSoft

Well-Known Member
Member
Level 14
Joined
Mar 8, 2012
Messages
2,395
Trophies
2
Age
35
XP
4,269
Country
United States
TheKingy34 said:
Ok, fucking hell.
Let me explain again, The sighax, s-i-g-h-a-x, not kernel9, SIGHAX patches the FW USING (u-s-i-n-g) the RSA code (In the bootrom) which the bootrom (b-o-o-t-r-o-m) is exploited by a bootrom exploit (NOT bootrom, but the exploit, NOT SIGHAX) which has NOT been released to the public (here, this is the public) exploits the bootrom (With the RSA code) so the sighax is able to well, do it's thing.
Simple enough?
Click to expand...
So you think "sighax" specifically refers to a program that applies the patch. Brillant.
 
  • Like
Reactions: Deleted User
The Catboy

The Catboy

GBAtemp Official Catboy™: Savior of the broken
Member
Level 40
Joined
Sep 13, 2009
Messages
28,033
Trophies
4
Location
Making a non-binary fuss
XP
39,642
Country
Antarctica
metroid maniac said:
You're right, I was pretty doubtful that something better than A9LH was even possible and it's nice to see something even more flexible become possible.

But that's only if the bootrom goes public.
Click to expand...
Something tells me that it's going to go public
Jacklack3 said:
Here's some reasons why.

1. Faster than A9LH. While this is small, some people are pretty happy to have this. Even though the speed of sighax better than A9LH is smaller than A9LH faster than menuhax it's still a good difference.

2. Unpatchable. I'm not kidding, Nintendo can do NOTHING about this. Unless they got hands on your console they can do nothing about it.

3. Earlier than A9LH. Now you might not know what I mean but instead of hacking the Arm9 process it hacks the process after that, now I don't know what it is but (someone correct me if i'm wrong) you know when the light turns on and it takes a bit to turn the screen on? Well it hacks the process at the black screen. (I'm assuming, i may be wrong but it is earlier than A9LH.)

4. 3DS is FULLY hacked! The 3DS is COMPLETELY taken over, if someone goes "Well we can't control this part of the 3DS-" Yes we fucking can.

dere ya g0

(feel free to correct me if i'm wrong on something.)
Click to expand...
I don't understand your post, you are just confirming the same thing I was saying. This is this going to be great and naysayers are just dumb. Seriously, anyone dumping on this idea is just stupid. This is actually going to be better than A9LH, something so few thought was possible
 
KevinX8

KevinX8

Proud user of The Dark Theme
Member
Level 7
Joined
May 12, 2016
Messages
960
Trophies
0
Age
33
Location
Down there
XP
1,013
Country
TheKingy34 said:
Ok, fucking hell.
Let me explain again, The sighax, s-i-g-h-a-x, not kernel9, SIGHAX patches the FW USING (u-s-i-n-g) the RSA code (In the bootrom) which the bootrom (b-o-o-t-r-o-m) is exploited by a bootrom exploit (NOT bootrom, but the exploit, NOT SIGHAX) which has NOT been released to the public (here, this is the public) exploits the bootrom (With the RSA code) so the sighax is able to well, do it's thing.
Simple enough?
Click to expand...
Sighax is the exploitation of the lack of verification done by the boot rom. It those not rely on any other exploit to work, its simply an over sight by nintendo which allows us to forge a working signature for our own firmware. What isn't released is the method of creating this signature and a public dump of the bootrom
 
  • Like
Reactions: adrifcastr, Deleted User and GerbilSoft
Jacklack3

Jacklack3

( ゚ヮ゚) buddie was here
Member
Level 13
Joined
Oct 6, 2015
Messages
1,863
Trophies
1
Location
Canada
Website
jackomix.neocities.org
XP
3,808
Country
Canada
Crystal the Glaceon said:
Something tells me that it's going to go public

I don't understand your post, you are just confirming the same thing I was saying. This is this going to be great and naysayers are just dumb. Seriously, anyone dumping on this idea is just stupid. This is actually going to be better than A9LH, something so few thought was possible
Click to expand...
Sorry, I didn't see your post, my bad.
 
GerbilSoft

GerbilSoft

Well-Known Member
Member
Level 14
Joined
Mar 8, 2012
Messages
2,395
Trophies
2
Age
35
XP
4,269
Country
United States
TheKingy34 said:
No, you're not reading my posts correctly. sighax DOES NOT exploit the bootrom, the bootrom exploit does. The RSA code is then changed by sighax, so we can have Firm signing, and everything that the OP says or something similar. Main point being, sighax isn't a bootrom exploit.
Click to expand...
Are you saying that the RSA code in the boot ROM is modified by the exploit?
 
KevinX8

KevinX8

Proud user of The Dark Theme
Member
Level 7
Joined
May 12, 2016
Messages
960
Trophies
0
Age
33
Location
Down there
XP
1,013
Country
TheKingy34 said:
No, you're not reading my posts correctly. sighax DOES NOT exploit the bootrom, the bootrom exploit does. The RSA code is then changed by sighax, so we can have Firm signing, and everything that the OP says or something similar. Main point being, sighax isn't a bootrom exploit.
Click to expand...
Are you suggesting there is an exploit to write to stripped NAND chips? Because that's what the bootrom is, a nand chip that has no ability to be written to by anything once it's been written to once. The RSA verification isn't rewritten by any exploit, it just sucks ass if you watched the actual video about it
 
  • Like
Reactions: GerbilSoft and Deleted User
D

Deleted User

Guest
Holy shit, this thread just needs to be locked. Too many people having a fucking fight over what sighax is and what it does. Either the OP needs to explain it or there needs to be a better thread. Maybe there just needs to not be one at all, would that make the community happy?
 
  • Like
Reactions: jtvjan and Kingy
KevinX8

KevinX8

Proud user of The Dark Theme
Member
Level 7
Joined
May 12, 2016
Messages
960
Trophies
0
Age
33
Location
Down there
XP
1,013
Country
TheKingy34 said:
No, the RSA code is used by the exploit to enable sighax that starts before anything else and all else that sighax does.
Click to expand...
RSA is a verification method, no code is executed to make sighax work, sighax is basically a hacked together Nintendo master key that they use to sign all their bootroms and with sighax we can sign our own firmware just like the big N
 
  • Like
Reactions: GerbilSoft
GerbilSoft

GerbilSoft

Well-Known Member
Member
Level 14
Joined
Mar 8, 2012
Messages
2,395
Trophies
2
Age
35
XP
4,269
Country
United States
KevinX8 said:
RSA is a verification method, no code is executed to make sighax work, sighax is basically a hacked together Nintendo master key that they use to sign all their bootroms and with sighax we can sign our own firmware just like the big N
Click to expand...
Or in other words: Wii Trucha bug mkII

(It's not exactly the same as Trucha, but the result is.)
 
Last edited by GerbilSoft, , Reason: +clarify
Giodude

Giodude

GBAtemp's official rock
Member
Level 11
Joined
May 17, 2015
Messages
5,094
Trophies
1
Age
23
Location
New York
XP
2,761
Country
United States
Keep in mind as an a9lh user, it would have no use to me, but in theory, since the bootrom keys allow multiple things to be decrypted and signed, would this allow for the redirection of system updates through a custom DNS server? I'd assume not, but I'm not entirely sure why, unless it's some sort of server-side encryption I'm not aware of. This is mainly for curiosity sake, and partly to change the topic of the thread.

P.S. it's not a bootrom exploit.
 

Site & Scene News

Go to forum More news

Popular threads in this forum

Hacking Hardware  New Nintendo 3DS XL Louvre

What's the best 3DS emulator (especially after Citra's shutdown)?

So what's the current state of hacking and freeshop?

Hacking Homebrew  Animal Crossing New Leaf (ACNL) help: data corrupt??

Hacking  Can you install a legit cia and keep the game? + Question about 3ds modding

Pokemon Ultra Sun/Moon from piracy site doesn't work

Accidentally snapped sd card in half, what to do now?

Hacking Homebrew  3DS System Transfer Questions

General chit-chat
Help Users
  • No one is chatting at the moment.
    SylverReZ @ SylverReZ: They probably said "Hey, why not we combine the two together and make a 'new' DS to sell".