Homebrew SigHax Updates and Discussion Thread
- Thread starter adrifcastr
- Start date
- Views 468,101
- Replies 3,813
- Likes 43
No
Right to try clear up many of the misconceptions, or points people seem to be confused about.....not that it will help I guess as someone else will come along and make some bold baseless statement and everyone will jump on it.....but worth a try I guess
"Can I install sighax on a 11.3 system with nothing else?"
No, sighax would need either direct nand r/w access to be installed or an arm9 kernel exploit, only 2 things that currently offer direct nand access on 11.3 is dsiwarehax or a hardmod
"So How/why does dsiwarehax work, it makes no sense!!!!!!"
a common mistake is people thinking dsiwarehax = arm9exploit, it's not really, the dsiware exploit simply exists because the dsi firmware was stupidly given direct r/w access to the entire nand chip, so while it can't directly access all the 3ds arm9 security features which are required for downgrading/decrypting stuff etc, it can dump/write directly to anywhere in the nand rather than just the dsi sections, this means once sighax is released dsiwarehax or a hardmod can be used to perform a plaintext attack on the FIRM section to generate the xorpad which is then used to encrypt a premade sighax firm (although this step is normally done automatically so the end user just see a "press a for hax!" Style interface
The next trick here is that nintendo stupidly doesn't bother to check that the game in your nand is the game it thinks it has installed, so despite Nintendo removing the dsi games that have exploits available, you can simply replace the "exe"
of a different game with that from one of the removed games as long as you already have a hacked system that you can swap files around in the nand,
"So sure that's great I can swap game A for game B on a already hacked system, who cares
," well see in a perfect example of triple face palm action, Nintendo proceeded to not bother to even check content traveling from system A to system B while doing a system transfer either, so now by chaining these 3 oversights you can essentially gain the ability to install sighax on a stock 11.3 system (once released)
The next trick here is that nintendo stupidly doesn't bother to check that the game in your nand is the game it thinks it has installed, so despite Nintendo removing the dsi games that have exploits available, you can simply replace the "exe"
(not really a exe, but I think this is the simplest way to explain it to people)
"So sure that's great I can swap game A for game B on a already hacked system, who cares
," well see in a perfect example of triple face palm action, Nintendo proceeded to not bother to even check content traveling from system A to system B while doing a system transfer either, so now by chaining these 3 oversights you can essentially gain the ability to install sighax on a stock 11.3 system (once released)"Will sighax allow me to Unbrick this system that was bricked by doing X?"
There are a few fundamental things to remember, sighax is essentially just a way to get the boot rom to accept a FIRM made by someone else as legit, to install it you still need direct nand access but the advantage is that this can be done on any system as long as you know exactly what FIRM it was running/updating to when the brick occurred, so for example let's just say I had a n3ds running 2.1 which I stupidly decided to update to 9.2 o3ds FW without installing a9lh first, in this case I could fix it as I could perform the plaintext attack basing the source FW as 2.1 or 9.2 and then encrypt the new sighax firm to replace it, this will now give me an environment somewhat the same as having a9lh installed, now assuming everyone opts to keeping the existing a9lh as their FIRM environment it would be as simple as loading up decrypt9 and doing a ctrtransfer to fix my f**k up
"Well if we can sign stuff FREE HAKS FOREVER WE CAN SIGN A FW AND REDIRECT NINTENDO FW SIGHT OHHHH YEAHH!"
Sorry, but nope, sighax does not sign stuff despite its name, it actually just exploits how the bootrom verifies the signature, so basically don't get your hopes up on magically being able to sign content and forcing the 3ds to accept it, things ain't that far advanced just yet
"Does sighax allow decryption of everything?"
.....nearly, all the normal games/dlc firmware etc will be decryptable on a pc if/when there is a full bootrom dump, but stuff that is using console specific encryption will not without a dump of the console specific keys, afaik the nand is encrypted using a key derived from the cpu, and saves are encrypted using a key derived from the movable.sed, so you could not just write a nand from one console to another as system unique encryption is still system unique, unless someone develops a a9lh or cfw that dummies it out before booting this making all systems use the same nand encryption but that's way beyond a practical solution, the way decrypt9 manages things is sufficient in decrypting before on the source system and re-encrypting on the target system
"Soon we will be running Linux/android/totally cfw/PS4 roms"
sighax will offer very little more than a9lh does already, nobody has been stopped from making their own OS/totally custom home replacement etc, simply nobody can be bothered or it's simply not possible/practical
Idk if I have many any mistakes there, but hopefully it clears up most of the how/what it can do and why questions, any mistakes, please feel free to correct me , but only if you know exactly how/why I'm wrong, not just because some guy said on YouTube that if you fill in a surevey sighax will let you sex people
Last edited by gamesquest1,
But wouldnt you be able to decrypt the nand on a pc with the bootroms dumped? Even of it's not a direct nand flash, surely somethings would be able to be salvaged and restoredNo
Right to try clear up many of the misconceptions, or points people seem to be confused about.....not that it will help I guess as someone else will come along and make some bold baseless statement and everyone will jump on it.....but worth a try I guess
"Can I install sighax on a 11.3 system with nothing else?"
No, sighax would need either direct nand r/w access to be installed or an arm9 kernel exploit, only 2 things that currently offer direct nand access on 11.3 is dsiwarehax or a hardmod
"So How/why does dsiwarehax work, it makes no sense!!!!!!"
a common mistake is people thinking dsiwarehax = arm9exploit, it's not really, the dsiware exploit simply exists because the dsi firmware was stupidly given direct r/w access to the entire nand chip, so while it can't directly access all the 3ds arm9 security features which are required for downgrading/decrypting stuff etc, it can dump/write directly to anywhere in the nand rather than just the dsi sections, this means once sighax is released dsiwarehax or a hardmod can be used to perform a plaintext attack on the FIRM section to generate the xorpad which is then used to encrypt a premade sighax firm (although this step is normally done automatically so the end user just see a "press a for hax!" Style interface
The next trick here is that nintendo stupidly doesn't bother to check that the game in your nand is the game it thinks it has installed, so despite Nintendo removing the dsi games that have exploits available, you can simply replace the "exe"of a different game with that from one of the removed games as long as you already have a hacked system that you can swap files around in the nand,(not really a exe, but I think this is the simplest way to explain it to people)
"So sure that's great I can swap game A for game B on a already hacked system, who cares
"Will sighax allow me to Unbrick this system that was bricked by doing X?"
There are a few fundamental things to remember, sighax is essentially just a way to get the boot rom to accept a FIRM made by someone else as legit, to install it you still need direct nand access but the advantage is that this can be done on any system as long as you know exactly what FIRM it was running/updating to when the brick occurred, so for example let's just say I had a n3ds running 2.1 which I stupidly decided to update to 9.2 o3ds FW without installing a9lh first, in this case I could fix it as I could perform the plaintext attack basing the source FW as 2.1 or 9.2 and then encrypt the new sighax firm to replace it, this will now give me an environment somewhat the same as having a9lh installed, now assuming everyone opts to keeping the existing a9lh as their FIRM environment it would be as simple as loading up decrypt9 and doing a ctrtransfer to fix my f**k up
"Well if we can sign stuff FREE HAKS FOREVER WE CAN SIGN A FW AND REDIRECT NINTENDO FW SIGHT OHHHH YEAHH!"
Sorry, but nope, sighax does not sign stuff despite its name, it actually just exploits how the bootrom verifies the signature, so basically don't get your hopes up on magically being able to sign content and forcing the 3ds to accept it, things ain't that far advanced just yet
"Does sighax allow decryption of everything?"
.....nearly, all the normal games/dlc firmware etc will be decryptable on a pc if/when there is a full bootrom dump, but stuff that is using console specific encryption will not without a dump of the console specific keys, afaik the nand is encrypted using a key derived from the cpu, and saves are encrypted using a key derived from the movable.sed, so you could not just write a nand from one console to another as system unique encryption is still system unique, unless someone develops a a9lh or cfw that dummies it out before booting this making all systems use the same nand encryption but that's way beyond a practical solution, the way decrypt9 manages things is sufficient in decrypting before on the source system and re-encrypting on the target system
"Soon we will be running Linux/android/totally cfw/PS4 roms"
sighax will offer very little more than a9lh does already, nobody has been stopped from making their own OS/totally custom home replacement etc, simply nobody can be bothered or it's simply not possible/practical
Idk if I have many any mistakes there, but hopefully it clears up most of the how/what it can do and why questions, any mistakes, please feel free to correct me , but only if you know exactly how/why I'm wrong, not just because some guy said on YouTube that if you fill in a surevey sighax will let you sex people
Nope because the nand uses system unique encryption, you would need to provide the system unique info to be able to decrypt the content
If you want to restore a nand from one system to another, ctrtransfer in decrypt9 is the tool to use, and as I mentioned in that post, sighax will probably allow you to run decrypt9 on a already bricked system as long as you know the plaintext of the FIRM section
Last edited by gamesquest1,
I have a dumb idea that might save a bricked 3ds somewhere.
If it's bricked and you don't know the fw it was running, you could just bruteforce a plaintext attack. Just make a nand backup and proceed to brute force the firmware from all released firmwares until it works, or you run out of firmwares to try (in which case it was corrupted somehow).
If it's bricked and you don't know the fw it was running, you could just bruteforce a plaintext attack. Just make a nand backup and proceed to brute force the firmware from all released firmwares until it works, or you run out of firmwares to try (in which case it was corrupted somehow).
Last edited by Roboman,
- Joined
- Jan 11, 2015
- Messages
- 753
- Trophies
- 0
- Age
- 36
- Location
- Makati
- Website
- leerz25.sitesled.com
- XP
- 2,176
- Country
Oh, the black screen that happens
With stock fw,
Basically the os loads, but there is no display, you can hear the 3ds screen and it boots up, button presses and all,
Recovery works (and the screens are perfect)
It just won't load the home menu, nor will recovery is able to fix it by updating to the latest fw.
My guess is it is a bad block in the nand since the sytem is virgin
Last edited by leerz,
yeah as long as the system wasn't bricked by installing a corrupt nand backup/ bad a9lh build (unless you still have the plaintext a9lh firm) or nand backup from a different system, then yeah you could manually go through each firm until you find the right one
I had a system do that once and I'd why I just restored a nand backup and it worked fine, I assume it was just some configuration file read at startup was corrupt as once I restored the nand backup it worked fine, so yeah a sight install plus ctrtransfer would probably work
Last edited by gamesquest1,
Ok now you got my attention! i can be a guinea pig. I have multiple cfw 3ds incase i need them. I bricked an o3ds during the 2.1.0 ctrtransfer. Now its stuck on a black screen. Nands not corrupt. Im assuming just the ctr partition. It was on 11.2.0 before i did the ctr transfer. Would the 4mb autofirm patch allow me to boot in to recovery? i have a hardmod and a bricked nand backup. Im thinking sighax is the only thing that can save this situation or possibly what you guys are suggesting?
Last edited by Starzcream,
it happened exactly the same to me, so I'm interested in the outcome of this
Been searching for a detailed guide on how to revert a ctr transfer but all require otp. All the posts I've seen are people reporting the same answer with no real solution unless you have a n3ds.
I have actually already fixed a few systems that were bricked in the same way, simply use the autofirm pack but drop in the 2.1 FIRM in place of the 10.4 firm, this should fix it as usually the ctrtransfer fails on the installing FIRM step right at the end, so your system is already on 2.1 but just need the 2.1 firm injected over the 11.2 firm
- Joined
- Jan 11, 2016
- Messages
- 6,032
- Trophies
- 1
- Age
- 24
- Location
- 日本
- Website
- www.facebook.com
- XP
- 3,211
- Country
Quite off topic: @gamesquest1 you live where my ex lives lmao, on topic: hedge isn't publically going to release the bootrom when greg has dumped it though, at least not publicly.
And why won't hedge release greg's bootrom? Where would he upload it? He...is gonna upload it...right?
- Joined
- Jan 11, 2016
- Messages
- 6,032
- Trophies
- 1
- Age
- 24
- Location
- 日本
- Website
- www.facebook.com
- XP
- 3,211
- Country
The person who is trying to dump boot9 said themselves they aren't releasing it to the public because of piracy reasons.
Similar threads
- No one is chatting at the moment.
-
-
-
-
-
-
-
-
@
Xdqwerty:
@Purple_Heart, then I will be actually older than him for a bit (ik thats not how ages work btw) -
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
