bootrom key is only used to sign and verify boot0 nothing else so no it's no good for system updates
Homebrew SigHax Updates and Discussion Thread
- Thread starter adrifcastr
- Start date
- Views 469,609
- Replies 3,813
- Likes 43
Actually this has a lot of use for you, it's basically an updated A9LH.
What are basically saying is, "As a Menuhax user, A9LH has not use to me."
I am not sure about the details on the rest, since I don't know those details
We don't have any of this information, the guys from 32c3 didn't put up any useful info publically so all we have is their explanation of what they did
OK, suppose there's a vending machine that takes coins. It validates the coins by size and weight. So you run across some Bangladeshi coins that have the exact same size as an acceptable coin, just are a bit too light. So your exploit is to melt some lead and add a few drops on the coins, which now have the correct weight and the vending machine accepts them.
What are you now exploiting? You're changing the coin, but the thing you're *taking advantage of* is the way the machine validates the coins. So it's a machine-exploit, not a coin-exploit. Same with the bootrom. You're taking advantage of something that's incorrectly implemented in the bootrom, so it's a bootrom exploit.
Other than that, since the presenters are choosing do things the fail0verflow way, I'm not expecting anything for a while, but I doubt they won't help / give some pointers to serious devs that come up something and get stuck.
What are you now exploiting? You're changing the coin, but the thing you're *taking advantage of* is the way the machine validates the coins. So it's a machine-exploit, not a coin-exploit. Same with the bootrom. You're taking advantage of something that's incorrectly implemented in the bootrom, so it's a bootrom exploit.
Other than that, since the presenters are choosing do things the fail0verflow way, I'm not expecting anything for a while, but I doubt they won't help / give some pointers to serious devs that come up something and get stuck.
Or we could try and not get the thread locked. We need a dedicated thread.
People could just do that thing where they report off topic posts, instead of replying to them
I meant I don't need to downgrade. Ik this allows for completely different boot images and I'm hype about that.
nope nothing completely silent, maybe they are part of N's bug bounty program XD
So basically unless we have an arm9 exploit or hardmod to write the firm partition sighax is useless. Which means only 9.2 sysnand or below/a9lh systems will be able to make use of this hack for now. Was there any information on a newer arm9 exploit?
The only downside i see to this is having to risk your console every time you update sighax, if the patches have to be built in the firm. Unlike updating a9lh's payload. It could be comparable to updating a9lh itself (which has only had 2 updates so far)
EDIT: A9lh has had at least 3 updates. With them being a9lhv1, a9lhv2, and CTRNAND capable a9lhv2.
--------------------- MERGED ---------------------------
You need an arm9 way of writing into the NAND (a9lh/9.2/Dsiware may be able to work for this), or a direct hardmod (it's writing directly to NAND, duh)
Last edited by Alex658,
There's a risk of bricking when updating A9LH. Nothing is without risk. Once it is released and becomes stable, the fear will be at A9LH level
I know that. What i'm getting at is the frequency at which you're going to be needing to update the firms. You don't update a9lh (the loader, not the payload) each time a new corbenik/luma commit is up, yes?
If payloads are separate from patched firms then even if practically the same thing as a9lh, except for slightly earlier control of the console, it would minimize risks. Don't you think?
so will signhax let you bypass the detection in some games where it deteces the code of the game plugin of ntr cfw ain't legit and doesn't let you go online?
The reason for you not being able to go online is because the plugin blocks it.
The default ntr plugin main by Cell9 is made to do this.
However there was one released that removed this online block. Plugins built with this modified version will not block online.
And EVEN IF the game was preventing you from going online due to modified code. Why exactly would Sighax change anything?
SigHax doesn't change anything about your Custom Firmware.
If SigHax can do it. A9LH likely can do it as well. (Given the CFW supports it)
Well first of all we need to know the pointer for the Signature check to exploit the bad verification and let it memcmp the expected result pointer with the sigpointer (that should now be the expected result pointer).
And additionally. I think the way bruteforcing would work by using the BootROM dump to do the verification on the computer rather than on 3ds (because we don't need the blackbox method anymore).
Meaning we can generate a signature with this fixed pointer over and over and see if it checks out. Without needing to reinject the edited FIRM over and over again into the device to see if it works.
This will make bruteforcing a signature that checks out with the pointer at the end considerably faster.
(At least this is my understanding of it. Please correct me if I'm wrong)
Last edited by Zan',
Ah okay, that makes sense, I did see that one of the game plugin that i used to attempt to go online was made by cell9 among a few other ppl. So i feel i should ask is there a converter i can use to convert my .plg to not block online? Do i have to grab a program or something to edit the .plg and manually modify it?
Cheating online is a pretty scumbag thing to do, that's why it blocks you from going online
It thosent matter why you cheat, your still ruining the experience for others by removing the even playing field which is a pretty shitty thing to do
Similar threads
