Homebrew SigHax Updates and Discussion Thread

[Roboman]

xorpads are still needed if you want to decrypt games and/or eMMC using a PC.

...until Boot9 is dumped, in which case the actual keys can be retrieved from the BootROM, and OTP dumps can be decrypted to obtain the eMMC keys.

(Interestingly, the only reason xorpads work is because of a weakness in AES-CTR. AES-CBC, which was used on Wii, doesn't have the same problem.)

But the wii had the critical problem of ending signature checking as valid whenever it runs into a null byte. So any brute forced signature that starts with a null byte is valid on the wii!

 

[metroid maniac]

But the wii had the critical problem of ending signature checking as valid whenever it runs into a null byte. So any brute forced signature that starts with a null byte is valid on the wii!

Sigchecks have nothing to do with content encryption.

 

[Starzcream]

Sigchecks have nothing to do with content encryption.

This only allows you to flash a unsigned firmware to bootloader

 

[Deleted User]

To somebody who actually knows:

Is there a reason that hedge is underclocking greg in order to get at boot9? Is it to cause a bootrom error that allows you to dump the data, or some other reason? I couldn't really figure it out from just the one stream I was able to catch.

 

[Zaphod77]

sighax doesn't actually let you do the flash. you need another way to get write access to the NAND for that. it just let you write your own code that passes the bootrom signature check.

 

[jt_1258]

To somebody who actually knows:

Is there a reason that hedge is underclocking greg in order to get at boot9? Is it to cause a bootrom error that allows you to dump the data, or some other reason? I couldn't really figure it out from just the one stream I was able to catch.

perhaps since it thinks slower(the cpu) the flow of things is slower giving more time to triger the flaw and essentialy making time slower, think of it like witch time from bayonetta, although tbh I likely don't have a dam clue what I'm talking about but that's what I think there

 

[Starzcream]

perhaps since it thinks slower(the cpu) the flow of things is slower giving more time to triger the flaw and essentialy making time slower, think of it like witch time from bayonetta, although tbh I likely don't have a dam clue what I'm talking about but that's what I think there

Bullet time effect lmao

 

[EmuAGR]

perhaps since it thinks slower(the cpu) the flow of things is slower giving more time to triger the flaw and essentialy making time slower, think of it like witch time from bayonetta, although tbh I likely don't have a dam clue what I'm talking about but that's what I think there

I suppose that's the answer. The slower the CPU is, the more time you have to exploit the flaws.

 

[jt_1258]

yo, he's taking a break for a moment at the time of posting but by the time you join the stream he'll likely be back but he's working on that boot9 dump thing right now http://www.twitch.tv/hedgeberg

Edit: the stream ended

 

[TotalInsanity4]

yo, he's taking a break for a moment at the time of posting but by the time you join the stream he'll likely be back but he's working on that boot9 dump thing right now http://www.twitch.tv/hedgeberg

How far have they gotten?

 

[jt_1258]

How far have they gotten?

just hopped in so not much of an idea what's goin on

--------------------- MERGED ---------------------------

How far have they gotten?

sorry for the double reply but once I can get the chat replay going after the stream I'll get a screenshot of it in chat but seems my theory was correct about witch timing the 2ds ;P

 

[Deleted User]

just hopped in so not much of an idea what's goin on

--------------------- MERGED ---------------------------


sorry for the double reply but once I can get the chat replay going after the stream I'll get a screenshot of it in chat but seems my theory was correct about witch timing the 2ds ;P

i learned it yesterday, because i asked it in the stream that day

How far have they gotten?

From what I can figure out, timing is down pat, and at this point it's pretty much debugging and the exploit itself. If you go on there and ask politely they can explain it better than I can.

EDIT: emphasized "politely" because hedge has been super stressed lately and the chat doesn't really like gbatemp

 

[jt_1258]

i learned it yesterday, because i asked it in the stream that day



From what I can figure out, timing is down pat, and at this point it's pretty much debugging and the exploit itself. If you go on there and ask politely they can explain it better than I can.

EDIT: emphasized "politely" because hedge has been super stressed lately and the chat doesn't really like gbatemp

I can see the dislike of gbatemp, especially with how hedge was angry about certain arguments that have happened here, nice to see senpai quietly watching over us but I feel bad for what they have to see here, so please, here and in the twitch chat and everywhere, be nice for once in your dam life, let's keep hedge happy and cheer them on

 

[Deleted member 350372]

Yuppp. Decrypting the bricked emuNAND and moving the NAND headers or whatever from sysNAND to the emuNAND. Do you guys know how fucking scary it is, restoring a emuNAND backup that you hex edited back to life?

Xorpads eh? That's probably the one thing I never really was interested in knowing what they do, like game .cia xorpads or xorpads for nand backups, etc. So I guess I started mid-way when things were getting a bit easier. Damn I would be terrified if I had to do all the decrypting and encrypting also hex editing jeez so much work! :o

--------------------- MERGED ---------------------------

I can see the dislike of gbatemp, especially with how hedge was angry about certain arguments that have happened here, nice to see senpai quietly watching over us but I feel bad for what they have to see here, so please, here and in the twitch chat and everywhere, be nice for once in your dam life, let's keep hedge happy and cheer them on

I agree dude. Agreed... Let's stay positive so we can cheer Hedge on and not jynx whether or not sighax will be released by her. Don't wanna have her get so angry that she says f**k it, people are just greedy bastards and only want the hax. They don't care on how hard it is, etc for me. Then again, if this does happen, a huge wait if I am not mistaken will most likely happen for someone to step in for dumping prot_boot9.bin

 

[Tenshi_Okami]

So to understand better, it can be achieved by underclocking the CPU?

 

[jt_1258]

So to understand better, it can be achieved by underclocking the CPU?

it just helps hedge with getting this all set up and figuring it out

 

[Deleted member 350372]

it just helps hedge with getting this all set up and figuring it out

Yeah. And that she won't run into any computer problems or so in future streams...

 

[zoogie]

finally made that #sighax installer pic.twitter.com/OfvnSgBVpz

— derrek (@derrekr6) April 24, 2017

 

[Arubaro]

Wow, also, if you look at the 3ds, it's an o3ds

 

[punderino]

Wow, also, if you look at the 3ds, it's an o3ds

So? That's what he's had a bootrom dump for lmao