Toggle sidebar

Homebrew SigHax Updates and Discussion Thread

  • Thread starter Thread starter adrifcastr
  • Start date Start date
  • Views Views 532,168
  • Replies Replies 3,813
  • Likes Likes 43
TheMynx said:
So, why is Sighax such a big thing? A9LH can do nearly everything Sighax can do. What's the advantage of Sighax over A9LH? I don't understand honestly.
Click to expand...

You would be able to install it without an arm9 exploit. You could do it with DSiWarehax or a hardmod. That effectively makes it unpatchable.
 
So A9LH is patchable? If so why wouldn't Nintendo patch it?

EDIT : Also, if what I gather is correct, for the end-user, the only advantage is the fact that it's unpatchable?
 
Last edited by TheMynx,
TheMynx said:
So A9LH is patchable? If so why wouldn't Nintendo patch it?

EDIT : Also, if what I gather is correct, for the end-user, the only advantage is the fact that it's unpatchable?
Click to expand...

Once you have a9lh installed, it's unpatchable. But installing it requires on a lot of hacks that Nintendo could fix.

Sighax will always work with hardmod/DSiWarehax, and that won't ever change. No other hacks are required and these hacks can't be patched.
 
TheMynx said:
So A9LH is patchable? If so why wouldn't Nintendo patch it?

EDIT : Also, if what I gather is correct, for the end-user, the only advantage is the fact that it's unpatchable?
Click to expand...
and that it can load before boot.

--------------------- MERGED ---------------------------

TheMynx said:
So A9LH is patchable? If so why wouldn't Nintendo patch it?

EDIT : Also, if what I gather is correct, for the end-user, the only advantage is the fact that it's unpatchable?
Click to expand...
and they have before this is why arm9loaderhax.bin has been updated many times
 
Why you guys confront sighax and a9lh? They are no enemies! The greatest thing about sighax is it boots so early the otp is not even locked! You guys could install a9lh directly on 11.X firmware!
 
TheMynx said:
So, why is Sighax such a big thing? A9LH can do nearly everything Sighax can do. What's the advantage of Sighax over A9LH? I don't understand honestly.
Click to expand...

Considering the corrections I was given...

The advantages come in two things, from what I can tell:

1) Slightly earlier code execution. A9LH appears to be, according to that information...Bootrom -> ARM9Loader (NFIRM) -> Code Execution (After a few more steps under the hood.)
Sighax seems to simply take over the system at first stage.

2) (The Main one, from what I can tell.)
No longer requiring to downgrade to 2.1, as the OTP is no longer necessary. This means that a user can get Sighax, which according to what I'm hearing is technically better, for far less work. When combined with safehax, and soundhax, which are apparently firmware agnostic, Sighax, Soundhax, and Safehax (should be called '3SHax') combined make any firmware that's 11.2 or lower with an A11 exploit (which Safehax needs to run) into a golden firmware for entry, like 9.2 used to be referred as, but also makes 2.1 obsolete.

That being said, it should also be taken into consideration that Sighax actually helps A9LH, because Sighax executes so early it can dump the OTP, so if you simply prefer A9LH, you can dump the OTP on any firmware with an ARM9Exploit, and it cannot be patched.

That seems to be what I'm getting from the generous user that answered my questions. Thank you for the answers by the way! Also, feel free to correct me if I'm wrong here too.
 
Last edited by TheOverseer,
  • Like
Reactions: the assaf and TheMynx
TheOverseer said:
2) (The Main one, from what I can tell.)
No longer requiring to downgrade to 2.1, as the OTP is no longer necessary. This means that a user can get Sighax, which according to what I'm hearing is technically better, for far less work. When combined with safehax, and soundhax, which are apparently firmware agnostic, Sighax, Soundhax, and Safehax (should be called '3SHax') combined make any firmware that's 11.2 or lower with an A11 exploit (which Safehax needs to run) into a golden firmware for entry, like 9.2 used to be referred as, but also makes 2.1 obsolete.
Click to expand...

Actually:
a) Soundhax -> waithax/fasthax -> Safehax -> ctrtransfer 2.1 A9LH (this is being done right now, with a few success cases)
b) Soundhax -> waithax/fasthax -> [Safehax ?] -> Sighax -> A9LH
 
Would it be possible to unbrick a bricked N3DS with it?
I've a bricked second N3DS here which has only one Title deleted (a mistake my brother did with FBI). It is unable to boot the recovery Menu, though.
 
TheOverseer said:
1) Slightly earlier code execution. A9LH appears to be, according to that information...Bootrom -> ARM9Loader (NFIRM) -> Code Execution (After a few more steps under the hood.)
Sighax seems to simply take over the system at first stage.
Click to expand...

A regular O3DS boot is Bootrom > NFIRM
A regular N3DS boot is Bootrom > Arm9loader > NFIRM
An arm9loaderhax boot is Bootrom > Arm9loader > code execution
A sighax boot is Bootrom > code execution.

The only major difference between the last two is that arm9loader has already disabled the OTP by the time code execution is achieved.
So with sighax, not only is the OTP not needed, it's trivial to get the OTP if you still want it :P

Urbanshadow said:
Actually:
a) Soundhax -> waithax/fasthax -> Safehax -> ctrtransfer 2.1 A9LH (this is being done right now, with a few success cases)
b) Soundhax -> waithax/fasthax -> [Safehax ?] -> Sighax -> A9LH
Click to expand...

Safehax is necessary in case b), since you need arm9 privileges to write to NAND. No idea about NVRAM booting though.
Once sighax is released there'll be little reason to go back to a9lh, anyway. There'll be little reason to switch from a9lh to sighax too.

--------------------- MERGED ---------------------------

xXDungeon_CrawlerXx said:
Would it be possible to unbrick a bricked N3DS with it?
I've a bricked second N3DS here which has only one Title deleted (a mistake my brother did with FBI). It is unable to boot the recovery Menu, though.
Click to expand...

With hardmod and a known NFIRM version.
 
  • Like
Reactions: Urbanshadow
metroid maniac said:
With hardmod and a known NFIRM version.
Click to expand...

Could you explain this a bit more?
The NAND is bricked (system title deleted and no NAND Backup).
Hardmod shouldn't be a problem for me. Did this a few times already.
Could you explain how to recover the NAND/N3DS? Probably via PM?
 
xXDungeon_CrawlerXx said:
Could you explain this a bit more?
The NAND is bricked (system title deleted and no NAND Backup).
Hardmod shouldn't be a problem for me. Did this a few times already.
Could you explain how to recover the NAND/N3DS? Probably via PM?
Click to expand...

If you know the system version the console was on when it was bricked, you know the NFIRM version, and you would be able to find the NFIRM xorpad. With the xorpad you could install sighax.
If you don't know the NFIRM version, I guess you could do trial and error until it boots.

This is all speculative until Sighax is actually released.
 
metroid maniac said:
Once you have a9lh installed, it's unpatchable. But installing it requires on a lot of hacks that Nintendo could fix.

Sighax will always work with hardmod/DSiWarehax, and that won't ever change. No other hacks are required and these hacks can't be patched.
Click to expand...

Well, I mean technically Sighax suffers the same risk as A9LH I think. Like the exploit associated with A9LH can't be fixed, I think, because it exploits the NFIRM, and the bootrom loads that first, and since the verification in the bootroom can't be patched, any version of ARM9Loader will always run. So technically, A9LH couldn't be patched, but it could be overwritten without FIRM patches. That being said, I believe if you still have ARM9Access, and the OTP, you could reinstall it.

Sighax could ALSO be overwritten without proper protection, as it simply would reside on NFIRM as well. But as long as you have ARM9Access, you should be able to install it again.

So technically, wouldn't Sighax being able to dump OTP mean that A9LH is just as unpatchable as Sighax is?

Correct me if I'm wrong though. My theory is based on the idea that to block a broken version of ARM9Loader, the bootrom would need to verify differently, but since it loads NFIRM directly, it's impossible because there's nothing to update the verification of NFIRM with, if you have access to the keystore. (Which OTP gives). Is this incorrect?

--------------------- MERGED ---------------------------

Urbanshadow said:
Actually:
a) Soundhax -> waithax/fasthax -> Safehax -> ctrtransfer 2.1 A9LH (this is being done right now, with a few success cases)
b) Soundhax -> waithax/fasthax -> [Safehax ?] -> Sighax -> A9LH
Click to expand...

Yeah, I realized about the Sighax bit and edited my post a couple minutes before you posted that Sighax makes 2.1 obsolete for both Sighax and A9LH.
 
Last edited by TheOverseer,
TheOverseer said:
Well, I mean technically Sighax suffers the same risk as A9LH I think. Like the exploit associated with A9LH can't be fixed, I think, because it exploits the NFIRM, and the bootrom loads that first, and since the verified in the bootroom can't be patched, any version of ARM9Loader will always run. So technically, A9LH couldn't be patched, but it could be overwritten without FIRM patches. That being said, I believe if you still have ARM9Access, and the OTP, you could reinstall it.

Sighax could ALSO be overwritten without proper, as it simply would reside on NFIRM as well. But as long as you have ARM9Access, you should be able to install it again.

So technically, wouldn't Sighax being able to dump OTP mean that A9LH is just as unpatchable as Sighax is?

Correct me if I'm wrong though. My theory is based on the idea that to block a broken version of ARM9Loader, the bootrom would need to verify differently, but since it loads NFIRM directly, it's impossible because there's nothing to update the verification of NFIRM with, if you have access to the keystore. (Which OTP gives). Is this incorrect?
Click to expand...

a9lh or sighax can be overwritten if you don't have FIRM protection in your CFW. This either leads to an updated, unhacked console (O3DS, or N3DS with stock keysector) or a brick (N3DS with an a9lh keysector)

Having arm9 access on the latest firmware is not a given. There's the recent discovery of safefirmlaunchhax, but before that you would need to downgrade to 9.2 to get arm9 access... and that depended on a whole other exploit chain, which made hacking the 3DS pretty complicated. Basically, there's no guarantee that after the update you would be able to reinstall your hack.

To install a9lh you need to be able to install the hacked keysector and you need to install the hacked NFIRM sections.
To generate the hacked keysector you need the hash of the OTP. This hash can be obtained by arm9loaderhax itself, or by obtaining the OTP and deriving it from a mathematical formula. And you can get the OTP by booting a 2.1 firmware or sighax.
And to install the hacked NFIRM sections you need to know your console's unique NFIRM xorpad. This can be learned simply by knowing the version of NFIRM that's installed and seeing how the plaintext version is different to the ciphertext version installed on your console.
With plain NAND access (DSiWarehax, hardmod) no further information is needed to install a9lh. So, by dumping the OTP hash now and preparing a DSiWarehax exploit you'd always be able to recover.
When sighax is released, you obviously won't need the OTP hash either.

I'm not really sure what the final paragraph is attempting to say.
The bugs we use in arm9loader for a9lh are fixed, but it doesn't matter because there is no way for the bootrom to be told that a particular arm9loader version is no longer secure.
 
metroid maniac said:
a9lh or sighax can be overwritten if you don't have FIRM protection in your CFW. This either leads to an updated, unhacked console (O3DS, or N3DS with stock keysector) or a brick (N3DS with an a9lh keysector)

Having arm9 access on the latest firmware is not a given. There's the recent discovery of safefirmlaunchhax, but before that you would need to downgrade to 9.2 to get arm9 access... and that depended on a whole other exploit chain, which made hacking the 3DS pretty complicated. Basically, there's no guarantee that after the update you would be able to reinstall your hack.

To install a9lh you need to be able to install the hacked keysector and you need to install the hacked NFIRM sections.
To generate the hacked keysector you need the hash of the OTP. This hash can be obtained by arm9loaderhax itself, or by obtaining the OTP and deriving it from a mathematical formula. And you can get the OTP by booting a 2.1 firmware or sighax.
And to install the hacked NFIRM sections you need to know your console's unique NFIRM xorpad. This can be learned simply by knowing the version of NFIRM that's installed and seeing how the plaintext version is different to the ciphertext version installed on your console.
With plain NAND access (DSiWarehax, hardmod) no further information is needed to install a9lh. So, by dumping the OTP hash now and preparing a DSiWarehax exploit you'd always be able to recover.
When sighax is released, you obviously won't need the OTP hash either.
Click to expand...

Thank you for this information. This makes a lot of sense. I did know about being on reliant on exploit chains, I was mainly interested in showing that in it's own way, the exploit used with A9LH can't be patched (in a way that matters) because of the below:

metroid maniac said:
I'm not really sure what the final paragraph is attempting to say.
The bugs we use in arm9loader for a9lh are fixed, but it doesn't matter because there is no way for the bootrom to be told that a particular arm9loader version is no longer secure.
Click to expand...

Basically, that's exactly what my guess was/I was trying to say. I guess 'virtually unpatchable' or 'unpatchable in implementation' would be a good term for it, because since the bootrom can't be told a version of arm9loader is no longer secure, you can 'fix' the bugs for arm9loader, but never in a way that matters, because by that point, someone has arm9 access anyway.
 
TheOverseer said:
Thank you for this information. This makes a lot of sense. I did know about being on reliant on exploit chains, I was mainly interested in showing that in it's own way, the exploit used with A9LH can't be patched (in a way that matters) because of the below:

Basically, that's exactly what my guess was/I was trying to say. I guess 'virtually unpatchable' or 'unpatchable in implementation' would be a good term for it, because since the bootrom can't be told a version of arm9loader is no longer secure, you can 'fix' the bugs for arm9loader, but never in a way that matters, because by that point, someone has arm9 access anyway.
Click to expand...

Well, you can always patch the exploit chain prior to actually installing a9lh :P Won't do much for users who already have a permanent exploit, but it can stop new users.
Going from arm11 userland to arm11 kernel to arm9 isn't easy. Fortunately there's been a deluge of every sort of these hacks lately.
 

Site & Scene News

Go to forum More news

Popular threads in this forum

Why did the price of 3ds shoot up ?

Hacking Homebrew Project  BlazerTube - a YouTube 3DS revival using the REAL app!

Problems getting Homebrew to appear outside of the Homebrew Launcher (homebrew won't appear on the HOME menu)

Homebrew app Emulator  [Release] 3DS-CLI - Run a real RISC-V Linux environment on the Nintendo 3DS

Website for finding alternative games for 3DS

Hardware  2 Broken 3DSes, need help

Gaming  any good rpgs on 3ds?

Hacking  Modding Reassurance