Toggle sidebar

Homebrew SigHax Updates and Discussion Thread

  • Thread starter Thread starter adrifcastr
  • Start date Start date
  • Views Views 531,976
  • Replies Replies 3,813
  • Likes Likes 43
Gaming796 said:
I'd say that s/he wouldn't have cared to read the OP since most don't.
Click to expand...
thats their problem, if they would read all that stuff I've written there wouldn't be so much noobs asking around. boot9tools and ctr firm builder are public since month and also listed in the op since weeks...
 
  • Like
Reactions: vinstage and el_gonz87
addi33 said:
thats their problem, if they would read all that stuff I've written there wouldn't be so much noobs asking around. boot9tools and ctr firm builder are public since month and also listed in the op since weeks...
Click to expand...
See, that's how the net works. It's filled with noobs who overlook important stuff.
Anyways, before this conversation gets more into noobs and the forums, I think it's safe to stop discussing that. I'd just suggest to increase the font size of "READ THE OP BEFORE COMMENTING" as well as making it bold and red. That might just grab the attention of some noobs.

--------------------- MERGED ---------------------------

@addi33 I recommend you reading through the "What the heck is sighax???" part of the OP again. I'm sure you can find a few spelling errors.
 
Last edited by Gaming796,
As i understand it the only reason a9lh can't be done on 11.3 is we can't downgrade, and that we don't have an arm9 exploit. you need 2.1 to gt the otp, or 9.2 on a n3ds to try otpless, which sometimes bricks.

It's just as unpatchable once installed, as near as I can tell. It's more likely they could stop luma from doing it's job.

A(LH is good enough for me. only reason sighax is needed in my opinion is that it may work when a9lh is unavailable.
 
Zaphod77 said:
As i understand it the only reason a9lh can't be done on 11.3 is we can't downgrade, and that we don't have an arm9 exploit. you need 2.1 to gt the otp, or 9.2 on a n3ds to try otpless, which sometimes bricks.

It's just as unpatchable once installed, as near as I can tell. It's more likely they could stop luma from doing it's job.

A(LH is good enough for me. only reason sighax is needed in my opinion is that it may work when a9lh is unavailable.
Click to expand...

Got it in 1.

Although Sighax is better than A9LH as it executes before A9LH, which makes booting faster (although marginally). It's also 100% unpatchable without a hardware revision, unlike A9LH which could be removed via an update (Ala Gateway's A9LH implementation...) which overwrites the Firm0/1 partitions (although most CFW have update patches so this isn't a worry unless you're a Gateway user, which doesn't have any..). Nintendo can't undo it remotely, but that doesn't stop users from uninstalling it by accident (I doubt Sighax will be affected by this).

And regarding Luma, they can try and hinder it from running but the community just as quickly releases a counter patch to undo anything which went wrong (i.e SVC backdoor).
 
Last edited by Flying Scotsman,
metroid maniac said:
Sighax is no more protected from updates than a9lh. They both reside in the FIRM partitions, and they can both be uninstalled by overwriting the FIRM partitions.

a9lh relies on a specially corrupted keysector too, but that's kind of auxiliary.
Click to expand...

Hey now, just because I made 1 mistake does not mean you can render other, valid info "crap".

Besides, unless you use Gateway I strongly doubt overwriting the FIRM partitions will be a worry for the average user (although the higher chance of a brick from updating Sighax through the FIRM partitions is more of a worry).
 
My one hope is the bootloader being unlocked will allow us to flash sighaxed nands(non device specific). Or even inject sighaxed bootloader on the the corrupt nand then be able to restore to a stock firmware. one can only dream to recover from corrupt ctr nand downgrade. One less paperweight.
 
Ahh jeez so much hype. :o Quick question, I read the OP and such, and to be careful of updating and then something goes wrong or bricks while updating via system settings thru sighax in the future, would we be able to have A9LH & sighax together as CFW loading options in case 1 doesn't work for whatever reason? I already have a9lh and luma3ds, so I can install sighax when it is publically released and stable. :P
 
Erm... There's one thing that's bugging me in the OP about how Greg and Hedge are dumping boot9. They aren't dumping just boot9, they're dumping the protected bit of Boot9 specifically. There's nothing interesting in unprot_boot9.bin and it can be easily dumped using GodMode9. prot_boot9.bin is the interesting part that Greg and Hedge are dumping and the reason that they are doing all this "Vector-Glitchhax" stuff is because the 3DS literally turns off those pins in order to stop the dumping of boot9 by writing to CFG_SYSPROT9 (I believe, Please correct me if I'm wrong). Would you kindly edit the OP for me to say they're dumping prot_boot9.bin?
 
Quick question:
How hard would it be to 'dump' the protected bootrom by examining the SoC with an electron microscope?
I know people have reverse engineered entire processors with microscopes before (albeit older ones).
 
hedgeberg has streamed today, I have watched and also chatted and stuff, and he explained very well how the vector glitch exactly works (meanwhile he did it) but sadly his streams are not gettin archived so unless somone recorded it, his explanations are gone
 
Roboman said:
Quick question:
How hard would it be to 'dump' the protected bootrom by examining the SoC with an electron microscope?
I know people have reverse engineered entire processors with microscopes before (albeit older ones).
Click to expand...

While I can't comment on how easy/hard it would be to use an electron microscope to reverse engineer the bootrom, I think the cost would be astronomical to do so (especially compared to the Vectorhax method being used currently).
 
Oschara said:
Did anyone catch the stream Hedge and Greg did?
Click to expand...
addi33 said:
hedgeberg has streamed today, I have watched and also chatted and stuff, and he explained very well how the vector glitch exactly works (meanwhile he did it) but sadly his streams are not gettin archived so unless somone recorded it, his explanations are gone
Click to expand...
 
Roboman said:
Quick question:
How hard would it be to 'dump' the protected bootrom by examining the SoC with an electron microscope?
I know people have reverse engineered entire processors with microscopes before (albeit older ones).
Click to expand...
Pretty much impossible.

addi33 said:
hedgeberg has streamed today, I have watched and also chatted and stuff, and he explained very well how the vector glitch exactly works (meanwhile he did it) but sadly his streams are not gettin archived so unless somone recorded it, his explanations are gone
Click to expand...
I blame you for not recording :P
 
Starzcream said:
My one hope is the bootloader being unlocked will allow us to flash sighaxed nands(non device specific). Or even inject sighaxed bootloader on the the corrupt nand then be able to restore to a stock firmware. one can only dream to recover from corrupt ctr nand downgrade. One less paperweight.
Click to expand...
This isn't fully possible. The FIRM0/FIRM1 partitions on NAND are encrypted with a device-specific key stored in the OTP. If you have an OTP dump from the device, sure, you could directly sighax like that. Without the OTP available, it will be necessary for FIRM0/FIRM1 to have a valid NATIVE_FIRM version encrypted to your device, and it will be necessary to know which version it is.
 
Myria said:
This isn't fully possible. The FIRM0/FIRM1 partitions on NAND are encrypted with a device-specific key stored in the OTP. If you have an OTP dump from the device, sure, you could directly sighax like that. Without the OTP available, it will be necessary for FIRM0/FIRM1 to have a valid NATIVE_FIRM version encrypted to your device, and it will be necessary to know which version it is.
Click to expand...

I thought a bootloader being unlocked would not require the OTP or possibly a trimmed rom that only writes to ctrnand? one can only hope.. i unfortunately dont have the otp but i do have a nand backup that is stuck on black screen after ctr downgrade. I was on version 11.2. When i tried to use autofirm on it it auto bluescreened after i wrote the nand back with error code 00000000 0000000. Can we not extract the otp from a nand backup if the protected partition is decrypted?
 
Last edited by Starzcream,

Site & Scene News

Go to forum More news

Popular threads in this forum

Why did the price of 3ds shoot up ?

Hacking Homebrew Project  BlazerTube - a YouTube 3DS revival using the REAL app!

Problems getting Homebrew to appear outside of the Homebrew Launcher (homebrew won't appear on the HOME menu)

Homebrew app Emulator  [Release] 3DS-CLI - Run a real RISC-V Linux environment on the Nintendo 3DS

Website for finding alternative games for 3DS

Hardware  2 Broken 3DSes, need help

Gaming  any good rpgs on 3ds?

Hacking  Modding Reassurance