Homebrew Discussion SX OS Crack Thread

[leerz]

MSIL* lmao

check post count, probably a flamebaiter from tx lol, dude is here to piss you off.

 

[comput3rus3r]

@PRAGMA Why are you arguing with somebody on here? it's not worth it. What we want to know is if you've joined TX? because that would be cool.

 

[someofthemwork]

Not encrypted (as far as I can tell)
Seems to just be some kind of Console Fingerprint with 32 bytes of 00 padding at the end.

Is it still just zero padded for licenses generated by the Pro? They appear to have some way of differentiating between license-request.dat files from the Lite and the Pro. If I had to guess, the ones from the Pro aren't zero padded but instead have something to identify the license associated with the key. Has anyone opened a license-request.dat file generated from a Pro?

Also, does that mean the payload is different for the Pro dongle vs. the one posted on the website? Where does the license come from?

EDIT: Yes, the Pro license files have something besides the 0 padding. But what is it? Just a license key? I don't have one to look at.

 

[HRudyPlayZ]

Very well written! It's nice to see how the crack is going

Did someone tried downloading the website's sources? Maybe we could see more about what is going on the server-side... and maybe crack it more easily.
(For reference HTTrack can be useful)

@PRAGMA Don't listen to people who are trying to discourage you. Try, if it works, nice, we'll have a permanent hack for free, else, you will and already had learnt a lot about how SXOS is made & how the switch FM works too...

 

[Gabri9292]

In stage2.bin, it does a hash check of data.bin, we need to patch this out. Was pretty easy, search for the original sha256 hash of data before editing and replace it with edited versions SHA256.

Somebody can Explain me this?

 

[y4my4m]

I've messaged a few devs on twitter but just gonna post this here.

I discovered there was a "hidden" gameboy rom file in data_8000000.bin (a file you get after uncompacting boot.dat).

The game is "hOT GB/iCEbiRD", some german hack-demo from 98. You can get the file by doing a hexdump from 0x169038 offset, its a gb file.

 

[scottgl]

I've messaged a few devs on twitter but just gonna post this here.

I discovered there was a "hidden" gameboy rom file in data_8000000.bin (a file you get after uncompacting boot.dat).

The game is "hOT GB/iCEbiRD", some german hack-demo from 98. You can get the file by doing a hexdump from 0x169038 offset, its a gb file.

I noticed that as well with binwalk, sometimes binwalk misidentifies files, surprised it's an actual gameboy rom.

 

[jakkal]

I've messaged a few devs on twitter but just gonna post this here.

I discovered there was a "hidden" gameboy rom file in data_8000000.bin (a file you get after uncompacting boot.dat).

The game is "hOT GB/iCEbiRD", some german hack-demo from 98. You can get the file by doing a hexdump from 0x169038 offset, its a gb file.

This is old news

 

[Dabiolos]

Somebody can Explain me this?

It means (easy explained) that the code inside stage2.bin checks if the data.bin file has been modified (the modified file will have a different hash checksum. Comparable to the crc, md5 check you can do on downloaded files but more secure).

They created a new hash for the modified file and replaced the value inside stage2.bin to look for the modified hash so it won't see that data.bin has been tampered.

I think that's a smart move but tx could have used the original hash value to calculate jump points inside the code (at least that's what I would have minimally done to protect my code). If you change the value now it would point to the wrong locations and could cause the freeze when launching.

 

[Kupie]

I recommend not listening to PRAGMA on anything, he's just some stupid script kiddie

 

[NeoSlyde]

I recommend not listening to PRAGMA on anything, he's just some stupid script kiddie

If it's true.. I admit ! He is very smart !

 

[noahc3]

I recommend not listening to PRAGMA on anything, he's just some stupid script kiddie

Likely photoshopped, there are no rats in PRAGMA's program:

 

[ownedlol]

-snip-

Quite sad that you have to spell that out... Even then, I'd assume people would be smart enough to know he's joking.

 

[noahc3]

Quite sad that you have to spell that out... Even then, I'd assume people would be smart enough to know he's joking.

People were freaking out on discord, quite frankly I think people think PRAGMA is smarter than he actually is.

 

[leerz]

discord chat closed? lol i woke up and it is gone. wtf

 

[Asia81]

This place is funny, we have guys doing amazing things, for all of us, for free!

And yet I constantly see posts picking fault and asking when when when!!!

Wow

gbatemp welcome

 

[Kupie]

Quite sad that you have to spell that out... Even then, I'd assume people would be smart enough to know he's joking.

If you want to trust someone that's stating they put trojans in the shit they've made, then go ahead and be retarded all you want.

 

[The Real Jdbye]

To be fair, him claiming many times that he was close to cracking it screamed of amateurism. He has no experience whatsoever in software cracking.
It became quite obvious when he only installed IDA to check into the boot hangs.

Maybe he recently reinstalled Windows or got a new PC and hasn't installed IDA yet. Also, there are other alternatives to IDA that work fine. IDA just tends to be a bit easier to use and has more features. But not having IDA installed means nothing.

 

[y4my4m]

This is old news

please redirecty me to where it was ever mentioned

 

[y4my4m]

please redirecty me to where it was ever mentioned

if you mean the person who mentioned it on the 19th, i dont think he decrypted it (not that it was hard, just maybe didnt bother), you can see the name "hot gameboy / icebird" if you look at the text value of the binary.
Still different than extracting it and running it on an emu