Homebrew Discussion SX OS Crack Thread

[Deleted User]

I think we should all just do what the famous Mr. Ping Long originally told us to do and "Pay now play now!!!".

 

[Zumoly]

I think we should all just do what the famous Mr. Ping Long originally told us to do and "Pay now play now!!!".

Good one!

 

[anonymousReality]

if you mean the person who mentioned it on the 19th, i dont think he decrypted it (not that it was hard, just maybe didnt bother), you can see the name "hot gameboy / icebird" if you look at the text value of the binary.
Still different than extracting it and running it on an emu

I just think you should look for answers in other places because the crack will only be released when the team gives the green light to take it out and here are people who, out of selfishness or being part of the team, turn it into a ridiculous section , perhaps the hack by other hands, but I doubt it is here, including the atmosphere nx stopped and apparently is waiting for the team to alert, it is a round business, until this website fails. the streaming of games is approaching, that means that now many hackers are no longer just providing knowledge to hack chip makers but creating it and maybe they have always been part of it. because the console hacking business ends when the industry goes to streaming, the business of some hackers ends, regards.

 

[Dabiolos]

if you mean the person who mentioned it on the 19th, i dont think he decrypted it (not that it was hard, just maybe didnt bother), you can see the name "hot gameboy / icebird" if you look at the text value of the binary.
Still different than extracting it and running it on an emu

Maybe there is an easter egg hidden inside sx os like flog. Did anyone try the movements u do to start flog when the gallery/rom launcher is opened? Maybe it will start the gameboy demo?

I would do in myself but I have no switch yet. I am just here because I am interested in technical details how they managed to secure their os on a fully hacked console.

 

[DarthDub]

Maybe there is an easter egg hidden inside sx os like flog. Did anyone try the movements u do to start flog when the gallery/rom launcher is opened? Maybe it will start the gameboy demo?

I would do in myself but I have no switch yet. I am just here because I am interested in technical details how they managed to secure their os on a fully hacked console.

Gotta crack that Game Boy DRM.

 

[0xD3DPixxel]

Once loaded into SX could a homebrew be made to view/dump/decrypt the boot.dat? i know while in SX demo mode (no licence) it disables the backup loader, could a homebrew enable it?

 

[Batpeter]

inb4 they update and we still dont have the ability to play cart2 and eshop roms until someone cracks it again,

 

[naddel81]

Or extract the backup loader since that is the only thing we really need.

Once loaded into SX could a homebrew be made to view/dump/decrypt the boot.dat? i know while in SX demo mode (no licence) it disables the backup loader, could a homebrew enable it?

Gesendet von meinem Redmi Note 4 mit Tapatalk

 

[Deleted-452294]

Maybe he recently reinstalled Windows or got a new PC and hasn't installed IDA yet. Also, there are other alternatives to IDA that work fine. IDA just tends to be a bit easier to use and has more features. But not having IDA installed means nothing.

If you start cracking something, you usually have IDA ready already. And I haven't actually seen anyone using radare2 or other alternatives, especially on Windows and that would support arm+arm64.

 

[justencase6]

here is the license generate from Tx site
https://gitlab.com/relatived/sx-mitm/tree/master/

Sent from my VS995 using Tapatalk

 

[Dabiolos]

Once loaded into SX could a homebrew be made to view/dump/decrypt the boot.dat? i know while in SX demo mode (no licence) it disables the backup loader, could a homebrew enable it?

that would be a possibility to patch the memory on the running sx os. For this we would need a cheat app/memory debugging homebrew.

But I would bet tx thought of that and used common anti debugging techniques or maybe execute their homebrew in a vm like environment. That could explain why homebrew on sx os runs slower or has compatibility issues... (Matpats Voice: That's just a theory a game/sx os theory)

As stated before, I would love to read how tx secured their os. I think it would be a pretty interesting read.

 

[naddel81]

What is this for?

here is the license generate from Tx site
https://gitlab.com/relatived/sx-mitm/tree/master/

Sent from my VS995 using Tapatalk

Gesendet von meinem Redmi Note 4 mit Tapatalk

 

[adrifcastr]

What is this for?

Gesendet von meinem Redmi Note 4 mit Tapatalk

Essentially exactly what it says, a mitm for the license creation/verification

 

[realjumy]

My dudes, I don't endorse the idea of loading pirated games, but I think all this is a waste of time. I think it's easier and more straight forward doing something from scratch rather than trying to crack their loader.

 

[naddel81]

So after the MITM I can create my own licenses?!

Essentially exactly what it says, a mitm for the license creation/verification

Gesendet von meinem Redmi Note 4 mit Tapatalk

 

[Dabiolos]

No. We are missing the private keys MITM won't help. All it can do now is to send you a bad activation response. If we somehow managed to get the keys we could activate sx os ourselves.

TX didn't even bother to fix this issue by using SSL certification, hard to say if it was on purpose or they didn't think about it...

 

[adrifcastr]

So after the MITM I can create my own licenses?!

Gesendet von meinem Redmi Note 4 mit Tapatalk

Du scheinst nich ganz zu rallen worums geht, mitm heißt man in the middle, aber ohne die entschlüssellungsschlüssel bringt es nichts außer ungültige lizenzvalidierungen.

You don't seem quite to understand how that works, to make it short, the man in the middle setup won't essentially help with anything regarding in getting a valid license, since the private rsa key is missing

 

[naddel81]

Du scheinst nich ganz zu rallen worums geht, mitm heißt man in the middle, aber ohne die entschlüssellungsschlüssel bringt es nichts außer ungültige lizenzvalidierungen.

You don't seem quite to understand how that works, to make it short, the man in the middle setup won't essentially help with anything regarding in getting a valid license, since the private rsa key is missing

since we will certainly never get their private key, what's the point?

 

[Dabiolos]

since we will certainly never get their private key, what's the point?

I can only guess: After release of sx he couldn't knew if there were any requests to validate the payment. He saw the flaw (missing ssl certificate checks) and used a mitm to check for himself and released his findings for us to read.

Maybe the free switch-day guy shows up and hands over the keys. Who knows...

Kroosartige grüße

 

[ut2k4master]

https://twitter.com/hexkyz/status/1010994458316271616

"PSA: SX OS contains brick code. How do I know this? Take a guess... :/
Anyway, the concept is the same that was used by Gateway for the 3DS: your eMMC will be locked with a specific password. Sadly, in my case, the password was generated from random garbage on the stack. "