Hacking SX OS contains brick code!

[migles]

Rumored, yes. Valid, not that we know of. The "proof" that you are talking about is just that the same rom was discovered in the code. This is thought to be a reference to gateway and not an indication that they are the same people. Think about it... why else would they include the identical rom?

not the rom, but the TX website was registered under the email [at]gateway[dot]com or something like that.

 

[Localhorst86]

They just lock the emmc with a random password, and they said that the boot.dat would have to be modified heavily and repacked. I find no issue with it tbh. I understand some might feel uneasy, but as long as you don't just run random homebrew or things from the RCM along with it I think everyone would be fine.

I understand that they lock the EMMC with a password. But is it reversible? That's the important question that has not been answered yet.

 

[Deleted User]

The issue is that it is code that will *intenionally* destroy property. It could get triggered by a bug and destroy property of a legitmate user.

If you are really confident in your code/DRM, you don't need that protection.
If you need that protection, you're not confident in your code/DRM. How could I be confident that your "protection" doesn't trigger on accident if you yourself are not confident in your code?

If they are so confident on their protection being perfect, they don't need to destroy your device. Just troll the illegitimate users with random crashes or simply make your code refuse to boot in the first place.

This does not destroy property in any way, the worst it can accomplish is that console never going to the nintendo online service if you don't have a nand backup. Even without a nand backup it is perfectly possible to recover from this kind of "brick".
A person on the TX forum has claimed his eMMC was locked by a password during use, which makes me think this is how they accomplish AutoRCM, which is perfectly fine. But it's much more likely that that person is lying, and is trying to make TX remove the protection because they are too weak to actually overcome slight hurdles in development of a crack. If this "brick" code is used for DRM purposes, you can rest assured that there is very low to a nonexistent probability this would ever happen to a propertly licensed user. And if it's used for a feature like AutoRCM, it is obviously also intended to run in a very specific way, and can in no way damage the system.

 

[Lumince]

I understand that they lock the EMMC with a password. But is it reversible? That's the important question that has not been answered yet.

Devs on twitter have said that its possible. I believe there is something that can be set to avoid it.

 

[migles]

I understand that they lock the EMMC with a password. But is it reversible? That's the important question that has not been answered yet.

have a look in the first page in this thread
you can find this link:

Regular users won't be able to restore the NAND normally. You need to mess with raw MMC commands to either unlock or force erase the eMMC.

— Mike Heskin (@hexkyz) June 24, 2018

 

[Draxzelex]

Pretty sure the en masse 3ds banwave had probably just as much.

Really? Wasn't on GBATemp those days (was and still am a Gateway user so I didn't want to introduce unnecessary flame). On the other hand, they don't seem quite as active for the first Switch banwave. Probably because it was mostly LayeredFS users who were hit

 

[comput3rus3r]

I understand that they lock the EMMC with a password. But is it reversible? That's the important question that has not been answered yet.

and it probably won't be answered since this is all based on 1 person's claim. Maybe we'll find out if we see more people getting "bricked" by trying to crack it .

 

[Localhorst86]

This does not destroy property in any way

I have updated my post to clarify what I mean. Even though "destroyed" is a harsh word, I decided to reword it to "render useless" because apparently that's the part of my post that everyone has issues with.

And before anyone complains: If my EMMC is locked, the device wont boot and is useless at that. Wheter or not it might be reversible is really not the issue here. Even if they are willing to reverse it when it got triggered by accident, who knows how long they will be around?

 

[TheDarkGreninja]

Really? Wasn't on GBATemp those days (was and still am a Gateway user so I didn't want to introduce unnecessary flame). On the other hand, they don't seem quite as active for the first Switch banwave. Probably because it was mostly LayeredFS users who were hit

I have a feeling it was just a timing thing, SX OS was just a much bigger thing overall.

 

[Deleted User]

Regular users won't be able to restore the NAND normally. You need to mess with raw MMC commands to either unlock or force erase the eMMC.

— Mike Heskin (@hexkyz) June 24, 2018

-> this is misleading. If this was an actual issue, almost certainly a tool would be made to unlock/wipe and rebuild the eMMC.

 

[TheDarkGreninja]

I have updated my post to clarify what I mean. Even though "destroyed" is a harsh word, I decided to reword it to "render useless" because apparently that's the part of my post that everyone has issues with.

You know the fanboys have difficulty arguing when they have to bring up semantics to argue a point

 

[leonmagnus99]

sheesh ppl shouldnt be so cheap and just buy the darned thing, its only 30bucks.
if you could afford the 300+$ switch then why not buy their hack if you are interested in the hack.

though i understand that guy was tinkering with it out of hobby i guess.
but now that its too risky, id advice ppl to just buy the hack , its cheap and it works flawlessly..

unlike Gateway (GW was a frikkin nightmare..) cant tell how often that shit crashed on me.

no one has to worry about crashes with TXs hack it works 100% , and even getting into the hb menu requires you to just hold the R button pressed while opening the album.. rly good stuff.

 

[Fred Molyneux]

considering the amount of unsold sx they're going to have due to this bricking backlash, they could have simply remove it and accept the fact that people always find a way to crack your code and make you lose some sales.

At least you wouldn't ruin your image.

I think it is the exact opposite. There is thousands of users who were just waiting for a free solution to not have to pay $25 for a SX OS license.
Now they know that even if this free solution comes, they are likely to lose $300 on their bricked console.
They are cheap, but they can do the maths. I bet there was a surge in sales today at TX headquarters. Which I won't complain about since the more customers they have, the more updates will probably come...

 

[Deleted User]

You know the fanboys have difficulty arguing when they have to bring up semantics to argue a point

The problem is not with the "semantics", but with the fact that this is perfectly reversible and does not render the hardware useless in any way. As I said before, if this was an actual issue (which it isn't), then a tool would be made easily to reverse this type of "damage".

 

[sychotix]

not the rom, but the TX website was registered under the email [at]gateway[dot]com or something like that.

Source? All domain registration lookups are masked due to GDPR and it seems strange that they would use an [at]gateway[dot]com email address for thigns not related to gateway in any way.

 

[Localhorst86]

The problem is not with the "semantics", but with the fact that this is perfectly reversible and does not render the hardware useless in any way. As I said before, if this was an actual issue (which it isn't), then a tool would be made easily to reverse this type of "damage".

Again, it *does* render your hardware useless because it will no longer boot. We don't know *IF* it is reversible (i.e. how the password for locking is created) and if it is how cooperative TX will be or how long they will be around.

 

[TheDarkGreninja]

The problem is not with the "semantics", but with the fact that this is perfectly reversible and does not render the hardware useless in any way. As I said before, if this was an actual issue (which it isn't), then a tool would be made easily to reverse this type of "damage".

Can you prove that point?

 

[Deleted User]

Again, it *does* render your hardware useless because it will no longer boot. We don't know *IF* it is reversible (i.e. how the password for locking is created) and if it is how cooperative TX will be or how long they will be around.

We know this is reversible, because hexkyz himself reversed it. In fact, it was reversed with a simple RCM payload showcasing yet again that this is trivial to fix.

 

[cearp]

While I enjoy my SX OS, this shit sucks. They created code to intentionally brick devices and sell it to people. Only god knows if and when this triggers.

no... we know when it triggers, it's if you try to crack sx os but make a mistake.
when i bought mine, i was very confident there was brick code in it.
as long as tx made no mistakes, i won't get bricked. (gw has brick code, it wasn't done the best, a very rare few people got bricked, gw fixed it...)
as far as i know, only that one guy has been bricked - and that's no surprise as to why he got bricked.

of course, it's sad to get a brick, it's not a nice thing.
but these hacker sand reverse engineers, i'm sure they will be able to reverse a brick, or plan against it
(i saw hedgeberg saying some thing about which basically sounded like a nand proxy, so you could filter out any bad bricking commands lol)


until (and it's sad because someone might fake it) - but until we get the first brick from a user using sx os NORMALLY, there is no need to worry

 

[TheDarkGreninja]

We know this is reversible, because hexkyz himself reversed it. In fact, it was reversed with a simple RCM payload showcasing yet again that this is trivial to fix.

Not for a regular user though.