Hacking RELEASE AutoIPS sig Patcher

[ShadowOne333]

Difference in ips patch is because the original ips patches 4 bytes in 2 places (2 Arm64 instructions), this one only patches 1 byte (Only part of 1 Arm64 instruction). Therefore the generated ips will be a few bytes shorter - if that makes sense. Yes - that's the line to comment out in main.c

Also - the patch that's generated is only for the loader.kip, If any firmware patches are needed - these still need to be downloaded from your patch provider.

Oh very well then.
That one byte patch kinda threw me off there, I assumed both addresses where necessary to make the sigpatches work, but if a one byte patch does it, and it works, then I assume it's okay.

Also, here you have AutoIPS for Linux.
I recompiled hactool and included a 32bit compiled binary of it, so that anyone with Linux can run it without issues, and I also made a script in bash called "RunMe.sh" for Linux users.

If you want, you can use these for the official release of AutoIPS, so users in both Windows and Linux (maybe even Mac) can run it
Same requirements as the Windows version are needed, Python 3.X and Bitstring.

 

[Zkajavier]

Or maybe someone could just ask SciresM not to change the byte pattern every so often (?)

 

[ShadowOne333]

Or maybe someone could just ask SciresM not to change the byte pattern every so often (?)

That's not how compilation works

 

[jockep]

Only way to futureproof it a little is implementing some sort of wildcard search given some of the last patterns follow any similarities, i don't know previous patterns though. It won't be 100% futureproof either.

 

[inspectorhackjet]

Which part of the Atmosphere code is this patching, exactly?

 

[ShadowOne333]

Which part of the Atmosphere code is this patching, exactly?

The Loader part specifically, which is included within the fusee-primary/fusee-secondary payloads.

 

[inspectorhackjet]

The Loader part specifically, which is included within the fusee-primary/fusee-secondary payloads.

Yeah, I know. I meant which function/line exactly in the loader. Tried to find that with ghidra, but couldn't find out where it maps in the code.

 

[ShadowOne333]

Yeah, I know. I meant which function/line exactly in the loader. Tried to find that with ghidra, but couldn't find out where it maps in the code.

Open up one of the .py files, one of those has the exact bytes that the patcher modifies.
You could try looking at the address inside the loader.kip file has those bytes, and then try to check the same addresses in GHidra.

 

[inspectorhackjet]

Already done that and found a function, but it has no labels and I really have no idea which function of the original code I'm looking at.

 

[duckbill007]

This code patching conditional jump, so it is a bad patching. Good patch should patch

bool IsEnabledProgramVerification() {
return g_enabled_program_verification;
}

to return false, not true as it does now.

--------------------- MERGED ---------------------------

Anyway IPS patching opensource code is a sick idea!

 

[mrdude]

This code patching conditional jump, so it is a bad patching. Good patch should patch

bool IsEnabledProgramVerification() {
return g_enabled_program_verification;
}

to return false, not true as it does now.

--------------------- MERGED ---------------------------

Anyway IPS patching opensource code is a sick idea!

Feel free to modify any code you want to dude and post it as well - I'm finished with this, it was just an idea to show how to do it. If you feel the patches are rubbish - mod them to what you feel is better.

 

[peteruk]

@mrdude Would you reconsider and continue your work on this ? With the way things are going I'm getting concerned that it will become harder and harder moving forward for some of us getting our hands on patches.

 

[mrdude]

@mrdude Would you reconsider and continue your work on this ? With the way things are going I'm getting concerned that it will become harder and harder moving forward for some of us getting our hands on patches.

I wouldn't worry too much about patches, they will still be found on various websites and maybe posted anonymously. There's no need to panic.

 

[peteruk]

I wouldn't worry too much about patches, they will still be found on various websites and maybe posted anonymously. There's no need to panic.

panic over my man

 

[chronoss]

error for me when i launch Runme.bat

Spoiler: Error

E:\RTU\Switch\AutoIPS Sig patches>C:\python38\python Extract-Loader.py
Le chemin d’accès spécifié est introuvable.

E:\RTU\Switch\AutoIPS Sig patches>hactool --intype=kip1 --uncompressed=extracted
/Loader-dec.kip extracted/Loader.kip
[WARN]: Failed to match key "bis_kek_source", (value "34c1a0c48258f8b4fa9e5e6ada
fc7e4f")
[WARN]: Failed to match key "bis_key_00", (value "5224f3ed64075b69caa496f45db2f8
49429ccc67281f2578f2555b05d94148b0")
[WARN]: Failed to match key "bis_key_01", (value "e86c93510f40534840e169ff3bcbe8
b63985c0b3485c925b8ed5822bbc4a2a2b")
[WARN]: Failed to match key "bis_key_02", (value "db21eb7838df626c152eabdb25545f
b3b09cfb504df2e1724b3cd97dcdfc4e17")
[WARN]: Failed to match key "bis_key_03", (value "db21eb7838df626c152eabdb25545f
b3b09cfb504df2e1724b3cd97dcdfc4e17")
[WARN]: Failed to match key "bis_key_source_00", (value "f83f386e2cd2ca32a89ab9a
a29bfc7487d92b03aa8bfdee1a74c3b6e35cb7106")
[WARN]: Failed to match key "bis_key_source_01", (value "41003049ddccc065647a7eb
41eed9c5f44424edab49dfcd98777249adc9f7ca4")
[WARN]: Failed to match key "bis_key_source_02", (value "52c2e9eb09e3ee2932a10c1
fb6a0926c4d12e14b2a474c1c09cb0359f015f4e4")
[WARN]: Failed to match key "device_key", (value "b88abe8e65435abb94347ec4c8608e
b7")
[WARN]: Failed to match key "eticket_rsa_kek", (value "19c8b441d318802bad63a5bed
a283a84")
[WARN]: Failed to match key "eticket_rsa_kek_source", (value "dba451124ca0a98368
14f5ed95e3125b")
[WARN]: Failed to match key "eticket_rsa_kekek_source", (value "466e57b74a447f02
f321cde58f2f5535")
[WARN]: Failed to match key "retail_specific_aes_key_source", (value "e2d6b87a11
9cb880e822888a46fba195")
[WARN]: Failed to match key "rsa_oaep_kek_generation_source", (value "a8ca938434
127fda82cc1aa5e807b112")
[WARN]: Failed to match key "rsa_private_kek_generation_source", (value "ef2cb61
a56729b9157c38b9316784ddd")
[WARN]: Failed to match key "save_mac_key", (value "67c79b8032fafb39b3ceffa3251c
1a92")
[WARN]: Failed to match key "sd_seed", (value "3fa0ea3b29f94846ec9611e31d76b143"
)
[WARN]: Failed to match key "ssl_rsa_kek", (value "b011100660d1dccbad1b1b733afa9
f95")
[WARN]: Failed to match key "ssl_rsa_kek_source_x", (value "7f5bb0847b25aa67fac8
4be23d7b6903")
[WARN]: Failed to match key "ssl_rsa_kek_source_y", (value "9a383bf431d0bd813253
4ba964397de3")

Done!

E:\RTU\Switch\AutoIPS Sig patches>C:\python38\python MakePatch.py
Le chemin d’accès spécifié est introuvable.

E:\RTU\Switch\AutoIPS Sig patches>RMDIR extracted /s /q

E:\RTU\Switch\AutoIPS Sig patches>pause
Appuyez sur une touche pour continuer...

 

[mrdude]

error for me when i launch Runme.bat

Spoiler: Error

E:\RTU\Switch\AutoIPS Sig patches>C:\python38\python Extract-Loader.py
Le chemin d’accès spécifié est introuvable.

E:\RTU\Switch\AutoIPS Sig patches>hactool --intype=kip1 --uncompressed=extracted
/Loader-dec.kip extracted/Loader.kip
[WARN]: Failed to match key "bis_kek_source", (value "34c1a0c48258f8b4fa9e5e6ada
fc7e4f")
[WARN]: Failed to match key "bis_key_00", (value "5224f3ed64075b69caa496f45db2f8
49429ccc67281f2578f2555b05d94148b0")
[WARN]: Failed to match key "bis_key_01", (value "e86c93510f40534840e169ff3bcbe8
b63985c0b3485c925b8ed5822bbc4a2a2b")
[WARN]: Failed to match key "bis_key_02", (value "db21eb7838df626c152eabdb25545f
b3b09cfb504df2e1724b3cd97dcdfc4e17")
[WARN]: Failed to match key "bis_key_03", (value "db21eb7838df626c152eabdb25545f
b3b09cfb504df2e1724b3cd97dcdfc4e17")
[WARN]: Failed to match key "bis_key_source_00", (value "f83f386e2cd2ca32a89ab9a
a29bfc7487d92b03aa8bfdee1a74c3b6e35cb7106")
[WARN]: Failed to match key "bis_key_source_01", (value "41003049ddccc065647a7eb
41eed9c5f44424edab49dfcd98777249adc9f7ca4")
[WARN]: Failed to match key "bis_key_source_02", (value "52c2e9eb09e3ee2932a10c1
fb6a0926c4d12e14b2a474c1c09cb0359f015f4e4")
[WARN]: Failed to match key "device_key", (value "b88abe8e65435abb94347ec4c8608e
b7")
[WARN]: Failed to match key "eticket_rsa_kek", (value "19c8b441d318802bad63a5bed
a283a84")
[WARN]: Failed to match key "eticket_rsa_kek_source", (value "dba451124ca0a98368
14f5ed95e3125b")
[WARN]: Failed to match key "eticket_rsa_kekek_source", (value "466e57b74a447f02
f321cde58f2f5535")
[WARN]: Failed to match key "retail_specific_aes_key_source", (value "e2d6b87a11
9cb880e822888a46fba195")
[WARN]: Failed to match key "rsa_oaep_kek_generation_source", (value "a8ca938434
127fda82cc1aa5e807b112")
[WARN]: Failed to match key "rsa_private_kek_generation_source", (value "ef2cb61
a56729b9157c38b9316784ddd")
[WARN]: Failed to match key "save_mac_key", (value "67c79b8032fafb39b3ceffa3251c
1a92")
[WARN]: Failed to match key "sd_seed", (value "3fa0ea3b29f94846ec9611e31d76b143"
)
[WARN]: Failed to match key "ssl_rsa_kek", (value "b011100660d1dccbad1b1b733afa9
f95")
[WARN]: Failed to match key "ssl_rsa_kek_source_x", (value "7f5bb0847b25aa67fac8
4be23d7b6903")
[WARN]: Failed to match key "ssl_rsa_kek_source_y", (value "9a383bf431d0bd813253
4ba964397de3")

Done!

E:\RTU\Switch\AutoIPS Sig patches>C:\python38\python MakePatch.py
Le chemin d’accès spécifié est introuvable.

E:\RTU\Switch\AutoIPS Sig patches>RMDIR extracted /s /q

E:\RTU\Switch\AutoIPS Sig patches>pause
Appuyez sur une touche pour continuer...

Most of those errors is because you have put your key file in with hactool - and hactool doesn't need the key file for this, also the path to your python 3 folder is incorrect - you need to edit that yourself to where you installed it.

 

[mathew77]

So-o, the new AMS 0.15.0 has been released.

New sigpatches?

 

[mrdude]

So-o, the new AMS 0.15.0 has been released.

New sigpatches?

Just put the generated: fca59c745a07dd7b254281f6edd4aa4aa29ab3b57a33379cc697ec23c0ef4704.ips into where you usually put your loader patch.

Also in bootloader/patches.ini - add this:
[Loader:fca59c745a07dd7b]
.nosigchk=0:0x679A:0x1:01,00

Homebrew + games work just fine as I just tried it.

 

[mathew77]

Thanks!

Homebrew + games work just fine as I just tried it.

Did you try any .NSP forwarders / non-signed (xci converted) games?

 

[mrdude]

Thanks!


Did you try NSP-forwarders / non-signed games?

I don't have any non signed games - but I have a nsp forwarder for tombraider and that's working.