Homebrew Discussion SX OS Crack Thread

Draxzelex · Jul 21, 2018

Davelo said:
What do you mean by that?

hexkyz claims he was going to release a write up of the brick code that SX OS uses as well as I guess how it functions as a backup launcher along with where all that code came from.

All this will be discussed in a future write-up by @naehrwert and myself, but in the mean time, if you are that eager to disprove us, feel free to run their "data_80000000.bin" payload using something like hekate. Reboot your console and enjoy the brick magic!
— Mike Heskin (@hexkyz) June 28, 2018

Roger66681 · Jul 21, 2018

rrocha said:
It wouldn't work like that. It's not just "changing the code to C". It has to be a full port, using all the native platform's libs, developing/porting inexistent dependencies also to switch and even so, the code for a browser as an example, would need to be refactored to accommodate the hardware specification as the screen size, memory size, how it writes and caches to the disk, network access and certificate handling... It would be way less painful for any coder to write a browser from scratch.

So it would be easier to just create my own internet browser? Hmm...I'll see how basic I could get with that...Oh another thing, Nintendo would be able to ban me right? As soon as a loaded up a cfw and then a web browser, wouldn't some red flags be risen?

rrocha · Jul 21, 2018

methods for Nintendo flagging are unknown. But I'll speculate that as soon as you run non-authorized software on your console and you connect it to the internet, HorizonOS will phone home and you'll be banned eventually

Deleted User · Jul 21, 2018

rrocha said:
It wouldn't work like that. It's not just "changing the code to C". It has to be a full port, using all the native platform's libs, developing/porting inexistent dependencies also to switch and even so, the code for a browser as an example, would need to be refactored to accommodate the hardware specification as the screen size, memory size, how it writes and caches to the disk, network access and certificate handling... It would be way less painful for any coder to write a browser from scratch.

An easier way is to launch the online-webapplet (see switchbrew title list) with a whitelist as ".*" and url of, like, google. but we can't do that until we can install NSPs because it doesn't work from HBL (it can't find whitelist)

bi7wise · Jul 23, 2018

:-infern: said:
Possibly a crack but I have no idea to test it, since i dont have much experience with the switch toolkits.

Basically, get v1.3 boot.dat, use hexkyz tx_unpack and tx_decompress to get the decrypted NSOs.

Then open sxos/firmware/Loader/tx/main in ida64 as ARM Little-endian, de-select 'create segments' and 'load as code segment' and then press ok to load the binary.

Then Edit >Select all to highly everything, press C to analyse and select analyse. This will give you all the subroutines/functions in the binary.

Make sure you already have a license.dat file in the correct folder. Can be anything junk.

Now sub_53D0 I think is used to check the license and verify the code you give.
Here patch the CBZ W0, loc_5580 to CBNZ WO, loc_5580 (basically in hex change 60 09 00 34 1F to 60 09 00 35 1F). I think what this does is that it checks the license, if not present or something it routes around getting you to input one, so instead of that we just reverse it so any invalid case it just says its fine. This way no matter what the license is it should just tell you to "reboot the switch console to enjoy sx os".

Now someone can just test this or tell me how i can repatch it and i'll try it for myself. if it doesnt work i'll keep looking.

unlike 99% of people on this site i am an actual researcher and developer, so stop winging for someone who hasnt done anything

This is interesting, but you'd likely still run into the same issue as the OP. It seems that no one has found a workaround for whatever anti-tampering is causing it to freeze.

xxloubexx · Jul 24, 2018

I didn't know if I can help the crack with this information but, I have intercepted the IP adress used when, on the nintendo switch, we try to activate the SX OS. The first ip adress is: 52.6.240.127 and, after that, an second adress IP is used: 104.27.130.246. I hope it will be useful.

xxloubexx

mrdude · Jul 24, 2018

@Infern, I think you could be correct :-)

Although, if you look in this sub:

I would test this hack:
Offset 572C

Change: (CBZ) C0 0C 00 34
To: (CNBZ) C0 0C 00 35

dom1nga · Jul 26, 2018

tx_decompress.py gives me "Compression out of bounds!"

any hints for patching 1.4? i opened tx/main in ida64, but looks like they obfuscated variable names and there are no friendly comments :\

mrdude · Jul 26, 2018

dom1nga said:
tx_decompress.py gives me "Compression out of bounds!"

any hints for patching 1.4? i opened tx/main in ida64, but looks like they obfuscated variable names and there are no friendly comments :\

Same here, I don't think main is decompressed properly (due to that error), and that's why you're not seeing those strings you were in 1.3. Probably the python scripts need modded slighty. In the meantime stick to cracking 1.3.

:-infern: · Jul 29, 2018

mrdude said:
@Infern, I think you could be correct :-)

Although, if you look in this sub:

I would test this hack:
Offset 572C

Change: (CBZ) C0 0C 00 34
To: (CNBZ) C0 0C 00 35

Well I'll be dammed. Just need a repacker now

BuriA · Jul 29, 2018

wow this thread is still alive. i thought sx sucks for you guys. so why bother?
i thought everyone complaining about the brick code?
and it's very cheap you know.

lolnintendoman · Jul 29, 2018

:-infern: said:
Well I'll be dammed. Just need a repacker now

Whats the actual problem with a repacker? Would it be so hard to create?

mrdude · Jul 29, 2018

BuriA said:
wow this thread is still alive. i thought sx sucks for you guys. so why bother?
i thought everyone complaining about the brick code?
and it's very cheap you know.

It seems like you're tarring everyone with the same brush, I have a licence and use tx os - however I'd still like to crack it - not because I need to, but because I'd like to and then share it with other people such as some of my friends with switches who have not even though or heard about hacking their switches.

So what if some people are complaining about TX, that's not everyone though - just saying!

DeuX · Jul 29, 2018

With hekate and reiNX getting the sigpatches I doubt cracking SX OS will be a thing anymore. And to be honest that’s a good thing because it will motivate TX to keep updating

guitarheroknight · Jul 29, 2018

Wasn't this cracked like "day one" or something?

wurstpistole · Jul 30, 2018

So on Reis Twitter there's Screenshots of a loader with the message license cracked, and the nro is out there. Is this legit? Just Curious, won't try it myself since I already have SX os.

BloodRose · Jul 30, 2018

wurstpistole said:
So on Reis Twitter there's Screenshots of a loader with the message license cracked, and the nro is out there. Is this legit? Just Curious, won't try it myself since I already have SX os.

After the events of the past couple of weeks it would take one hell of a brave soul to test that.

Roger66681 · Jul 30, 2018

wurstpistole said:
So on Reis Twitter there's Screenshots of a loader with the message license cracked, and the nro is out there. Is this legit? Just Curious, won't try it myself since I already have SX os.

Can you link the nro? Or just point me in the right direction? I don't mind taking one for the team if it's a bomb.

wurstpistole · Jul 30, 2018

Roger66681 said:
Can you link the nro? Or just point me in the right direction? I don't mind taking one for the team if it's a bomb.

I can not. It is readily available at that one forum that everyone should know about, you know the one that is named after the core shadow in a solar eclipse.
I will not run this.

lolnintendoman · Jul 30, 2018

wurstpistole said:
I can not. It is readily available at that one forum that everyone should know about, you know the one that is named after the core shadow in a solar eclipse.
I will not run this.

Cant find it on umbra, could you link it?

Homebrew Discussion SX OS Crack Thread

Well-Known Member

Member

Developer

Deleted User

Guest

New Member

New Member

Developer

Member

Developer

GBAtemp Legend

Active Member

Well-Known Member

Developer

Well-Known Member

1.6180339887

GBAtemp MVP

Well-Known Member

Member

GBAtemp MVP

Well-Known Member

Similar threads

Popular threads in this forum