Hacking Hack SXOS

Detroitguy22 · Mar 29, 2021

https://gbatemp.net/threads/sxos-rommenu-nsp-nros.519365/

Read the last 2 page they were trying to do this 2byears ago and said they did why now theb

Deleted User · Mar 29, 2021

mrdude said:
Did you use a clean version of boot.dat the second time you patched it?

Yep. Actually, as well as using the easier python script today, I did manage to unpack, patch and repack the payload and stage2 back into boot.dat by hand yesterday, which yielded the exact same results.

mrdude said:
Also did you use the fingerprint from the original switch that had the original licence.dat or did you use the fingerprint from your own switch?

I originally was using my own fingerprint, which obviously didn't work. This weird 125-byte "license" does have a hex string the same length as any other fingerprint, which I assumed might have been it, but that also failed to work. Then again, SXOS didn't even acknowledge the license.dat's existence on my microSD, which would be because the license is bad.

Reacher17 said:
there is a version lying around that does not work with the script

Interesting. I obtained it through Archive.org using the official xecuter link for that version. The zip was named "SXOS_beta_v2.9.5.zip".

Reacher17 · Mar 29, 2021

mrdude · Mar 29, 2021

Voxel said:
I gave this hacksxos script a whirl and the rom menu works like a charm (license shows up as valid, can access all the menus, etc).
One problem though. The XCI mounting doesn't seem to work? I'm confident I don't have a bad XCI, but it's just a bit weird considering it mounts fine in Reacher17's video. Maybe you need to have the game icon already on the home menu for it to work?
For all intents and purposes, I myself am just trying this on 6.0.1 SysNAND, although I did also try it on 10.0.1 yesterday, with no success on the XCI front there either.

EDIT: Ah, maybe it was because I didn't replace the console fingerprint in the script; derp. I'll try to figure that out and see if that makes any difference to the functionality.
EDIT 2: Well, that didn't make any difference. :/

Hi dude, with 2.9.5 that supports firmware version 10.0.1, if you're switch was updated to 11.0 firmware you would have burned game cart fuses and you need to use firmware 11.0.0 or gamecards won't work and the firmware will crash, this means that you need to use SXOS 3.10 and patch that instead.

These scripts won't work on 3.10 as the keys are wrong (you can get then from the unpacker script for boot.dat I posted), also the hex patches will be different - so patched 2.9.5 boot.dat needs to be used on older firmware and if you updated to 11.0 in the past your gamecard fuses will be blown - so basically sxos python scripts need modded for 3.1.0 boot.dat.

Cylent1 · Mar 29, 2021

Zoria said:
In fact the interest of cracking SXOS when the atmosphere has almost all the features is a bit "useless".
Nevertheless the fact to have succeeded in cracking it is a pride I suppose, a proof of concept to say, "Hello, yes SX can be hacked go bye bye".

Key word being ALMOST!
The fact that Atmos refuses to incorporate XCI is useless in my opinion and a lot of others also, so don't think for one minute that there is not many of us.
I would advise taking the negative trolling statements and keep them to yourself!

mikefor20 · Mar 30, 2021

*Snip*

Cylent1 said:
Key word being ALMOST!
The fact that Atmos refuses to incorporate XCI is useless in my opinion and a lot of others also, so don't think for one minute that there is not many of us.
I would advise taking the negative trolling statements and keep them to yourself!

XCI loading, or some legal Homebrew equivalent, in Atmosphere is the only way SXOS will become obsolete. Atmosphere devs won't go there because then they will be quasi admitting that SXOS had a killer feature they have been downplaying all this time. Sticking to their story! Plus they "hate piracy"... That's why Atmo is designed in some capacity for Sig Patches.. Which are 100% piracy.. Hmm. I doubt we will see actual XCI loading either on any official level. XCI is a Nintendo format and the code involved is a legal grey area (illegal) at best. It's too much work and most devs won't dare take credit because Ninty may retaliate. And glory is the only real incentive for a lot of those guys. XCI support, or the equivalent, would be nice. They already snuffed out XCI's on most of the familiar sites. Even though XCIs are more useful to some people and have no downside at all. Go figure. If they would make loading any format off of USB that would be huge. But the work/risk doesn't make sense for most people. I was hoping there would be a port of SXOS USB/XCI functionality... time will tell.

Reacher17 · Mar 30, 2021

Sxos v3.1.0 hack ^^

v3 starts nickel with the patches

leerpsp · Mar 30, 2021

Reacher17 said:
Sxos v3.1.0 hack ^^

v3 starts nickel with the patches

--------------------- MERGED ---------------------------

Il

--------------------- MERGED ---------------------------

Il

--------------------- MERGED ---------------------------

you got to let me test this out man I'm on the newest os right now but I'll downgrade to test this and I'll post photos and shit for you.

Detroitguy22 · Mar 30, 2021

We've had rommenu extracted since 2018 are you gonna show real real proof not shaky camera quick *Snip*

Cylent1 · Mar 30, 2021

Detroitguy22 said:
We've had rommenu extracted since 2018 are you gonna show real real proof not shaky camera quick before mike mentions trolls again and has a meltdown

How bout you just take it for what it is at the moment, and if you don't like it, you will just have to learn to deal with it!
Nobody is under no obligation, especially after people who tested this says it works, to give any proof whatsoever!
So stop trolling!!!

mspy · Mar 30, 2021

I have some questions regarding this 'hack'. It appears that this method requires a valid license in the first place to work, so essentially it's like you are able to share a valid license which is bond to only 1 console with others.
Assuming TX releases a new version of SXOS:

1) would this method still work? would you need to do a new hack with every new release? can they patch this vulnerability somehow on their side? or can they blacklist all the valid licenses circulating around on the internet that this method makes use off or even intentionally brick your console if the SXOS detects such a license being used ? I mean if they cannot do shit about it then at this point I don't see why would they not go totally free and release the source code especially if they are not planning any new updates in the future.

2) does this mean that anyone can update/ make their own version of SX OS now to work with the latest firmware ?

I'm not complaining or anything but with all the work gone into this one would think that it would be better spend on ripping off the only feature that makes SXOS worth it in my eyes (XCI Loading) and make it work with an active CFW like Atmos... maybe this hack will open the door for that, who knows.

mrdude · Mar 30, 2021

Reacher17 said:
Sxos v3.1.0 hack ^^

v3 starts nickel with the patches

How can the posted script work on 3.10 boot.dat, the decryption keys are different - also in 2.95 you have this: payload_80000000.bin, there's no such file in 3.10, 3.10 uses payload_81000000.bin. Also hex locations are different. Maybe you patched 2.95 boot.dat but are using the rommenu.nro from 3.10. If that's the case the highest firmware that can be used with this is 10.0.2 as that's all that 2.9.5 boot.dat supports.

Reacher17 · Mar 30, 2021

Cylent1 · Mar 30, 2021

Wow! looks like xci loading does work after all folks! Who wouldn't have thunk it?
How much more proof should one think they are entitled to ask for after this?
Way to go Reacher!

Detroitguy22 · Mar 30, 2021

Post one CLEAR video of the gamecard NOT being inserted, every video doesn't show the card slot and you could easily be pushing card in

And Now that we know Mike is projecting his own furry/pony fetish

BigOnYa · Mar 30, 2021

Detroitguy22 said:
every video doesn't show the card slot and you could easily be pushing card in

I'm not knocking the OP and happy he is working on this, but was wondering the same! Has others here confirmed this is hacked, in some way or another?

Cylent1 · Mar 30, 2021

Detroitguy22 said:
Post one CLEAR video of the gamecard NOT being inserted, every video doesn't show the card slot and you could easily be pushing card in

And Now that we know Mike is projecting his own furry/pony fetish

BigOnYa said:
I'm not knocking the OP and happy he is working on this, but was wondering the same!

Next it will be, Have someone film you while you while you are filming the switch. we want to see what you are doing.
yeah a 360 angle shot!
No matter what......... It never seems to amaze me!

Reacher17 · Mar 30, 2021

BigOnYa · Mar 30, 2021

Nice work Reacher17....Keep at it! :grog:

mrdude · Mar 30, 2021

Not working for me, I've tried on 2 different switches with 2 original SXOS licences, this is how I tested:

Installed 10.0.0.2 firmware on emunand.
Tried boot.dat from 2.9.5 (unpatched works fine and boots into emunand using original licence.dat).
Using patched (manual and from scripts) boot,dat - sxos freezes on sxos logo screen, long press of volume plus button brings up sxos admin menu - this shows emunand as disabled, and sxos licence fail.

Hacking Hack SXOS

Well-Known Member

Deleted User

Guest

Well-Known Member

Developer

Community Smart Ass!

Well-Known Member

Well-Known Member

Attachments

Well-Known Member

Well-Known Member

Community Smart Ass!

Well-Known Member

Developer

Well-Known Member

Community Smart Ass!

Well-Known Member

Has A Very Big

Community Smart Ass!

Well-Known Member

Has A Very Big

Developer

Similar threads

Popular threads in this forum