Hacking Hack SXOS

Inaki · Apr 6, 2021

TheyKilledKenny said:
Check here what SciresM wrote about 12.0
https://gbatemp.net/threads/atmosph...pment-by-sciresm.496832/page-297#post-9430111

Yeah, I had seen all those

but still, playing around with it is no harm... all in emunand.

--------------------- MERGED ---------------------------

Inaki said:
Yeah, I had seen all those but still, playing around with it is no harm... all in emunand.

Lol, I don't know if I did something wrong but I just noticed fw version shown in NxNandManager is 10.2.0, the one I have on sysnand... Also, I run lockpick_RCM again and it doesn't recognize sysnand PKG1 ( I restarted all again, yes, I updated sysnand again and will restore a backup later ). Also, TegraExplorer hangs after reading prod.keys... ( EDIT: TegraExplorer finally showed the menu ).

Probably did something wrong the first time

eliboa · Apr 6, 2021

ZachyCatGames said:
Their "spoof" is flashing 11.0.0's package2 on 11.0.1, which would brick 12.0.0.

No it's not.
Reacher17's spoof has nothing to do with those BCPKG2 binaries (or "frankenbuild", as @Inaki calls them).

Inaki said:
Hi @eliboa and thanks for NxNandManager.

To be honest I don't know what changes those package2 files bring. I did the 11.0.0/.1 frankenbuild yesterday and I though trying this ( almost done, just have to migrate atmosphere style emuMMC to sxos style emunand/partitioning and test ).

So, I don't know what will change and what won't. Also, I don't know about keys. I did create a new prod.keys from a fw12 emunand before doing the package2 patching, without it your new NxNandManager, 4.1.2, was saying Bad Crypto, but after creating the one from emunand with fw 12.0.0, it works fine. I am now dumping the whole thing and formating+repartitioning with sxos+restoring from the frankenfw build. I will try.

My low hope was the changes in that package2 were not that big but the "hooks"/patches sxos does were in nonchanged places or that they are a bit flexible, not hardcoded... I don't know Trying is not that much of an effort

--------------------- MERGED ---------------------------

That's why I have taken extra care to do this in emunand and have backups of everything...

Lots of IPC changes in sysmodules, according to SciresM. Downgrading package2 alone will not work this time, i'm afraid. Imho downgrading package2 is pointless anyway, it's not like SX OS will really run on a 12.0.0 or 11.0.1 firmware. But, hey, if you have fun playing with your emunand, why not ?

Inaki said:
Lol, I don't know if I did something wrong but I just noticed fw version shown in NxNandManager is 10.2.0, the one I have on sysnand... Also, I run lockpick_RCM again and it doesn't recognize sysnand PKG1 ( I restarted all again, yes, I updated sysnand again and will restore a backup later ). Also, TegraExplorer hangs after reading prod.keys... ( EDIT: TegraExplorer finally showed the menu ).

Probably did something wrong the first time

NxNM gets the fw version by inspecting files in SYSTEM partition. SystemVersion title's nca has a different filename for each firmware. Are you sure you did'nt mix up your emunand with your sysnand ?
As for Lockpick RCM i'm not surprised, it has yet to support key derivation for fw 12.0. Use your previous keys, you don't need new keys to decrypt package2.

Inaki · Apr 6, 2021

I used TegraExplorer and dumped the Firmware, the files are 575MB total, this is 260MB more than 11.0.0 :? Is this normal ?

eliboa · Apr 6, 2021

Inaki said:
I used TegraExplorer and dumped the Firmware, the files are 575MB total, this is 260MB more than 11.0.0 :? Is this normal ?

No, it should be around 316MB.

Inaki · Apr 6, 2021

eliboa said:
No, it should be around 316MB.

Yeah. But that's what I got. Also, output folder appears as 0(Unk). Could it be because, just after updating and rebooting, I didn't actually let it start ? I just used Hekate and tools. I didn't let fw12 boot. I restore a nand backup before that

eliboa · Apr 6, 2021

Inaki said:
Yeah. But that's what I got.

TegraExplorer is basically dumping all ncas from Contents/Registered in SYSTEM FS. I've just checked on one of my switch on 12.0 and the total size is 316MB.
Were there pre-existing files in your "tegraexplorer" folder before you dumped the new firmware ?
You shoud only see these files in your dump => Nintendo Switch's NCA filenames (eliboa.com)

ZachyCatGames · Apr 6, 2021

eliboa said:
No it's not.
Reacher17's spoof has nothing to do with those BCPKG2 binaries (or "frankenbuild", as @Inaki calls them).

I haven’t seen any mentions of any other “”spoof””?
Regardless, I was responding to a message that was responding to Inaki referring the partial downgrade bs.

Inaki · Apr 6, 2021

eliboa said:
TegraExplorer is basically dumping all ncas from Contents/Registered in SYSTEM FS. I've just checked on one of my switch on 12.0 and the total size is 316MB.
Were there pre-existing files in your "tegraexplorer" folder before you dumped the new firmware ?
You shoud only see these files in your dump => Nintendo Switch's NCA filenames (eliboa.com)

I have these files:
EDIT: no, I didn't even have a tegraexplorer folder on this microsd to begin with.

eliboa · Apr 6, 2021

Inaki said:
I have these files:
EDIT: no, I didn't even have a tegraexplorer folder on this microsd to begin with.

I have the same files. No clue.

Inaki · Apr 6, 2021

eliboa said:
I have the same files. No clue.

The only thing I can think of is the sysnand where I dumped this from was updated and never booted, not even once.

CompSciOrBust · Apr 6, 2021

eliboa said:
The spoof has nothing to do with official firmware. It'll always work on SX OS 3.1, no matter wich firmware is installed.
SX OS 3.1 has no support for firmwares above 11.0.0, but that's another matter. If TX releases a new version of SX OS (very unlikely), they will try to prevent the spoof, for sure.

Why is it unlikely? TX released an update with 11.0.0 support after the arrests and the only person from TX who is even in custody right now is Gary. There are plenty of ways they could break the current crack too.

mrdude · Apr 6, 2021

CompSciOrBust said:
Why is it unlikely? TX released an update with 11.0.0 support after the arrests and the only person from TX who is even in custody right now is Gary. There are plenty of ways they could break the current crack too.

Not really - we can easily patch out all calls to sx domains - this is easy to do, and unless we install something "dodgy" on our switches there's nothing TX can do at all. Current patches also spoof your real fingerprint, so it's not even as if your switch can be identified. All sx domains are banned and unreachable from UK without using a VPN - so UK users don't need to worry about anything.

PS when's your buddy releasing a new SX save manager? can you ask him to remove license checks for cracked sxos - before I start needing to mess about with that. Thanks buddy!

eliboa · Apr 6, 2021

CompSciOrBust said:
Why is it unlikely? TX released an update with 11.0.0 support after the arrests and the only person from TX who is even in custody right now is Gary. There are plenty of ways they could break the current crack too.

Maybe you're right, idk, only time will tell.

CompSciOrBust · Apr 6, 2021

mrdude said:
Not really - we can easily patch out all calls to sx domains - this is easy to do, and unless we install something "dodgy" on our switches there's nothing TX can do at all. Current patches also spoof your real fingerprint, so it's not even as it your switch can be identified. All sx domains are banned and unreachable from UK without using a VPN - so UK users don't need to worry about anything.

PS when's your buddy releasing a new SX save manager? can you ask him to remove license checks for cracked sxos - before I start needing to mess about with that. Thanks buddy!

What have their web servers got to do with anything? All they need to do is move the fingerprint checking code out of the rom menu and in to the TX sys-module. Bonus points if they move it in to a vm based on some obscure architecture that you would have to learn before being able to crack it. I'm sure it's only a matter of time before it's cracked again but they just need to make it last long enough that people give in and buy it, like with any other DRM.

mrdude · Apr 6, 2021

CompSciOrBust said:
What have their web servers got to do with anything? All they need to do is move the fingerprint checking code out of the rom menu and in to the TX sys-module. Bonus points if they move it in to a vm based on some obscure architecture that you would have to learn before being able to crack it. I'm sure it's only a matter of time before it's cracked again but they just need to make it last long enough that people give in and buy it, like with any other DRM.

In the meantime - people will just continue to use 3.10 and the thousands of games they can use already for xci loading. Then use Sysnand or another emunand with higher FW and Atmosphere in dual boot mode for newer games that may require it. That will do for most people for the time being.

We've yet to see an update for SXOS on FW 11.0.1, their websites barely work or are seized, nobody can get their hardware etc, SX team seem like a spent force now. I hope they do update though as I have a valid license, but if they don't at least people that somehow lose their license will still be able to use SXOS.

CompSciOrBust · Apr 6, 2021

mrdude said:
In the meantime - people will just continue to use 3.10 and the thousands of games they can use already for xci loading. Then use Sysnand or another emunand with higher FW and Atmosphere in dual boot mode for newer games that may require it. That will do for most people for the time being.

We've yet to see an update for SXOS on FW 11.0.1, their websites barely work or are seized, nobody can get their hardware etc, SX team seem like a spent force now. I hope they do update though as I have a valid license, but if they don't at least people that somehow lose their license will still be able to use SXOS.

Their websites have been on the fritz since before 3.1.0 released. People could barely wait to run ofw 11.0.1 which has no exclusive games, you think they're going to wait around for SXOS to be cracked every time TX releases an update? SXOS' features are nice but when forced to choose between Atmosphere and waiting for SXOS to be cracked people will just go with Atmosphere.

mrdude · Apr 6, 2021

CompSciOrBust said:
Their websites have been on the fritz since before 3.1.0 released. People could barely wait to run ofw 11.0.1 which has no exclusive games, you think they're going to wait around for SXOS to be cracked every time TX releases an update? SXOS' features are nice but when forced to choose between Atmosphere and waiting for SXOS to be cracked people will just go with Atmosphere.

Nobody has to choose between them though, not when we can just use both.

Alsusee · Apr 6, 2021

mrdude said:
All sx domains are banned and unreachable from UK without using a VPN - so UK users don't need to worry about anything.
!

Not entirely true. I can still reach those sites plus others which were on the banned list using my ISP. I think it was the "big 5" that had to put measures in place

mrdude · Apr 6, 2021

Alsusee said:
Not entirely true. I can still reach those sites plus others which were on the banned list using my ISP. I think it was the "big 5" that had to put measures in place

If people are worried I can add a patch, no problem.

sean222 · Apr 6, 2021

sean222 said:
Can someone help me figure out why my license.dat isn't being generated...the Python script executes successfully all the way up to "Done!"
Boot.dat is modified so I know the script is running ok, just not creating the license.dat...

Figured out my own issue

I had my SX OS Fingerprint ID in fingerprint.txt. Once I deleted this .txt file and re-ran the Python script, it generated the License.dat just fine (my fingerprint is in the Python script).

Inaki · Apr 6, 2021

Just wanted to inform you. Black screen. I can use SXOS Genuine Boot and fw12.0.0 boots just fine. TegraExplorer doesn't fail but it seems it does not work properly. Lockpick_RCM doesn't recognize the partition. I will try with other prod.keys and call it a day.

Hacking Hack SXOS

Well-Known Member

Well-Known Member

Well-Known Member

Well-Known Member

Well-Known Member

Well-Known Member

Well-Known Member

Well-Known Member

Attachments

Well-Known Member

Well-Known Member

🤔

Developer

Well-Known Member

🤔

Developer

🤔

Developer

Well-Known Member

Developer

Well-Known Member

Well-Known Member

Similar threads

Popular threads in this forum