I was thinking of a possible Diy version, but i would need to know how it works.
The chip glitches through the hardware, unsigned code execution is possible, profit.but i would need to know how it works
It's a fault injection attack that glitches the BCT check in the X1's boot rom. TX write a custom bct generated with the tools intended for Jetson development board, writes it to the nand, then rapidly drops and increases the voltage to the CPU just long enough so it skips over a branch but short enough that it doesn't crash the console. The Xbox 360 RGH worked in a similar way. Nvidia has mitigations in other parts of the boot rom for this type of attack but forgot it in the most important part, which is the BCT check.The "open source firmware" is just what runs once the chip did its glitching thing. What is not known is HOW it glitches the console into running that firmware.
Surely if it were as simple as just hooking a logic analyzer up to one someone would've already done it (and publicly posted the results), right?The bitstream on the FPGA is the issue.
Once we figure this out, we can produce DIY clones.
If you have one on hand, hook a LA to it and look what it does, maybe you can reverse it.
What I don't understand (at least based on this explanation) is the why there doesn't appear to be a DIY project available.[very nice explanation]
Surely if it were as simple as just hooking a logic analyzer up to one someone would've already done it (and publicly posted the results), right?
I know someone who was trying to get the FPGA code. Apparently it's not as easy as just connecting a logic analyser. I have only a very basic understanding of electrical engineering though so I don't know why. Apparently the hwfly people just made their own FPGA firmware instead of trying to copy TX's.Surely if it were as simple as just hooking a logic analyzer up to one someone would've already done it (and publicly posted the results), right?
The files to produce your own hardware are floating about on the internet but without the FPGA firmware it's completely useless.What I don't understand (at least based on this explanation) is the why there doesn't appear to be a DIY project available.
Is the custom boot configuration table console-specific? Does generating it require some unknown information? Is it some sort of timing issue with the voltage spikes or injection? Are people who know how to work with FPGAs just that rare? Is everyone just afraid that Nintendo will C&D, DMCA, or SLAPP their project out of existence (because of some of nintendo's IP is present, or because nintendo is not afraid of legal threats on dubious grounds)?
Don't get it twisted; I hardly know what I'm talking about here and I haven't been keeping up much; but I don't understand how there aren't DIY ones yet unless there is some specific information TX (and the new clones) had/have that the general public still does not.
It still burns my ass that I didn't get an SX Core while it was available- and the clones are overpriced and apparently poor quality. like ffs I would be using stuff like homebrew tools and emulators for games that I no shit legally own and have dumped myself.
Of course, everyone says that though.
Thats just the nature of clones they are never better than the original it was the same for 3ds flashcarts and they all had timebomb codes that would make them stop working overtimeDoes anyone know the reason current clones are failing/poor quality?
Any clone products I have ever known utilize components of lesser quality, purely to reduce cost. What would be the point in saving a few dollars in build cost if you are selling them for $200?Thats just the nature of clones they are never better than the original it was the same for 3ds flashcarts and they all had timebomb codes that would make them stop working overtime
Well cheaper quality = higher failure rates. Thats something you have to take in consideration when buying a clone. The sxos chip clones were made to continue the distribution, but b/c the demand for them are so high and with the covid situation ongoing the prices will be too.Any clone products I have ever known utilize components of lesser quality, purely to reduce cost. What would be the point in saving a few dollars in build cost if you are selling them for $200?
Any clone products I have ever known utilize components of lesser quality, purely to reduce cost. What would be the point in saving a few dollars in build cost if you are selling them for $200?
im trying to do the same so if you are interested we can co-op in making a diy versionI was thinking of a possible Diy version, but i would need to know how it works.