Homebrew [33c3] Console Hacking 2016 (3DS/WiiU) talk Dec 27-30: smea, derrek, nedwill, naehrwert

[hacksn5s4]

sighax is unpatchable without hardware revision. Fasthax and soundhax can be patched any time now.

Although what Nintendo can do while waiting for sighax to show up is make it hard to install sighax by patching fasthax and cleaning up dsiware exploit stuff. There isn't much they can do about hardmod installation though, but that's quite an obstacle for the user at least.

theres also fast hax which will make this installable on the current firmware with out downgrading

 

[GerbilSoft]

If sighax gets implemented soon, you'll only need the dsiware transfer or hardmod. No more downgrading.

Or possibly just a DS flash cart, since the BootROM can boot from the Wi-Fi card's SPI flash.

 

[tbclandot]

Sorry I'm a noob but what does user land mean?

 

[metroid maniac]

Or possibly just a DS flash cart, since the BootROM can boot from the Wi-Fi card's SPI flash.

Holy shit, I forgot about that. What determines the boot device?

 

[hacksn5s4]

Nope, all you can do is request arm9 to install legit CIAs (i.e. a firmware update package)

yes but since with signhax you can sign your own firmware

 

[gamesquest1]

yes but since with signhax you can sign your own firmware

you need to install signhax before you can use it.....chicken and egg situation for you

 

[metroid maniac]

Sorry I'm a noob but what does user land mean?

Generally speaking it is game software, as opposed to OS software.

yes but since with signhax you can sign your own firmware

Only if the bootrom is checking. The arm9 will not accept the fake signature.

 

[GerbilSoft]

Holy shit, I forgot about that. What determines the boot device?

I don't have the actual details, but I'd think SPI is first, since it usually isn't bootable, and the only case it would be is if it's being repaired by Nintendo.

EDIT: Apparently SPI is booted only if NAND fails. That makes it a bit harder to use.

 

[Deleted User]

So, this says that we can now (or in the future?) fully decrypt games on PC, better emulation, complete CFW (installing custom updates, no sig checking, updating from a different internet source)?

 

[jackb994]

I've just read through the live thing. What do these do and how would this effect a user.

 

[Xiphiidae]

I've just read through the live thing. What do these do and how would this effect a user.

Read through this thread.

 

[Arubaro]

Sorry I'm a noob but what does user land mean?

Userland is what you usually get using homebrew, with the privileges that any game usually have

 

[einstein95]

So, this says that we can now (or in the future?) fully decrypt games on PC, better emulation, complete CFW (installing custom updates, no sig checking, updating from a different internet source)?

Yes, probably not, basically yeah

 

[hacksn5s4]

well what i thought it is is tricking the signature checks so we can sign our own apps for 3ds and have them play on ofw

 

[Stecker8]

this is gbatemp having a heart attack

This usually happen.

 

[CeeDee]

well what i thought it is is tricking the signature checks so we can sign our own apps for 3ds and have them play on ofw

What you thought was wrong.

 

[GerbilSoft]

well what i thought it is is tricking the signature checks so we can sign our own apps for 3ds and have them play on ofw

The broken RSA check is in the BootROM. The normal signature checks for installing CIAs are done by the ARM9 firmware, which isn't broken and can only be bypassed by patching (e.g. CFW).

 

[metroid maniac]

well what i thought it is is tricking the signature checks so we can sign our own apps for 3ds and have them play on ofw

No. We can't sign content with this. We can fakesign FIRM, and the fake signatures will only be accepted by bootrom.

I don't have the actual details, but I'd think SPI is first, since it usually isn't bootable, and the only case it would be is if it's being repaired by Nintendo.

EDIT: Apparently SPI is booted only if NAND fails. That makes it a bit harder to use.

I guess you could break your console open and tear out the NAND chip

 

[GerbilSoft]

I guess you could break your console open and tear out the NAND chip

Maybe temporarily grounding the DAT0 line during boot...

 

[metroid maniac]

Maybe temporarily grounding the DAT0 line during boot...

That seems a whole lot less permanent
It shouldn't require too much technical expertise to poke some tweezers in there, the hardest part would probably be opening the console.