Hack SXOS

By Reacher17, Feb 12, 2021 157,278 1,030 37

  1. Detroitguy22

    Detroitguy22 Member
    Newcomer

    Joined:
    May 6, 2020
    Messages:
    43
    Country:
    United States
  2. Voxel

    Voxel GBAtemp Guru
    Member

    Joined:
    Jun 27, 2015
    Messages:
    5,369
    Country:
    Antarctica
    Yep. Actually, as well as using the easier python script today, I did manage to unpack, patch and repack the payload and stage2 back into boot.dat by hand yesterday, which yielded the exact same results.

    I originally was using my own fingerprint, which obviously didn't work. This weird 125-byte "license" does have a hex string the same length as any other fingerprint, which I assumed might have been it, but that also failed to work. Then again, SXOS didn't even acknowledge the license.dat's existence on my microSD, which would be because the license is bad.

    Interesting. I obtained it through Archive.org using the official xecuter link for that version. The zip was named "SXOS_beta_v2.9.5.zip".
     
  3. Reacher17

    OP Reacher17 GBAtemp Regular
    Member

    Joined:
    Sep 18, 2019
    Messages:
    108
    Country:
    France
  4. mikefor20
    This message by mikefor20 has been removed from public view by Foxi4, Mar 30, 2021, Reason: No need for that.
    Mar 29, 2021
  5. Detroitguy22
    This message by Detroitguy22 has been removed from public view by Foxi4, Mar 30, 2021, Reason: Bickering.
    Mar 29, 2021
  6. Lacius
    This message by Lacius has been removed from public view by Foxi4, Mar 30, 2021, Reason: If you know he's trolling, why are you taking the bait?.
    Mar 29, 2021
  7. mrdude

    mrdude GBAtemp Maniac
    Member

    Joined:
    Dec 11, 2015
    Messages:
    1,133
    Country:
    Hi dude, with 2.9.5 that supports firmware version 10.0.1, if you're switch was updated to 11.0 firmware you would have burned game cart fuses and you need to use firmware 11.0.0 or gamecards won't work and the firmware will crash, this means that you need to use SXOS 3.10 and patch that instead.

    These scripts won't work on 3.10 as the keys are wrong (you can get then from the unpacker script for boot.dat I posted), also the hex patches will be different - so patched 2.9.5 boot.dat needs to be used on older firmware and if you updated to 11.0 in the past your gamecard fuses will be blown - so basically sxos python scripts need modded for 3.1.0 boot.dat.
     
    Last edited by mrdude, Mar 29, 2021
    Scott_pilgrim likes this.
  8. Cylent1

    Cylent1 Community Smart Ass!
    Member

    Joined:
    Oct 5, 2015
    Messages:
    826
    Country:
    United States
    Key word being ALMOST!
    The fact that Atmos refuses to incorporate XCI is useless in my opinion and a lot of others also, so don't think for one minute that there is not many of us.
    I would advise taking the negative trolling statements and keep them to yourself!
     
    Last edited by Cylent1, Mar 29, 2021
    mikefor20 likes this.
  9. mikefor20

    mikefor20 GBAtemp Maniac
    Member

    Joined:
    Jan 12, 2009
    Messages:
    1,264
    Country:
    United States
    *Snip*

    XCI loading, or some legal Homebrew equivalent, in Atmosphere is the only way SXOS will become obsolete. Atmosphere devs won't go there because then they will be quasi admitting that SXOS had a killer feature they have been downplaying all this time. Sticking to their story! Plus they "hate piracy"... That's why Atmo is designed in some capacity for Sig Patches.. Which are 100% piracy.. Hmm. I doubt we will see actual XCI loading either on any official level. XCI is a Nintendo format and the code involved is a legal grey area (illegal) at best. It's too much work and most devs won't dare take credit because Ninty may retaliate. And glory is the only real incentive for a lot of those guys. XCI support, or the equivalent, would be nice. They already snuffed out XCI's on most of the familiar sites. Even though XCIs are more useful to some people and have no downside at all. Go figure. If they would make loading any format off of USB that would be huge. But the work/risk doesn't make sense for most people. I was hoping there would be a port of SXOS USB/XCI functionality... time will tell.
     
    Last edited by Foxi4, Mar 30, 2021 - Reason: Trolling
    Cylent1 likes this.
  10. Reacher17

    OP Reacher17 GBAtemp Regular
    Member

    Joined:
    Sep 18, 2019
    Messages:
    108
    Country:
    France
    Sxos v3.1.0 hack ^^


    v3 starts nickel with the patches
     

    Attached Files:

    Last edited by Reacher17, Mar 30, 2021
    agpixel, lordelan, Voxel and 5 others like this.
  11. leerpsp

    leerpsp GBAtemp Advanced Maniac
    Member

    Joined:
    Feb 22, 2014
    Messages:
    1,673
    Country:
    United States
    you got to let me test this out man I'm on the newest os right now but I'll downgrade to test this and I'll post photos and shit for you.
     
  12. Detroitguy22

    Detroitguy22 Member
    Newcomer

    Joined:
    May 6, 2020
    Messages:
    43
    Country:
    United States
    We've had rommenu extracted since 2018 are you gonna show real real proof not shaky camera quick *Snip*
     
    Last edited by Foxi4, Mar 30, 2021 - Reason: Trolling
    Dark Ronin, Memoir and Lacius like this.
  13. Cylent1

    Cylent1 Community Smart Ass!
    Member

    Joined:
    Oct 5, 2015
    Messages:
    826
    Country:
    United States
    How bout you just take it for what it is at the moment, and if you don't like it, you will just have to learn to deal with it!
    Nobody is under no obligation, especially after people who tested this says it works, to give any proof whatsoever!
    So stop trolling!!!
     
    mikefor20 likes this.
  14. Detroitguy22
    This message by Detroitguy22 has been removed from public view by Foxi4, Mar 30, 2021, Reason: Trolling. Posting it once was enough..
    Mar 30, 2021
  15. mspy

    mspy GBAtemp Regular
    Member

    Joined:
    Jul 29, 2018
    Messages:
    151
    Country:
    Brazil
    I have some questions regarding this 'hack'. It appears that this method requires a valid license in the first place to work, so essentially it's like you are able to share a valid license which is bond to only 1 console with others.
    Assuming TX releases a new version of SXOS:

    1) would this method still work? would you need to do a new hack with every new release? can they patch this vulnerability somehow on their side? or can they blacklist all the valid licenses circulating around on the internet that this method makes use off or even intentionally brick your console if the SXOS detects such a license being used ? I mean if they cannot do shit about it then at this point I don't see why would they not go totally free and release the source code especially if they are not planning any new updates in the future.

    2) does this mean that anyone can update/ make their own version of SX OS now to work with the latest firmware ?


    I'm not complaining or anything but with all the work gone into this one would think that it would be better spend on ripping off the only feature that makes SXOS worth it in my eyes (XCI Loading) and make it work with an active CFW like Atmos... maybe this hack will open the door for that, who knows.
     
    Cylent1 likes this.
  16. BaamAlex
    This message by BaamAlex has been removed from public view by Foxi4, Mar 30, 2021, Reason: Off-topic/Bickering.
    Mar 30, 2021
  17. mrdude

    mrdude GBAtemp Maniac
    Member

    Joined:
    Dec 11, 2015
    Messages:
    1,133
    Country:
    How can the posted script work on 3.10 boot.dat, the decryption keys are different - also in 2.95 you have this: payload_80000000.bin, there's no such file in 3.10, 3.10 uses payload_81000000.bin. Also hex locations are different. Maybe you patched 2.95 boot.dat but are using the rommenu.nro from 3.10. If that's the case the highest firmware that can be used with this is 10.0.2 as that's all that 2.9.5 boot.dat supports.
     
    Last edited by mrdude, Mar 30, 2021
    Dark Ronin likes this.
  18. Reacher17

    OP Reacher17 GBAtemp Regular
    Member

    Joined:
    Sep 18, 2019
    Messages:
    108
    Country:
    France
     
    Last edited by Reacher17, Mar 30, 2021
  19. mikefor20
    This message by mikefor20 has been removed from public view by Foxi4, Mar 30, 2021, Reason: Flaming.
    Mar 30, 2021
  20. Cylent1

    Cylent1 Community Smart Ass!
    Member

    Joined:
    Oct 5, 2015
    Messages:
    826
    Country:
    United States
    Wow! looks like xci loading does work after all folks! Who wouldn't have thunk it?
    How much more proof should one think they are entitled to ask for after this?
    Way to go Reacher!
     
    Last edited by Cylent1, Mar 30, 2021
  21. Detroitguy22

    Detroitguy22 Member
    Newcomer

    Joined:
    May 6, 2020
    Messages:
    43
    Country:
    United States
    Post one CLEAR video of the gamecard NOT being inserted, every video doesn't show the card slot and you could easily be pushing card in

    And Now that we know Mike is projecting his own furry/pony fetish
     
  22. BigOnYa

    BigOnYa Sofa King Special
    Member

    Joined:
    Jan 11, 2021
    Messages:
    1,128
    Country:
    United States
    I'm not knocking the OP and happy he is working on this, but was wondering the same! Has others here confirmed this is hacked, in some way or another?
     
    Last edited by BigOnYa, Mar 30, 2021
  23. Cylent1

    Cylent1 Community Smart Ass!
    Member

    Joined:
    Oct 5, 2015
    Messages:
    826
    Country:
    United States
    Next it will be, Have someone film you while you while you are filming the switch. we want to see what you are doing.
    yeah a 360 angle shot!
    No matter what......... It never seems to amaze me!
     
    mikefor20 and BigOnYa like this.
  24. Reacher17

    OP Reacher17 GBAtemp Regular
    Member

    Joined:
    Sep 18, 2019
    Messages:
    108
    Country:
    France
  25. BigOnYa

    BigOnYa Sofa King Special
    Member

    Joined:
    Jan 11, 2021
    Messages:
    1,128
    Country:
    United States
    Nice work Reacher17....Keep at it! :grog:
     
  26. mrdude

    mrdude GBAtemp Maniac
    Member

    Joined:
    Dec 11, 2015
    Messages:
    1,133
    Country:
    Not working for me, I've tried on 2 different switches with 2 original SXOS licences, this is how I tested:

    Installed 10.0.0.2 firmware on emunand.
    Tried boot.dat from 2.9.5 (unpatched works fine and boots into emunand using original licence.dat).
    Using patched (manual and from scripts) boot,dat - sxos freezes on sxos logo screen, long press of volume plus button brings up sxos admin menu - this shows emunand as disabled, and sxos licence fail.
     
Draft saved Draft deleted