Hacking Hack SXOS

[smada]

Bravo à toi @Reacher17 pour le bon travail!

 

[linuxares]

I guess not, but is it possible to have the rommenu in Atmosphere for XCI loading?

I already have a valid SXOS licence.

Hmm sadly I don't think it's that easy. If I remember correct they done some stuff in the firmware. Rommenu does just that.

 

[Xyphoseos]

is this really work ?

 

[Cylent1]

Yes it really works!

 

[mikefor20]

you made a lot of people happy not only did you do what everyone always told others could not be done but you did it fast as hell! Iv had it before with my 1st switch then sold it and never would rebuy it because i hate the ideal of spending money for something I own and should had be able to use on any other switch I had, Keep up the good work because you made a name for your self here!

It's awesome. $30 for 3000+ games is nothing but i am glad it's cracked

Please accept my excuses for my previous attitude. You did great!

Give this guy an award! An apology? Uncommonly good. Thanks for the humility! Refreshing.

Well yes b/c he never includes anything to allow atmosphere to install piracy. The sigpatches were made from someone else.

Sure... but to me that looks more like an excuse so he can have a 'free pass' on what he does... he could as easily make it so Atmosphere would not work with any type of sigpatches whatsoever and he doesn't.

This is what i been saying.

Atmosphere was made as a result of Scires loving Horizon and wanting to write an open source implementation of it.


No, he can’t.
Atmosphere has a general purpose patching system, which sigpatches use.
Removing it would be stupid.
Blacklisting processes sigpatches patch would also be stupid, as there’s legitimate use cases for patching those processes (see: nogc patches) and it’d be the most pointless thing ever as it could very easily be bypassed.

To be fair the original tweet said" Mainline Pokemon game coming for switch! Time to crack the system" or something along those lines. Michael loves Pokedex. That's why he cracked it. And if he wanted to get rid of sig patches I'm sure he could somehow. To be fair.

Come on... Cracking the crackers is quite ironic.

I always thought pirating the code that enables piracy in the first place was hilarious too LOL

Still compatible until fw 11.0.0
So what's the point of cracking it?

You seem to misunderstand what's going on here. All the games are compatible. 11.0.1+ is not necessary at this point.

oh nice, I come back a week later and looks like it was not a bluff..

Good Job, now someone do true USB install support.

Do you mean putting NSP or xci files onto a USB device and installing off of it? Tinfoil supports that already. You have to add the correct path to it in the file browser. Press new and use the USB HDD protocol.

 

[djpannda]

Do you mean putting NSP or xci files onto a USB device and installing off of it? Tinfoil supports that already. You have to add the correct path to it in the file browser. Press new and use the USB HDD protocol.

I do use Tinfoil for USB support to have back ups of xci and nsp but I mean being able to install nsp on HDD...that is what I would call true USB support.... with that I would have to abandon SXOS completely .. ( as most in the community already stopped XCI support)

 

[ZachyCatGames]

To be fair the original tweet said" Mainline Pokemon game coming for switch! Time to crack the system" or something along those lines. Michael loves Pokedex. That's why he cracked it. And if he wanted to get rid of sig patches I'm sure he could somehow. To be fair.

Oh right, that was another reason. Forgot about that, heh.

He'd have to hardcode the patches in AMS and compare them to the patches being loaded or smth stupid like that.
In general, trying to explicitly block piracy with this stuff is pointless and can always be easily bypassed, so he doesn't bother with it, doesn't mean piracy is the intended purpose or something he had in mind at all.

 

[redmagejosh]

Spoof license sxos

Script hack sxos
Python v2.7
https://mega.nz/file/89hQTDZD#mBHrwh2PC0pA_IrbccrQ8krULy74aNy4P4obqOLm8wI

Python v3

https://mega.nz/file/lwgSGTDT#bJbp33pGnXFdV1fxiyo0JlMWsyRNRaV7EoZvA8858is

the Switch fingerprint used by the sxos is located at address 0x81000950 with a size of 0x10

I created a code that will modify this fingerprint at the right time for the license to be accepted

it just lacks the activation of the rommenu



sxos v2.9.3 v2.9.4 v2.9.5

payload80000000.bin

from Crypto.Cipher import AES
from Crypto.Util import Counter
import os
import struct

def aes_ctr_dec(buf, key, iv):
    ctr = Counter.new(128, initial_value=long(iv.encode('hex'), 16))
    return AES.new(key, AES.MODE_CTR, counter=ctr).encrypt(buf)

#Addr: 0x84E0    size: 0x900
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "23C4758625E917742377AFEA7B01F4AA"

#Addr: 0x8DE0      size: 0x2A00
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "1C7B21915F911F5C9E7DDFA976E89ECB"

#Addr: 0xB7E0      size: 0x79780
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "2A9536AA2DFFB168D4F047372D90AACC"

#Addr: 0x84F60   size: 0xEA0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "E62CF9BE86E89FDED329CD894DDFEB32"

#Addr: 0x85E00   size: 0x1D0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "AF1380B9EAD8DB49B92A4FF663F123E9"

#Addr: 0x85FD0   size: 0x11F0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "7B72429908850206D81DCFFB916D1CDE"

#Addr: 0x871C0   size: 0x1040
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "CDEAFB612E2D684D994C9EB77546F9C3"

#Addr: 0x88200   size: 0x4410
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "46EAB8827D792795848AC2963ACCEC93"

#Addr: 0x8C610    size: 0xC20
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "38790F87C2CCEF575623980066E7B993"

#Addr: 0x8D230    size: 0x2960
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "09EDF6AAE33ADFBA3ED728379DA7B950"

#Addr: 0x8FB90    size: 0x2A0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "8986E6366FF02FB480BC16FB303FA412"

#Addr: 0x8FE30    size: 0x910
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "7F7CBCED6F45EB318E16A0939DD46444"

#Addr: 0x90740    size: 0x10
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "7CD795905F39146120615E2B140ADE5A"

#Addr: 0x90750    size: 0x11B0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "F94BA9E8FB07717F905E226A0E9D9362"

#Addr: 0x91900   size: 0xF20
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "D1B9EE93463D59E36A3705DF1BEA7FB4"

#Addr: 0x92820   size: 0x160
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "0DF6D2FBEF9890FCD0F2B80E051BB1C4"

#Addr: 0x92980   size: 0x11D0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "67F07E1D1CBA6C8777E55E04B0E53CC8"

#Addr: 0x93B50   size: 0x800
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "AB5145E920085B47903088431B93FE70"

#Addr: 0x94350   size: 0x1150
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "6E93E123C40A45138B650A83ECECBEA5"

#Addr: 0x954A0    size: 0xEB0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "FE15F6F72F80AFFC6C754AD30F6873EA"

#Addr: 0x96350    size: 0xF30
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "A064A9DBA0898A9BE41FA28150A6DDB6"

#Addr: 0x97280    size: 0x1150
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "DF85B68B238735EB347F73D04DC93C03"

#Addr: 0x983D0    size: 0x200
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "307D0916213CF345A75F605EC600180C"

#Addr: 0x985D0    size: 0x4E0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "92823A34CD4D2C9DB22B18E76375EDB4"

#Addr: 0x98AB0    size: 0x8D0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "D40A3937867C86B1651992808E6D683D"

#Addr: 0x99380    size: 0x10
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "0B62FE1C369975FB523D5E0A073C8415"

#Addr: 0x99390    size: 0x8D0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "F37C3BFE78857EF2D8527BA2361CCA35"

#Addr: 0x99C60    size: 0x2120
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "6720C40AEC49402781EF3E1159F933A6"

#Addr: 0x9BD80    size: 0x550
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "44DB793CF04AC42C4E19491C7EF0A510"

#Addr: 0x9c2D0  size: 0x10
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "EF3E77E9942A9257CDB67E2FBA7A429E"

#Addr: 0x9c2e0  size: 0xF90
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "8EBB8BDA00880A154D69AEF408DFA7EC"

#Addr: 0x9D270  size: 0x1A60
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "97E1B83B22DE39025AE7D55EB26850D0"

#Addr: 0x9ECB0    size: 0x20 ???
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = ""

#Addr: 0x9ECD0    size: 0x1030
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "DB5FEAE3F1291C9E62C7180803AA2ED6"

#Addr: 0x9FD00    size: 0xC0 ???
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = ""

#Addr: 0x9FDC0    size: 0x1e0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "D96F01AEBEC99A866A951D7E05FC660D"

#Addr: 0x9FFA0    size: 0x500
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "E1BE093E09E15F281BD987D10188CA92"

#Addr: 0xA04A0    size: 0x10
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "609D2775183FDE9DD5B8420F4E36AFA5"

#Addr: 0xA04B0    size: 0xF30 ???
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = ""

#Addr: 0xA13E0    size: 0x3C20
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "70CA9253F81722B848C61A6B1838EC52"

#Addr: 0xA5000    size: 0x2BE0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "C1BB824BCA3F7395E9C423A502430517"

#Addr: 0xA7BE0    size: 0xC50 ???
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = ""

#Addr: 0xA8830    size: 0x14A0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "76B8BC721ED4301E6AA35436822556AF"

#Addr: 0xA9CD0    size: 0x10
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "4BF1329218C7853F8316447B20AC67C9"

#Addr: 0xA9CE0    size: 0x10
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "53F8147D113F1F9030718726944095E7"

#Addr: 0xA9CF0    size: 0x10
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "7B117D2C943311F125EBE4CD6C2C756E"

#Addr: 0xA9D00    size: 0x2140
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "B3572BAD1665259B9C68897369762412"

#Addr: 0xABE40    size: 0x1B10
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "B74E2CA5B2BDBED6194503651C5903FB"

#Addr: 0xAD950    size: 0x8C0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "A797BC58D08D8326DAB96EA9B2E01B08"

#Addr: 0xAE210    size: 0xF10
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "FFED61C2CF143AD186A5E83900773E99"

#Addr: 0xAF120    size: 0x11F0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "62A9221F850152BFF0CBA217F82B246E"

#Addr: 0xB0310    size: 0x3600
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "D28E70B8F637A3F2BABCA80EF6097D18"

#Addr: 0xB3910    size: 0x1D0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "E2EC8964BA8F828E74F9ECF4F68E7899"

#Addr: 0xB3AE0    size: 0x48B0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "A31943AC553D1098D01D8E55ABE6C1DD"

#Addr: 0xB8390    size: 0xCA0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "B22F1D3F621525E7F71AF5E26BAD8ECD"

#Addr: 0xB9030    size: 0x550 ???
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = ""

#Addr: 0xB9580    size: 0x1C10
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "25BCB61C715FE3361800E3BB5E27261B"

#Addr: 0xBB190    size: 0x10
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "3EF6B9A216F68275A4A95550F0E7367D"

#Addr: 0xBB1A0    size: 0x20
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "08B1E8A8EAF97EC7779EB4891ED06F16"

#Addr: 0xBB1C0    size: 0xF40
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "7BAFC2D19F25DC7A6FDAC079D92CC7BA"

#Addr: 0xBC100   size: 0xF40 ???
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = ""

#Addr: 0xBD040   size: 0xE0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "290C110580C3E0DAC10347E071CB268A"

#Addr: 0xBD120  size: 0x74950
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "                    "

#Addr: 0x131A70   size: 0x6D0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "D9AE3BC1BCBC02F4C5FF616DBD936C2D"

#Addr: 0x132140   size: 0xD0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "6A3EEB913484B6788FEA75797890750B"

#Addr: 0x132210  size: 0x310
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "03F52F148BC344FADB3CED21E93C3B31"

#Addr: 0x132520    size: 0x70
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "94031E43C8786088A66C66BBD6DD1E3B"

#Addr: 0x132590    size: 0x10
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "47024D938410E178097692558836CD56"

#Addr: 0x1325A0    size: 0x850
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "0C0F92D93D3A88915CADBA875AB5E923"

#Addr: 0x132DD0   size: 0x20
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = ""

#Addr: 0x132DF0   size: 0xCC0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "A522EAF0A0E6FB33DE4CFB1CAEBC1036"

#Addr: 0x133AB0    size: 0x10
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "802A0636F2F4CF6BD3E795D4BD0A11A3"

#Addr: 0x133AC0    size: 0x10
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "2C25FEB2918D96996A393767F264AF1E"

#Addr: 0x133AD0    size: 0xC0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "342E0237CAB7B25DE1B882293E6C0022"

#Addr: 0x133B90    size: 0x1A40
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "9D07201C9816C6CA3A0FE95AA433341B"

#Addr: 0x1355D0    size: 0x10
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "24FF2947714B5B5BAAA431AF87205D01"

#Addr: 0x1355E0    size: 0x190
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "DDF2B4703A66E08345B0A8DE43B99266"

#Addr: 0x135770    size: 0x9120 ???
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = ""

#Addr: 0x13E890  size: 0x1E0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "8A177CEE1860839EEE5CEB1F90076824"

#Addr: 0x13EA70  size: 0x20
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "4B51A716AB1C4C35D11B93DBFC2A508E"

#Addr: 0x13EA90  size: 0x1D50
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "71AACB3F51D36860EEB848753C3E2D63"

#Addr: 0x1407e0   size: 0x50
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "35921578DB997A41774FC736B951320F"

#Addr: 0x140830   size: 0x10
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "674FEEA3F132A38D45253C9914AAB859"

#Addr: 0x140840   size: 0x1D0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "0F8446D6795EC74550BAB70DF50A30E3"

#Addr: 0x140A10   size: 0x1310
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "0A915AC245154C79FF9E473F6D8F0253"

#Addr: 0x141D20   size: 0x4C0 ???
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = ""

#Addr: 0x1421E0   size: 0x100
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "2587D5BFF345DD82D7AF9DCA2523CC4B"

#Addr: 0x1422E0    size: 0x10E90 ???
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = ""

#Addr: 0x153170    size: 0x820
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "52EB3E173E40C8714B3AD4B3D12653A1"

#Addr: 0x153990    size: 0x10
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "CA4E0C4C6EF0FC0B9F52EC6BE0837F7E"

#Addr: 0x1539A0    size: 0x1720
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "284991136961ADB3C5B37DA713C80BB4"

#Addr: 0x1550C0    size: 0x1230
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "A304951A4A93D4176D9DB2C434C7FB82"

#Addr: 0x1562F0  size: 0x260
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "E617C0E0576391EBC1ACDBED1EC78ED0"

#Addr: 0x156550  size: 0x60
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "52D26B059EB83D1E025351999A79C59F"

#Addr: 0x1565B0  size: 0x10
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "C2945D9407F0EB48F56D2D93DB55C981"

#Addr: 0x1565C0  size: 0x1750
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "91871C8C80792D24FC4C38921C697019"

#Addr: 0x157D10    size: 0xC0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "37A68FF460A624FBB64E747AE05939B0"

#Addr: 0x157DD0    size: 0x980
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "62F6E70C55C06D4312A0420855B5D876"

#Addr: 0x158750   size: 0xB0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "603562127CF092A9E23D9EB1350B8523"

#Addr: 0x158800   size: 0x20
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "113349E7659F24390146027FB43753B5"

#Addr: 0x158820   size: 0x20
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "5F4062820DC428C3FC39BFE07AFD5301"

#Addr: 0x158840   size: 0x4C0 ???
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = ""

#Addr: 0x158CE0   size: 0x1CC0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "007F23589EF73257A73FBE983FD17B4D"

#Addr: 0x15A9A0   size: 0x4A0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "378E40706BB52E7B33E35E2848527CCD"

#Addr: 0x15AE40   size: 0x1B0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = ""

#Addr: 0x15AFF0   size: 0xC20
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "BBF5295D90A3EFEE6CB82A27B37322AB"

#Addr: 0x15BC10    size: 0x20
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = ""

#Addr: 0x15BC30    size: 0x1610
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "CF1169E5E7621B115531B9E148EFE8BC"

#Addr: 0x15D240    size: 0x150
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "695653409E3EFE4DBC39A3B13845EEE9"

#Addr: 0x15D390    size: 0x1F0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "A07AC2136C9FB4B2AD3F2D6CAA3098FA"

#Addr: 0x15D580    size: 0x2A00
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "E76C8D79563EBA142A966DEF474840D2"

#Addr: 0x15FF80    size: 0xB40
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "D8FE824EF12CC0128D636BDC70BEDEAC"

#Addr: 0x160AC0    size: 0xEB0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "3F65A7ED5EEF4C24A79CD2601BAA0E37"

#Addr: 0x161970    size: 0x3090
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "986431EC00A1C1BC6CB816DDB12AB7DE"

#Addr: 0x164A00    size: 0xD0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "62120C09CDD68F0CE1A3A968AC4D88CE"

#Addr: 0x164AD0    size: 0x240
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "7B9F5E813423C2E750E6B7882779F7C8"

#Addr: 0x164D10    size: 0xE0 ???
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = ""

#Addr: 0x164DF0    size: 0x4D0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "A41C644EC04FA1950F3D1E32128935A7"

#Addr: 0x1652C0    size: 0x1AC0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "96ED8BAC6F841332F4A6CF3618D23980"

#Addr: 0x166D80    size: 0x110
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "1EEA482DAFA24B3A261754E55FA30379"

#Addr: 0x166E90    size: 0x1740
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "6CD02E5D10E6952E320DA3A8C59D860D"

#Addr: 0x1685D0  size: 0x1A0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "8BFD3EB02BC89D7DB24242D750A49361"

#Addr: 0x168770  size: 0x350
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "3539B3D4E16456EC82C9C7A9C69022AC"

#Addr: 0x168AC0  size: 0x1680 ???
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = ""

#Addr: 0x16A140  size: 0x240
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "56F121113CA4189A0176A6022AF514A1"

#Addr: 0x16A380  size: 0x2310
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "7B691B6AFC0C5CC5378B67C34A48835B"

#Addr: 0x16C690    size: 0x90
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "B5711B05C2673A555D5D9EA0730637FF"

#Addr: 0x16C720    size: 0x70
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "BE666322ED70DB7FF5AB5342D9175118"

key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0".decode("hex")
ctr = "C2945D9407F0EB48F56D2D93DB55C981".decode("hex")

# Open binary (encrypted)
f = open("test.bin", "rb")
d = f.read()
f.close()

# Decrypt binary
f = open("test.enc.bin", "wb")
f.write(aes_ctr_dec(d, key, ctr))
f.close()

PAYLOAD90000000.BIN

from Crypto.Cipher import AES
from Crypto.Util import Counter
import os
import struct

def aes_ctr_dec(buf, key, iv):
    ctr = Counter.new(128, initial_value=long(iv.encode('hex'), 16))
    return AES.new(key, AES.MODE_CTR, counter=ctr).encrypt(buf)

#PAYLOAD 0X90000000


#Addr: 0x3630    size: 0x2410
#key = "287DADDA997A1B0E23DD4C86A1F34E49"
#ctr = "2F283C3663660CD4EC5F562B37D561BA"

#Addr: 0x5A40    size: 0x850
#key = "287DADDA997A1B0E23DD4C86A1F34E49"
#ctr = "F97D1D75866C329FA7B30E26457BABAE"

#Addr: 0x6290    size: 0x11D0
#key = "287DADDA997A1B0E23DD4C86A1F34E49"
#ctr = "716970E2B6933E56CECE47B5E91B6423"

#Addr: 0x7460    size: 0x2600
#key = "287DADDA997A1B0E23DD4C86A1F34E49"
#ctr = "1F735BF0986CF4FF3A9FE5B99FFF59EC"

#Addr: 0x9A60    size: 0x1760
#key = "287DADDA997A1B0E23DD4C86A1F34E49"
#ctr = "82175C30E03586CC0F78363A2F6971F4"

#Addr: 0xB2A0    size: 0xC0
#key = "287DADDA997A1B0E23DD4C86A1F34E49"
#ctr = "23E0C76BC7E1BBF55D329567246AD253"

#Addr: 0xB360    size: 0xB3C0
#key = "287DADDA997A1B0E23DD4C86A1F34E49"
#ctr = "CE7A6123937FACD0F1CFCF9F5FCCA369"

#Addr: 0xB480    size: 0x1220
#key = "287DADDA997A1B0E23DD4C86A1F34E49"
#ctr = "0FB2DA05864E06CE59C2786F698B4712"

#Addr: 0xC6A0    size: 0xB0
#key = "287DADDA997A1B0E23DD4C86A1F34E49"
#ctr = "96FBF2C16E50AE9CE32E5D5957C98D78"

#Addr: 0xF7A0    size: 0x1CB0
#key = "287DADDA997A1B0E23DD4C86A1F34E49"
#ctr = "034DCF6143413C84DF2AC11DA3D71351"

#Addr: 0x11530    size: 0x260
#key = "287DADDA997A1B0E23DD4C86A1F34E49"
#ctr = "E363581D59590587AAF7DA795B4245F2"

#Addr: 0x118A0    size: 0x260
#key = "287DADDA997A1B0E23DD4C86A1F34E49"
#ctr = "3296749064CC56E9FB5E4971FD6856A3"

#Addr: 0x173B0    size: 0x3C10
#key = "287DADDA997A1B0E23DD4C86A1F34E49"
#ctr = "B3423B5398CE05BCDE096CB186C663B5"

#Addr: 0x1AFC0    size: 0xAD230
#key = "287DADDA997A1B0E23DD4C86A1F34E49"
#ctr = "D6BF9303BAEAFAA03A1A35EE258480EB"

#Addr: 0xC81F0    size: 0x80
#key = "287DADDA997A1B0E23DD4C86A1F34E49"
#ctr = "211EF838B441C761ED04D1BBE6C536B3"

#Addr: 0xC8270    size: 0x59C0
#key = "287DADDA997A1B0E23DD4C86A1F34E49"
#ctr = "5FCD22045AB445D6006B65D58C16161A"

#Addr: 0xCDD20    size: 0x100
#key = "287DADDA997A1B0E23DD4C86A1F34E49"
#ctr = "4095A2017C1EB9B0877A027F4C626B9F"

#Addr: 0xCDE20    size: 0xF0
#key = "287DADDA997A1B0E23DD4C86A1F34E49"
#ctr = "F7D2B67160A6A31B24897B042DBBC57C"

#Addr: 0xCDF10    size: 0x250
#key = "287DADDA997A1B0E23DD4C86A1F34E49"
#ctr = "18CBFB627D7791E46AA55251E0546668"

#Addr: 0xCE160    size: 0x250
#key = "287DADDA997A1B0E23DD4C86A1F34E49"
#ctr = "EC2AB9F7DA2B35D1730C8727347D9504"

#Addr: 0xCE3B0    size: 0x9E0
#key = "287DADDA997A1B0E23DD4C86A1F34E49"
#ctr = "3FAF9992BF2213B8CD82AD57BC5A5F80"

#Addr: 0xCED90    size: 0x160
#key = "287DADDA997A1B0E23DD4C86A1F34E49"
#ctr = "E0A2E7301B13E5FDF787C1D1332431BD"

#Addr: 0xCF750    size: 0x10a0
#key = "287DADDA997A1B0E23DD4C86A1F34E49"
#ctr = "9479BCAA841C3AE71d2fee2da34f9893"

#Addr: 0xD07F0    size: 0xD08B0
#key = "287DADDA997A1B0E23DD4C86A1F34E49"
#ctr = "F0C5B599519350DB98C2106C64E64EB4"

#Addr: 0xD08B0    size: 0xD1ED0
#key = "287DADDA997A1B0E23DD4C86A1F34E49"
#ctr = "BD2775CB738DFFDA94B146A9E55380E8"

#Addr: 0xD1ED0    size: 0xF20
#key = "287DADDA997A1B0E23DD4C86A1F34E49"
#ctr = "E9A6E2E6E4C78796CCA90674A78B7CE0"

#Addr: 0xD2DF0    size: 0x250
#key = "287DADDA997A1B0E23DD4C86A1F34E49"
#ctr = "A4722CFF459EF1DE8613CBF9B9146E0F"

key = "287DADDA997A1B0E23DD4C86A1F34E49".decode("hex")
ctr = "716970E2B6933E56CECE47B5E91B6423".decode("hex")

# Open binary (encrypted)
f = open("test.bin", "rb")
d = f.read()
f.close()

# Decrypt binary
f = open("test.enc.bin", "wb")
f.write(aes_ctr_dec(d, key, ctr))
f.close()

Awesome stuff now we just need someone to come up with a SX Core and SX Lite chips clones so we can get any OS running on newer models!

 

[lordelan]

I do use Tinfoil for USB support to have back ups of xci and nsp but I mean being able to install nsp on HDD...that is what I would call true USB support.... with that I would have to abandon SXOS completely .. ( as most in the community already stopped XCI support)

That's not a good thing to do because if you're running a game off of USB and unplug the drive, bad things will happen.

 

[djpannda]

That's not a good thing to do because if you're running a game off of USB and unplug the drive, bad things will happen.

I know but I have my spare switch permanently docked with SXOS because of the "6tb drive" so switching to Atmos permanently docked is no problem.

 

[mikefor20]

Oh right, that was another reason. Forgot about that, heh.

He'd have to hardcode the patches in AMS and compare them to the patches being loaded or smth stupid like that.
In general, trying to explicitly block piracy with this stuff is pointless and can always be easily bypassed, so he doesn't bother with it, doesn't mean piracy is the intended purpose or something he had in mind at all.

He knew it would happen but yeah I agree it would be futile to try and prevent it. It would mean a special piracy enabled branch would have to happen. Wouldn't be a copy and paste scenario.And it would cripple a few things as well. He doesn't ENABLE piracy but he isn't going too far out of his way to disable it either. That's all I meant. It's open source. Anyone with enough skill could change it anyways. So yeah ... Futile.

 

[TheyKilledKenny]

List of homebrews not working with patched license boot.dat

SX Dumper
SX Save Manager
Tinfoil

All these must have SXOS license checks, maybe there is a place missed in boot.dat that needs patched, or these homebrews can also be patched. Probably other SX based homebrews don't work - but I didn't check, these are the ones that were already on my switch that work with a non-patched boot.dat and valid license.
...

In my opinion tinfoil check only if some file is there.
For example if you put a file named patches.ini in bootloader folder then tinfoil warn you with the red message saying to not use hekate even if you didn't used it at all.
So, try to remove Atmosphere sigpatches or simply rename or delete Atmosphere folder. Maybe it does the job and let tinfoil run.
I'll try soon or later, but I can't now.

Ciao.

 

[tivu100]

I just started reading the thread. Haven't gone through the thread, so please help me with this question:

Is there any risk with brick code?

 

[mrdude]

In my opinion tinfoil check only if some file is there.
For example if you put a file named patches.ini in bootloader folder then tinfoil warn you with the red message saying to not use hekate even if you didn't used it at all.
So, try to remove Atmosphere sigpatches or simply rename or delete Atmosphere folder. Maybe it does the job and let tinfoil run.
I'll try soon or later, but I can't now.

Ciao.

I've got a legit license and don't get any errors/warnings using an un-modded boot.dat. This is down to the patched boot.dat and nothing else.

--------------------- MERGED ---------------------------

I just started reading the thread. Haven't gone through the thread, so please help me with this question:

Is there any risk with brick code?

It's been tested by many people now and even when we were messing about patching and failing nobody got bricked or had any files mess up on their sd cards. It's safe - just make sure when you mod that you get the sxos boot.dat from a reliable source. Use the python file I posted that has the hash check to make sure you are using a good file.

 

[Sandmann]

Here we go

Here is my finished version:
SX Hacked 3.1.0 (boot.dat modified and license.dat)

Fingerprint: 5602D40FA505523444544A4200011500

*Snip*

 

[Cylent1]

WTF is is going on with the board? I hope this is not some new theme because it looks like shit!

 

[MasterJ360]

WTF is is going on with the board? I hope this is not some new theme because it looks like shit!

its an April Fools thing. Also tested the finalized hacked sxos 3.1.0 boot file/license it definitely works, but if your switch is already on 11.1 it wont be much of use unless you have the ability to downgrade back to 11.0.

 

[mrdude]

its an April Fools thing. Also tested the finalized hacked sxos 3.1.0 boot file/license it definitely works, but if your switch is already on 11.1 it wont be much of use unless you have the ability to downgrade back to 11.0.

Or use atmosphere for 11.0.1 to downgrade and use emunand with 11.0.0 for SXOS.

 

[linuxares]

If I recall the downgrade from 11.0.1 to 11.0 is quite easy since it isn't really anything big changed in the background.

 

[MasterJ360]

Or use atmosphere for 11.0.1 to downgrade and use emunand with 11.0.0 for SXOS.

Thats true i forgot they have the same fuse. I got another switch for sxos only so im good. But for those who want to keep playing new games they will have to do an extra step in backporting them to work on 11.0 with nscbuilder or SAK - its a trade off for xci mounting, other than that everything will work for now.