Hacking Hack SXOS

[mrdude]

Rommenu repatched with alternative patches - this fixes cheats menu now. This bypasses the sub that deals with the fingerprint (which I said in the last page). Fixing the fingerprint mod is beyond my skill level so @Reacher17 will need to fix this for you, so this will be my last patch (probably) on this.

I've tried launching xci/nsp - also installing etc, and never had any issues, but because the patches are changed and I'm a noob hacker - you may run into issues, but everything seems OK to me.

Enjoy

 

[RideOnTheStorm]

Rommenu repatched with alternative patches - this fixes cheats menu now. This bypasses the sub that deals with the fingerprint (which I said in the last page). Fixing the fingerprint mod is beyond my skill level so @Reacher17 will need to fix this for you, so this will be my last patch (probably) probably on this.

I've tried launing xci/nsp - also installing etc, and never had any issues, but because the patches are changed and I'm a noob hacker - you may run into issues, but everything seems OK to me.

Enjoy

that's cool you made that!
we're searching the most reliable way for fingerprint cause has some differents check.

 

[straumli]

The @mrdude abides! You are a champ

 

[Naminave]

Is it possible to add SXOS unlocking from a sys-module or sigpatched?

 

[Reacher17]

Rommenu repatched with alternative patches - this fixes cheats menu now. This bypasses the sub that deals with the fingerprint (which I said in the last page). Fixing the fingerprint mod is beyond my skill level so @Reacher17 will need to fix this for you, so this will be my last patch (probably) on this.

I've tried launching xci/nsp - also installing etc, and never had any issues, but because the patches are changed and I'm a noob hacker - you may run into issues, but everything seems OK to me.

Enjoy

Very good job

 

[mrdude]

De-DRM'd - SXDumper (Launch from SXOS Homebrew Menu)

Use with patched SXOS - enjoy!

FYI:

SX Dumper Patch Location 0x592d0

original hex: FD7BBEA9 03009181
patched hex : 00008052 C0035FD6

Arm64 Patch Instruction -
MOV W0, #0
RET

Maybe that will help someone else that wants to try some modding

 

[Inaki]

De-DRM'd - SXDumper

Use with patched SXOS - enjoy!

man, you are on a roll

--------------------- MERGED ---------------------------

@mrdude @Reacher17 do you know the base address where rommenu.bin is put in memory ? thank you.

 

[mrdude]

man, you are on a roll

--------------------- MERGED ---------------------------

@mrdude @Reacher17 do you know the base address where rommenu.bin is put in memory ? thank you.

I've no idea how to even read the memory - I just used ida and had a look for obvious code, I knew the place to patch cheats a few days ago but have been busy doing other stuff. Still that would be a good skill to learn for me as I am quite nooby when it comes to hacking.

 

[Inaki]

I've no idea how to even read the memory - I just used ida and had a look for obvious code, I knew the place to patch cheats a few days ago but have been busy doing other stuff. Still that would be a good skill to learn for me as I am quite nooby when it comes to hacking.

So here's the idea: have a kip module patch this in memory. Since you said this would work with just rommenu patches, I thought I could get into developing for switch ( I am a noob in this area ) doing a loadable kernel module that applies the patches. This would work for any switch model, no need to do anything boot.dat. It would also be easier to work with and debug and it may be enough. So, we shall see. I guess stage 3 or even stage 2 will have the code to map this somewhere, hopefully a fixed address but even if not fixed there could be a pointer to it in a fixed address...

Btw, can sysmodules be used in SX OS without a valid license ?

 

[mrdude]

Does anyone know how to convert SX_Save_Manager_v1.1 from NSP to NRO file - I'll have a look at that next, but I am unsure on how to convert....thanks.

 

[azn_187]

Hi @chronoss can you update your Github with the new Patches?

 

[Naminave]

De-DRM'd - SXDumper (Launch from SXOS Homebrew Menu)

Use with patched SXOS - enjoy!

Here We Go!

--------------------- MERGED ---------------------------

Does anyone know how to convert SX_Save_Manager_v1.1 from NSP to NRO file

Not found

 

[mrdude]

@Ghost92,

Send me the main + main.npdm files.

 

[Inaki]

Does anyone know how to convert SX_Save_Manager_v1.1 from NSP to NRO file - I'll have a look at that next, but I am unsure on how to convert....thanks.

You can use nstool to extract nsp contents.

 

[mrdude]

You can use nstool to extract nsp contents.

What's the commands - I've not used it before - also do you have a link?

 

[Naminave]

What's the commands - I've not used it before - also do you have a link?

Toolbox is better in many ways
https://github.com/KillzXGaming/Switch-Toolbox/releases

 

[mrdude]

I'll have a look later - do you know the commands to repack this, at the moment I am decompiling the main nso file in ida.

 

[Deleted member 117573]

@mrdude where in your script can you edit the license status to display a name of your choosing rather than "Hacked Switch"?

I appreciate all the effort/work everyone involved has poured into this project.

 

[Inaki]

What's the commands - I've not used it before - also do you have a link?

nstool --fsdir <output dir> <nsp path>
nstool -k prod.keys --listfs <output dir you used in previous command>\<some>.nca <<< this for each extracted nca to list partitions
nstool -k prod.keys --part0 <<output dir you used in previous command>\<some>.nca <<< this for each extracted nca to extract partition, change to part1, part2,... for as many as listed.
you would normally do this for the biggest sized nca only.

 

[mrdude]

@mrdude where in your script can you edit the license status to display a name of your choosing rather than "Hacked Switch"?

I appreciate all the effort/work everyone involved has poured into this project.

LOL - in hxd editor - make a new file with the text Hacked Switch - then look at the hex value of that string - that will give you the answer you are looking for, also you will be able to change it to what you want (use txt the same length though or you will break the file).