Hacking Hack SXOS

CompSciOrBust

CompSciOrBust

🤔
Member
Level 11
Joined
Sep 9, 2019
Messages
904
Trophies
1
Location
Switch scene
Website
github.com
XP
2,663
Country
Korea, North
Detroitguy22 said:
Looks fake, the gane card is pushed in and that why it appears on the main screen and it just a nro that looks like sx that has a license
Click to expand...
That's what I'm thinking. I'm not saying it 100% is but it seems like it. The rom menu doesn't actually do anything to verify if the license is valid, it uses IPC with the tx sys-module using command 26. Also if the version he's launching from hb menu is ripped and modded from the boot.dat why doesn't it have an icon? It had one when Pragma ripped it, unless it has since been removed.

Maybe op could give more details about how it works, I could be wrong. @Reacher17

Edit: agpixel claims to have tested it so I'm probably wrong.
 
Last edited by CompSciOrBust,
R

Reacher17

Well-Known Member
OP
Member
Level 5
Joined
Sep 18, 2019
Messages
128
Trophies
0
XP
755
Country
France
CompSciOrBust said:
That's what I'm thinking. I'm not saying it 100% is but it seems like it. The rom menu doesn't actually do anything to verify if the license is valid, it uses IPC with the tx sys-module using command 26. Also if the version he's launching from hb menu is ripped and modded from the boot.dat why doesn't it have an icon? It had one when Pragma ripped it, unless it has since been removed.

Maybe op could give more details about how it works, I could be wrong. @Reacher17

Edit: agpixel claims to have tested it so I'm probably wrong.
Click to expand...
no he tested well. no icon needed I put it back in the boot.dat file

--------------------- MERGED ---------------------------

 
agpixel

agpixel

Well-Known Member
Newcomer
Level 7
Joined
Jun 23, 2015
Messages
76
Trophies
0
Age
24
XP
1,168
Country
France
Yes it seems to work, but currently it's not the last version, very cool though ! It need some trials to launch but it launch :)
I need to downgrade to test all features
 
mrdude

mrdude

Developer
Developer
Level 19
Joined
Dec 11, 2015
Messages
3,071
Trophies
1
Age
56
XP
8,227
mikefor20

mikefor20

Well-Known Member
Member
Level 13
Joined
Jan 12, 2009
Messages
1,920
Trophies
2
Location
Mushroom Kingdom ( o Y o )
XP
3,806
Country
United States
Last edited by Joe88, , Reason: Removed off topic quote
mrdude

mrdude

Developer
Developer
Level 19
Joined
Dec 11, 2015
Messages
3,071
Trophies
1
Age
56
XP
8,227
Reacher17 said:
pragma the person who believed hacked the sxos just with the rommenu?:rofl2:
Click to expand...

I've managed to find the python script to unpack boot.dat now, renamed ROMMENU.bin to nro and opened that in IDApro - patched those sub routines. So now I have payload_80000000.bin still to patch, how are you opening this in IDA (what loader are you using?), also do you have a link for the script to repack all the files once they are patched?
 
  • Like
Reactions: wolf_
R

Reacher17

Well-Known Member
OP
Member
Level 5
Joined
Sep 18, 2019
Messages
128
Trophies
0
XP
755
Country
France
get sha256 from payload80000000.bin and paste it into stage2 at address 0x126A0

--------------------- MERGED ---------------------------

then get the sha256 from stage2 and paste it into the boot.dat file at address 0x10

--------------------- MERGED ---------------------------

select in the boot.dat the code from 0x0 to 0xDF size 0xE0 and recover the sha256

--------------------- MERGED ---------------------------

and pasted the sha256 at address 0xE0 in the boot.dat file

--------------------- MERGED ---------------------------

you still need to re-encrypt the payload80000000.bin and stage2 and put them back in the boot.dat file
 

Site & Scene News

Go to forum More news

Popular threads in this forum

Hacking Misc  Getting the MIG Switch to load an XCI dump without its original Initial Data

Emulation Homebrew  duckstation for Switch

Can you trade in a banned switch for an unbanned one?

Why is Atmosphere so dominant?

Crosscode Hacking thread

Hacking  Loader.kip for AMS 1.7.0 with FW 17.0.1 - sys-clk error ??

Migswitch backups without certificate files

Hacking  Weird findings from that DQ trilogy switch port

General chit-chat
Help Users
  • No one is chatting at the moment.
    Sonic Angel Knight @ Sonic Angel Knight: :ninja: