SigHax Updates and Discussion Thread

Discussion in '3DS - Homebrew Development and Emulators' started by addi33, Dec 29, 2016.

  1. addi33
    OP

    addi33 GBAtemp Advanced Maniac

    Member
    1,576
    672
    Sep 12, 2016
    Gambia, The
    CURRENT STATUS:
    05/20/17
    3ds.guide / Sighax.com / https://3ds.guide/updating-to-boot9strap

    Happy Birthay to meee...

    04/16/17

    @Aurora Wright has added SigHax support to the Latest Release of Luma3ds (7.0)
    • Added unverified New3DS SigHax support (it should work fine, though).

    04/11/17
    EVERYONE WHO HAS A STOCK 3DS/N3DS/2DS DO NOT UPDATE TO 11.4 since it breaks UDSploit and safehax. Go to 3ds.guide and install arm9loaderhax, which you can then use to upgrade to SigHax once we have prot_boot9.bin Thanks.


    04/05/17
    Best place to check the progress on dumping prot_boot9.bin is twitch


    Archive

    What we have:

    SafeSighaxInstaller by d0k3
    bootstrap9 by Yellows8
    bootstrap11 by Yellows8
    CTR Firm Builder by Derrek
    Boot9 Tools by Yellows8


    Boot9 SHA-256? Hash: 2F88744FEED717856386400A44BBA4B9CA62E76A32C715D4F309C399BF28166F
    Boot11 SHA-256? Hash: 74DAACE1F8067B66CC81FC307A3FDB509CBEDC32F903AEBE906144DEA7A07512

    How the arm9 Bootrom is being dumped:

    boot9

    YOU SHOULD BETTER READ THIS FIRST:

    What the heck is SigHax???
    (Thanks to @Zan' for his explanations on this!)
     
    Last edited by addi33, May 20, 2017
    Amost, Bimmel, OrGoN3 and 39 others like this.


  2. Josephvb10

    Josephvb10 The Pokémon guy

    Member
    529
    334
    Aug 26, 2009
    Lumiose City
    So... For the end user, what's the real benefit of this? What will this do that A9LH can't?
     
    ivonov2002 and Xandrid like this.
  3. addi33
    OP

    addi33 GBAtemp Advanced Maniac

    Member
    1,576
    672
    Sep 12, 2016
    Gambia, The
    You will/can have a completely custom Firmware, that is unpatchable, you can literally really do everything, like some common things like bypassing the 300 titles or 40 dsiware titles, this is just 1 little thing that is possible with that, theres a whole bunch of more almost anything you couldn't do before.
     
    Last edited by addi33, Dec 29, 2016
  4. Thesolcity

    Thesolcity Wherever the light shines, it casts a shadow.

    Member
    2,157
    597
    Oct 2, 2010
    United States
    San Miguel
    Danker themes
     
  5. jt_1258

    jt_1258 GBAtemp Maniac

    Member
    1,271
    596
    Aug 21, 2016
    United States
    so we could straight up install android if we wanted to go crazy like that :P
     
    ivonov2002 likes this.
  6. addi33
    OP

    addi33 GBAtemp Advanced Maniac

    Member
    1,576
    672
    Sep 12, 2016
    Gambia, The
    In theory you could make an Android based CFW Yes I think so
     
  7. Zan'

    Zan' 2F88744FEED717856386400A44BBA4B9CA62E76A32C715D4F

    Member
    385
    159
    Oct 8, 2015
    I am sorry to tell you, but you're incorrect with half of your post.

    We are not yet able to do any of this.
    Derrek did dump the bootrom and provided a simple explanation of how he did it.
    He did not make the bootrom public though. Nor any of the code he used.

    This means someone would have to develop code that exploits the Bootrom pointers and leads them to dumper code to dump the bootrom. Which is unstable and likely needs you to have a hardmod to trigger this very early exception without the chance of killing your device.

    If a bootrom was made public it could then be used to procede.

    Then you'd be able to create a signature that ends up on a pointer to the check, which will compare itself with itself. (The actual sighax part) to sign firmwares with this manipulated signature.

    Otherwise someone could also get the bootrom in private and publicise a possible signature to sign firms with.

    However we're not there yet.
     
  8. RednaxelaNnamtra

    RednaxelaNnamtra GBAtemp Advanced Fan

    Member
    741
    629
    Dec 8, 2011
    Gambia, The
    Why would we only able to do it with sighax? We are already loading our own firmware, but only a moment after the arm9loader, and this is only a modified version of the original firmware, because it would be to much work to reverse the complete firmware and rewrite it (we would need to implement everthing the games need to work on arm11, and the complete communication between the arm9 and the arm11).
    The only advantages I see are, that we now have more space available for the payload, and that we don't need the otp to install it (so no <3.0 downgrade).
    Also it should be possible to dump the otp after sighax got installed, since the otp normaly is locked by the firmware/arm9loader very early in boot.

    This is at least my understanding of the situation
     
  9. addi33
    OP

    addi33 GBAtemp Advanced Maniac

    Member
    1,576
    672
    Sep 12, 2016
    Gambia, The
    Because of the Bootroms. With arm9loaderhax you can't read any boot image basically, thats what the bootroms do. If you exploit them to read an unofficial firmware you can do anything you want. ARM9LOADERHAX just launches the arm9loaderhax.bin from your SD Card, thats all it does.
     
    Wizardkoer likes this.
  10. RednaxelaNnamtra

    RednaxelaNnamtra GBAtemp Advanced Fan

    Member
    741
    629
    Dec 8, 2011
    Gambia, The
    I know that, but we are already launching our own code, and we are getting control over the hardware (arm9 and arm11) early in boot (after arm9loader). Because of this we are already able to do everything we want.
    This means, with Sighax we would be able to directly load our own code as firmware, instead of placing it as arm9loaderhax.bin on the sd-card.
     
    Mrrraou likes this.
  11. Zan'

    Zan' 2F88744FEED717856386400A44BBA4B9CA62E76A32C715D4F

    Member
    385
    159
    Oct 8, 2015
    Okay to clear this up.
    We currently patch the official firmware with A9LH and inject cfw code into it.
    Then basically have "cfw".
    This is done via a verification exploit of Arm9 and loads a payload AFTER arm9 is ran.

    Sighax let's you exploit signature verification of the bootrom to basically run "unsigned" (well hax-signed) firmware.
    This has to be written to the firm partition.
    This means your patches would be done static directly to the FIRM and written ro the device. This exploit effectively "skips" the signature checking.
    Therefore it can run before otp disable etc.
    It runs at pretty much the earliest state you can get it.

    This will make it launch slightly faster than A9LH.
    It is useful if you want to install stuff like a custom OS on the 3DS.
    The disadvantage is, that's not as dynamic is A9LH due to it not being a payload on SD, that can easily be exchanged. (Unless your FIRM would load patches from sd. Which then wouldn't really make a lot of sense to use this exploit)
    Therefore it's harder to update - basically like an A9LH update (not the payload but the actual FIRM write).
    You risk bricking each time you write to the FIRM.

    SigHax DOES NOT let you bypass the 300 title limit or any other limits UNLESS your cfw does this. AND technically these patches can also be applied via A9LH. No difference.
     
    Last edited by Zan', Dec 29, 2016
  12. Txustra

    Txustra GBAtemp Fan

    Member
    313
    54
    May 18, 2013
    What about unbanning 3ds?
     
  13. Zan'

    Zan' 2F88744FEED717856386400A44BBA4B9CA62E76A32C715D4F

    Member
    385
    159
    Oct 8, 2015
    Spoof your device to the server and you're good. Otherwise it's a server side ban. There is no difference to the way before.
     
    Mrrraou likes this.
  14. addi33
    OP

    addi33 GBAtemp Advanced Maniac

    Member
    1,576
    672
    Sep 12, 2016
    Gambia, The
    mind if I add this to the OP?
     
    CaptainSwag101 likes this.
  15. Zan'

    Zan' 2F88744FEED717856386400A44BBA4B9CA62E76A32C715D4F

    Member
    385
    159
    Oct 8, 2015
    Feel free to. Also feel free to correct anything that's wrong.
     
    maorninja, CaptainSwag101 and addi33 like this.
  16. addi33
    OP

    addi33 GBAtemp Advanced Maniac

    Member
    1,576
    672
    Sep 12, 2016
    Gambia, The
    K Thanks, maybe I am feeling a little noobish now, but feel free to correct anything you want.
     
    CaptainSwag101 likes this.
  17. addi33
    OP

    addi33 GBAtemp Advanced Maniac

    Member
    1,576
    672
    Sep 12, 2016
    Gambia, The
    Thanks :D I think everything should be clearer now.
     
  18. jt_1258

    jt_1258 GBAtemp Maniac

    Member
    1,271
    596
    Aug 21, 2016
    United States
    i know its a bit of a dumbass mive to think about some of this stuff so early but which do you think sounds better, ccfw(completely custom firmware) or fcfw(fully custom firmware) :/
     
  19. Ghost Liberator

    Ghost Liberator Advanced Member

    Newcomer
    81
    78
    Apr 5, 2016
    Cote d'Ivoire
    The South American Texas :p
    Tempers OS (?)
     
    pokecrafter1551 and gnmmarechal like this.
  20. Jacklack3

    Jacklack3 ( ゚ヮ゚) buddie was here

    Member
    1,359
    1,664
    Oct 6, 2015
    Canada
    In your basement Dick Size: 5 meters.
    it basically turns this
    [​IMG]
    into this
    [​IMG]