SigHax Updates and Discussion Thread

Discussion in '3DS - Homebrew Development and Emulators' started by addi33, Dec 29, 2016.

Dec 29, 2016
  1. addi33
    OP

    Member addi33 GBAtemp Maniac

    Joined:
    Sep 12, 2016
    Messages:
    1,256
    Country:
    Germany
    CURRENT STATUS:
    04/16/17
    @Aurora Wright has added SigHax support to the Latest Release of Luma3ds (7.0)
    • Added unverified New3DS SigHax support (it should work fine, though).

    04/11/17
    EVERYONE WHO HAS A STOCK 3DS/N3DS/2DS DO NOT UPDATE TO 11.4 since it breaks UDSploit and safehax. Go to 3ds.guide and install arm9loaderhax, which you can then use to upgrade to SigHax once we have prot_boot9.bin Thanks.


    04/05/17
    Best place to check the progress on dumping prot_boot9.bin is twitch


    Archive

    What we have:

    SafeSighaxInstaller by d0k3
    bootstrap9 by Yellows8
    bootstrap11 by Yellows8
    CTR Firm Builder by Derrek
    Boot9 Tools by Yellows8


    Boot9 SHA-256? Hash: 2F88744FEED717856386400A44BBA4B9CA62E76A32C715D4F309C399BF28166F
    Boot11 SHA-256? Hash: 74DAACE1F8067B66CC81FC307A3FDB509CBEDC32F903AEBE906144DEA7A07512

    How the arm9 Bootrom is being dumped:

    boot9

    YOU SHOULD BETTER READ THIS FIRST:

    What the heck is SigHax???
    (Thanks to @Zan' for his explanations on this!)
     
    Last edited by addi33, Apr 16, 2017


  2. Josephvb10

    Member Josephvb10 The Pokémon guy

    Joined:
    Aug 26, 2009
    Messages:
    496
    Location:
    Lumiose City
    Country:
    Costa Rica
    So... For the end user, what's the real benefit of this? What will this do that A9LH can't?
     
    Xandrid likes this.
  3. addi33
    OP

    Member addi33 GBAtemp Maniac

    Joined:
    Sep 12, 2016
    Messages:
    1,256
    Country:
    Germany
    You will/can have a completely custom Firmware, that is unpatchable, you can literally really do everything, like some common things like bypassing the 300 titles or 40 dsiware titles, this is just 1 little thing that is possible with that, theres a whole bunch of more almost anything you couldn't do before.
     
    Last edited by addi33, Dec 29, 2016
  4. Thesolcity

    Member Thesolcity Wherever the light shines, it casts a shadow.

    Joined:
    Oct 2, 2010
    Messages:
    2,151
    Location:
    San Miguel
    Country:
    United States
    Danker themes
     
    ZeraTron, MKKhanzo, Rinnux and 10 others like this.
  5. jt_1258

    Member jt_1258 GBAtemp Fan

    Joined:
    Aug 21, 2016
    Messages:
    445
    Country:
    United States
    so we could straight up install android if we wanted to go crazy like that :P
     
  6. addi33
    OP

    Member addi33 GBAtemp Maniac

    Joined:
    Sep 12, 2016
    Messages:
    1,256
    Country:
    Germany
    In theory you could make an Android based CFW Yes I think so
     
    Alkéryn and jt_1258 like this.
  7. Zan'

    Member Zan' 2F88744FEED717856386400A44BBA4B9CA62E76A32C715D4F

    Joined:
    Oct 8, 2015
    Messages:
    384
    Country:
    Japan
    I am sorry to tell you, but you're incorrect with half of your post.

    We are not yet able to do any of this.
    Derrek did dump the bootrom and provided a simple explanation of how he did it.
    He did not make the bootrom public though. Nor any of the code he used.

    This means someone would have to develop code that exploits the Bootrom pointers and leads them to dumper code to dump the bootrom. Which is unstable and likely needs you to have a hardmod to trigger this very early exception without the chance of killing your device.

    If a bootrom was made public it could then be used to procede.

    Then you'd be able to create a signature that ends up on a pointer to the check, which will compare itself with itself. (The actual sighax part) to sign firmwares with this manipulated signature.

    Otherwise someone could also get the bootrom in private and publicise a possible signature to sign firms with.

    However we're not there yet.
     
  8. RednaxelaNnamtra

    Member RednaxelaNnamtra GBAtemp Advanced Fan

    Joined:
    Dec 8, 2011
    Messages:
    696
    Country:
    Germany
    Why would we only able to do it with sighax? We are already loading our own firmware, but only a moment after the arm9loader, and this is only a modified version of the original firmware, because it would be to much work to reverse the complete firmware and rewrite it (we would need to implement everthing the games need to work on arm11, and the complete communication between the arm9 and the arm11).
    The only advantages I see are, that we now have more space available for the payload, and that we don't need the otp to install it (so no <3.0 downgrade).
    Also it should be possible to dump the otp after sighax got installed, since the otp normaly is locked by the firmware/arm9loader very early in boot.

    This is at least my understanding of the situation
     
    awtgrduzwt5r9, Mrrraou and Zan' like this.
  9. addi33
    OP

    Member addi33 GBAtemp Maniac

    Joined:
    Sep 12, 2016
    Messages:
    1,256
    Country:
    Germany
    Because of the Bootroms. With arm9loaderhax you can't read any boot image basically, thats what the bootroms do. If you exploit them to read an unofficial firmware you can do anything you want. ARM9LOADERHAX just launches the arm9loaderhax.bin from your SD Card, thats all it does.
     
  10. RednaxelaNnamtra

    Member RednaxelaNnamtra GBAtemp Advanced Fan

    Joined:
    Dec 8, 2011
    Messages:
    696
    Country:
    Germany
    I know that, but we are already launching our own code, and we are getting control over the hardware (arm9 and arm11) early in boot (after arm9loader). Because of this we are already able to do everything we want.
    This means, with Sighax we would be able to directly load our own code as firmware, instead of placing it as arm9loaderhax.bin on the sd-card.
     
    Mrrraou likes this.
  11. Zan'

    Member Zan' 2F88744FEED717856386400A44BBA4B9CA62E76A32C715D4F

    Joined:
    Oct 8, 2015
    Messages:
    384
    Country:
    Japan
    Okay to clear this up.
    We currently patch the official firmware with A9LH and inject cfw code into it.
    Then basically have "cfw".
    This is done via a verification exploit of Arm9 and loads a payload AFTER arm9 is ran.

    Sighax let's you exploit signature verification of the bootrom to basically run "unsigned" (well hax-signed) firmware.
    This has to be written to the firm partition.
    This means your patches would be done static directly to the FIRM and written ro the device. This exploit effectively "skips" the signature checking.
    Therefore it can run before otp disable etc.
    It runs at pretty much the earliest state you can get it.

    This will make it launch slightly faster than A9LH.
    It is useful if you want to install stuff like a custom OS on the 3DS.
    The disadvantage is, that's not as dynamic is A9LH due to it not being a payload on SD, that can easily be exchanged. (Unless your FIRM would load patches from sd. Which then wouldn't really make a lot of sense to use this exploit)
    Therefore it's harder to update - basically like an A9LH update (not the payload but the actual FIRM write).
    You risk bricking each time you write to the FIRM.

    SigHax DOES NOT let you bypass the 300 title limit or any other limits UNLESS your cfw does this. AND technically these patches can also be applied via A9LH. No difference.
     
    Last edited by Zan', Dec 29, 2016
  12. Txustra

    Member Txustra GBAtemp Fan

    Joined:
    May 18, 2013
    Messages:
    303
    Country:
    Spain
    What about unbanning 3ds?
     
  13. Zan'

    Member Zan' 2F88744FEED717856386400A44BBA4B9CA62E76A32C715D4F

    Joined:
    Oct 8, 2015
    Messages:
    384
    Country:
    Japan
    Spoof your device to the server and you're good. Otherwise it's a server side ban. There is no difference to the way before.
     
    Mrrraou likes this.
  14. addi33
    OP

    Member addi33 GBAtemp Maniac

    Joined:
    Sep 12, 2016
    Messages:
    1,256
    Country:
    Germany
    mind if I add this to the OP?
     
    CaptainSwag101 likes this.
  15. Zan'

    Member Zan' 2F88744FEED717856386400A44BBA4B9CA62E76A32C715D4F

    Joined:
    Oct 8, 2015
    Messages:
    384
    Country:
    Japan
    Feel free to. Also feel free to correct anything that's wrong.
     
    maorninja, CaptainSwag101 and addi33 like this.
  16. addi33
    OP

    Member addi33 GBAtemp Maniac

    Joined:
    Sep 12, 2016
    Messages:
    1,256
    Country:
    Germany
    K Thanks, maybe I am feeling a little noobish now, but feel free to correct anything you want.
     
    CaptainSwag101 likes this.
  17. addi33
    OP

    Member addi33 GBAtemp Maniac

    Joined:
    Sep 12, 2016
    Messages:
    1,256
    Country:
    Germany
    Thanks :D I think everything should be clearer now.
     
  18. jt_1258

    Member jt_1258 GBAtemp Fan

    Joined:
    Aug 21, 2016
    Messages:
    445
    Country:
    United States
    i know its a bit of a dumbass mive to think about some of this stuff so early but which do you think sounds better, ccfw(completely custom firmware) or fcfw(fully custom firmware) :/
     
  19. Ghost Liberator

    Newcomer Ghost Liberator Advanced Member

    Joined:
    Apr 5, 2016
    Messages:
    75
    Location:
    The South American Texas :p
    Country:
    Chile
    Tempers OS (?)
     
    pokecrafter1551 and gnmmarechal like this.
  20. Jacklack3

    Member Jacklack3 OBJECTION!

    Joined:
    Oct 6, 2015
    Messages:
    1,134
    Location:
    Wright & Co. Law Offices
    Country:
    Canada
    it basically turns this
    [​IMG]
    into this
    [​IMG]
     
    ZeraTron, Shawnj, Dysproh and 30 others like this.

Share This Page