Homebrew SigHax Updates and Discussion Thread

[Platinum Lucario]

I have a question regarding dumping ARM9 bootrom and ARM11 bootrom. Will it be possible to do without a hardmod? 'Cause I have a feeling that it will require a hardmod.

Also, every console's bootrom code is slightly different, since the only difference is it's OTP key in the bootrom code (which is initialised upon boot, then scrambled with some other key before being removed from RAM by the ARM9 kernel).

 

[Ryccardo]

I have a question regarding dumping ARM9 bootrom and ARM11 bootrom. Will it be possible to do without a hardmod? 'Cause I have a feeling that it will require a hardmod.

Neither are possible with or without hardmod (meant as soldering wires in the right places - else we wouldn't have to wait for hedgeberg!)

Decapping the CPU (breaking it in the process) would work, but is rather hard & expensive, and an early event in the 3DS scene history (someone asking for donations for this purpose then running away) effectively doomed it

With sighax allowing for a system running 100% non-Nintendo firmware, it may or may not be possible to dump the arm11 bootrom depending on how it starts running; definitely not the arm9 one which finishes running before anything from nand is actually run

Also, every console's bootrom code is slightly different, since the only difference is it's OTP key in the bootrom code

The otp is a separate device from the bootroms (despite physically being inside the cpu/soc), its contents definitely influence the bootrom's actions (you already mentioned the most obvious effect = nand keys) but the decisions themselves are programmed in the bootrom

---

Sighax itself will be able to be installed with a hardmod (if you have kernel partition xorpads AND/OR know the exact contents of those partitions, ie "bought this console, my brother/cousin/dog accidentally updated to 11.4, free games pls")

 

[Deleted User]

I have a question regarding dumping ARM9 bootrom and ARM11 bootrom. Will it be possible to do without a hardmod? 'Cause I have a feeling that it will require a hardmod.

Also, every console's bootrom code is slightly different, since the only difference is it's OTP key in the bootrom code (which is initialised upon boot, then scrambled with some other key before being removed from RAM by the ARM9 kernel).

All of the bootroms are the same actually, the OTP key is stored somewhere else, and the bootrom just initializes it. You can't dump the bootrom with a hardmod, because there is no hardmod that can get even remotely close to what hedge is trying to do in the streams. You need a hardmod to actually install sighax, not to actually get the bootrom.

With sighax allowing for a system running 100% non-Nintendo firmware, it may or may not be possible to dump the arm11 bootrom depending on how it starts running; definitely not the arm9 one which finishes running before anything from nand is actually run

a9lh can already run 100% non-nintendo firmware, nobody wants to develop it though. Sighax will allow the dumping of the a11 protected bootrom, and it has nothing to do with the firmware.

You both should read my thread and sciresm's writeup to clear up some of those misconceptions there.

 

[Platinum Lucario]

All of the bootroms are the same actually, the OTP key is stored somewhere else, and the bootrom just initializes it. You can't dump the bootrom with a hardmod, because there is no hardmod that can get even remotely close to what hedge is trying to do in the streams. You need a hardmod to actually install sighax, not to actually get the bootrom.

Also you mentioned that you need a hardmod to dump the ARM9 bootrom as well in your thread too. This does mean that sighax won't replace A9LH entirely, since there will be many people here that have no knowledge on properly using a soldering iron. And since sighax requires a hardmod to be installed, I'm pretty sure Paliect's 3ds.guide will keep it's instructions on the A9LH installation, but have sighax as an optional thing

 

[Deleted User]

Also you mentioned that you need a hardmod to dump the ARM9 bootrom as well in your thread too. This does mean that sighax won't replace A9LH entirely, since there will be many people here that have no knowledge on properly using a soldering iron. And since sighax requires a hardmod to be installed, I'm pretty sure Paliect's 3ds.guide will keep it's instructions on the A9LH installation, but have sighax as an optional thing

I did not in any way say you can use a hardmod to dump the bootrom. I said you need to solder things to get it, yes, but you cannot actually dump the bootrom with a hardmod. You would need to hook up an fpga and breadboard and run copious amounts of code that underclock the processor while injecting faults in order to have a slight chance to get at the bootrom, which hedgeberg is doing. A simple hardmod that switches a few circuit paths here and there will NOT be able to get at the bootrom without outside influence.

 

[StarTrekVoyager]

So I guess Sighax will release Soon™

 

[Deleted User]

So I guess Sighax will release Soon™

It's Done When It's Done™

We probably won't actually see anything for at the very least another month or two. It's a tedious, lengthy process, and hedge is doing their best.

To paraphrase something she said on stream, "I'm about 95 percent done, but the last 5 percent is just slog and tedium that takes far too long to do".

 

[StarTrekVoyager]

It's Done When It's Done™

We probably won't actually see anything for at the very least another month or two. It's a tedious, lengthy process, and hedge is doing their best.

To paraphrase something she said on stream, "I'm about 95 percent done, but the last 5 percent is just slog and tedium that takes far too long to do".

Yeah, I know. I wouldn't compare the awesome devs who take their time to achieve that with, say, GW team . But anyways, it reminds me of a glitch in the macOS Yosemite updater where the contents of the /usr/local folder where underestimated and if you had Ruby or MacTeX, you were stuck with a "Less than 2 minutes remaining", but the actual process could take up to 11-14 hours Anyways, I wish good luck to these mighty devs !

 

[Platinum Lucario]

So I guess Sighax will release Soon™

I'd give it several more months. Hedgeburg still has a long way to go before ARM9 bootrom can be dumped successfully and fully dumped.

 

[LucarioWolf]

Seems neat, question is how long it will take before anything can be done about the systems on 11.4
I'm currently on 11.4 with a O3DS with HomeBrew still working and luma 7.0.5 but.... Will there be any future possibilities of this working later on in the future.

 

[StarTrekVoyager]

I did not in any way say you can use a hardmod to dump the bootrom. I said you need to solder things to get it, yes, but you cannot actually dump the bootrom with a hardmod. You would need to hook up an fpga and breadboard and run copious amounts of code that underclock the processor while injecting faults in order to have a slight chance to get at the bootrom, which hedgeberg is doing. A simple hardmod that switches a few circuit paths here and there will NOT be able to get at the bootrom without outside influence.

Wait. If getting the bootrom is a Herculean work, how the hell are we supposed to do it ourselves once sighax releases (since it's warez according to your other thread)

 

[Platinum Lucario]

Seems neat, question is how long it will take before anything can be done about the systems on 11.4
I'm currently on 11.4 with a O3DS with HomeBrew still working and luma 7.0.5 but.... Will there be any future possibilities of this working later on in the future.

When a new exploit is found for common system software, and that there's a k11 exploit, then yes. But for now, there isn't any such exploits yet. So remain on that firmware, don't update if there is a newer update in the future (eg. 11.5 or later).

 

[Deleted User]

Wait. If getting the bootrom is a Herculean work, how the hell are we supposed to do it ourselves once sighax releases (since it's warez according to your other thread)

Time, Patience, and Refined technique. Or just find it yourself and pirate it, I'm not your supervisor.

 

[Deleted member 350372]

All of the bootroms are the same actually, the OTP key is stored somewhere else, and the bootrom just initializes it. You can't dump the bootrom with a hardmod, because there is no hardmod that can get even remotely close to what hedge is trying to do in the streams. You need a hardmod to actually install sighax, not to actually get the bootrom.

a9lh can already run 100% non-nintendo firmware, nobody wants to develop it though. Sighax will allow the dumping of the a11 protected bootrom, and it has nothing to do with the firmware.

You both should read my thread and sciresm's writeup to clear up some of those misconceptions there.

Why are some of you guys interested in dumping the whole arm11 bootrom if it barely does anything useful to users and developers? Just wondering since afaik it is uncomparable on what we can do with it compared to what the arm9 bootrom can do.

Also quick question. I know it may sound like a noob question, but when sighax gets released, would it be possible to run a CTRNAND like payload just how arm9loaderhax does?

 

[Platinum Lucario]

Basically, installing sighax is only for those who have knowledge on how to use a soldering iron, from what I've read. Unless I'm incorrectly thinking about what a "hardmod" means.

But if that's true, then sighax will only be optional and not required to be replacing A9LH. But wait, doesn't the bootrom contain console-unique keys for it's NAND encryption too?

 

[hurrz]

I'd give it several more months. Hedgeburg still has a long way to go before ARM9 bootrom can be dumped successfully and fully dumped.

According to the most recent stream, after having it dumped, hedgeberg's friends need to make a software for us (since hedgeberg won't release dumped bootrom). Correct me if I'm wrong! :-]

 

[Deleted User]

Basically, installing sighax is only for those who have knowledge on how to use a soldering iron, from what I've read. Unless I'm incorrectly thinking about what a "hardmod" means.

But if that's true, then sighax will only be optional and not required to be replacing A9LH. But wait, doesn't the bootrom contain console-unique keys for it's NAND encryption too?

INSTALLING sighax is no different than installing a9lh

getting the bootrom is the thing that's super difficult and requires soldering 50 million things

Sighax COULD replace a9lh if you are so inclined.

The bootrom does not contain console unique keys, it contains keys to decrypt 3ds games.

Why are some of you guys interested in dumping the whole arm11 bootrom if it barely does anything useful to users and developers? Just wondering since afaik it is uncomparable on what we can do with it compared to what the arm9 bootrom can do.

KEYS YO

Also quick question. I know it may sound like a noob question, but when sighax gets released, would it be possible to run a CTRNAND like payload just how arm9loaderhax does?

Yes, sighax can do basically everything a9lh can do.

According to the most recent stream, after having it dumped, hedgeberg's friends need to make a software for us (since hedgeberg won't release dumped bootrom). Correct me if I'm wrong! :-]

We already have sighax installers, bootstraps, boot9 tools, and firm builders. At this point, the only thing we need now is the bootrom.

 

[Platinum Lucario]

According to the most recent stream, after having it dumped, hedgeberg's friends need to make a software for us (since hedgeberg won't release dumped bootrom). Correct me if I'm wrong! :-]

Yep, it's true. And Hedgeburg has said that so many times in many of the streams.

 

[Deleted member 350372]

INSTALLING sighax is no different than installing a9lh

getting the bootrom is the thing that's super difficult and requires soldering 50 million things

Sighax COULD replace a9lh if you are so inclined.

The bootrom does not contain console unique keys, it contains keys to decrypt 3ds games.

KEYS YO



Yes, sighax can do basically everything a9lh can do.



We already have sighax installers, bootstraps, boot9 tools, and firm builders. At this point, the only thing we need now is the bootrom.

Ahh yeah. Forgot about the keys. xD I also mean other than obtaining the keys.

 

[Deleted User]

Ahh yeah. Forgot about the keys. xD I also mean other than obtaining the keys.

The arm11 bootloader is essentially just some keys and a few minor handlers, there's not much really there tbh.

Unless you're some super nitty-gritty developer who wants to get super-deep into hardware development, or you like to poke around with keys, or you're reverse engineering a 3DS, there's not too much to do with an arm11 bootrom.