Homebrew SigHax Updates and Discussion Thread

[Deleted member 350372]

The arm11 bootloader is essentially just some keys and a few minor handlers, there's not much really there tbh.

Unless you're some super nitty-gritty developer who wants to get super-deep into hardware development, or you like to poke around with keys, or you're reverse engineering a 3DS, there's not too much to do with an arm11 bootrom.

Yeah. That's true. Lol. I just am an average user that has been in the 3ds hacking scene for quite a bit.

 

[StarTrekVoyager]

Time, Patience, and Refined technique. Or just find it yourself and pirate it, I'm not your supervisor.

Wait. But Hedgeberg is on it since something like 6 months. So it means that we'll have to go through these 8-9 months of work if we wanna hack our 3DSes in the future?

 

[trainboy2019]

Wait. But Hedgeberg is on it since something like 6 months. So it means that we'll have to go through these 8-9 months of work if we wanna hack our 3DSes in the future?

Once hedge gets the bootrom, he will be able to make a sight installer that everyone can use. He just needs to figure out how the bootrom works.

 

[Deleted User]

Wait. But Hedgeberg is on it since something like 6 months. So it means that we'll have to go through these 8-9 months of work if we wanna hack our 3DSes in the future?

Yeah probably. Unless Derrek or Hedge decide to silently drop a torrent, or somebody else cracks it in the meantime.

It is entirely possible that some miracle breakthrough will get it released in the coming week, or we might never get it at all.

Once hedge gets the bootrom, he will be able to make a sight installer that everyone can use. He just needs to figure out how the bootrom works.

We already have installers. Two of them, actually (one from @d0k3 and one Derrek is working on). We need the actual bootrom to modify and install in order to actually use sighax.

 

[StarTrekVoyager]

Once hedge gets the bootrom, he will be able to make a sight installer that everyone can use. He just needs to figure out how the bootrom works.

So basically, if I read between the lines, we'll have to wait until a kind person uploads the bootrom on that ISO/chaos/whatever site, or until Plailect decides to put a magnet link in 3ds.guide like with the other warez it contains.

 

[Deleted User]

So basically, if I read between the lines, we'll have to wait until a kind person uploads the bootrom on that ISO/chaos/whatever site, or until Plailect decides to put a magnet link in 3ds.guide like with the other warez it contains.

Yep, basically.

I was thinking about maybe making some treasure hunt over a bunch of posts and status posts here that link to one, but that would take too much time and effort. And once somebody figured it out I'd be permabanned. So Yeah, not doing that shit.

 

[trainboy2019]

So basically, if I read between the lines, we'll have to wait until a kind person uploads the bootrom on that ISO/chaos/whatever site, or until Plailect decides to put a magnet link in 3ds.guide like with the other warez it contains.

Not necessarily, Hedge may just need to understand the code of the bootrom, and then make an installer that exploits it.

 

[Deleted User]

Not necessarily, Hedge may just need to understand the code of the bootrom, and then make an installer that exploits it.

Again, we already have two installers. If we can get the whole bootrom out, we have sighax. Literally everything else is already finished.

 

[Billy Acuña]

Again, we already have two installers. If we can get the whole bootrom out, we have sighax. Literally everything else is already finished.

Yes and no.
I think what we need is a workaround to get the bootrom vía software (or some kind of SHA). There is a reason why we still don't have Sighax on our own 3DSs.

 

[Deleted User]

Yes and no.
I think what we need is a workaround to get the bootrom vía software (or some kind of SHA). There is a reason why we still don't have Sighax on our own 3DSs.

We CANNOT get the bootrom via software, because it locks itself during boot. That's why hedge has to go through all this trouble of soldering wires and bells and whistles onto greg, underclocking the CPU, injecting faults, and tinkering with UART code on the streams. There isn't a workaround because it's all on pretty much the lowest level of the 3DS hardware. I mean, the bootrom is, for lack of a better explanation, soldered into the processor of the 3DS, where it runs once on boot then is completely separated from the rest of the system until it turns completely off, and then back on again.

 

[hurrz]

We already have sighax installers, bootstraps, boot9 tools, and firm builders. At this point, the only thing we need now is the bootrom.

Are these ressources available online?

 

[Deleted User]

Are these ressources available online?

They're in the OP of this thread.

 

[BL4Z3D247]

Hedge said on Thursday night's stream that a good friend of theirs is going to do the software side of SigHax as Hedge isn't yet that great with the software side of things. They said it would be a piece of software that allowed for users to dump their own bootrom and use said bootrom to install SigHax. They were very adamant that they wouldn't actually be releasing anything but a good friend would be.

Just in case people missed that on Thursday's stream.

 

[zoogie]

Hedge said on Thursday night's stream that a good friend of theirs is going to do the software side of SigHax as Hedge isn't yet that great with the software side of things. They said it would be a piece of software that allowed for users to dump their own bootrom and use said bootrom to install SigHax. They were very adamant that they wouldn't actually be releasing anything but a good friend would be.

Just in case people missed that on Thursday's stream.

The bootrom is only needed to make the finishing touches on the bruteforcer.
Myriachan and SciresM are the only ones who need the bootrom for this task -- mass distribution of the bootrom is not necessary for sighax installation. The bruteforcing, presumably a community effort, will produce a 256 byte perfect signature which is what will actually be used to implement sighax on people's consoles.

However, bootrom is still needed for it's keys, namely for arm11/PC side decryption tools. I assume that's what hedge means when talking about public distribution of a dumper tool, but I honestly think boot9 (or it's keys) will leak before then.

 

[Deleted User]

The bootrom is only needed to make the finishing touches on the bruteforcer.
Myriachan and SciresM are the only ones who need the bootrom for this task -- mass distribution of the bootrom is not necessary for sighax installation. The bruteforcing, presumably a community effort, will produce a 256 byte perfect signature which is what will actually be used to implement sighax on people's consoles.

However, bootrom is still needed for it's keys, namely for arm11/PC side decryption tools. I assume that's what hedge means when talking about public distribution of a dumper tool, but I honestly think boot9 will leak before then.

Here's the million dollar question, though: How will a dumper tool actually run properly without essentially getting a bunch of greg clones floating around?

And, this is more of a noob question, do we even know whether or not the installers (d0k3's and derrek's) use the 256 sig or boot9 itself?

EDIT FOR CLARIFICATION: I know we use the actual sig for sighax, but I'm wondering whether these installers will pull the sig from boot9 itself or use the sig from the bruteforcer.

 

[BL4Z3D247]

The bootrom is only needed to make the finishing touches on the bruteforcer.
Myriachan and SciresM are the only ones who need the bootrom for this task -- mass distribution of the bootrom is not necessary for sighax installation. The bruteforcing, presumably a community effort, will produce a 256 byte perfect signature which is what will actually be used to implement sighax on people's consoles.

However, bootrom is still needed for it's keys, namely for arm11/PC side decryption tools. I assume that's what hedge means when talking about public distribution of a dumper tool, but I honestly think boot9 will leak before then.

Ah, gotcha. That makes sense.

I figured the software Hedge was referring to would be similar to that of dumping the OTP.bin. That's how I took Hedge's statement at least.

 

[zoogie]

Here's the million dollar question, though: How will a dumper tool actually run properly without essentially getting a bunch of greg clones floating around? A software hax instead of hardware hax like what hedge is doing now. this is just theoretical, there may not even be a way to soft-dump the bootrom. we won't know until we have the bootrom.

And, this is more of a noob question, do we even know whether or not the installers (d0k3's and derrek's) use the 256 sig or boot9 itself?

EDIT FOR CLARIFICATION: I know we use the actual sig for sighax, but I'm wondering whether these installers will pull the sig from boot9 itself or use the sig from the bruteforcer.
The installers will just write the pre-computed perfect sig (and cfw) to your 3ds. The bruteforcer is a PC app that will take possibly weeks on many PCs to compute this sig. The bootrom dump just helps us narrow down the possibilities (due to a bootrom flaw) so it's actually feasible within our lifetimes.

 

[Deleted User]

blank

>software hax

yeah no actually that is completely impossible, and I actually mentioned it earlier in this thread. I didn't know you actually meant using software hax to get at it, I thought you meant some sort of windows/linux executable that dumps the bootrom from a wired system.

Why it's impossible: On boot, boot9 runs pretty much right off the bat at the beginning, and then completely locks itself to the rest of the system after it's done. There is no software or hardware way to access it after that, and the only way we can get at it in the first place is by injecting false error codes into the tiny piece of volatile ram that doesn't actually clear itself that points to a dumper code to dump the bootrom. If we can't cause the exception, we can't get the bootrom, because it locks itself after that if it runs cleanly. Even once we have the bootrom, we won't be able to softdump it, because of how it's made in the factory.

Thanks for your answer about the installers, though. I didn't realize that the brute forcer actually exists (nobody seems to talk about it, ever), but it's good to know that there will actually be an extra step between the bootrom dump and sighax.

 

[adrifcastr]

Again, we already have two installers. If we can get the whole bootrom out, we have sighax. Literally everything else is already finished.

Wrong. You should think before posting.
We also need some SigHaxed firms or even the bruteforced signature. So please stop being the new bakawun. Thanks.

 

[hurrz]

They're in the OP of this thread.

Alright thanks but there is no release (e.g. for the installer) yet, since I cannot see anything under the section "Releases"?

(I do not want to be annoying, I am just a noob I guess and I do not want to miss anything before it is taken down or something.)