Homebrew SigHax Updates and Discussion Thread

Deleted member 350372

Well-Known Member
Member
Joined
Jun 15, 2014
Messages
316
Trophies
0
Age
29
Location
boot.firm, New Jersey
XP
388
Country
United States
The arm11 bootloader is essentially just some keys and a few minor handlers, there's not much really there tbh.

Unless you're some super nitty-gritty developer who wants to get super-deep into hardware development, or you like to poke around with keys, or you're reverse engineering a 3DS, there's not too much to do with an arm11 bootrom.
Yeah. That's true. Lol. I just am an average user that has been in the 3ds hacking scene for quite a bit.
 

trainboy2019

Well-Known Member
Member
Joined
Oct 6, 2015
Messages
1,114
Trophies
0
Age
23
Location
GA
XP
1,117
Country
United States
Wait. But Hedgeberg is on it since something like 6 months. So it means that we'll have to go through these 8-9 months of work if we wanna hack our 3DSes in the future?
Once hedge gets the bootrom, he will be able to make a sight installer that everyone can use. He just needs to figure out how the bootrom works.
 
  • Like
Reactions: hurrz
D

Deleted User

Guest
Wait. But Hedgeberg is on it since something like 6 months. So it means that we'll have to go through these 8-9 months of work if we wanna hack our 3DSes in the future?

Yeah probably. Unless Derrek or Hedge decide to silently drop a torrent, or somebody else cracks it in the meantime.

It is entirely possible that some miracle breakthrough will get it released in the coming week, or we might never get it at all.

Once hedge gets the bootrom, he will be able to make a sight installer that everyone can use. He just needs to figure out how the bootrom works.

We already have installers. Two of them, actually (one from @d0k3 and one Derrek is working on). We need the actual bootrom to modify and install in order to actually use sighax.
 
  • Like
Reactions: hurrz
Joined
Jun 19, 2016
Messages
1,091
Trophies
0
Age
23
Location
Paris
XP
1,034
Country
France
Once hedge gets the bootrom, he will be able to make a sight installer that everyone can use. He just needs to figure out how the bootrom works.

So basically, if I read between the lines, we'll have to wait until a kind person uploads the bootrom on that ISO/chaos/whatever site, or until Plailect decides to put a magnet link in 3ds.guide like with the other warez it contains.
 
D

Deleted User

Guest
So basically, if I read between the lines, we'll have to wait until a kind person uploads the bootrom on that ISO/chaos/whatever site, or until Plailect decides to put a magnet link in 3ds.guide like with the other warez it contains.

Yep, basically.

I was thinking about maybe making some treasure hunt over a bunch of posts and status posts here that link to one, but that would take too much time and effort. And once somebody figured it out I'd be permabanned. So Yeah, not doing that shit.
 

trainboy2019

Well-Known Member
Member
Joined
Oct 6, 2015
Messages
1,114
Trophies
0
Age
23
Location
GA
XP
1,117
Country
United States
So basically, if I read between the lines, we'll have to wait until a kind person uploads the bootrom on that ISO/chaos/whatever site, or until Plailect decides to put a magnet link in 3ds.guide like with the other warez it contains.
Not necessarily, Hedge may just need to understand the code of the bootrom, and then make an installer that exploits it.
 
  • Like
Reactions: hurrz
D

Deleted User

Guest
Not necessarily, Hedge may just need to understand the code of the bootrom, and then make an installer that exploits it.

Again, we already have two installers. If we can get the whole bootrom out, we have sighax. Literally everything else is already finished.
 

Billy Acuña

Well-Known Member
Member
Joined
Oct 10, 2015
Messages
3,126
Trophies
1
Age
31
XP
3,701
Country
Mexico
Again, we already have two installers. If we can get the whole bootrom out, we have sighax. Literally everything else is already finished.
Yes and no.
I think what we need is a workaround to get the bootrom vía software (or some kind of SHA). There is a reason why we still don't have Sighax on our own 3DSs.
 
D

Deleted User

Guest
Yes and no.
I think what we need is a workaround to get the bootrom vía software (or some kind of SHA). There is a reason why we still don't have Sighax on our own 3DSs.

We CANNOT get the bootrom via software, because it locks itself during boot. That's why hedge has to go through all this trouble of soldering wires and bells and whistles onto greg, underclocking the CPU, injecting faults, and tinkering with UART code on the streams. There isn't a workaround because it's all on pretty much the lowest level of the 3DS hardware. I mean, the bootrom is, for lack of a better explanation, soldered into the processor of the 3DS, where it runs once on boot then is completely separated from the rest of the system until it turns completely off, and then back on again.
 

BL4Z3D247

GBAtemp Stoner
Member
Joined
Oct 22, 2008
Messages
1,942
Trophies
0
Age
39
Location
I'm so high, I don't even know!
XP
1,229
Country
United States
Hedge said on Thursday night's stream that a good friend of theirs is going to do the software side of SigHax as Hedge isn't yet that great with the software side of things. They said it would be a piece of software that allowed for users to dump their own bootrom and use said bootrom to install SigHax. They were very adamant that they wouldn't actually be releasing anything but a good friend would be.

Just in case people missed that on Thursday's stream.
 

zoogie

playing around in the end of life
Developer
Joined
Nov 30, 2014
Messages
8,560
Trophies
2
XP
15,001
Country
Micronesia, Federated States of
Hedge said on Thursday night's stream that a good friend of theirs is going to do the software side of SigHax as Hedge isn't yet that great with the software side of things. They said it would be a piece of software that allowed for users to dump their own bootrom and use said bootrom to install SigHax. They were very adamant that they wouldn't actually be releasing anything but a good friend would be.

Just in case people missed that on Thursday's stream.
The bootrom is only needed to make the finishing touches on the bruteforcer.
Myriachan and SciresM are the only ones who need the bootrom for this task -- mass distribution of the bootrom is not necessary for sighax installation. The bruteforcing, presumably a community effort, will produce a 256 byte perfect signature which is what will actually be used to implement sighax on people's consoles.

However, bootrom is still needed for it's keys, namely for arm11/PC side decryption tools. I assume that's what hedge means when talking about public distribution of a dumper tool, but I honestly think boot9 (or it's keys) will leak before then.
 
Last edited by zoogie,
D

Deleted User

Guest
The bootrom is only needed to make the finishing touches on the bruteforcer.
Myriachan and SciresM are the only ones who need the bootrom for this task -- mass distribution of the bootrom is not necessary for sighax installation. The bruteforcing, presumably a community effort, will produce a 256 byte perfect signature which is what will actually be used to implement sighax on people's consoles.

However, bootrom is still needed for it's keys, namely for arm11/PC side decryption tools. I assume that's what hedge means when talking about public distribution of a dumper tool, but I honestly think boot9 will leak before then.

Here's the million dollar question, though: How will a dumper tool actually run properly without essentially getting a bunch of greg clones floating around?

And, this is more of a noob question, do we even know whether or not the installers (d0k3's and derrek's) use the 256 sig or boot9 itself?

EDIT FOR CLARIFICATION: I know we use the actual sig for sighax, but I'm wondering whether these installers will pull the sig from boot9 itself or use the sig from the bruteforcer.
 
Last edited by ,

BL4Z3D247

GBAtemp Stoner
Member
Joined
Oct 22, 2008
Messages
1,942
Trophies
0
Age
39
Location
I'm so high, I don't even know!
XP
1,229
Country
United States
The bootrom is only needed to make the finishing touches on the bruteforcer.
Myriachan and SciresM are the only ones who need the bootrom for this task -- mass distribution of the bootrom is not necessary for sighax installation. The bruteforcing, presumably a community effort, will produce a 256 byte perfect signature which is what will actually be used to implement sighax on people's consoles.

However, bootrom is still needed for it's keys, namely for arm11/PC side decryption tools. I assume that's what hedge means when talking about public distribution of a dumper tool, but I honestly think boot9 will leak before then.
Ah, gotcha. That makes sense.

I figured the software Hedge was referring to would be similar to that of dumping the OTP.bin. That's how I took Hedge's statement at least.
 
  • Like
Reactions: zoogie

zoogie

playing around in the end of life
Developer
Joined
Nov 30, 2014
Messages
8,560
Trophies
2
XP
15,001
Country
Micronesia, Federated States of
Here's the million dollar question, though: How will a dumper tool actually run properly without essentially getting a bunch of greg clones floating around? A software hax instead of hardware hax like what hedge is doing now. this is just theoretical, there may not even be a way to soft-dump the bootrom. we won't know until we have the bootrom.

And, this is more of a noob question, do we even know whether or not the installers (d0k3's and derrek's) use the 256 sig or boot9 itself?

EDIT FOR CLARIFICATION: I know we use the actual sig for sighax, but I'm wondering whether these installers will pull the sig from boot9 itself or use the sig from the bruteforcer.
The installers will just write the pre-computed perfect sig (and cfw) to your 3ds. The bruteforcer is a PC app that will take possibly weeks on many PCs to compute this sig. The bootrom dump just helps us narrow down the possibilities (due to a bootrom flaw) so it's actually feasible within our lifetimes.
 
D

Deleted User

Guest

>software hax

yeah no actually that is completely impossible, and I actually mentioned it earlier in this thread. I didn't know you actually meant using software hax to get at it, I thought you meant some sort of windows/linux executable that dumps the bootrom from a wired system.

Why it's impossible: On boot, boot9 runs pretty much right off the bat at the beginning, and then completely locks itself to the rest of the system after it's done. There is no software or hardware way to access it after that, and the only way we can get at it in the first place is by injecting false error codes into the tiny piece of volatile ram that doesn't actually clear itself that points to a dumper code to dump the bootrom. If we can't cause the exception, we can't get the bootrom, because it locks itself after that if it runs cleanly. Even once we have the bootrom, we won't be able to softdump it, because of how it's made in the factory.

Thanks for your answer about the installers, though. I didn't realize that the brute forcer actually exists (nobody seems to talk about it, ever), but it's good to know that there will actually be an extra step between the bootrom dump and sighax.
 

adrifcastr

Well-Known Member
OP
Member
Joined
Sep 12, 2016
Messages
2,038
Trophies
0
XP
1,947
Country
Germany
Again, we already have two installers. If we can get the whole bootrom out, we have sighax. Literally everything else is already finished.
Wrong. You should think before posting.
We also need some SigHaxed firms or even the bruteforced signature. So please stop being the new bakawun. Thanks.
 

hurrz

Well-Known Member
Member
Joined
Apr 17, 2017
Messages
217
Trophies
0
XP
609
Country
Gambia, The
They're in the OP of this thread.
Alright thanks but there is no release (e.g. for the installer) yet, since I cannot see anything under the section "Releases"?

(I do not want to be annoying, I am just a noob I guess and I do not want to miss anything before it is taken down or something.)
 

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
  • Xdqwerty
    what are you looking at?
  • BakerMan
    I rather enjoy a life of taking it easy. I haven't reached that life yet though.
  • NinStar
    Xdqwerty @ Xdqwerty: @BakerMan, which one of your brothers?