Toggle sidebar

Homebrew SigHax Updates and Discussion Thread

  • Thread starter Thread starter adrifcastr
  • Start date Start date
  • Views Views 531,397
  • Replies Replies 3,813
  • Likes Likes 43
Giodude said:
Keep in mind as an a9lh user, it would have no use to me, but in theory, since the bootrom keys allow multiple things to be decrypted and signed, would this allow for the redirection of system updates through a custom DNS server? I'd assume not, but I'm not entirely sure why, unless it's some sort of server-side encryption I'm not aware of. This is mainly for curiosity sake, and partly to change the topic of the thread.

P.S. it's not a bootrom exploit.
Click to expand...
bootrom key is only used to sign and verify boot0 nothing else so no it's no good for system updates
 
From #1 - why do you need the public dump? Isn't/wasn't it's only use in 1. identifying the exploitable bug and 2. seeing where the pointers are pointing to?
 
Giodude said:
Keep in mind as an a9lh user, it would have no use to me, but in theory, since the bootrom keys allow multiple things to be decrypted and signed, would this allow for the redirection of system updates through a custom DNS server? I'd assume not, but I'm not entirely sure why, unless it's some sort of server-side encryption I'm not aware of. This is mainly for curiosity sake, and partly to change the topic of the thread.

P.S. it's not a bootrom exploit.
Click to expand...
Actually this has a lot of use for you, it's basically an updated A9LH.
What are basically saying is, "As a Menuhax user, A9LH has not use to me."
I am not sure about the details on the rest, since I don't know those details
 
  • Like
Reactions: Deleted User
HyperT said:
From #1 - why do you need the public dump? Isn't/wasn't it's only use in 1. identifying the exploitable bug and 2. seeing where the pointers are pointing to?
Click to expand...
We don't have any of this information, the guys from 32c3 didn't put up any useful info publically so all we have is their explanation of what they did
 
  • Like
Reactions: HyperT
OK, suppose there's a vending machine that takes coins. It validates the coins by size and weight. So you run across some Bangladeshi coins that have the exact same size as an acceptable coin, just are a bit too light. So your exploit is to melt some lead and add a few drops on the coins, which now have the correct weight and the vending machine accepts them.

What are you now exploiting? You're changing the coin, but the thing you're *taking advantage of* is the way the machine validates the coins. So it's a machine-exploit, not a coin-exploit. Same with the bootrom. You're taking advantage of something that's incorrectly implemented in the bootrom, so it's a bootrom exploit.

Other than that, since the presenters are choosing do things the fail0verflow way, I'm not expecting anything for a while, but I doubt they won't help / give some pointers to serious devs that come up something and get stuck.
 
  • Like
Reactions: Deleted User, awtgrduzwt5r9, jtvjan and 5 others
VinLark said:
Holy shit, this thread just needs to be locked. Too many people having a fucking fight over what sighax is and what it does. Either the OP needs to explain it or there needs to be a better thread. Maybe there just needs to not be one at all, would that make the community happy?
Click to expand...
Or we could try and not get the thread locked. We need a dedicated thread.
People could just do that thing where they report off topic posts, instead of replying to them
 
  • Like
Reactions: jtvjan and Xiphiidae
Crystal the Glaceon said:
Actually this has a lot of use for you, it's basically an updated A9LH.
What are basically saying is, "As a Menuhax user, A9LH has not use to me."
I am not sure about the details on the rest, since I don't know those details
Click to expand...
I meant I don't need to downgrade. Ik this allows for completely different boot images and I'm hype about that.
 
  • Like
Reactions: jtvjan and adrifcastr
So basically unless we have an arm9 exploit or hardmod to write the firm partition sighax is useless. Which means only 9.2 sysnand or below/a9lh systems will be able to make use of this hack for now. Was there any information on a newer arm9 exploit?
 
Crystal the Glaceon said:
Actually this has a lot of use for you, it's basically an updated A9LH.
What are basically saying is, "As a Menuhax user, A9LH has not use to me."
I am not sure about the details on the rest, since I don't know those details
Click to expand...

The only downside i see to this is having to risk your console every time you update sighax, if the patches have to be built in the firm. Unlike updating a9lh's payload. It could be comparable to updating a9lh itself (which has only had 2 updates so far)

EDIT: A9lh has had at least 3 updates. With them being a9lhv1, a9lhv2, and CTRNAND capable a9lhv2.

--------------------- MERGED ---------------------------

mikey420 said:
So basically unless we have an arm9 exploit or hardmod to write the firm partition sighax is useless. Which means only 9.2 sysnand or below/a9lh systems will be able to make use of this hack for now. Was there any information on a newer arm9 exploit?
Click to expand...

You need an arm9 way of writing into the NAND (a9lh/9.2/Dsiware may be able to work for this), or a direct hardmod (it's writing directly to NAND, duh)
 
Last edited by Alex658,
Alex658 said:
The only downside i see to this is having to risk your console every time you update sighax, if the patches have to be built in the firm. Unlike updating a9lh's payload. It could be comparable to updating a9lh itself (which has only had 2 updates so far)

EDIT: A9lh has had at least 3 updates. With them being a9lhv1, a9lhv2, and CTRNAND capable a9lhv2.
Click to expand...
There's a risk of bricking when updating A9LH. Nothing is without risk. Once it is released and becomes stable, the fear will be at A9LH level
 
Crystal the Glaceon said:
There's a risk of bricking when updating A9LH. Nothing is without risk. Once it is released and becomes stable, the fear will be at A9LH level
Click to expand...

I know that. What i'm getting at is the frequency at which you're going to be needing to update the firms. You don't update a9lh (the loader, not the payload) each time a new corbenik/luma commit is up, yes?

If payloads are separate from patched firms then even if practically the same thing as a9lh, except for slightly earlier control of the console, it would minimize risks. Don't you think?
 
so will signhax let you bypass the detection in some games where it deteces the code of the game plugin of ntr cfw ain't legit and doesn't let you go online?
 
MorshumanKL02 said:
so will signhax let you bypass the detection in some games where it deteces the code of the game plugin of ntr cfw ain't legit and doesn't let you go online?
Click to expand...
The reason for you not being able to go online is because the plugin blocks it.
The default ntr plugin main by Cell9 is made to do this.
However there was one released that removed this online block. Plugins built with this modified version will not block online.

And EVEN IF the game was preventing you from going online due to modified code. Why exactly would Sighax change anything?

SigHax doesn't change anything about your Custom Firmware.
If SigHax can do it. A9LH likely can do it as well. (Given the CFW supports it)

HyperT said:
From #1 - why do you need the public dump? Isn't/wasn't it's only use in 1. identifying the exploitable bug and 2. seeing where the pointers are pointing to?
Click to expand...
Well first of all we need to know the pointer for the Signature check to exploit the bad verification and let it memcmp the expected result pointer with the sigpointer (that should now be the expected result pointer).

And additionally. I think the way bruteforcing would work by using the BootROM dump to do the verification on the computer rather than on 3ds (because we don't need the blackbox method anymore).
Meaning we can generate a signature with this fixed pointer over and over and see if it checks out. Without needing to reinject the edited FIRM over and over again into the device to see if it works.
This will make bruteforcing a signature that checks out with the pointer at the end considerably faster.

(At least this is my understanding of it. Please correct me if I'm wrong)
 
Last edited by Zan',
Zan' said:
The reason for you not being able to go online is because the plugin blocks it.
The default ntr plugin main by Cell9 is made to do this.
However there was one released that removed this online block. Plugins built with this modified version will not block online.

And EVEN IF the game was preventing you from going online due to modified code. Why exactly would Sighax change anything?

SigHax doesn't change anything about your Custom Firmware.
If SigHax can do it. A9LH likely can do it as well. (Given the CFW supports it)


Well first of all we need to know the pointer for the Signature check to exploit the bad verification and let it memcmp the expected result pointer with the sigpointer (that should now be the expected result pointer).

And additionally. I think the way bruteforcing would work by using the BootROM dump to do the verification on the computer rather than on 3ds (because we don't need the blackbox method anymore).
Meaning we can generate a signature with this fixed pointer over and over and see if it checks out. Without needing to reinject the edited FIRM over and over again into the device to see if it works.
This will make bruteforcing a signature that checks out with the pointer at the end considerably faster.

(At least this is my understanding of it. Please correct me if I'm wrong)
Click to expand...
Ah okay, that makes sense, I did see that one of the game plugin that i used to attempt to go online was made by cell9 among a few other ppl. So i feel i should ask is there a converter i can use to convert my .plg to not block online? Do i have to grab a program or something to edit the .plg and manually modify it?
 
MorshumanKL02 said:
Ah okay, that makes sense, I did see that one of the game plugin that i used to attempt to go online was made by cell9 among a few other ppl. So i feel i should ask is there a converter i can use to convert my .plg to not block online? Do i have to grab a program or something to edit the .plg and manually modify it?
Click to expand...
Cheating online is a pretty scumbag thing to do, that's why it blocks you from going online
 
  • Like
Reactions: Deleted User, DrkBeam and adrifcastr
MorshumanKL02 said:
Yea but only if your a ftw hacker. i hack for other personal reasons.
Click to expand...
It thosent matter why you cheat, your still ruining the experience for others by removing the even playing field which is a pretty shitty thing to do
 
  • Like
Reactions: Deleted User, slaphappygamer and adrifcastr

Site & Scene News

Go to forum More news

Popular threads in this forum

Why did the price of 3ds shoot up ?

Hacking Homebrew Project  BlazerTube - a YouTube 3DS revival using the REAL app!

Problems getting Homebrew to appear outside of the Homebrew Launcher (homebrew won't appear on the HOME menu)

Homebrew app Emulator  [Release] 3DS-CLI - Run a real RISC-V Linux environment on the Nintendo 3DS

Website for finding alternative games for 3DS

Hardware  2 Broken 3DSes, need help

Gaming  any good rpgs on 3ds?

Hacking  Modding Reassurance