Toggle sidebar

Homebrew SigHax Updates and Discussion Thread

  • Thread starter Thread starter adrifcastr
  • Start date Start date
  • Views Views 531,933
  • Replies Replies 3,813
  • Likes Likes 43
MarioMasta64 said:
so essentially only system patches are achievable (aka things like luma3ds) using otp? but the bootrom key would be like actual firmware (all the way down to arm9 arm7 arm11) anything it can handle?

--------------------- MERGED ---------------------------


so we could technically patch the boot0 to load our otp automatically?
Click to expand...
bootrom is basically the bootloader in other devices, the 3ds arm9 process is then started after bootrom verifies boot0 is signed(its basically the OS you have installed booting up). The otp is used to sign the arm9loader and what a9lh is is overwriting it to something more useful lol. More info here: https://www.3dbrew.org/wiki/OTP_Registers
 
Last edited by KevinX8,
KevinX8 said:
bootrom is basically the bootloader in other devices, the 3ds arm9 process is then started after bootrom verifies boot0 is signed(its basically the OS you have installed booting up). The otp is used to sign the arm9loader and what a9lh is is overwriting it to something more useful lol
Click to expand...
understood. so itll be like having a wii with boot1
 
GerbilSoft said:
A9LH can be used for a full OS replacement. It hasn't been done yet (besides the Linux PoC) because no one has bothered.

The only real difference here is you can use the FIRM partitions to store custom stuff, whereas A9LH requires original Nintendo FIRM partitions.
Click to expand...
Mind telling my how a patch based OS replacement should work?

I mean TECHNICALLY it would be possible to load up a different OS from A9LH, but that would require you to do a whole shit ton of reversing of the current system fw, patching calls to get certain methods to run. And most of that would have to be done assembly based at some point.
Have fun creating bytecode patches that let you turn the 3DS OS into i.e. a Linux OS. It's near impossible.

The Linux PoC you're talking about is running an OS from the 3DS OS. it's not a replacement. It's more comparable to a VM.

To make this easier to understand.
It's TECHNICALLY possible to turn your webbrowser into a game, by patching the program (with for example a Debugger), but noone would even attempt it because it doesn't make a lot of sense and is a lot of work to get done.
Running a game in your webbrowser however is not that difficult, you just need to adapt whatever you run to whatever the Browser can run.
 
Last edited by Zan',
Zan' said:
Mind telling my how a patch based OS replacement should work?

I mean TECHNICALLY it would be possible to load up a different OS from A9LH, but that would require you to do a whole shit ton of reversing of the current system fw, patching calls to get certain methods to run. And most of that would have to be done assembly based at some point.
Have fun creating bytecode patches that let you turn the 3DS OS into i.e. a Linux OS. It's near impossible.

The Linux PoC you're talking about is running an OS from the 3DS OS. it's not a replacement. It's more comparable to a VM.

To make this easier to understand.
It's TECHNICALLY possible to turn your webbrowser into a game, by patching the program (with for example a Debugger), but noone would even attempt it because it doesn't make a lot of sense and is a lot of work to get done.
Running a game in your webbrowser however is not that difficult, you just need to adapt whatever you run to whatever the Browser can run.
Click to expand...
is your custom title actually the bootrom key:
2F88744FEED717856386400A44BBA4B9CA62E76A32C715D4F ???! :rofl2:
 
laharl22 said:
sighax
Click to expand...
addi33 said:
For Now:
We are not yet able to do any of this.
Derrek did dump the bootrom and provided a simple explanation of how he did it.
He did not make the bootrom public though. Nor any of the code he used.

This means someone would have to develop code that exploits the Bootrom pointers and leads them to dumper code to dump the bootrom. Which is unstable and likely needs you to have a hardmod to trigger this very early exception without the chance of killing your device.

Thanks to @Zan' for Correcting my OP
Click to expand...

reading helps
 
  • Like
Reactions: Deleted User, CrispyCola and slaphappygamer
Alex658 said:
bootrom hasn't even been successfully dumped by normal developers. Only derrekk who found the exploit has. He only gave scarce information on how to dump it with no hashes or anything to compare it to.
Click to expand...
what about the number on his slide? wasnt that a hash?
 
Alex658 said:
bootrom hasn't even been successfully dumped by normal developers. Only derrekk who found the exploit has. He only gave scarce information on how to dump it with no hashes or anything to compare it to.
Click to expand...

He did give hashes
 
addi33 said:
youve got ninja´d xd
Click to expand...
oh, sorry. I'm on mobile so that's why slowpoke.
ninja'd :P

EDIT: Sorry, what he didn't give was the full dump, right? What i do know is that what he gave was a bit more of stage1 as to where to even begin to exploit the bug. (as in devs still got to RE a lot to get to his hashes)
 
Last edited by Alex658,
  • Like
Reactions: Deleted User and adrifcastr

Site & Scene News

Go to forum More news

Popular threads in this forum

Why did the price of 3ds shoot up ?

Hacking Homebrew Project  BlazerTube - a YouTube 3DS revival using the REAL app!

Problems getting Homebrew to appear outside of the Homebrew Launcher (homebrew won't appear on the HOME menu)

Homebrew app Emulator  [Release] 3DS-CLI - Run a real RISC-V Linux environment on the Nintendo 3DS

Website for finding alternative games for 3DS

Hardware  2 Broken 3DSes, need help

Gaming  any good rpgs on 3ds?

Hacking  Modding Reassurance