Homebrew SigHax Updates and Discussion Thread

[metroid maniac]

arm9 bootrom if I´m not mistaken

the arm9 bootrom does not have a cryptographic key encrypting it. What do you mean by it being the "key"?

I assumed it's the hash, it's pretty typical that people in these circles announce that they have something by sharing its hash.

 

[MarioMasta64]

the arm9 bootrom does not have a cryptographic key encrypting it. What do you mean by it being the "key"?

I assumed it's the hash, it's pretty typical that people in these circles announce that they have something by sharing its hash.

i assumed the were hashes as well

 

[KevinX8]

2F88744FEED717856386400A44BBA4B9CA62E76A32C715D4F is the key

This is only a hash, as he explained we can't acutely get the real key, the one we would use would look a bit more hacky than that with a lot of jumping. Also the real key is 256 characters long so yeah not the real key

 

[MarioMasta64]

This is only a hash, as he explained we can't acutely get the real key, the one we would use would look a bit more hacky than that with a lot of jumping

ok so its as i thought.

 

[GerbilSoft]

Mind telling my how a patch based OS replacement should work?

I mean TECHNICALLY it would be possible to load up a different OS from A9LH, but that would require you to do a whole shit ton of reversing of the current system fw, patching calls to get certain methods to run. And most of that would have to be done assembly based at some point.
Have fun creating bytecode patches that let you turn the 3DS OS into i.e. a Linux OS. It's near impossible.

The Linux PoC you're talking about is running an OS from the 3DS OS. it's not a replacement. It's more comparable to a VM.

To make this easier to understand.
It's TECHNICALLY possible to turn your webbrowser into a game, by patching the program (with for example a Debugger), but noone would even attempt it because it doesn't make a lot of sense and is a lot of work to get done.
Running a game in your webbrowser however is not that difficult, you just need to adapt whatever you run to whatever the Browser can run.

The Linux PoC is running natively, not within the 3DS OS. It requires A9LH (or 9.2) to run properly. (There's an experimental memchunkhax2 version that doesn't take over the ARM9, which is probably very unstable.)

The A9LH environment is not running from within the 3DS OS. The original FIRM is needed in order to pass the signature check (though obviously that won't be needed anymore), and then an exploit in arm9loader is used to jump into custom code. While it does technically load FIRM, it isn't used when running an A9LH payload, e.g. Decrypt9WIP and Hourglass9.

Luma3DS reloads FIRM from the CTRNAND partition manually, then applies patches and starts FIRM.

The various A9LH payloads are effectively their own mini OSes. They don't use the 3DS OS at all.

Obviously you'd need to reimplement all of the 3DS system services if you went for a full OS reimplementation. The point is it's *doable* now with A9LH, not that it's easy to do.

 

[dubbz82]

This is only a hash, as he explained we can't acutely get the real key, the one we would use would look a bit more hacky than that with a lot of jumping. Also the real key is 2048 characters long so yeah not the real key

Also, I'd guess he'd just as well avoid legal issues. Hashes alone and methodology to repeat it is pretty good proof though.

 

[MarioMasta64]

Also, I'd guess he'd just as well avoid legal issues. Hashes alone and methodology to repeat it is pretty good proof though.

indeed.

 

[KevinX8]

Also, I'd guess he'd just as well avoid legal issues. Hashes alone and methodology to repeat it is pretty good proof though.

Hashes are useless by themselves but the method is solid. If anyone figures out how to dump bootrom and spoof key they can confirm they did it right from his hashes. If he just released hashes all we would have is a useless number that could just be a hash of 1234

--------------------- MERGED ---------------------------

Just noticed it's 49 characters long which would make it a 392 bit hash, those anyone know of a hashing system that uses such sizes? Closest system is SHA 384 but this is 1 character too long. Also @addi33 where did you find it anyway?

 

[Mr.ButtButt]

I´d recommend starting with C , if you do any coding related 3ds, start with C.

Im learning C++ in school, but i woudlnt knwo where to start.

 

[adrifcastr]

Im learning C++ in school, but i woudlnt knwo where to start.

get devkitpro and Experiment with a little bit with the examples, thats what I did, I had actually no experience with C, but meanwhile I am able to get code working on the 3ds

 

[c4388354]

Boot9 SHA-256? Hash: 2F88744FEED717856386400A44BBA4B9CA62E76A32C715D4F309C399BF28166F
Boot11 SHA-256? Hash: 74DAACE1F8067B66CC81FC307A3FDB509CBEDC32F903AEBE906144DEA7A07512
Copied from the 3c33 slides/video , this is just the hashes, I think they are SHA-256 as its 32 bytes long

 

[KevinX8]

Boot9 SHA-256? Hash: 2F88744FEED717856386400A44BBA4B9CA62E76A32C715D4F309C399BF28166F
Boot11 SHA-256? Hash: 74DAACE1F8067B66CC81FC307A3FDB509CBEDC32F903AEBE906144DEA7A07512
Copied from the 3c33 slides/video , this is just the hashes, I think they are SHA-256 as its 32 bytes long

I always thought 1byte = 1 character, this is really confusing me now, how those 1byte = 2 characters now? Is it because it's in hex so it only requires the use of 4 bits so it splits the byte between each other?

Sent from my LG-D855 using Tapatalk

 

[c4388354]

yeah, 1 byte = 2 hex characters, 1 hex character is 4 bits. an 'F' in hex is '1111' in binary. so you need 2 hex-digits (FF) to make 1 byte (1111 1111).

 

[KevinX8]

yeah, 1 byte = 2 hex characters, 1 hex character is 4 bits. an 'F' in hex is '1111' in binary. so you need 2 hex-digits (FF) to make 1 byte (1111 1111).

Thanks for clarifying, this makes all my calculations half of what they should be on previous posts :/

Sent from my LG-D855 using Tapatalk

 

[HyperT]

I always thought 1byte = 1 character, this is really confusing me now, how those 1byte = 2 characters now? Is it because it's in hex so it only requires the use of 4 bits so it splits the byte between each other?

Sent from my LG-D855 using Tapatalk

Ninja'd a bit.

1 byte = 8bits
1 hex character = 16 options (0->F)

Edit. Yea I know, just trying to wrap my own head around it before the ninja

To continue.
8bits [binary] = max 255; 255 in hex is 0xFF

 

[KevinX8]

Ninja'd a bit.

1 byte = 8bits
1 hex character = 16 options (0->F)

Yeah I know about that, just didn't know they where stored efficiently

Sent from my LG-D855 using Tapatalk

 

[KevinX8]

Also @addi33 your hex number isn't a valid hash type, it's 196 bits and isn't even. This leads me to believe it might actually be the key to something, where did you find if anyway?

Sent from my LG-D855 using Tapatalk

 

[KevinX8]

arm9 bootrom if I´m not mistaken

Bootrom is independent of arm9 its just bootrom, also where did you get the idea it was from this anyway? The member didn't even mention what this number was?

Sent from my LG-D855 using Tapatalk

 

[HyperT]

Also @addi33 your hex number isn't a valid hash type, it's 196 bits and isn't even. This leads me to believe it might actually be the key to something, where did you find if anyway?

Sent from my LG-D855 using Tapatalk

Could it be a $salt for a sha256?

i.e. once you obtain the sha256 from the bootrom & run it against the $salt you'll see the 'password' used when making the hash

 

[adrifcastr]

Bootrom is independent of arm9 its just bootrom, also where did you get the idea it was from this anyway? The member didn't even mention what this number was?

Sent from my LG-D855 using Tapatalk

just relealized that my knowledge about the bootroms isnt as high as I had expected.

to everyone else, yes relealized is an existing word.