Toggle sidebar

Homebrew SigHax Updates and Discussion Thread

  • Thread starter Thread starter adrifcastr
  • Start date Start date
  • Views Views 532,163
  • Replies Replies 3,813
  • Likes Likes 43
GerbilSoft said:
xorpads are still needed if you want to decrypt games and/or eMMC using a PC.

...until Boot9 is dumped, in which case the actual keys can be retrieved from the BootROM, and OTP dumps can be decrypted to obtain the eMMC keys.

(Interestingly, the only reason xorpads work is because of a weakness in AES-CTR. AES-CBC, which was used on Wii, doesn't have the same problem.)
Click to expand...
But the wii had the critical problem of ending signature checking as valid whenever it runs into a null byte. So any brute forced signature that starts with a null byte is valid on the wii!
 
To somebody who actually knows:

Is there a reason that hedge is underclocking greg in order to get at boot9? Is it to cause a bootrom error that allows you to dump the data, or some other reason? I couldn't really figure it out from just the one stream I was able to catch.
 
sighax doesn't actually let you do the flash. you need another way to get write access to the NAND for that. it just let you write your own code that passes the bootrom signature check.
 
icefire82G said:
To somebody who actually knows:

Is there a reason that hedge is underclocking greg in order to get at boot9? Is it to cause a bootrom error that allows you to dump the data, or some other reason? I couldn't really figure it out from just the one stream I was able to catch.
Click to expand...
perhaps since it thinks slower(the cpu) the flow of things is slower giving more time to triger the flaw and essentialy making time slower, think of it like witch time from bayonetta, although tbh I likely don't have a dam clue what I'm talking about but that's what I think there
 
  • Like
Reactions: proflayton123, uyjulian and I_AM_L_FORCE
jt_1258 said:
perhaps since it thinks slower(the cpu) the flow of things is slower giving more time to triger the flaw and essentialy making time slower, think of it like witch time from bayonetta, although tbh I likely don't have a dam clue what I'm talking about but that's what I think there
Click to expand...

Bullet time effect lmao
 
  • Like
Reactions: TotalInsanity4, jt_1258, uyjulian and 1 other person
jt_1258 said:
perhaps since it thinks slower(the cpu) the flow of things is slower giving more time to triger the flaw and essentialy making time slower, think of it like witch time from bayonetta, although tbh I likely don't have a dam clue what I'm talking about but that's what I think there
Click to expand...
I suppose that's the answer. The slower the CPU is, the more time you have to exploit the flaws.
 
TotalInsanity4 said:
How far have they gotten?
Click to expand...
just hopped in so not much of an idea what's goin on

--------------------- MERGED ---------------------------

TotalInsanity4 said:
How far have they gotten?
Click to expand...
sorry for the double reply but once I can get the chat replay going after the stream I'll get a screenshot of it in chat but seems my theory was correct about witch timing the 2ds ;P
 
  • Like
Reactions: proflayton123
jt_1258 said:
just hopped in so not much of an idea what's goin on

--------------------- MERGED ---------------------------


sorry for the double reply but once I can get the chat replay going after the stream I'll get a screenshot of it in chat but seems my theory was correct about witch timing the 2ds ;P
Click to expand...

i learned it yesterday, because i asked it in the stream that day :P

TotalInsanity4 said:
How far have they gotten?
Click to expand...

From what I can figure out, timing is down pat, and at this point it's pretty much debugging and the exploit itself. If you go on there and ask politely they can explain it better than I can.

EDIT: emphasized "politely" because hedge has been super stressed lately and the chat doesn't really like gbatemp
 
Last edited by ,
  • Like
Reactions: jt_1258 and TotalInsanity4
icefire82G said:
i learned it yesterday, because i asked it in the stream that day :P



From what I can figure out, timing is down pat, and at this point it's pretty much debugging and the exploit itself. If you go on there and ask politely they can explain it better than I can.

EDIT: emphasized "politely" because hedge has been super stressed lately and the chat doesn't really like gbatemp
Click to expand...
I can see the dislike of gbatemp, especially with how hedge was angry about certain arguments that have happened here, nice to see senpai quietly watching over us but I feel bad for what they have to see here, so please, here and in the twitch chat and everywhere, be nice for once in your dam life, let's keep hedge happy and cheer them on
 
  • Like
Reactions: TotalInsanity4
punderino said:
Yuppp. Decrypting the bricked emuNAND and moving the NAND headers or whatever from sysNAND to the emuNAND. Do you guys know how fucking scary it is, restoring a emuNAND backup that you hex edited back to life?
Click to expand...
Xorpads eh? That's probably the one thing I never really was interested in knowing what they do, like game .cia xorpads or xorpads for nand backups, etc. So I guess I started mid-way when things were getting a bit easier. Damn I would be terrified if I had to do all the decrypting and encrypting also hex editing jeez so much work! :o

--------------------- MERGED ---------------------------

jt_1258 said:
I can see the dislike of gbatemp, especially with how hedge was angry about certain arguments that have happened here, nice to see senpai quietly watching over us but I feel bad for what they have to see here, so please, here and in the twitch chat and everywhere, be nice for once in your dam life, let's keep hedge happy and cheer them on
Click to expand...
I agree dude. Agreed... Let's stay positive so we can cheer Hedge on and not jynx whether or not sighax will be released by her. Don't wanna have her get so angry that she says f**k it, people are just greedy bastards and only want the hax. They don't care on how hard it is, etc for me. Then again, if this does happen, a huge wait if I am not mistaken will most likely happen for someone to step in for dumping prot_boot9.bin
 

Site & Scene News

Go to forum More news

Popular threads in this forum

Why did the price of 3ds shoot up ?

Hacking Homebrew Project  BlazerTube - a YouTube 3DS revival using the REAL app!

Problems getting Homebrew to appear outside of the Homebrew Launcher (homebrew won't appear on the HOME menu)

Homebrew app Emulator  [Release] 3DS-CLI - Run a real RISC-V Linux environment on the Nintendo 3DS

Website for finding alternative games for 3DS

Hardware  2 Broken 3DSes, need help

Gaming  any good rpgs on 3ds?

Hacking  Modding Reassurance