Hacking Sigpatches for Atmosphere (Hekate, fss0, fusee & package3)

[impeeza]

Can someone elaborate on what the difference is between these sigpatches. Why do different parts of the system need a different sigpatch?
In my understanding signed software uses a asymmetric cryptography validate the binaries.

So that would mean that different parts are signed with different private keys? And therefor we have to patch these different parts?

Firmware is made up from hundreds of compressed different files. The sigpatches look at the sha256 value of the unpacked file that we want patch, and then jump to the address (shown in the ips patch) in the decompressed file and then patch it with a new arm64 instruction.

For example say we have an address in the decompressed file that contains a boolean (true or false) we want to patch. if it's true do this - or false do that, to force the code to do what we want we can set the value with a patch and the instruction will always do what we want.

I suggest you make some small computer programs so you know how they work, then decompile them and load them into ida or ghidra so see how they look dissasembled, then make a small change to the source, recompile and then do the same again to see what's changed in the dissasembled file - you'll see instructions that have changed, to prevent you needing to upload a new binary with the changes - you just upload an IPS patch to make the changes to those instructions you modded. Now if your files were massive and you only changed 1 byte, it's easier/faster to upload a patch than a whole new massive file.

Now here's an example, for atmosphere loader sigpatch:

We can set this value to "false", that way we can skip needing an ips patch for the loader and can then run nro formwarders, however obviously people want to get the original file from source, so we can just make a patch to do the same thing and distribute that - hence the need for ips patches. Other things in these patches are for switch fimware to skip checks these are es/fs patches but we don't have the source for these and it's illegal to mod the original files and share the copyrighted code, hence the need for patches.

As complementarity comment:

There are patches for different functions, by example, a patch for the signature verification of a NSP installed game, a patch for the network compliance verification, a patch for filesystem access and verification, and so on. That's why there's a set of patch files. Even there's a set of patches to the CFW you run because you need didable some implemented verifications on it.

 

[paparansen]

i got a "virgin" switch yesterday, with firmware/software 17.
modded it with latest hekate & atmosphere, cant install
games with invalid nca and also no xci.

is that because i use 16.1.0 sigpatches?

any hints?

 

[impy101]

i got a "virgin" switch yesterday, with firmware/software 17.
modded it with latest hekate & atmosphere, cant install
games with invalid nca and also no xci.

is that because i use 16.1.0 sigpatches?

any hints?

You gotta downgrade CFW back to 16.1.0

 

[paparansen]

ahm...downgrade CFW?
you mean delete the files from the sd card and install 16.1.0 CFW ?

edit: never mind, now i get what you mean ^^
using daybreak

 

[vittorio]

here are the sigpatches for those who don't want to downgrade, they are not complete, xci and forward homebrew don't work yet, but the nsp games start

 

[impy101]

here are the sigpatches for those who don't want to downgrade, they are not complete, xci and forward homebrew don't work yet, but the nsp games start

It certainly is a big step in the right direction. Thanks for sharing and massive shout out to the modders

 

[MeteK]

here are the sigpatches for those who don't want to downgrade, they are not complete, xci and forward homebrew don't work yet, but the nsp games start

Virus warning

 

[vittorio]

Virus warning

don't talk bullshit

 

[linuxares]

Virus warning

https://www.virustotal.com/gui/file...91b228a7fa1099ff57100b773e1a1057dd2?nocache=1

Yepp, totally a virus! /s

 

[PagaN]

working sigpatches autor unknown
#FAT - SDKVersion:17.5.0.0
[FS:27073BF0A1B8CE61]
.nosigchk=0:0x73B04:0x4:64600394,E0031F2A
.nosigchk=0:0x154884:0x4:40F4FF35,E0031F2A
.nosigchk=0:0x24154:0x4:40100036,1F2003D5

#ExFAT - SDKVersion:17.5.0.0
[FS:EE0F4BAC6D1FFC4B]
.nosigchk=0:0x73B04:0x4:FC8B0394,E0031F2A
.nosigchk=0:0x15F6E4:0x4:40F4FF35,E0031F2A
.nosigchk=0:0x24154:0x4:40100036,1F2003D5

 

[linuxares]

working sigpatches autor unknown
#FAT - SDKVersion:17.5.0.0
[FS:27073BF0A1B8CE61]
.nosigchk=0:0x73B04:0x4:64600394,E0031F2A
.nosigchk=0:0x154884:0x4:40F4FF35,E0031F2A
.nosigchk=0:0x24154:0x4:40100036,1F2003D5

#ExFAT - SDKVersion:17.5.0.0
[FS:EE0F4BAC6D1FFC4B]
.nosigchk=0:0x73B04:0x4:FC8B0394,E0031F2A
.nosigchk=0:0x15F6E4:0x4:40F4FF35,E0031F2A
.nosigchk=0:0x24154:0x4:40100036,1F2003D5

Proof of them working?

EDIT: Also seem to be missing the loader part so not complete?
EDIT2: As can be seen here, it's still being worked on and it's far from complete it seems - https://github.com/ITotalJustice/sys-patch/issues/5#issuecomment-1777128671

 

[Windsall]

Hey. I finally updated my unmodded side (to version 17), and its doing the problem again where if I try to load it from hekate it crashes. My modded side (emu) isn't updated to the last working one that had sig patches because I was waiting for v17 to work.

My question is why would hekate crash just because of a mismatch between it and the normal firmware? I want to use it to boot there because I'm using auto-RCM. Is there a way to get around this besides updating the modded side?

 

[silien3]

I don't know if it's complete or if it's really that, but what I understand for the moment gives it that

Spoiler

#Loader Atmosphere-1.6.1-7f4450f93
[Loader:9B898AF251B01982]
.nosigchk=0:0x5F7E:0x1:01,00
.nosigchk=0:0x02BFF4:0x4:01FEBF12,E1FDBF12

#FS 17.0.0
[FS:27073BF0A1B8CE61]
.nosigchk=0:0x73B04:0x4:64600394,E0031F2A
.nosigchk=0:0x154884:0x4:40F4FF35,E0031F2A
.nosigchk=0:0x24154:0x4:40100036,1F2003D5

#FS 17.0.0-ExFAT
[FS:EE0F4BAC6D1FFC4B]
.nosigchk=0:0x73B04:0x4:FC8B0394,E0031F2A
.nosigchk=0:0x15F6E4:0x4:40F4FF35,E0031F2A
.nosigchk=0:0x24154:0x4:40100036,1F2003D5

 

[Ryab]

Hey. I finally updated my unmodded side (to version 17), and its doing the problem again where if I try to load it from hekate it crashes. My modded side (emu) isn't updated to the last working one that had sig patches because I was waiting for v17 to work.

My question is why would hekate crash just because of a mismatch between it and the normal firmware? I want to use it to boot there because I'm using auto-RCM. Is there a way to get around this besides updating the modded side?

Make sure you are running both the latest Hekate and Atmosphere as they both recently received updates.

 

[Windsall]

Make sure you are running both the latest Hekate and Atmosphere as they both recently received updates.

I was going to do all that at the same time as the sigpatches would be out, and still wondering why it does it, but I guess I could update those still anyway. thx

 

[Ryab]

I was going to do all that at the same time as the sigpatches would be out, and still wondering why it does it, but I guess I could update those still anyway. thx

Well neither of them on their old version support the latest. So it is breaking things.

 

[Windsall]

Is there a way to know when it's better to delete the atmosphere folder or not when updating it?
If not then I'll have to remember which folders to transfer over each time?

 

[linuxares]

I don't know if it's complete or if it's really that, but what I understand for the moment gives it that

Spoiler

#Loader Atmosphere-1.6.1-7f4450f93
[Loader:9B898AF251B01982]
.nosigchk=0:0x5F7E:0x1:01,00
.nosigchk=0:0x02BFF4:0x4:01FEBF12,E1FDBF12

#FS 17.0.0
[FS:27073BF0A1B8CE61]
.nosigchk=0:0x73B04:0x4:64600394,E0031F2A
.nosigchk=0:0x154884:0x4:40F4FF35,E0031F2A
.nosigchk=0:0x24154:0x4:40100036,1F2003D5

#FS 17.0.0-ExFAT
[FS:EE0F4BAC6D1FFC4B]
.nosigchk=0:0x73B04:0x4:FC8B0394,E0031F2A
.nosigchk=0:0x15F6E4:0x4:40F4FF35,E0031F2A
.nosigchk=0:0x24154:0x4:40100036,1F2003D5

Honestly where did everyone find the third code in fs and fs exfat. Google shows shit

 

[duckbill007]

Honestly where did everyone find the third code in fs and fs exfat. Google shows shit

Source is 4ifir from Cooler3D Telegram group

 

[linuxares]

Source is 4ifir from Cooler3D Telegram group

Aight but are they tested and works?