Homebrew Sighax for dummies: An FAQ for the rest of us.

  • Thread starter Deleted User
  • Start date
  • Views 75,512
  • Replies 166
  • Likes 27
D

Deleted User

Guest
OP
7/22/17: Thread is temporarily dead. I'm in the process of a new writeup, but since Life™ is a bitch, it's not going to be for a while. I haven't forgot about this, I've just been busy. Thanks for your patience!

5/29/17: Just a quick FYI for people who are just tuning in: B9S is the SAME THING as Sighax. Derek's installer and B9S are just different implementations of Sighax. Also, updates are coming Soon™.


We're all in one of a few boats right now. You're either one of the people who accidentally updated to 11.4 without custom firmware, a developer who wants even more power, a pirate who wants to get their hands on all of the games on all of the platforms, or a complete newbie who just wants to impress their friends.

So you've come to GBATemp's 3DS Homebrew forum, and you see some stuff about this "sighax" thing, and open up a thread to find technical jargon way above your head (unless you're a dev, of course). After looking around, you probably have found very little that's in the "user friendly" side of this exploit. Well, worry no more! Because Sighax for Dummies is here to try and answer all your questions!

Remember to check back on this post frequently for updates, as I'll try to be as efficient with updating this post and answering questions as I can.

1. So what the heck is a sighax?
Sighax is an exploit discovered by derrek, where he used a dumped copy of the bootrom in order to have every custom firmware be read as valid during the verification part of the 3DS power-on sequence.

2. Woah woah, slow down. Tell me what this "bootrom" is!
A bootrom is a piece of code burned into the system-on-chip, a little circuit that integrates all the necessary hardware for an electronic device to run. In the case of the 3DS, it has the processor, the bootrom, and a few other electrical things that, for this thread, don't matter too much. The bootrom is a teeny tiny piece of code stored in a tiny rom chip in the SoC that provides some basic encryption keys that validate the NAND, and other system components, and then allows for the 3DS to turn on.

3. Why would we need to mess with that?
At first, it was so we could get at one of the encryption keys used to decrypt 3DS games, but while trying to get this key, we managed to find the bug that allows us to use the sighax exploit on pretty much any 3DS family system, allowing us to run any custom firmware as if it were made by Nintendo themselves.

4. So what can we do with it?
It can do pretty much anything a9lh can do (including the "true firmwares" everybody's on about), but can be installed with dsiware hax or a hardmod, which is easier than having to downgrade to 2.1.0 in order to grab the console-unique keys from the OTP, as well as being fix-proof by any system updates. Additionally, if you're of the developing type, the execution environment will be cleaner for you too.

5. Does that mean my 3DS is safe to update?
Technically, yes! Since Sighax is out now, you'll be able to install it on 11.4 and up! Go ahead and update, friendo, you're in the clear. Just remember, you'll need a second 3DS with CFW already AND a copy of one of the dsiware games listed on the Holy Guide (3ds.guide), in order to fully be able to install sighax. Or, if you already have a9lh, dsiwarehax, or a hardmod on the system you want to sighax, you can just use those to directly install sighax! Ain't that neat!

If you're still on 11.3 or below, and you don't own a dsiware hackable game, and you still want sighax, just go ahead and install a9lh through soundhax or some other homebrew entry point, and then upgrade to boot9strap after that. It saves time AND effort!

6. When do we get it then?
It's here now! Check 3ds.guide for instructions on how to install sighax with an already implemented a9lh setup (upgrading to b9strap), or without that (the normal guide)!

7. Why won't we get the bootrom?
Previously, it's because that would be illegal, because the bootrom is copyrighted code, and unleashing it upon the internet is a pretty major crime. Now, sighax will allow you to dump your own bootrom! You probably won't need it, unless you're gonna do a bit of tinkering, especially since all the necessary keys are just out there on the internet now. Happy hunting!

8. So what now?
You get out there, and you get sighax now! Because pretty much everything from this point onward will require it, and it's better to get it early than later.

So that's about it for what you need to know about sighax. If you want to know anything else, you should ask about it on the discussion thread, hedge's stream, or even here, and somebody will probably answer it.

  • 5/11/17 12:35 PM EDT: Added clarification about OTP
  • 5/11/17 12:58 PM EDT: Revised section 1, 2, 4, 5, 6, and 8
  • 5/20/17 8:55 PM EDT: Inital release update, updated sections 5, 6, 7, and 8
 
Last edited by ,
D

Deleted User

Guest
OP
SIGHAX PROBLEMS? LOOK NO FURTHER THAN HERE!

Updating Luma bricked me! Why?

That's cause the newest update for Luma doesn't have any a9lh payloads anymore! You'd have to have updated to sighax before updating for it to actually work. If you redownload 7.0.5 and put it back at the root of the SD card, and you should be good to go!

WIL SIGHAX BRIK MY DS???????

Short answer: Nah, you should be fine.

There is an EXTREMELY small chance you will brick, and it's only reversable with a hardmod. As long as you follow the guide TO THE LETTER, you should be safe. Just remember to not try the dsiwarehax installations if you already have a9lh, there's a different way to get sighax if you have that.

More will surely come soon, as problems arise...
 
Last edited by ,
D

Deleted User

Guest
OP
Don't we already have a thread for this?

That's a lot more of a discussion thread kind of thing, and the FAQ/information on that is pretty hard to understand, especially if you're new to this sort of thing and are wondering what the heck's going on.
 

Lucar

Well-Known Member
Member
Joined
Sep 12, 2015
Messages
528
Trophies
0
XP
619
Country
Canada
A Bootrom is a teeny tiny chip on a device that, when the device is turned on, provides the initial instructions for how to set up everything.

Close, it's not a chip, it's code that is permanently written into the processor itself. Also, the bootrom does very little in the actual boot process (sets up a few keys and initializes some hardware) and then hands a lot of things over to other things like arm9loader.
 

GerbilSoft

Well-Known Member
Member
Joined
Mar 8, 2012
Messages
2,395
Trophies
2
Age
34
XP
4,249
Country
United States
So what can we do with it?
A whole grunch of really cool things! Including but not limited to:
  • Running custom firmwares
  • Running custom operating systems
  • Faster booting than a9lh
  • and all of the benefits that come with the above!
Please fix this section. Literally the only main advantage to sighax is the ability to install it without OTP (e.g. via DSiWareHax or hardmod). Boot time difference is negligible (on the order of milliseconds). Custom firmware and OS is already possible today, but no one is willing to spend the effort to write a clone of the 3DS OS. (There is a preliminary port of Linux: https://gbatemp.net/threads/release-linux-for-the-3ds.407187/)
 

adrifcastr

Well-Known Member
Member
Joined
Sep 12, 2016
Messages
2,038
Trophies
0
XP
1,947
Country
Germany
  • Like
Reactions: BL4Z3D247
D

Deleted User

Guest
OP
Close, it's not a chip, it's code that is permanently written into the processor itself. Also, the bootrom does very little in the actual boot process (sets up a few keys and initializes some hardware) and then hands a lot of things over to other things like arm9loader.

should be fixed now, let me know if anything else is wrong, because I want this to have the most accurate info possible!

Please fix this section. Literally the only main advantage to sighax is the ability to install it without OTP (e.g. via DSiWareHax or hardmod). Boot time difference is negligible (on the order of milliseconds). Custom firmware and OS is already possible today, but no one is willing to spend the effort to write a clone of the 3DS OS. (There is a preliminary port of Linux: https://gbatemp.net/threads/release-linux-for-the-3ds.407187/)

I'm not entirely sure what "OTP" is, but hopefully I should have fixed that section. Thanks for telling me!

@icefire82G sry but this has a lot of wrong statements. My thread also had those, but I have edited it to be "alright" since a while.
read @SciresM 's writerup, that should clear things up. also there is already my SigHax thread, we already had this dupe thing once.
Here is his writeup: https://gist.github.com/SciresM/122517907b5c498241c2aff84cc68382

thanks for linking to the writeup, however, i'm still going to try and keep this thread as more of a newbie discussion, as a lot of the stuff that goes on in your thread would be pretty complicated to a newbie (and I should know, because I was in that position once. i'm just a fast learner). though f you have any suggestions as to how i can improve this, i'm all ears! i just don't intend to let this thread die without a fight
 

Quantumcat

Dead and alive
Member
Joined
Nov 23, 2014
Messages
15,144
Trophies
0
Location
Canberra, Australia
Website
boot9strap.com
XP
11,094
Country
Australia
however, i'm still going to try and keep this thread as more of a newbie discussion, as a lot of the stuff that goes on in your thread would be pretty complicated to a newbie
"Newbie" discussion is really going to be the same couple of questions over and over again - there isn't really anything to discuss for newbies. The FAQ is in the OP to answer the common newbie questions, with the discussion for people who know enough to express opinions on it. Newbies won't have anything to discuss if they don't understand what it is.
 

Lucar

Well-Known Member
Member
Joined
Sep 12, 2015
Messages
528
Trophies
0
XP
619
Country
Canada
So what the heck is a sighax?
Sighax, shorthand for Signature Hack, is an exploit discovered by derrek, where he managed to get access to the bootrom of a 3DS system, end exploited a flaw to get it dumped, and then used it to do all sorts of fun things!

Sighax stands for nothing, it's a name on it's own. Also, Sighax itself is not the exploit used to dump the bootrom, it's a exploit within the bootrom's code that allows us to make the 3DS think that any firmware created is signed by nintendo, when in reality, they aren't. Fault Injection was the "exploit" used to help dump the bootrom.

Why would we need to mess with that?
Well, initially it was because "why not?", but now there's a much better reason. Every single bootrom for all 3DS models are practically identical, and since the bootrom runs before literally anything else, if we can hack that, it won't matter what firmware version or model of 3DS you have, you can have hacks on all of them!

Originally, it was because we wanted keys that only the bootrom has, such as a certain key (of which I forgot the name right now) that would allow us to decrypt games without the 3DS. But, then, thanks to an FCC document stating that the "security function of the initial program loader" on the 2DS had changed between different models. So, derrek was like "Oh hey, there's probably a bug then" and, well, they found one. Ironically, the bug exists on all 3DS family systems, so whatever Nintendo fixed was not sighax. Also, your last statement is false, even with sighax, there will be a need to escalate to most likely ARM9 kernel for dumping of the bootrom to allow installation.

Does that mean my 3DS is safe to update?
That honestly depends! If you have 11.3 or below and already have custom firmware and a9lh installed, then by all means update! Just make sure your cfw is up to date BEFORE updating, to avoid potential bugs. If you don't have a9lh installed, or any cfw, and you're still on 11.3 or below, then go ahead and get that set up before updating, because at the time of posting this (April 24 2017) there is NO WAY to install cfw from 11.4.

If you only use the homebrew menu, you definitely aren't safe to update, unless you're on a new 3ds using doodlebomb, smashbroshax, ninjhax, or confirmed exploits. The best place to check whether or not a homebrew method is working is by browsing the forums, or checking 3dbrew. Don't update unless somebody can confirm with evidence, because as you probably know, "pix or it didn't happen".

You shouldn't be telling people on 11.3 without CFW to update, ever. Tell them to follow 3ds.guide, please.

So what can we do with it?
Pretty much anything you can do with a9lh, but you don't have to install it with something like dsiware hax or a hardmod. You can install custom firmware, run decryption software (decrypt9, hourglass9, godmode9, etc), all of the cool stuff a9lh can do, but unpatchable!

As I said above, you're probably going to need to dump the bootrom, so there will be need for privilege escalation of some form. Also, A9LH itself is already unpatchable, so your 'unpatchable point' has no purpose.

Please, do your reasearch before making a post like this next time, and also a note: If what you're saying is flat out wrong, even if it's easier for newbies to understand, was it worth teaching if afterwards they'll learn that what they were told was wrong?
 
Last edited by Lucar, , Reason: damn numbers
  • Like
Reactions: Quantumcat

GerbilSoft

Well-Known Member
Member
Joined
Mar 8, 2012
Messages
2,395
Trophies
2
Age
34
XP
4,249
Country
United States
So what can we do with it?
Pretty much anything you can do with a9lh, but you don't have to install it with something like dsiware hax or a hardmod. You can install custom firmware, run decryption software (decrypt9, hourglass9, godmode9, etc), all of the cool stuff a9lh can do, but unpatchable!
I said that DSiWareHax and/or hardmod can be used to *install* sighax. What isn't needed is the OTP ROM, which is currently required for A9LH.

I'm not entirely sure what "OTP" is, but hopefully I should have fixed that section. Thanks for telling me!
...have you actually installed A9LH yourself, or even read https://3ds.guide/ ? The OTP ROM is required for A9LH, and is the entire reason why the 2.1 downgrade is needed. (That's what otp.bin is.)
 

adrifcastr

Well-Known Member
Member
Joined
Sep 12, 2016
Messages
2,038
Trophies
0
XP
1,947
Country
Germany
Sighax stands for nothing, it's a name on it's own. Also, Sighax itself is not the exploit used to dump the bootrom, it's a exploit within the bootrom's code that allows us to make the 3DS think that any firmware created is signed by nintendo, when in reality, they aren't. Fault Injection was the "exploit" used to help dump the bootrom.
Your are wrong. SigHax is short for SignatureHax. SigHax is a bootrom exploit that allows us to sign nand images using fake crafted keys. The exploit that is used to dump prot_boot9.bin is not SigHax at all, thats Vector-Glitchhax.

Please, do your reasearch before making a post like this next time,.
 
D

Deleted User

Guest
OP

Fixed. I did as much research as I can, but I don't understand too too much of it, which is, again, the whole reason for making this post. People who try to look this up, who are new to custom firmware installation, probably won't understand too much. It's also why I said to check back for updates, because I figured there would be inaccuracies, because again, I don't understand much either. I might as well try to teach to the best of my ability, rather than not teach at all, if it will be able to help somebody understand slightly more.

...have you actually installed A9LH yourself, or even read https://3ds.guide/ ? The OTP ROM is required for A9LH, and is the entire reason why the 2.1 downgrade is needed. (That's what otp.bin is.)

I installed it on an o3ds a little while ago, and followed the instructions to a T. When I installed it, I pretty much just carefully did what the guide said, without looking into what each component of it was, mostly because I wanted to get it to work before I tried to understand it, which is pretty much why I joined GBATemp, to understand this, and learn what everything is.
 
  • Like
Reactions: Victorum

Lucar

Well-Known Member
Member
Joined
Sep 12, 2015
Messages
528
Trophies
0
XP
619
Country
Canada
Your are wrong. SigHax is short for SignatureHax. SigHax is a bootrom exploit that allows us to sign nand images using fake crafted keys. The exploit that is used to dump prot_boot9.bin is not SigHax at all, thats Vector-Glitchhax.

Please, do your reasearch before making a post like this next time,.

You just repeated what I said in different words. And, fine, call sighax whatever you want. :P

Also, I can't tell if the end part is sarcasm (assuming it is, because it's evident that you copy-pasted it from my post), but I hope you understand I wasn't mad at OP, I'm just frustrated by the fact that people who genuinely want a simple explanation for sighax were going to get incorrect information.

You OK with that? Good. GOOD. GOOD. *insert badly autotuned mario kart 8 music* please, someone get the reference
 
  • Like
Reactions: Itzumi and hurrz

hurrz

Well-Known Member
Member
Joined
Apr 17, 2017
Messages
217
Trophies
0
XP
609
Country
Gambia, The
What does OTP mean? It is also mentioned in 3ds.guide but I could not find anything. I would appreciate an answer and thougt this would be the right thread to ask that kind of question.
 
Last edited by hurrz,

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
  • No one is chatting at the moment.
  • Sicklyboy @ Sicklyboy:
    maaaaan that's so awesome but I also don't want to fork over a hundo for it
  • Veho @ Veho:
    The fuuuuu---
  • Veho @ Veho:
    I thought it was an actual xBox at that price.
  • Sicklyboy @ Sicklyboy:
    I wanna grab a 360 Slim and a 360 E one of these days. Missed the boat of getting them at their lowest though, once they were discontinued. Could've got them for cheap back when I was a broke 20 something working at Target, but then again, I was a broke 20 something working at Target
  • Veho @ Veho:
    Being broke is no fun.
  • K3Nv2 @ K3Nv2:
    @Sicklyboy, $150 isn't that bad for a jtag slim on ebay
  • Veho @ Veho:
    I only wish it was actually playable.
  • Veho @ Veho:
    There's a guy on the Tube of You that makes playable mechanical arcade games out of Lego. This could work on the same principle.
  • Veho @ Veho:
    Just a couple of guys taking their manatee out for some fresh air, why you have to molest them?
  • Veho @ Veho:
    Stupid Chinese shop switched their shipping company and this one is slooooooow.
  • LeoTCK @ LeoTCK:
    STOP BUYING CHINESE CRAP THEN
  • LeoTCK @ LeoTCK:
    SUPPORT LOCAL PRODUCTS, MAKE REVOLUTION
  • LeoTCK @ LeoTCK:
    THEY KEEP REMOVING LOCAL SHIt AND REPLACING WItH INFERIOR CHINESE CRAP
  • LeoTCK @ LeoTCK:
    THATS WHY MY PARTNER CANT GET A GOOTWEAR HIS SIZE ANYMORE
  • LeoTCK @ LeoTCK:
    HE HAS BIG FOOT AND BIG DUCK
  • LeoTCK @ LeoTCK:
    d*ck i mean*
  • LeoTCK @ LeoTCK:
    lol
  • Veho @ Veho:
    Mkay.
  • Veho @ Veho:
    I just ordered another package from China just to spite you.
  • SylverReZ @ SylverReZ:
    Leo could not withstand communism.
  • SylverReZ @ SylverReZ:
    Its OUR products to begin with lol.
    SylverReZ @ SylverReZ: Its OUR products to begin with lol.