sighax 3DS BootROM exploit

 

I may have been a bit too hasty to get this thread out because there is a huge influx of resources and guides coming out. I’ll try and tidy up the thread and get some bullet points as time goes passed.

 

 

 

Here I go anyways, you may remember a talk at 33c3 way back in December 2016 where the 3DS hacker crew announced they had a working BootROM exploit video below. 

Today derrek announced the release of sighax, http://www.sighax.com/ which enables a person to run fake signed firmware on any console. I’m going to go ahead and assume they mean current available consoles because I do not see how they would know for sure if it works on that new 2DS that isn’t out yet. I mentioned earlier that I may not be great at explaining it fully because I have not yet tried it myself yet. However I plan on doing so once I have some free time. Right now if you have installed a9loaderhax you’re in good shape because you already got the first step knocked out. If you do not have a9lhax installed already I will post a link to a tutorial because there are some really good tutorial sites that have a really friendly step by step guide. I’m not exactly up to date on which firmwares for which consoles are exploitable at the moment. I am pretty sure that if you have an old 3DS on the latest firmware you may be out of luck for the moment. 

 

 

Anyways, if you have a9lh you just download the bins from the site http://www.sighax.com/ and put on the root of the SD card and install as directed. Be very careful though and look at you’re doing because if you install the wrong thing from the wrong source you can brick your console for sure. 

 

Here is a helpful guide for updating from a9lhax: https://3ds.guide/updating-to-boot9strap

 

Quote from source:

Quote

This will install sighax on your console, it is available in the FIRM format and as arm9loaderhax payload.
	The firmware you want to install must be named "target_firm.bin" and you have to put it into the root of your SD card.
	You need ARM9 code execution to run this, see below for details.
	Warning: Do not install random firmwares, otherwise you risk a brick!
	Since this is a beta, a NAND backup is recommended.

 

Also there is an option on there that if you do not wish to download their firmware they provide you with the forged RSA key to do with as you please. Which is pretty neat if you got something to do with it.

 

Source:

 

 

 

added 2 minutes later

I just posted this, but now via tweet from smealum. Sciresm has an excellent run down explanation of the significance and different possibilities. https://sciresm.github.io/33-and-a-half-c3/

 

 



For more information and help, visit the forum thread by visiting the link below:
sighax 3DS BootROM exploit