sighax
sighax is a BootROM exploit (revealed at 33c3) for the Nintendo 3DS/2DS/New3DS.
It exploits a vulnerability in the RSA signature parser and allows you to run fake-signed firmware on any console.
sighax installer 0.2 (beta)
This will install sighax on your console, it is available in the FIRM format and as arm9loaderhax payload.
The firmware you want to install must be named "target_firm.bin" and you have to put it into the root of your SD card.
You need ARM9 code execution to run this, see below for details.
Note: Unfortunately, you cannot install Luma 3DS directly, you have to install a chainloader for it (which will be your "target_firm.bin").
Warning: Do not install random firmware, otherwise you risk a brick!
Warning: Since this is a beta, a "hardmod" (physical NAND access) is highly recommended!
Upgrade from A9LH (arm9loaderhax)?
Get the latest version of the A9LH payload for "sighax installer" here.
Simply copy the arm9loaderhax.bin file into the root of your SD card and follow the installer's on-screen instructions.
You can choose to uninstall A9LH once sighax was installed successfully. You don't need any old pre-A9LH backup files.
Just want the signature?
If you are just interested in the magic 0x100 bytes, you can download the forged RSA signature here.
normal sig
0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
ffffffffffffffffffffffff003031300d060960864801650304020105000420
94f7aee58c67825cfb786db130c53961ab8141bac73ca021d9440ca51a16e643
[Correct hash]
94f7aee58c67825cfb786db130c53961ab8141bac73ca021d9440ca51a16e643
[Calculated hash]
hax sig
0002d964f9e12652eb986ae5da2b55e654afb05a9d088adbd5a9b34d9406278f
caa6143f01b86b81a4e3ab047a8655f3e3befea4fd87037fa45187ce909d991a
b5a839e54e23f51d628d4c90b9995205e77183f850b24bd75cf304193cb6f8e1
d107ce74a0f9bf097464d043cd190cc6f0eb8e8c70eb99e0b91fb359820fae21
d5b9175eb93eb0c55562f74534b27b219df7e67b5f9d300667aeb5003030305e
9bb35bd25b7d6918ae7e969cc933185f070534cdd345881827c36c0f65692e74
1e6c8b93e2948d1d8a8b2648fe250e5a4ccf8f2137e94c39090bf51f4336aa1a
2b8f4f2f881295179143b12cf11c1b8ed1533943beb191b792de265fa2226a2c
????????????????????????????????????????????????????????????????
[Calculated and correct hash overlapping]
Padding type: 01=Only FF, 02=Anything goes
Padding: Zero terminated
Outer block id: Must be 0x30
Outer block size: Ignored
Inner block id: Must be 0x30
Inner block size
Inner block data: Ignored
SHA256 block id: Ignored
SHA256 block size: Ignored
SHA256 hash
Disclaimer: No warranty implied. Use at your own risk.
Copyright (C) 2017 by derrek (@derrekr6).
Thanks to plutoo (@qlutoo), yellows8 (@ylws8), smea (@smealum) and profi200.
Without these people this release would not have been possible <3