Twitter | Search | |
Mike Heskin
Scripts for the leaked SXOS v3.0.0 (SHA-256 of 54ce0f58cac9643559991b0b86252424c1bbc59c5c77496110d999814a4a7d52):
GitHub Gist: instantly share code, notes, and snippets.
GitHub GitHub @github
Reply Retweet Like More
Mike Heskin May 30
Replying to @hexkyz
Deleted the previous tweet because I posted the same link twice.
Reply Retweet Like
Mike Heskin May 30
Replying to @hexkyz
As for a changelog, this version's purpose is to support Mariko and the modchip ecosystem, so there are no new features. Aside from removing all KIPs except for Loader, most of the changes are DRM related.
Reply Retweet Like
Mike Heskin May 30
Replying to @hexkyz
Bootloader has new code to interact with and update the modchip. Patchers now include full copies of each Mariko package1 encrypted with a T210B01/T214 specific key. All applications have been updated and rebuilt to match current AMS and libnx.
Reply Retweet Like
Mike Heskin May 30
Replying to @hexkyz
On the very first boot the bootloader will attempt to update the modchip from version 1.0 to 1.1. Update firmware is stored encrypted inside the bootloader and is likely meant to patch a handful of vulnerabilities and broken code already identified.
Reply Retweet Like
Mike Heskin May 30
Replying to @hexkyz
The modchip itself flashes a custom BCT and bootloader to the boot0 partition on the eMMC. These are stored encrypted with the Mariko BEK (Boot Encryption Key) and signed with TX's own key. Once the glitch succeeds, TX's bootloader will run instead of Nintendo's.
Reply Retweet Like
Mike Heskin May 30
Replying to @hexkyz
The initial stages focus mostly on DRM and clear out all keyslots (except keyslot number 6) that were filled by the bootrom as a way to block any other third party from obtaining Mariko keys using the modchip. This is, however, ineffective.
Reply Retweet Like
Nestor Meza May 30
Replying to @hexkyz
Any hint on the new exploit?
Reply Retweet Like
Mike Heskin May 30
Replying to @nestormz23
It's not a new exploit per se, in fact it's the exact same technique used to achieve code execution on the original units: glitch the PKC hash check. This was made more difficult with Mariko but the modchip is capable of self-adapting the timings.
Reply Retweet Like
FiPE May 30
Replying to @hexkyz
Any sexy soul knows where tbis leaked?
Reply Retweet Like
Daniel Hdez M May 30
Replying to @FiPE_ZOE @hexkyz
From the TX , but the leak was taken down fast
Reply Retweet Like