boot9strapped in!

With the 33c3 public disclosure of sighax (headphone warning: very loud audio) and the recent BootROM dumping efforts, the public implementation of sighax, known as boot9strap (hereafter, B9S), is finally a thing.  I've updated my 3DSes to it and am now going to proceed to an explanation of sorts.

What does it do?  Almost the exact same thing as arm9loaderhax (hereafter, A9LH).  It just does it earlier in the boot process and is unpatchable by Nintendo since it uses a vulnerability that's permanently baked into the console's BootROM.

Why bother updating to it if I already have A9LH on all three of my 3DS family consoles?  It's simple, really.  Luma3DS has already dropped support for A9LH, meaning I need to be on it to get updates to my CFW and ARM9 payloads in the future.  I also needed to update Luma as a part of updating to B9S, since older versions of Luma can't be booted with B9S and newer versions can't be booted with A9LH, and there is no version of Luma that works with both.

Also, this gives me the chance to get used to using GodMode9, having done The Guide™ on my systems before it was included (I used Decrypt9/Hourglass9, and am still a bit more comfortable with their simpler interface).  I have the B9S-compatible version of Hourglass9 on standby if I absolutely need it, but GodMode9 seems to be fairly intuitive, just a bit weird and different.  I'm going to try and get used to it now in an amicable manner instead of eventually being dragged kicking and screaming into getting used to it later on.

Thankfully, the update process from A9LH to B9S is very quick, easy, and smooth.  Moving the necessary files around (and making a compulsory NAND backup after the fact) takes longer than the update itself, which has several checks it does beforehand and an "OH SHIT" recovery mode that will kick in afterwards, in the very unlikely chance that something goes wrong.  It's a far cry from the old days when people used unstable exploits to downgrade their systems one system title at a time, which could randomly fail and leave you with either a partial downgrade or a brick.

But wait, what even is sighax, anyway?  Well, I'm by no means authoritative on the subject, but my understanding of it is that the 3DS' ARM9 BootROM has a flaw in its checking of the firmware signature that allows a specially crafted (but invalid) firmware signature to result in the BootROM comparing the calculated hash of the firmware to itself.  This means that with said specially crafted signature, the signature check will always succeed and we can load whatever code we want.  Which is pretty fuckin' cool.

In other news, my buttcheeks are clenched since there's a ban wave going around that seems to be targeted at users of hacked 3DSes.  No ban yet, but it ain't over yet.