Hacking Switch firmware 3.0.2 released.

TheCyberQuake

Certified Geek
Member
Joined
Dec 2, 2014
Messages
5,012
Trophies
1
Age
28
Location
Las Vegas, Nevada
XP
4,432
Country
United States
2017 based on the title of the thread. It doesn't sound like the ReSwitched team is planning on releasing anything on the horizon. The exploit is well known. Some rando that knows what he's doing could release something. Maybe Hackerman can use his 640k Mac to hack the Switch.
The thing is we have that exploit, but AFAIK no real public entry to make use of it. Though I could be wrong and maybe smhax could be activated directly from browser without previous entries. I don't exactly know how smhax gets activated.
 

Bladexdsl

fanboys triggered 9k+
Member
Joined
Nov 17, 2008
Messages
21,042
Trophies
2
Location
Queensland
XP
12,066
Country
Australia
wouldnt say that just yet honestly, if we have anything similar to Luma3ds then we might be fine with updating, don't give up just yet; the similarities between the 3ds and switch codebase might just make it work
your forgetting though what happens when Nintendo forces you to go online to download the rest of the game? :creep:
 

TheCyberQuake

Certified Geek
Member
Joined
Dec 2, 2014
Messages
5,012
Trophies
1
Age
28
Location
Las Vegas, Nevada
XP
4,432
Country
United States
Just to be clear, it’s impossible to downgrade a Switch with a hardmod. It had an array of eFuses inside the processor chip. Think of them like a bunch of tally marks. Each major firmware update blows an efuse, or marks a mark. If you downgrade it’s eMMC via hardmod, its efuse count will no longer match the version count, which means it will refuse. But worse: it will also blow yet another efuse to mark it as having been tampered with.

There may be, and in fact probably are, ways to hack it unrelated to downgrading. But downgrading is not an option. Every time Nintendo patches a “STAY ON THIS VERSION!” vuln it’d be silly to expect that patch to not also blow an efuse.

Me? My switch is running 3.0.1. When that version no longer works online maybe I’ll upgrade it. I didn’t realize that there was a confirmed vulnerability which was confirmed patched in 3.0.1 until after I’d already updated. At this point, unless I hear something concrete about 3.0.2 patching another exploitable vulnerability which is developed for, I have no reason to stay on 3.0.1. But chances are, if I upgrade, there’s no going back.


Edit: oh wow, what page am I reading
The devs won't ever announce anything concrete about an update when it comes. They always say to not update, and then when confirmed will give info about patched bugs. Right now they don't have any good ways to test previous vulns in newer updates because the major bug was used to access other bugs, so you likely won't hear if 3.0.2 fixes anything. Really in the words of daeken you are basically screwed for now if you are already on 3.0.1, but as always stay as low as possible. If you don't care enough to wait then don't. But don't be one of those people going around saying "we'll get exploits on latest firmware EventuallyTM, because that seems to be a problem in these threads even though the devs have made it very clear that is likely not going to happen.
 

Toni456

Well-Known Member
Member
Joined
Oct 31, 2012
Messages
344
Trophies
1
XP
490
Country
Australia
then...if we have something similar to Luma it wouldn't matter since it would be up to date anyway
That really depends actually it might be a lot harder than you think unless we can get some kind of coldboot going because the way updates work on the switch once installed from what i read about is it literally checks how many efuses are ticked and if there is too few it will correct it by adding more and if there is too many efuses set the system will not start at all.

So lets say we got cfw running and we managed to run emunand (fully updated) after rebooting the switch will no longer operate due to the efuses been corrected, for a better understanding i'll show you an example.

Ver 2.0.0 requires 2 efuses
Ver 3.0.0 requires 6 efuses

Emunand was running 3.0.0 so after rebooting because the efuses is now set to 6 and 2.0.0 is asking for only 2 the system will go into a panic (assuming efuses cannot be spoofed/redirected).

In theory we should still be able to get cfw running when triggering the exploit after every reboot while using a more sysnand like cfw but updating sysnand might be tricky, for starters if ram/offets changed i assume a new entrypoint with the same permissions or even a devkit would be needed to get it working but i also think if nintendo really cared about stopping exploits completely and avoiding another repeat of the 3ds they won't make things easy for us especially if they handle updates differently like if the system won't boot at all unless all system titles are updated and it might even go as far as reinstalling the whole OS like the ps vita does it (still keeping current firmwares secure to this day 3.61/3.63/3.65).

Now i'm not gonna pretend i know a lot about the inner workings of the switch but these are just some of the things i think could be roadblocks and after seeing how badly nintendo is trying to stop hacks completely it wouldn't surprise me if they actually have made the switch very secure for future updates.
 

TheCyberQuake

Certified Geek
Member
Joined
Dec 2, 2014
Messages
5,012
Trophies
1
Age
28
Location
Las Vegas, Nevada
XP
4,432
Country
United States
That really depends actually it might be a lot harder than you think unless we can get some kind of coldboot going because the way updates work on the switch once installed from what i read about is it literally checks how many efuses are ticked and if there is too few it will correct it by adding more and if there is too many efuses set the system will not start at all.

So lets say we got cfw running and we managed to run emunand (fully updated) after rebooting the switch will no longer operate due to the efuses been corrected, for a better understanding i'll show you an example.

Ver 2.0.0 requires 2 efuses
Ver 3.0.0 requires 6 efuses

Emunand was running 3.0.0 so after rebooting because the efuses is now set to 6 and 2.0.0 is asking for only 2 the system will go into a panic (assuming efuses cannot be spoofed/redirected).

In theory we should still be able to get cfw running when triggering the exploit after every reboot while using a more sysnand like cfw but updating sysnand might be tricky, for starters if ram/offets changed i assume a new entrypoint with the same permissions or even a devkit would be needed to get it working but i also think if nintendo really cared about stopping exploits completely and avoiding another repeat of the 3ds they won't make things easy for us especially if they handle updates differently like if the system won't boot at all unless all system titles are updated and it might even go as far as reinstalling the whole OS like the ps vita does it (still keeping current firmwares secure to this day 3.61/3.63/3.65).

Now i'm not gonna pretend i know a lot about the inner workings of the switch but these are just some of the things i think could be roadblocks and after seeing how badly nintendo is trying to stop hacks completely it wouldn't surprise me if they actually have made the switch very secure for future updates.
iirc fuse checks only occur during boot, so in theory if we had a way to launch a higher fw emunand without rebooting it shouldn't trigger a panic. The issue after that would be updating emuNAND without burning fuses.
AFAIK the system isn't in a constant state of checking fw and checking fuses and burning/panicking if incorrect, but rather only at specific times. So far I've only heard of the system panic happening during the boot process.

Or we could find a boot exploit that happens before the fuse check and panic and just skip the checks. But if a boot exploit did exist we likely wouldn't be seeing it for several years.
 

s3phir0th115

Well-Known Member
Member
Joined
Dec 31, 2008
Messages
728
Trophies
1
XP
1,003
Country
United States
iirc fuse checks only occur during boot, so in theory if we had a way to launch a higher fw emunand without rebooting it shouldn't trigger a panic. The issue after that would be updating emuNAND without burning fuses.
AFAIK the system isn't in a constant state of checking fw and checking fuses and burning/panicking if incorrect, but rather only at specific times. So far I've only heard of the system panic happening during the boot process.

Or we could find a boot exploit that happens before the fuse check and panic and just skip the checks. But if a boot exploit did exist we likely wouldn't be seeing it for several years.

If it works anything like the Xbox 360 exploits do, the efuse checks would either be spoofed or patched out completely.

Update wise, with the Xbox 360 hacks you don't update it with the normal procedure. You basically get the update files, generate a new NAND image, and then flash said NAND image on. I imagine the Switch could work similarly.
 

Megadriver94

Well-Known Member
Member
Joined
Aug 11, 2017
Messages
529
Trophies
0
Location
Earth
XP
1,962
Country
United States
About a month ago, somebody who was an avid redditor stumbled upon a switch system with active debug software on it. Shortly after he realized it he gave it to the nearest gamestop rather than thinking about what else could be done with it(such as, say sell it on Ebay, Game Gavel, etsy, or Newegg or keep it). Another reason to scold reddit for their often herd mentality way of thinking and/or blind respect for authority. If it wasn't for his desire to be the biggest blind authority lover he could be we could have gone past the "Hello World!" stage already! Bunch of dummies reddit tends to be.
 

Attachments

  • 1504710023744.jpg
    1504710023744.jpg
    885.4 KB · Views: 353

g00s3y

Well-Known Member
Member
Joined
Aug 6, 2008
Messages
840
Trophies
1
Age
38
Location
FL
XP
2,764
Country
United States
Just updated, and still able to play games without complaining about things not working.

--------------------- MERGED ---------------------------

About a month ago, somebody who was an avid redditor stumbled upon a switch system with active debug software on it. Shortly after he realized it he gave it to the nearest gamestop rather than thinking about what else could be done with it(such as, say sell it on Ebay, Game Gavel, etsy, or Newegg or keep it). Another reason to scold reddit for their often herd mentality way of thinking and/or blind respect for authority. If it wasn't for his desire to be the biggest blind authority lover he could be we could have gone past the "Hello World!" stage already! Bunch of dummies reddit tends to be.

I feel like posts of yours have probably been featured on r/iamverysmart.

Maybe some people don't give a shit about hacking, that makes them dumb?
 
  • Like
Reactions: TotalInsanity4

cybrian

Well-Known Member
Member
Joined
Sep 14, 2009
Messages
111
Trophies
1
XP
549
Country
United States
About a month ago, somebody who was an avid redditor stumbled upon a switch system with active debug software on it. Shortly after he realized it he gave it to the nearest gamestop rather than thinking about what else could be done with it(such as, say sell it on Ebay, Game Gavel, etsy, or Newegg or keep it). Another reason to scold reddit for their often herd mentality way of thinking and/or blind respect for authority. If it wasn't for his desire to be the biggest blind authority lover he could be we could have gone past the "Hello World!" stage already! Bunch of dummies reddit tends to be.
What do you think could have been done with that system? By the looks of it, it’s simply the factory test/aging menu that’s used on the assembly line to minimize faulty consoles being sent out. On first boot off the assembly line you see something like this, and an automated machine performs tests by checking all the buttons and controls, calibrates the LCD biasing and the digitizer, and has it run an “Aging mode,” which is a term for a pre-sale stress test. (Probably high CPU usage to make sure it doesn’t overheat or underclock itself under normal use.)

If you access the factory menu on many TVs (this usually isn’t locked behind any more than a secret key combination) you get something very similar, including an aging mode option which generally turns the brightness on max and either displays a solid white picture or alternates each color at 100% intensity.
 

PrincessLillie

(Future) VTuber
Member
Joined
Nov 28, 2013
Messages
2,917
Trophies
3
Age
21
Location
Virtual Earth
Website
lillie2523.carrd.co
XP
4,726
Country
United States
Nintendo Switch System Updates and Change History | Nintendo Support said:
Improvements Included in Version 3.0.2
  • Nintendo Switch Online
    • Added online play in Argentina, Brazil, Chile, Colombia, and Peru. This is currently available for free until the paid online service launches in 2018.
Did they really need to push an update to add online support in other regions? :unsure::huh:

Nintendo Switch System Updates and Change History | Nintendo Support said:
  • General system stability improvements to enhance the user's experience
GODDAMNIT
DX3Y2Sq.gif
 
  • Like
Reactions: TotalInsanity4

PotatisKnug

Well-Known Member
Member
Joined
Jul 30, 2017
Messages
374
Trophies
0
Age
29
Location
In a dark cave
Website
thomas.dusbite.se
XP
446
Country
Sweden
About a month ago, somebody who was an avid redditor stumbled upon a switch system with active debug software on it. Shortly after he realized it he gave it to the nearest gamestop rather than thinking about what else could be done with it(such as, say sell it on Ebay, Game Gavel, etsy, or Newegg or keep it). Another reason to scold reddit for their often herd mentality way of thinking and/or blind respect for authority. If it wasn't for his desire to be the biggest blind authority lover he could be we could have gone past the "Hello World!" stage already! Bunch of dummies reddit tends to be.
I don't blame him. He just wanted a switch and doesn't give a single fuck about anything else than playing his games. I'd do the same. Show it off on reddit and get it exchanged.
 
  • Like
Reactions: TotalInsanity4

Mystic Shadow

Well-Known Member
Member
Joined
Mar 2, 2015
Messages
143
Trophies
0
XP
848
Country
United States
Mines on 2.3 I don't even play it much and nothing looks interesting to me coming out. People act like the switch is the only console out. I can play PC,PS4 and my 3ds till a hack comes out I'll be fine.
 

Pixel Eater

Well-Known Member
Newcomer
Joined
Dec 1, 2014
Messages
62
Trophies
0
Age
37
XP
101
Country
United States
no update means no online play. isn't it better just to update?
That super depends. We really could end up in a PS3 type situation. I do really wish someone would find a trick for going online. I'm sure the paid subscription coming out next year will complicate things further. And a nice banwave isn't out of the question I guess, if we even get that far.
 
Last edited by Pixel Eater,

subcon959

@!#?@!
Member
Joined
Dec 24, 2008
Messages
5,834
Trophies
4
XP
10,053
Country
United Kingdom
I'm sure the paid subscription coming out next year will complicate things further. And a nice banwave isn't out of the question I guess, if we even get that far.
For all we know there are already mechanisms in place to flag consoles for later ban waves once the paid service kicks in. They seemingly did the same on 3DS already.
 
  • Like
Reactions: Xzi

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
    A @ anotherthing: The Nintendo servers are going down in 9 days anyway.