Hacking Apparently the X1 bootrom was leaked

Geezerdorf · Apr 22, 2018

Codiox said:
As it seems the Tegra X1 bootrom was leaked a couple of hours ago on pastebin.

Now everybody can find the exploit without the hassle of dumping the bootrom themselves.

Let the games begin...

This will make those with the bootrom exploits move, but maybe not that much. The fact that now it's in the public and someone outside of the hacking scene can also contribute with it though, makes this interesting...and dangerous. There'll be a storm brewing on the horizon.

andijames said:
Isn't this massively illegal making the whole bootrom public?

Well, you're using an exploit for unautorized code execution. Depending on your final use for it....it is

Lacius · Apr 22, 2018

x65943 said:
Right now sure, but SciresM has said every switch with this tegra has the same vuln and it can only be fixed with a hardware revision. Your switch will eventually be hackable too.

The hardmod he's referring to is for Fusée Gelée. When Fusée Gelée is released this summer, systems on 3.0.1 and higher will require an "easy" hardmod. Systems on 3.0.1-4.1.0 might get access to the private software exploits sometime in the future.

aerios169 · Apr 22, 2018

ahh i dont know anithing of soldering i am medic hahaha, =/ thats why i feel fucked haha

Dominator211 · Apr 22, 2018

Codiox said:
As it seems the Tegra X1 bootrom was leaked a couple of hours ago on pastebin.

Now everybody can find the exploit without the hassle of dumping the bootrom themselves.

Let the games begin...

hallelujah!! hallelujah!! This is Exciting i cannot wait for homebrew to unlock the switches full potential

the_randomizer · Apr 22, 2018

andijames said:
He also didn't release anything and was pretty much driven off the scene so in Sony's eyes. Job done. Sent the message loud and clear.

So then don't reveal your name and keep things under lock and key and then release it anonymously.

Lacius · Apr 22, 2018

aerios169 said:
ahh i dont know anithing of soldering i am medic hahaha, =/ thats why i feel fucked haha

The "easy" hardmod will likely have a solderless option.

Ryccardo · Apr 22, 2018

Sephirosu said:
Literally typed "Tegra X1 Boot ROM (Nintendo Switch) pastebin" and got a file. So what can we even do with this without some instructions?

You can explore it in a disassembler (which may or may not exist for that specific SOC/subarchitecture) and try finding something interesting,
or you can use it in a low-level emulator (which may or may not exist yet, but the MAME team will certainly like the news),
or you can fully reverse engineer it to understand what it does so that a future emulator may have a freely licensed replacement instead of requiring this rom...

("You" for obvious reasons refers to a generic person, in fact it probably doesn't include "you"

)

andijames said:
Isn't this massively illegal making the whole bootrom public?

It's just "regularly illegal", not differently than uploading the newest 80 GB PC game or the install disks of MS-DOS 6.22

Alternative interpretation: nothing is illegal until you are caught AND proven guilty (see kongsnutz)

souler92 · Apr 22, 2018

aerios169 said:
ahh i dont know anithing of soldering i am medic hahaha, =/ thats why i feel fucked haha

its nothing with soldering, you have to open the switch, you have to make a short circuit for a small amount of time on 2 pins everytime you restart the switch tho

damiano2712 · Apr 22, 2018

I'm out of the loop here, what can it be used for?

Sephirosu · Apr 22, 2018

Ryccardo said:
You can explore it in a disassembler (which may or may not exist for that specific SOC/subarchitecture) and try finding something interesting,
or you can use it in a low-level emulator (which may or may not exist yet, but the MAME team will certainly like the news),
or you can fully reverse engineer it to understand what it does so that a future emulator may have a freely licensed replacement instead of requiring this rom...

("You" for obvious reasons refers to a generic person, in fact it probably doesn't include "you" )

It's just "regularly illegal", not differently than uploading the newest 80 GB PC game or the install disks of MS-DOS 6.22

Alternative interpretation: nothing is illegal until you are caught AND proven guilty (see kongsnutz)

Ohh interesting. So basically this in the hands of someone that's knowledgeable can actually get the ball rolling. Cooooool. Time to wait then. At least something is out in the wild now without the need to wait for summer.

aerios169 · Apr 22, 2018

souler92 said:
its nothing with soldering, you have to open the switch, you have to make a short circuit for a small amount of time on 2 pins everytime you restart the switch tho

well it sounds nice, i will wait for tutorals and everything

, i hope that this dosent affect nintendo =S

Rune · Apr 22, 2018

Sephirosu said:
Literally typed "Tegra X1 Boot ROM (Nintendo Switch) pastebin" and got a file. So what can we even do with this without some instructions?

Try opening it with RetroArch.

subcon959 · Apr 22, 2018

Sephirosu said:
Ohh interesting. So basically this in the hands of someone that's knowledgeable can actually get the ball rolling. Cooooool. Time to wait then. At least something is out in the wild now without the need to wait for summer.

This was probably already in the hands of people who could do anything with it. But of course GBAtemp will hype the hell out of it regardless.

andijames · Apr 22, 2018

You'll still need CFW though so whilst this may accelerate the x1 exploits visibility there's literally nothing that can be done without having something to run on it right?

DeslotlCL · Apr 22, 2018

It's the 3ds drama all over again

Keep the leaks coming boys

Lacius · Apr 22, 2018

souler92 said:
its nothing with soldering, you have to open the switch, you have to make a short circuit for a small amount of time on 2 pins everytime you restart the switch tho

We don't know everything about Fusée Gelée and its variants, but Kate has said that users should only have to open up their Switch systems one time.

andijames said:
You'll still need CFW though so whilst this may accelerate the x1 exploits visibility there's literally nothing that can be done without having something to run on it right?

That's correct. We still need Atmosphère to be completed.

Ryccardo · Apr 22, 2018

Sephirosu said:
Ohh interesting. So basically this in the hands of someone that's knowledgeable can actually get the ball rolling. Cooooool. Time to wait then. At least something is out in the wild now without the need to wait for summer.

By the way, "something interesting" is not necessarily an exploitable vulnerability: if you think about the 3DS, while we got lucky and its bootrom ALSO contained the basis for sighax, we also got a truckload of keys out of it - resulting in the ability to encrypt/decrypt the OS and games directly on a PC (which is likely appreciated by high level emulator users), to decrypt the nand with only adding the OTP instead of xorpads to be generated on an already hacked console, ...

smilodon · Apr 22, 2018

Yay, more nothing for the end user!

Gnarmagon · Apr 22, 2018

lmao it's actually legit and decrypted XD

zoogie · Apr 22, 2018

damiano2712 said:
I'm out of the loop here, what can it be used for?

Don't really know. I don't think it's as useful as the 3ds bootrom - it's missing ipatches so some info is missing. There was a concerted effort to dump it so I'm sure there's some use to it.

Summoning an expert

@SciresM

Hacking Apparently the X1 bootrom was leaked

Well-Known Member

Well-Known Member

Well-Known Member

JFK's Jelly Donut

The Temp's official fox whisperer

Well-Known Member

Penguin accelerator

Well-Known Member

Well-Known Member

Well-Known Member

Well-Known Member

Well-Known Member

@!#?@!

Well-Known Member

GBAtemp's scalie trash

Well-Known Member

Penguin accelerator

Well-Known Member

Noob <3

playing around in the end of life

Similar threads

Popular threads in this forum