I'm considering working with hacking the switch. I mainly just wanna be able to modify my Zelda BoTW save games.. (durability, etc, etc)
It seems people abused older Nintendo products by manipulating save files to exploit games which had employees who were not security savvy... so they decided to not allow copying them off to SD, and back. I noticed in some other places that the code exists to download data from the cloud. It must check whenever it is online. Someone sent in their switch to get updated, and it had a cloud icon next to it..try to google find it..
Anyways,
I'm considering using DNS to hijack the domains, or setting it up to use my PC as a gateway.. I'm hoping it either doesnt' use SSL for everything... or I can trick it somehow. It'd be nice if it has SSL implementation bugs or something so I can monitor easily. If it sends requests to my hostname, then I hope I can at least get the information, and pass it on to their server to request the same URLs. It depends if they have client side SSL certificates, ,etc..
All of this trouble, and I really just want to edit save games =/
Anyone have any comments, or thoughts? I need to get a second network adapter to host a different WiFi to take a shot.. (I'm traveling)
I considered manipulating the RAM while its executing.. although it's BGA, and in layers on the PCB. If I decide to hack the switch then I'll have to order a second one for sure...
If there is no client side SSL, then the server (nintendo) should answer all requests.. replacing those requests to the swlitch, and having it accept them depends on whether its certificate authority verification is enabled, and how its configured.. I hope theres some way to add a CA which would alllow self signed.. otherwise it depends if its trust some MD5, or has bugs in validation of parameters.. no idea at this moment until I can MiTM (man in the middle) its traffic...
I know if I can get access to the ram chips pins on the board while its executing.. then itll allow dumping it. I'll check everything on the PCB to determine if something has DMA access.. it migth be a bit before I can order what I need.. so the software side (SSL) is best...
If anyone has ideas, comments, or is considering working on it .. LMK