[FAQ] Smhax - Should I update?

Discussion in 'Switch - Hacking & Homebrew' started by Thirty3Three, Aug 31, 2017.

  1. Thirty3Three
    OP

    Thirty3Three Musician Member

    Member
    3,589
    1,974
    Mar 22, 2013
    United States
    Wherever you want me, baby.
    [I know this is a little messy right now, not too presentable. But it has solid information. I'm just crunched on time. I'll update it when I can to make it more presentable]


    [Requesting Sticky]


    I've seen this question way too many times, threads started, asking the same question, etc. Well I'm here to (hopefully) help avoid... this...
    [​IMG]


    So first off, what is Smhax?

    smhax is the informal name of a vulnerability discovered by multiple hackers on the Nintendo Switch. The bug, when fully exploited, appears to be a privilege escalation which allows the attacker to register and run arbitrary services on the console. Specifically, according to the switchbrew wiki:

    "Prior to 3.0.1, the service manager (sm) built-in system module treats a user as though it has full permissions if the user creates a new “sm:” port session but bypasses initialization. This is due to the other sm commands skipping the service ACL check for Pids <= 7 (i.e. all kernel bundled modules) and that skipping the initialization command leaves the Pid field uninitialized. Successful exploitation results in Acquisition, registering, and unregistering of arbitrary services"

    In other words, coupled with a userland entry point (typically a webkit vulnerability), this could probably be used to gain full access to the console.

    [Credit for the paragraph above, goes to Wololo, of Wololo.net. I copy and pasted]

    The exploit works on ALL firmware PRIOR to 3.01. So as long as you're below 3.01, you're fine, and good to go.




    So guys, now you know what it is... should you update to 3.01?

    ultimately? It's up to you. But here are the pros and cons:


    If you update:
    -Online access (games, eshop, etc.)
    -Play the most recent games which require the more recent firmware(s)
    -No access to the exploit, when it releases for the common user.

    If you don't update:
    -No online whatsoever
    -Access to the exploit, in time.


    Ultimately? It's up to you.
    Devs say not to update.


    THERE IS NO GUARANTEE THAT ANOTHER EXPLOIT WILL BE RELEASED. EVER. YOU WILL BE TAKING A RISK IF YOU UPDATE... DO NOT LISTEN TO ANYONE WHO TELLS YOU AN EXPLOIT WILL COME IN TIME.


    I know this is a messy FAQ right now, I'm sort of crunched for time. I'll edit it when I can to make it more... presentable... I will add dev quotes, recommendations, etc.


    In the meantime, if you have any questions or comments you'd like me to add to the faq, let me know.
     
    Last edited by Thirty3Three, Aug 31, 2017
  2. Sonic Angel Knight

    Sonic Angel Knight GBAtemp Legend

    Member
    10,510
    5,380
    May 27, 2016
    United States
    New York
    I updated, and got sonic mania, not worth waiting for me, who knows what will happen, maybe future potential will occur? :unsure:

    Maybe vc would be so cool this time around that I won't need emulators. I hear it will have online multiplayer. Imagine super mario bros online, take turns game with a random player. :P
     
    Bladexdsl, Kourin, zeldaism and 3 others like this.
  3. Chizko

    Chizko GBAtemp Regular

    Member
    134
    47
    Jan 24, 2015
    Chile
    ???? ??? ???
    But is necesary to be clear, dev didn't say they can use it yet in any level. That is why every day talk about when is release, that is the real question, no if i should update?...
     
  4. Thirty3Three
    OP

    Thirty3Three Musician Member

    Member
    3,589
    1,974
    Mar 22, 2013
    United States
    Wherever you want me, baby.
    They mentioned it gives deep access. They've even found ways to dump files among other things, showing that they can take advantage of the exploit. So yes, actually, it can be used in such a level right now. It's not released to the public, but yeah.
     
  5. KiiWii

    KiiWii GBAtemp Psycho!

    Member
    3,925
    1,436
    Nov 17, 2008
    United Kingdom
    I'll wait for EOLhaxx like WiiU
     
    TotalInsanity4 and Subtle Demise like this.
  6. iAqua

    iAqua

    Member
    2,842
    2,506
    Dec 7, 2015
    Antarctica
    I didn't update simply because I want to edit my botw save :^)
     
    awalsh053 likes this.
  7. Chizko

    Chizko GBAtemp Regular

    Member
    134
    47
    Jan 24, 2015
    Chile
    ???? ??? ???
    i know they do this before the 2.3-3.0, maybe that progress give to Smhax but not "Smhax", maybe i wrong.
     
  8. billcosby

    billcosby Newbie

    Newcomer
    2
    1
    Aug 31, 2017
    United States
    I have a question you might want to add to the FAQ. I've been wondering about the exploit does it allow arbitrary code execution as root or something like that? I'm not really sure what registering an arbitrary service really entails.
     
  9. dpad_5678

    dpad_5678 GBAtemp's Memelord

    Member
    1,750
    1,299
    Nov 19, 2015
    United States
    Meh. Staying on 3.0.0 because Zelda, MK8D, and ARMS all work on there. Don't really plan on buying any other games anytime soon and I never play online.
     
    Thelonewolf88, Kubas_inko and iAqua like this.
  10. leonmagnus99

    leonmagnus99 GBAtemp Addict

    Member
    2,550
    643
    Apr 2, 2013
    Seinegald
    can the exploit lead to custom themes etc.?
    if it does, i will consider selling my switch and buying one on exploitable fw.

    i play mostly on my ps4/vita these days..
    and i also have 2 3ds's i can play on ,so waiting would be no issue for me.

    i was thinking about selling my switch these days, but i can't decide yet whether i should or not.
    but i would love to have some theme options and some kind of player etc.

    custom fw's are so much fun tbh.
     
  11. Cyan

    Cyan GBATemp's lurking knight

    Global Moderator
    18,754
    9,039
    Oct 27, 2002
    France
    Engine room, learning
    sorry, I told you in PM, but I find it funny I want to share (don't take it bad)

    FAQ !!! should I update ??

    me : "ohhhh, that will tell me what to do ? that thread is great !"
    *read, read*

    found the answer : it's up to you, do what you want.
    I'm not any further ahead and still don't know what to do as you didn't tell me if I should update or not ;)

    Ps: I don't even have a switch yet. just has nothing interesting for me yet, it will probably be >3.0 when I'll bought one.
     
    Last edited by Cyan, Aug 31, 2017
  12. mendezagus

    mendezagus Member

    Newcomer
    35
    5
    Aug 29, 2017
    Argentina
  13. Sonic Angel Knight

    Sonic Angel Knight GBAtemp Legend

    Member
    10,510
    5,380
    May 27, 2016
    United States
    New York
    I can sit around for months waiting for Something to happen, or keep updating my system and getting new and more features to make it more complete and "Stabilized" and keep eshop access and online modes for games I wanna buy, eventually you will come across a game you want to play, will you just not buy it cause of fear of updates or play it cause "You bought a $300 game console hybrid and want to play games and enjoy it"

    Maybe you'll get lucky with a exploit in future firmwares, nintendo isn't exactly known for iron clad defense on hacking.
     
    Maximilious and the_randomizer like this.
  14. The Real Jdbye

    The Real Jdbye Always Remember 30/07/08

    Member
    GBAtemp Patron
    The Real Jdbye is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    12,531
    5,475
    Mar 17, 2010
    Norway
    Alola
    It's worth noting in the FAQ that this exploit on its own does not enable piracy nor homebrew, and it has limited usefulness to the end users. However it's possible that in the future it could be used to exploit another part of the system to gain full access or at least gain enough access for unsigned code execution.
    Probably not without another exploit.
     
  15. Thirty3Three
    OP

    Thirty3Three Musician Member

    Member
    3,589
    1,974
    Mar 22, 2013
    United States
    Wherever you want me, baby.
    took that the wrong way, trying not to ;)
    Thanks again though.
     
  16. Cyan

    Cyan GBATemp's lurking knight

    Global Moderator
    18,754
    9,039
    Oct 27, 2002
    France
    Engine room, learning
    that's just a thing to point what you should change, like mendezagus said, adding some specific information.
    write it in a way that tell the users they should not update (if they wants any homebrew for now).

    for the moment, that's the only entry point, I don't know if there will or if there is something using it, but it's the only useful vulnerability.
    so, user should understand that : no, he shouldn't update if he want anything related to homebrew/hack.

    the way you word it is encouraging or preventing the user to do anything. you actually have the power to decide for them.
    when reading that thread titles, they expect a direct answer (in my opinion).
     
    Last edited by Cyan, Aug 31, 2017
    TotalInsanity4 and ShadowOne333 like this.
  17. dpad_5678

    dpad_5678 GBAtemp's Memelord

    Member
    1,750
    1,299
    Nov 19, 2015
    United States
    Yeah I agree. @Thirty3Three, your post is extremely informative however not everybody has the patience to read through all of this. Maybe a TL;DR at the top of the thread?
     
    iAqua likes this.
  18. ShadowOne333

    ShadowOne333 GBAtemp Guru

    Member
    7,377
    4,799
    Jan 17, 2013
    Mexico
    The online whores are the ones most likely to update.
    Sonic Mania, Splatoon 2 and Mario Kart 8 DX seem to be the main three reasons why people have been updating. (Perhaps BotW DLC as well).

    But really, there should be a message in red bold letters saying something like:
    "If you want to be able to run smhax when it's released DO NOT update.
    If you want to continue playing online then be my guest, update and risk the possibility of not being able to run haxx right when it's released"

    Besides, we don't know if there are any exploits found for anything above 3.0.0, much less if the exploits above 3.0.0 might even get the same kind of permissions as the ones who stayed on 3.0.0 or below with smhax.
    Most likely, IF an exploit for 3.0.1 and above does get released, it will only be userland with very limited services and modules at disposal.
     
    Thelonewolf88 likes this.
  19. Cyan

    Cyan GBATemp's lurking knight

    Global Moderator
    18,754
    9,039
    Oct 27, 2002
    France
    Engine room, learning
    that's the SAME for all consoles, really. sometime only in their early life (wiiu/3DS), sometime always valid (PS3/PS4).
    if you want to use a hack, do not update !
    if you want online, update !

    choose, and live with your choice.
     
    Last edited by Cyan, Aug 31, 2017
    Subtle Demise likes this.
  20. Keizel

    Keizel GBAtemp Fan

    Member
    365
    111
    Jun 28, 2015
    I udpated Wii U to 5.5.2 and I could load Mocha CFW.
    I updated 3DS to 11.5.0 and I could load LumaCFW.
    I updated PS3 to 4.81 and I could load CFW Rebug with downgrade with E3 Flasher.

    Well, I updated to my Nintendo Switch and I will play to online (Splatoon2, arms etc) until the exploit for my version be released. The no-update maybe is more useful for people that dont have games and want the exploit for play it free without use money.
     
    Last edited by Keizel, Aug 31, 2017