[I know this is a little messy right now, not too presentable. But it has solid information. I'm just crunched on time. I'll update it when I can to make it more presentable]
[Requesting Sticky]
I've seen this question way too many times, threads started, asking the same question, etc. Well I'm here to (hopefully) help avoid... this...
So first off, what is Smhax?
smhax is the informal name of a vulnerability discovered by multiple hackers on the Nintendo Switch. The bug, when fully exploited, appears to be a privilege escalation which allows the attacker to register and run arbitrary services on the console. Specifically, according to the switchbrew wiki:
"Prior to 3.0.1, the service manager (sm) built-in system module treats a user as though it has full permissions if the user creates a new “sm:” port session but bypasses initialization. This is due to the other sm commands skipping the service ACL check for Pids <= 7 (i.e. all kernel bundled modules) and that skipping the initialization command leaves the Pid field uninitialized. Successful exploitation results in Acquisition, registering, and unregistering of arbitrary services"
In other words, coupled with a userland entry point (typically a webkit vulnerability), this could probably be used to gain full access to the console.
[Credit for the paragraph above, goes to Wololo, of Wololo.net. I copy and pasted]
The exploit works on ALL firmware PRIOR to 3.01. So as long as you're below 3.01, you're fine, and good to go.
So guys, now you know what it is... should you update to 3.01?
ultimately? It's up to you. But here are the pros and cons:
If you update:
-Online access (games, eshop, etc.)
-Play the most recent games which require the more recent firmware(s)
-No access to the exploit, when it releases for the common user.
If you don't update:
-No online whatsoever
-Access to the exploit, in time.
Ultimately? It's up to you.
Devs say not to update.
THERE IS NO GUARANTEE THAT ANOTHER EXPLOIT WILL BE RELEASED. EVER. YOU WILL BE TAKING A RISK IF YOU UPDATE... DO NOT LISTEN TO ANYONE WHO TELLS YOU AN EXPLOIT WILL COME IN TIME.
I know this is a messy FAQ right now, I'm sort of crunched for time. I'll edit it when I can to make it more... presentable... I will add dev quotes, recommendations, etc.
In the meantime, if you have any questions or comments you'd like me to add to the faq, let me know.
[Requesting Sticky]
I've seen this question way too many times, threads started, asking the same question, etc. Well I'm here to (hopefully) help avoid... this...
So first off, what is Smhax?
smhax is the informal name of a vulnerability discovered by multiple hackers on the Nintendo Switch. The bug, when fully exploited, appears to be a privilege escalation which allows the attacker to register and run arbitrary services on the console. Specifically, according to the switchbrew wiki:
"Prior to 3.0.1, the service manager (sm) built-in system module treats a user as though it has full permissions if the user creates a new “sm:” port session but bypasses initialization. This is due to the other sm commands skipping the service ACL check for Pids <= 7 (i.e. all kernel bundled modules) and that skipping the initialization command leaves the Pid field uninitialized. Successful exploitation results in Acquisition, registering, and unregistering of arbitrary services"
In other words, coupled with a userland entry point (typically a webkit vulnerability), this could probably be used to gain full access to the console.
[Credit for the paragraph above, goes to Wololo, of Wololo.net. I copy and pasted]
The exploit works on ALL firmware PRIOR to 3.01. So as long as you're below 3.01, you're fine, and good to go.
So guys, now you know what it is... should you update to 3.01?
ultimately? It's up to you. But here are the pros and cons:
If you update:
-Online access (games, eshop, etc.)
-Play the most recent games which require the more recent firmware(s)
-No access to the exploit, when it releases for the common user.
If you don't update:
-No online whatsoever
-Access to the exploit, in time.
Ultimately? It's up to you.
Devs say not to update.
THERE IS NO GUARANTEE THAT ANOTHER EXPLOIT WILL BE RELEASED. EVER. YOU WILL BE TAKING A RISK IF YOU UPDATE... DO NOT LISTEN TO ANYONE WHO TELLS YOU AN EXPLOIT WILL COME IN TIME.
I know this is a messy FAQ right now, I'm sort of crunched for time. I'll edit it when I can to make it more... presentable... I will add dev quotes, recommendations, etc.
In the meantime, if you have any questions or comments you'd like me to add to the faq, let me know.
Last edited by Thirty3Three,