Good and Bad things About Nintendo Switch (For Hackers)

Discussion in 'Switch - Console, Accessories and Hardware' started by baselhamad, Dec 9, 2016.

  1. comput3rus3r

    Member comput3rus3r GBAtemp Regular

    Joined:
    Aug 20, 2016
    Messages:
    105
    Country:
    United States
    Lol
     


  2. nmkd

    Newcomer nmkd Advanced Member

    Joined:
    Oct 25, 2016
    Messages:
    93
    Country:
    Germany
    Honestly, I won't give a fuck about piracy if we get Android one day.

    PSP emulation :)

    //Sent from my glorious OnePlus X
     
  3. DinohScene

    Member DinohScene Feed Dino to the Sharks

    Joined:
    Oct 11, 2011
    Messages:
    13,249
    Location:
    В небо
    Country:
    Antarctica
    I doubt we'll see Android ported to it.
    Otherwise it would've already happened on previous consoles/handhelds.
     
  4. mikey420

    Member mikey420 GBAtemp Regular

    Joined:
    Dec 11, 2015
    Messages:
    281
    Country:
    United States
    Given that it can work much like a tablet I could see android being ported to it however I wouldn't hold my breath as I honestly think it'd be a waste of time. I doubt it would run the best but then since only Nintendo knows the kind of power there will be to work with I can't say.
     
  5. nmkd

    Newcomer nmkd Advanced Member

    Joined:
    Oct 25, 2016
    Messages:
    93
    Country:
    Germany
    Well, there are barely ARM consoles that are technically (RAM and performance) able to run it, or to make it worth porting.

    //Sent from my glorious OnePlus X
     
  6. azoreseuropa

    Member azoreseuropa GBAtemp Psycho!

    Joined:
    Nov 6, 2002
    Messages:
    4,611
    Location:
    I am deaf and live in the USA for now :D
    Country:
    Portugal
    Number 1 and 2 is fine with me but I do not care about number 3. I never used online at all.
     
  7. SamThiiSaminator

    Newcomer SamThiiSaminator Advanced Member

    Joined:
    Dec 14, 2016
    Messages:
    54
    Location:
    West Sussex, England
    Country:
    United Kingdom
    We're decent hackers, we can do it.

    Nintendo don't really like doing this so they shield their system. We need to find a workaround for this shield to get in, which takes a while.


     
    baselhamad likes this.
  8. Yil

    Member Yil GBAtemp Advanced Maniac

    Joined:
    Feb 19, 2014
    Messages:
    1,588
    Country:
    Canada
    What if it requires removing a physical chip (inside the soc) that monitors all your instructions and create errors whenever you execute things beyong a certain bound? Some smartphones already had this.
     
  9. sarkwalvein

    Member sarkwalvein GBAtemp Addict

    Joined:
    Jun 29, 2007
    Messages:
    2,784
    Country:
    Argentina
    The Wii had that, so did the Wii U and the 3DS.
     
  10. SamThiiSaminator

    Newcomer SamThiiSaminator Advanced Member

    Joined:
    Dec 14, 2016
    Messages:
    54
    Location:
    West Sussex, England
    Country:
    United Kingdom
    There is that, but I didn't say we can't do it.
     
  11. Yil

    Member Yil GBAtemp Advanced Maniac

    Joined:
    Feb 19, 2014
    Messages:
    1,588
    Country:
    Canada
    But what if it sits above the kernel this time? And being put inside the soc made this a lot harder.
     
  12. TotalInsanity4

    Member TotalInsanity4 GBAtemp Supreme Overlord

    Joined:
    Dec 1, 2014
    Messages:
    5,920
    Location:
    Under a rock
    Country:
    United States
    IOSU on the Wii U is literally what you're describing
     
  13. Yil

    Member Yil GBAtemp Advanced Maniac

    Joined:
    Feb 19, 2014
    Messages:
    1,588
    Country:
    Canada
    How do you even bypass it if the kernel don't give you access? Unless we hijack other things.
     
  14. TotalInsanity4

    Member TotalInsanity4 GBAtemp Supreme Overlord

    Joined:
    Dec 1, 2014
    Messages:
    5,920
    Location:
    Under a rock
    Country:
    United States
    That's outside my knowledge. I'm guessing there's probably an oversight where IOSU reads something and instead of responding and eliminating it just bugs out
     
  15. shinyquagsire23

    Member shinyquagsire23 SALT/Sm4sh Leak Guy

    Joined:
    Nov 18, 2012
    Messages:
    1,927
    Location:
    Las Vegas
    Country:
    United States
    That idea is closer to a hypervisor than anything else, to be honest. Enforcing memory permissions with an NX bit has been a feature since ARMv6 and is almost a requirement in modern devices (even 3DS has it). It's also a CPU feature so can't be removed. With Wii U's IOS, NX was provided by an external controller in the die.

    If the RAM is part of the SoC then that would eliminate any chances of RAM dumping early on (which is the only reason the DSi was remotely hacked, 3DS probably would have happened eventually but happened sooner with RAM dumping).

    If the 3DS didn't have gspwn it would have been much more difficult to have homebrew to the extent it is at now, since you would need kernel access to write to executable memory. This is the case with Wii U, but Nintendo doesn't seem to care much for the Wii U and hasn't patched any of the existing vulnerabilities which have existed on the latest firmware for months. Wii U also has a JIT area which at least made things a bit easier. With 3DS, very few ARM11 kernel exploits have been found, and fewer ARM9 privilege escalation exploits exist.

    My guess for even just a decent homebrew environment in userland would be a few years. The 3DS didn't have the worst security (though it made some critical mistakes), and the Wii U was ~OK in PPC, but pretty decent with IOSU, and the Switch should only get better. Luckily webkit is basically a given if it's a portable, so bypassing ASLR should be feasible. Actually going from ROP to real code execution will be the hard part.

    EDIT: Actually I guess code execution could be doable if there's a JIT area like with Wii U, but it didn't exist on 3DS so whether it'll be included is a mystery. Could also go full iOS where there's a JIT area, but it's actually secure.
     
    Last edited by shinyquagsire23, Jan 2, 2017
    Pandaxclone2 and I pwned U! like this.
  16. zoogie

    Member zoogie 3DStemp Psycho!

    Joined:
    Nov 30, 2014
    Messages:
    5,255
    Country:
    United States
    The big reason the 3ds got hacked was the ability to dump FCRAM from hardware. That lead to userland exploitation and that led to all the rest.

    It will likely be much more difficult given the high probability the switch's RAM will be embedded in its SOC.

    edit: shinyninja'd
     
    Last edited by zoogie, Jan 2, 2017
    Pandaxclone2 likes this.
  17. TheToaster

    Member TheToaster Warrior of the Toast

    Joined:
    Aug 11, 2015
    Messages:
    358
    Location:
    USA
    Country:
    United States
    TBH, the first "disadvantage" in the OP isn't really a disadvantage to me. Every device takes time to be hacked. That's the fun about it. For example, the 3DS is nearing the end of its lifespan. Of course, Nintendo will still release software updates and patches, but ultimately it will be really easy to find new vulnerabilities and create exploits. If Nintendo were to just give up and completely stop releasing software updates for the 3DS, where is the fun in that? There is no purpose in hacking a console at all. So, when the switch is released, of course it will take another year to hack it, but that's what makes hacking fun: Discovering vulnerabilities, creating exploits, Nintendo patches the vulnerabilities, and repeat the process.
     

Share This Page