Good and Bad things About Nintendo Switch (For Hackers)

Discussion in 'Switch - Console, Accessories and Hardware' started by baselhamad, Dec 9, 2016.

  1. comput3rus3r

    comput3rus3r GBAtemp Fan

    Member
    463
    163
    Aug 20, 2016
    United States
    Lol
     


  2. nmkd

    nmkd GBAtemp Regular

    Member
    101
    55
    Oct 25, 2016
    Gambia, The
    Honestly, I won't give a fuck about piracy if we get Android one day.

    PSP emulation :)

    //Sent from my glorious OnePlus X
     
  3. DinohScene

    DinohScene DinohScene <З MartyDreamy

    Member
    GBAtemp Patron
    DinohScene is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    14,803
    11,164
    Oct 11, 2011
    Antarctica
    В небо
    I doubt we'll see Android ported to it.
    Otherwise it would've already happened on previous consoles/handhelds.
     
  4. mikey420

    mikey420 GBAtemp Fan

    Member
    363
    99
    Dec 11, 2015
    United States
    Given that it can work much like a tablet I could see android being ported to it however I wouldn't hold my breath as I honestly think it'd be a waste of time. I doubt it would run the best but then since only Nintendo knows the kind of power there will be to work with I can't say.
     
  5. nmkd

    nmkd GBAtemp Regular

    Member
    101
    55
    Oct 25, 2016
    Gambia, The
    Well, there are barely ARM consoles that are technically (RAM and performance) able to run it, or to make it worth porting.

    //Sent from my glorious OnePlus X
     
  6. azoreseuropa

    azoreseuropa GBAtemp Guru

    Member
    5,352
    706
    Nov 6, 2002
    Portugal
    Proud to be Portuguese but live in USA.. for now.
    Number 1 and 2 is fine with me but I do not care about number 3. I never used online at all.
     
  7. SamThiiSaminator

    SamThiiSaminator Makes everything 3ds-related brick

    Member
    124
    25
    Dec 14, 2016
    West Sussex, England
    We're decent hackers, we can do it.

    Nintendo don't really like doing this so they shield their system. We need to find a workaround for this shield to get in, which takes a while.


     
    baselhamad likes this.
  8. Yil

    Yil GBAtemp Advanced Maniac

    Member
    1,912
    564
    Feb 19, 2014
    Canada
    What if it requires removing a physical chip (inside the soc) that monitors all your instructions and create errors whenever you execute things beyong a certain bound? Some smartphones already had this.
     
  9. sarkwalvein

    sarkwalvein Professional asshole at GBATemp

    Member
    4,407
    4,150
    Jun 29, 2007
    Argentina
    Germany
    The Wii had that, so did the Wii U and the 3DS.
     
  10. SamThiiSaminator

    SamThiiSaminator Makes everything 3ds-related brick

    Member
    124
    25
    Dec 14, 2016
    West Sussex, England
    There is that, but I didn't say we can't do it.
     
  11. Yil

    Yil GBAtemp Advanced Maniac

    Member
    1,912
    564
    Feb 19, 2014
    Canada
    But what if it sits above the kernel this time? And being put inside the soc made this a lot harder.
     
  12. TotalInsanity4

    TotalInsanity4 GBAtemp Supreme Overlord

    Member
    6,540
    6,361
    Dec 1, 2014
    United States
    Under a rock
    IOSU on the Wii U is literally what you're describing
     
  13. Yil

    Yil GBAtemp Advanced Maniac

    Member
    1,912
    564
    Feb 19, 2014
    Canada
    How do you even bypass it if the kernel don't give you access? Unless we hijack other things.
     
  14. TotalInsanity4

    TotalInsanity4 GBAtemp Supreme Overlord

    Member
    6,540
    6,361
    Dec 1, 2014
    United States
    Under a rock
    That's outside my knowledge. I'm guessing there's probably an oversight where IOSU reads something and instead of responding and eliminating it just bugs out
     
  15. shinyquagsire23

    shinyquagsire23 SALT/Sm4sh Leak Guy

    Member
    1,959
    3,221
    Nov 18, 2012
    United States
    Las Vegas
    That idea is closer to a hypervisor than anything else, to be honest. Enforcing memory permissions with an NX bit has been a feature since ARMv6 and is almost a requirement in modern devices (even 3DS has it). It's also a CPU feature so can't be removed. With Wii U's IOS, NX was provided by an external controller in the die.

    If the RAM is part of the SoC then that would eliminate any chances of RAM dumping early on (which is the only reason the DSi was remotely hacked, 3DS probably would have happened eventually but happened sooner with RAM dumping).

    If the 3DS didn't have gspwn it would have been much more difficult to have homebrew to the extent it is at now, since you would need kernel access to write to executable memory. This is the case with Wii U, but Nintendo doesn't seem to care much for the Wii U and hasn't patched any of the existing vulnerabilities which have existed on the latest firmware for months. Wii U also has a JIT area which at least made things a bit easier. With 3DS, very few ARM11 kernel exploits have been found, and fewer ARM9 privilege escalation exploits exist.

    My guess for even just a decent homebrew environment in userland would be a few years. The 3DS didn't have the worst security (though it made some critical mistakes), and the Wii U was ~OK in PPC, but pretty decent with IOSU, and the Switch should only get better. Luckily webkit is basically a given if it's a portable, so bypassing ASLR should be feasible. Actually going from ROP to real code execution will be the hard part.

    EDIT: Actually I guess code execution could be doable if there's a JIT area like with Wii U, but it didn't exist on 3DS so whether it'll be included is a mystery. Could also go full iOS where there's a JIT area, but it's actually secure.
     
    Last edited by shinyquagsire23, Jan 2, 2017
    Pandaxclone2 and I pwned U! like this.
  16. zoogie

    zoogie simple pimp tool

    Member
    5,855
    7,311
    Nov 30, 2014
    United States
    The big reason the 3ds got hacked was the ability to dump FCRAM from hardware. That lead to userland exploitation and that led to all the rest.

    It will likely be much more difficult given the high probability the switch's RAM will be embedded in its SOC.

    edit: shinyninja'd
     
    Last edited by zoogie, Jan 2, 2017
    Pandaxclone2 likes this.
  17. TheToaster

    TheToaster Warrior of the Toast

    Member
    421
    157
    Aug 11, 2015
    United States
    USA
    TBH, the first "disadvantage" in the OP isn't really a disadvantage to me. Every device takes time to be hacked. That's the fun about it. For example, the 3DS is nearing the end of its lifespan. Of course, Nintendo will still release software updates and patches, but ultimately it will be really easy to find new vulnerabilities and create exploits. If Nintendo were to just give up and completely stop releasing software updates for the 3DS, where is the fun in that? There is no purpose in hacking a console at all. So, when the switch is released, of course it will take another year to hack it, but that's what makes hacking fun: Discovering vulnerabilities, creating exploits, Nintendo patches the vulnerabilities, and repeat the process.
     
  18. Alkéryn

    Alkéryn Master of cookies ~

    Member
    1,370
    1,566
    Mar 15, 2015
    France
    Albategnius, Moon
    None of them are true and actually the switch will be hacked in few weeks /month
     
  19. ethanwa79

    ethanwa79 Member

    Newcomer
    18
    10
    Feb 23, 2017
    United States
    Good: Real software and hardware engineers are actually already looking into ways to hack the Switch.

    Bad: You're not one of them, because people who know what they are doing don't post shit threads like this.
     
    digipimp75 and Alkéryn like this.
  20. WiiUBricker

    WiiUBricker Fake News Reporter

    Member
    6,813
    3,691
    Sep 19, 2009
    Argentina
    Espresso
    I just noticed this thread for the first time. From the title, I thought that it would list facts but there is nothing but useless ifs and even those ifs don't make any sense. So what's the point?