​

Stuckpixel of the ReSwitched team recently released his exploit "Nereba".

This exploit will enable Nintendo Switch owners with early units that have held off updating, still on the original 1.0.0 firmware to reboot into a Fusée Gelée payload without any dongle, USB connections to a external device or jig directly from stock untouched firmware. In addition support for 2.x and 3.x firmware is also planned in the future, opening up the exploit to significantly more consoles.

The implementation takes advantage of the nspwn exploit, that users of the original 3.0.0 homebrew implementation will be familiar with. Used in conjunction with this, users will be able to boot any Fusee Gelee payload from the micro SD card, placed in the nereba folder on the root of the SD card. After running the script from the Switch web applet, users can reboot into any payload by launching the album applet from the home menu.

Download:

https://github.com/pixel-stuck/nereba/releases

 

[tjok3000]

Is for a switch with firmware 1.0.0, the Nereba exploit with help from pc on wifi, and with atmosphere with emu for higher firmware as for now the best option?
Or i'm curious are there also other developments going on for 1.0.0?

 

[snoofly]

Is for a switch with firmware 1.0.0, the Nereba exploit with help from pc on wifi, and with atmosphere with emu for higher firmware as for now the best option?
Or i'm curious are there also other developments going on for 1.0.0?

On my 1.0.0 I boot into stock 1.0 OFW then run fake news to access Pegascape DNS in order to run nereba to load SX OS payload (or Atmosphere whatever) into emunand on 8.1.
It sounds long winded but really only takes a few seconds.
So as long as the Pegascape DNS is up you've basically got a method to boot to 8.1 emunand direct from OFW.
I host Pegascape locally as well and use my PC as second DNS entry in case Pega is down but it never has been.
Outside of a modchip/trinket, I think this is the only way to enable CFW from Stock OFW without need of a PC or other cables/dongles etc.

 

[tjok3000]

That sounds like a very nice solution. So the only thing is a wifi to internet or a pc as a backuphost to Pegascape is needed I understand.

Do you know if Pegascape is also hostable on for example an android phone?
For my ps4 i got some sort of a Pegascape, but I can trigger it with an old android phone.

 

[snoofly]

Sorry, I'm not sure, I expect so but I've never tried it.
I use a ESP8266 for my PS4 and I think you can go that route also with Pegascape so I expect you can also use an Android phone as well
but https://gbatemp.net/threads/pegaswi...witch-4-1-using-esp8266-chip-possible.542740/ maybe a place to enquire?
I guess 99.99% of time the Pega DNS is available and you can hotspot to it thru your phone if you have no wifi so it's not something I looked into.

 

[tjok3000]

I don't have that chip, maybe I get one. It looks like a cool thing to try with that ESp8266 chip!
A hotspot with the phone is also a nice solution if I want to enable when away from home.

 

[snoofly]

I don't have that chip, maybe I get one. It looks like a cool thing to try with that ESp8266 chip!
A hotspot with the phone is also a nice solution if I want to enable when away from home.

Yeah, I tried the hotspot and connected the switch to that and it worked fine, that was my only concern - if I had no wifi.
And sure, get a couple of ESP8266s - they're handy little things. I have one hanging off my 5.05 ps4 with Leeful exploit flashed to it
https://gbatemp.net/threads/release...st-and-esp-devices.534441/page-5#post-8743282

 

[modern]

I read thru the thread and am a bit confused.... is this a semi cold boot exploit?

I have a switch without any burnt fuses so I can go back to 1.0.0 I used puyo to hack my switch so redo that with this exploit. Then I reupgrade with Choidoujour to 8.1.0? Without auto rcm wouldn’t switch burn fuses? Do I use that emu thing to have 1.0.0 stock and Cfw 81.0?

Edit so I read back 5 posts and seems I need to run pegaswitch each time so seems for now using a pc to drop payload is easier for now

 

[snoofly]

I read thru the thread and am a bit confused.... is this a semi cold boot exploit?

I have a switch without any burnt fuses so I can go back to 1.0.0 I used puyo to hack my switch so redo that with this exploit. Then I reupgrade with Choidoujour to 8.1.0? Without auto rcm wouldn’t switch burn fuses? Do I use that emu thing to have 1.0.0 stock and Cfw 81.0?

Edit so I read back 5 posts and seems I need to run pegaswitch each time so seems for now using a pc to drop payload is easier for now

you do mostly what you said but create an emunand and upgrade that via choi to 8.1.
You don’t touch your sys firm at all, that stays at 1.0 for the purpose of launching nereba via pegascape
and you don’t need rcm as you’ll always only boot to 1.0 so you won’t burn anything
You don’t need pc cables or dongles, just wifi or hotspot

of course all this assumes you are sure you haven’t burnt any fuses at all else you won’t be able to boot to stock 1.0 so double check that

 

[renegade2k82]

When i click the nebra icon from pegascape i always get a error and tells me to shut down.so how do i fix this?i have the pegafolder and the files from the pegascape site.

 

[M7L7NK7]

You are on 1.0.0 yeah?

 

[renegade2k82]

yes i am on 1.0

 

[renegade2k82]

Also i got past the error screen by renaming the latest hekate payload nereba.bin and put it in the nereba folder but i was able to boot to hekate from pegascape once now everytime i try to do that when my switch reboots the screen just flickers black.

 

[BaamAlex]

Also i got past the error screen by renaming the latest hekate payload nereba.bin and put it in the nereba folder but i was able to boot to hekate from pegascape once now everytime i try to do that when my switch reboots the screen just flickers black.

Why don't you use fusee gelee? Much more convenient

 

[snoofly]

Why don't you use fusee gelee? Much more convenient

For 1.0 users, nereba provides an untethered payload injection.
Unless things have changed and I’m out of the loop I thought best you could do for untethered with FG is a trinket, failing that you’re lugging a dongle or cable around for a reboot

 

[renegade2k82]

yeah i got it working now i just used a older version of hekate and have 2 separate sd cards 1 fat32 to load into pegascape and inject the payload and the other exfat one to swap out to in hekate to load my emummc with latest firmware.i defiantly rather swap sd cards then have to be tethered or have to use a jig and carry that stuff around.like snoofly said its much more convenient with 1.0 compared to fusee gelee.

 

[snoofly]

yeah i got it working now i just used a older version of hekate and have 2 separate sd cards 1 fat32 to load into pegascape and inject the payload and the other exfat one to swap out to in hekate to load my emummc with latest firmware.i defiantly rather swap sd cards then have to be tethered or have to use a jig and carry that stuff around.like snoofly said its much more convenient with 1.0 compared to fusee gelee.

Glad you got it working but not sure why you need to swap sd cards.
I’m running the pega/nereba/emummc setup on my 1.0 switch with just the one fat32 sd card.
I’d be very wary swapping in and out sd cards, that microsd socket is very flimsy and broke on one of mine.

 

[petspeed]

yeah i got it working now i just used a older version of hekate and have 2 separate sd cards 1 fat32 to load into pegascape and inject the payload and the other exfat one to swap out to in hekate to load my emummc with latest firmware.i defiantly rather swap sd cards then have to be tethered or have to use a jig and carry that stuff around.like snoofly said its much more convenient with 1.0 compared to fusee gelee.

Firmware 1.0.0 doesn't support exfat. If you reformat your exfat SD card to FAT32 I bet it will work fine with just one SD card.

 

[Dust2dust]

Too bad support for 2.0-3.0 never materialized. I would have tried it on my 2.3.

 

[gbadl]

Hopefully researched can use this to figure out if something can be modified in patches OFW up to current versions.

 

[8BitWonder]

Too bad support for 2.0-3.0 never materialized. I would have tried it on my 2.3.

You can use caffeine on 2.0.0-4.1.0 to reboot into payloads.
https://github.com/liuervehc/caffeine