There never was a jailbreak, he just found a system flaw. But it's a limit what you can do with said flaws. Some aren't useful at all.
Nintendo Switch V2 Jailbreak Theory
- Thread starter CruzeForce
- Start date
- Views 15,363
- Replies 52
- Status
Fr
That flaw was taken advantage of through 8bitdo, which I will try to use to get system admin privelige.
- Joined
- Jul 23, 2018
- Messages
- 6,065
- Trophies
- 1
- Age
- 29
- Location
- Lampukistan
- Website
- hmpg.net
- XP
- 6,184
- Country
But do you have an exploitable vulnerability? The Bluetooth thingy were fixed afaik. And as stated above, bluetooth (or controller input in general) won't provide any kind of privileged system access.
8bitdo doesnt exploit any bluetooth vulnerability or anything,
For the dongle that allow you to connect any controller on the switch, it doesnt even use the switch bluetooth, it have its own bluetooth to connect to the bluetooth controller, after that it convert the controllers input as a nintendo switch compatible input and send them through the USB
For the controllers that connect directly on the switch, they just are compliant with the nintendo controller input format, its not a vulnerability or a hack.
There is no vulnerability here, its just normal limited controller inputs and thats it
If there was, you dont need al of that, just plug something in USB and go for it.
You are confusing bluebomb that was an actual console bluetooth vulnerability that allowed to access high priviledges on a console full of vulnerabilities, and the fact that a third party periferal use bluetooth itself.
For the dongle that allow you to connect any controller on the switch, it doesnt even use the switch bluetooth, it have its own bluetooth to connect to the bluetooth controller, after that it convert the controllers input as a nintendo switch compatible input and send them through the USB
For the controllers that connect directly on the switch, they just are compliant with the nintendo controller input format, its not a vulnerability or a hack.
There is no vulnerability here, its just normal limited controller inputs and thats it
If there was, you dont need al of that, just plug something in USB and go for it.
You are confusing bluebomb that was an actual console bluetooth vulnerability that allowed to access high priviledges on a console full of vulnerabilities, and the fact that a third party periferal use bluetooth itself.
Last edited by Engezerstorung,
I am trying to find vulnerability through Bluetooth to get system privelage
- Joined
- Jul 23, 2018
- Messages
- 6,065
- Trophies
- 1
- Age
- 29
- Location
- Lampukistan
- Website
- hmpg.net
- XP
- 6,184
- Country
Then happy hacking. Everyone present here told you that there is no critical flaw in the switch os. And as stated above, 8bitdo doesn't exploit anything.
I am trying to find vulnerability through Bluetooth to get system privelage.
If Nintendo tried to patch it's jailbreaks, it surely wouldnt have decided to add Bluetooth audio, in fact, what if you connect a microcontroller through audio Bluetooth, and as headphones have buttons which give commands, if you click a button on it, it will run RCM loader
- Joined
- Jul 23, 2018
- Messages
- 6,065
- Trophies
- 1
- Age
- 29
- Location
- Lampukistan
- Website
- hmpg.net
- XP
- 6,184
- Country
Why rcm loader? You know that the rcm bug is fixed? On newer models ofc. You can enter it yes, but you can't execute payloads on patched models/mariko/aula units.
I accidently said rcm loader, I forgot the name of that thing that triggers jailbreak
Post automatically merged:
I will start working on this throughout the summer as I am still a student
- Joined
- Jul 23, 2018
- Messages
- 6,065
- Trophies
- 1
- Age
- 29
- Location
- Lampukistan
- Website
- hmpg.net
- XP
- 6,184
- Country
You can't compare nintendos security with TX's.
Post automatically merged:
Nothing triggers a jailbreak. Neither 8bitdos nor any other Bluetooth adapter.
Hi so I believe generally speaking bluetooth headset buttons are usually interpreted in the same way that pressing physical buttons on wired heaphones are. I think to use it as any kind of exploit for anything you would already need a way to change what that button behaviour does on the target system.
seems cruzeforce has some pretty serious misconceptions about system privileges and the sandboxed nature of HOS, while i don't mean to discurage anyone, very very smart people have been though this before and found it fruitless, the mention of "8bitdo" and triggering "jailbreaks" (exploits?) make me think this is just a shitpost.
But then again i doubted picofly would actually materialize and was very wrong there, since that is now a real and obtainable thing for all switches what would the advantage or purpose of this be?
But then again i doubted picofly would actually materialize and was very wrong there, since that is now a real and obtainable thing for all switches what would the advantage or purpose of this be?
lol.
Anyway, compromising the Bluetooth system module is possible. The OP's thing is 1000% fake ("add the jailbreak script? as then the switch would run anything the microcontroller says as it will be known as an admin" is enormously fake gibberish clearly indicating they don't understand how this works). Not surprising given they're a noob and they're not familiar with low level programming. Either way, there actually are other (real) bluetooth module flaws.
The problem is, this is useless. Compromising the bluetooth module does nothing for you in terms of homebrew capabilities; the module is not especially privileged and does not have access to any useful services for further escalation. And of course the kernel continues to have no security bugs.
The Switch isn't like the Wii U or Wii -- there, if you compromised the bluetooth stack, you had all the privileges you needed. Here, you get jack shit.
It's your prerogative to choose to waste your time on something like this, OP, but I'd like to be clear to any onlookers this is a fool's errand and you would, in fact, be wasting your time.
Anyway, compromising the Bluetooth system module is possible. The OP's thing is 1000% fake ("add the jailbreak script? as then the switch would run anything the microcontroller says as it will be known as an admin" is enormously fake gibberish clearly indicating they don't understand how this works). Not surprising given they're a noob and they're not familiar with low level programming. Either way, there actually are other (real) bluetooth module flaws.
The problem is, this is useless. Compromising the bluetooth module does nothing for you in terms of homebrew capabilities; the module is not especially privileged and does not have access to any useful services for further escalation. And of course the kernel continues to have no security bugs.
The Switch isn't like the Wii U or Wii -- there, if you compromised the bluetooth stack, you had all the privileges you needed. Here, you get jack shit.
It's your prerogative to choose to waste your time on something like this, OP, but I'd like to be clear to any onlookers this is a fool's errand and you would, in fact, be wasting your time.
- Joined
- Jul 23, 2018
- Messages
- 6,065
- Trophies
- 1
- Age
- 29
- Location
- Lampukistan
- Website
- hmpg.net
- XP
- 6,184
- Country
Dude... @SciresM told you already that it is useless. So stop wasting your time.
yo, are you the real SciresM? btw there may be a possibility to access the chip through Bluetooth is something I understand, Im new to this stuff, I am still reverse engineering the console, this is just a theory, I have enough time to waste even if there's a 1% chance that I can find an exploit. I will start this research after my end of year examinations.
Post automatically merged:
who knows, there might be a 1% percent chance that it might work, just like how you doubted the picofly, it doesnt matter if im wrong, this is just an experiment, plus the switch was defeated by a paperclip
Post automatically merged:
this is just an experiment so the result is unknown, I'd rather waste time and find out my theory is wrong then just not try, even if there's a 1% possibility it might work, because im not risking my switch bricking over a modchip or Pico fly by opening my switch, so please stop saying as it doesn't work because I want to experiment and see if this works because remember how people said pico fly wont work and oled switch patched hwfly, that was wrong, so who knows. I will experiment and post the result.
Last edited by CruzeForce,
I'm saying you would already need a way to edit system behaviour, i.e you would already need to have taken advantage of an exploit.
It wasn't actually defeated by it. It's a part of the Tegra processor that you can hold down a button combo to enter the RCM mode. But earlier bootloaders had a bug that let you run unsigned code. That exploit is called Fusee Gelee.
https://github.com/Qyriad/fusee-launcher/blob/master/report/fusee_gelee.md
https://medium.com/@SoyLatteChen/in...oint-for-nintendo-switch-hacking-26f42026ada0
Then there is Pegaswitch.
I don't know to much about it, but I think it abused a bug in the web browser.
- Status
Similar threads
