Switch Hacking & Homebrew Discussion

Discussion in 'Switch - Hacking & Homebrew' started by EpicLPer, Mar 12, 2017.

  1. Oleboy555

    Oleboy555 Wie dit leest is een zemmel

    Member
    342
    108
    Feb 8, 2017
    Netherlands
    Amsterdam
    yeye sure but looking at your profile and you being a 100% sure i hope you can understand that I have some doubts

    but hey you never know
     


  2. mikeg504

    mikeg504 Member

    Newcomer
    12
    12
    May 27, 2017
    United States
    It is not a browser exploit, and didn't require a game.. pretty sure it would work well if someone has a dump.. I could even take a shot if someone either dumped NAND, or did SSL man in the middle during an exploit (hoping that its not encrypted beyond SSL.. but probably is).. either way msg me here, or mike@easystyle.org with SWITCH in subject...
     
    peteruk likes this.
  3. Oleboy555

    Oleboy555 Wie dit leest is een zemmel

    Member
    342
    108
    Feb 8, 2017
    Netherlands
    Amsterdam
    good luck with your project
     
    BlastedGuy9905 likes this.
  4. peteruk

    peteruk GBAtemp Maniac

    Member
    1,352
    581
    Jun 26, 2015
    Even if it doesn't turn out to be something useful it is nice to see people actively trying to find exploits, so good luck with everything
     
    BlastedGuy9905 likes this.
  5. Oleboy555

    Oleboy555 Wie dit leest is een zemmel

    Member
    342
    108
    Feb 8, 2017
    Netherlands
    Amsterdam
    keep us updated
     
    BlastedGuy9905 likes this.
  6. mikeg504

    mikeg504 Member

    Newcomer
    12
    12
    May 27, 2017
    United States
    LOL.. check out a patent with things ive designed: http://www.freepatentsonline.com/y2015/0186296.html
    then tell me if u have doubts ;) everything i work on is very low level (asm modifications, exploits, security.. etc).. Just not for game systems in the past...but BOTW is the first game ive played in 15 years.

    It's definitely a vulnerability.. whether or not code execution is to be continued.. although I'm pretty sure you can prepare memory on these devices one way or another.. its possible it may be tricky.. I won't lie about that, but a vuln it is for sure.
     
    peteruk likes this.
  7. Oleboy555

    Oleboy555 Wie dit leest is een zemmel

    Member
    342
    108
    Feb 8, 2017
    Netherlands
    Amsterdam
    as i said, you may never know
     
  8. mikeg504

    mikeg504 Member

    Newcomer
    12
    12
    May 27, 2017
    United States
    It honestly gives me insight into several areas that nintendo may have messed up on due to this crash.. so ill wait and speak to whomever has experience as of now
     
    peteruk likes this.
  9. peteruk

    peteruk GBAtemp Maniac

    Member
    1,352
    581
    Jun 26, 2015
    Smea
    SciresM

    would be good people to approach
     
    kingraa777 likes this.
  10. BlastedGuy9905

    BlastedGuy9905 Ace Bricker

    Member
    413
    149
    Apr 13, 2017
    United States
    Outside your windows ᕙ(◔ᗜ◔)ᕗ
    try to contact yellows8, too.
     
    peteruk likes this.
  11. mikeg504

    mikeg504 Member

    Newcomer
    12
    12
    May 27, 2017
    United States
    will do
     
  12. DarkOrb

    DarkOrb Member

    Newcomer
    39
    33
    Oct 11, 2013
    Gambia, The
    A reproducible crash doesn't imply it's a vulnerability. You have to have a possibility, to load custom code (In form of a modified Savegame or a exploitable file (f.e. a exploitable image format (a PSP exploit used TIFF files to do that) inside the RAM to cause a Puffer Overflow, but that's simply not possible with a simple crash.
     
    Last edited by DarkOrb, Jun 17, 2017
  13. mikeg504

    mikeg504 Member

    Newcomer
    12
    12
    May 27, 2017
    United States
    True but I'm pretty sure you could setup some memory.. It is between 3 subsystems and it depends on their memory allocation functions. I will do my best to work with it a little, although its difficult since I'm traveling. I'm positive its using external manipulable resources, so it really depends on whether or not you can chain it easily (several times to inject code,etc) or maybe loading a game, or the browser and then triggering this could allow having the shell code, or other things required in memory...I'd be shocked if it wasn't a stack overflow... but your right. I don't know for sure. I'm going to do what I can but its extremely lengthy in my situation right now. I am using a phone as tether, etc...

    theres a decent (30-50%) chance that this would not be something you'd want to do every time youd like to execute game code, although for jail breaking once I can see it taking place.. will post if i find out anyting further, or if i speak to anyone about it

    — Posts automatically merged - Please don't double post! —

    Yes i am sure the route to go would be to use DNS hijacking, and then load memory into the device (shell code, etc) and then trigger it.. it would ensure things are in memory... whether or not it allows jumping easily to that memory is to be continued.. but from a engineer standpoint, I believe it shouldn't clear that memory, and fully deallocate before the trigger
     
    peteruk likes this.
  14. mikeg504

    mikeg504 Member

    Newcomer
    12
    12
    May 27, 2017
    United States
    I've been considering how the device works.. using DNS, and the browser (or manipulation of news, or eshop) should work to load things into memory for almost any exploit (whether you get to control data for a game through their own protocols like multi player, or others with the OS itself, or wifi, etc.. It should be a universal way to prepare the switch.. just for anyone to keep in mind who attempts to work on bugs for it.
     
  15. BlastedGuy9905

    BlastedGuy9905 Ace Bricker

    Member
    413
    149
    Apr 13, 2017
    United States
    Outside your windows ᕙ(◔ᗜ◔)ᕗ
    Mikeg you should make a new thread about this possible exploit. It's getting quite hard to see what's going on here.
     
  16. Paiuand

    Paiuand GBAtemp Regular

    Member
    261
    10
    Aug 24, 2015
    Gambia, The
    If all this is true.... I am excited to see whats going to happen! :D
     
    BlastedGuy9905 likes this.
  17. robingilh

    robingilh GBAtemp Regular

    Member
    103
    63
    Dec 21, 2009
    France
    not far from a computer
    Lots of work, research and drama from the the secretive hacking club.

    A hello world leaked by "inadvertance" by some member of the project three years later.

    A way to play backups made by somebody who doesn't care about morals 1 month agter the previous event.
     
  18. Paiuand

    Paiuand GBAtemp Regular

    Member
    261
    10
    Aug 24, 2015
    Gambia, The
    Whats the point you are trying to make here? Or am i just stupid and cant understand...
     
  19. TotalInsanity4

    TotalInsanity4 GBAtemp Supreme Overlord

    Member
    6,572
    6,405
    Dec 1, 2014
    United States
    Under a rock
    It's not exploitable if the OS "handles" it (i.e. throws an error screen). Typically the only exploitable crashes are ones that would freeze the console or produce a RAM dump onscreen
     
  20. BlastedGuy9905

    BlastedGuy9905 Ace Bricker

    Member
    413
    149
    Apr 13, 2017
    United States
    Outside your windows ᕙ(◔ᗜ◔)ᕗ
    (don't ruin our hopes and dreams)
     
    peteruk likes this.