# Browserhax exploit for ipatched Switch hardware will be out later this week



## trainboy2019 (Dec 18, 2018)

Another browser exploit on a Nintendo console, why am I not surprised


----------



## guily6669 (Dec 18, 2018)

Hope its easy to achieve each time and that later they find a way to boot to CFW as a warmboot exploit for ditching the payloads 4 ever!


----------



## Deleted User (Dec 18, 2018)

I'm..... not sure what this means? Some sort of Browser exploit?


----------



## Technicmaster0 (Dec 18, 2018)

StarGazerTom said:


> I'm..... not sure what this means? Some sort of Browser exploit?


Probably an exploit that just allows to launch the hblauncher like the first public exploit for 3.0.0.


----------



## Deleted User (Dec 18, 2018)

Technicmaster0 said:


> Probably an exploit that just allows to launch the hblauncher like the first public exploit for 3.0.0.


huh. cool. Cheers for the quick explanation.


----------



## Keylogger (Dec 18, 2018)

The switch has a web browser?


----------



## raxadian (Dec 18, 2018)

trainboy2019 said:


> Another browser exploit on a Nintendo console, why am I not surprised



I honesty think Nintendo should have made the Switch games  only, is like they forgot everyone who buys a Switch also has a smartphone.


----------



## x65943 (Dec 18, 2018)

Nintendo getting pwned again

There are three things you can count on in life: death, taxes and...


----------



## huma_dawii (Dec 18, 2018)

What is this, I have no clue :v (yes I read the whole article xD)


----------



## The Minish LAN (Dec 18, 2018)

raxadian said:


> I honesty think Nintendo should have made the Switch games  only, is like they forgot everyone who buys a Switch also has a smartphone.


Sorry, but are you criticising the Switch for having an unused browser?


----------



## Deleted User (Dec 18, 2018)

Browserhax and Nintendo, name a better duo.


----------



## RattletraPM (Dec 18, 2018)

x65943 said:


> There are three things you can count on in life: death, taxes and...


...Further improvements to overall system stability and other minor adjustments have been made to enhance the user experience.


----------



## Beerus (Dec 18, 2018)

got to love browsers


----------



## Deleted-442439 (Dec 18, 2018)

Needs to be clear that this is only a USERLAND exploit. As in you can only play around with the perms userland apps get. (normal apps) this is not CFW.

So yes you can play around with emulators, and most stuff found on the homebrew appstore, but this does not allow mods, piracy, themes and other more advanced homebrew / patches to HOS.


----------



## The Minish LAN (Dec 18, 2018)

jjbredesen said:


> Needs to be clear that this is only a USERLAND exploit. As in you can only play around with the perms userland apps get. (normal apps) this is not CFW.


Neat, it'll be nice to see what people can pull off in userland. Had a ton of fun with the apps people made for 3DS homebrew back in the day.


----------



## Keylogger (Dec 18, 2018)

jjbredesen said:


> Needs to be clear that this is only a USERLAND exploit. As in you can only play around with the perms userland apps get. (normal apps) this is not CFW.
> 
> So yes you can play around with emulators, and most stuff found on the homebrew appstore, but this does not allow mods, piracy, themes and other more advanced homebrew / patches to HOS.


yes for now...


----------



## Arras (Dec 18, 2018)

raxadian said:


> I honesty think Nintendo should have made the Switch games  only, is like they forgot everyone who buys a Switch also has a smartphone.


The reason it has a browser is so it can connect to the internet in places where you're forced to click OK or login on a web page before getting internet access. It's the only circumstance where you can even access it, iirc. Maybe also the facebook or twitter login, but I don't remember.


----------



## SilverWah (Dec 18, 2018)

Why am I not surprised? Does Nintendo ever learn from their software mistakes?


----------



## Heichart (Dec 18, 2018)

*-- hexkyz - Rocking the Switch in 2018 and beyond! --*


----------



## SexiestManAlive (Dec 18, 2018)

does this mean softmod? or am i dumb?


----------



## Subtle Demise (Dec 18, 2018)

SilverWah said:


> Why am I not surprised? Does Nintendo ever learn from their software mistakes?


I'd say they do. The Switch is their most secure console yet. They also ban at slightest provocation, so yes they've learned quite a bit. Maybe they'll be smarter next time and do what Microsoft did with the dev mode on XBOX One


----------



## Arras (Dec 18, 2018)

SilverWah said:


> Why am I not surprised? Does Nintendo ever learn from their software mistakes?


Browsers are very complex pieces of software with the ability to run arbitrary scripts. The Vita and PS4 had(/have?) browser-based hacks too. Barring the RCM thing, which is more of an overlooked feature on Nvidia's side than an actual bug, the Switch is a lot more secure than past Nintendo consoles, so yes, they do learn.


----------



## Valery0p (Dec 18, 2018)

What about the supernag? You can't use a browser exploit on older firmware versions...


*sigh* I hoped someone finally decided to put together an unthetered hack for the unpatched switches...


----------



## Xandrid (Dec 18, 2018)

Funny it's a browserhax, always the go-to for exploits lol


----------



## leon315 (Dec 18, 2018)

All Nintendo consoles are killed by Browser's hand, why ninty still implement such ''useless'' feature? after 2 of their console got hacked? 


quote from an AAA game dev





> DON'T U HAVE A PHONE?



lul


----------



## Deleted User (Dec 18, 2018)

SilverWah said:


> Why am I not surprised? Does Nintendo ever learn from their software mistakes?


If NVidia and Sega (RCM exploit and 1.0 web browser) hadn't messed up, the system could full well still be locked down.

It's been stated by multiple hackers multiple times that Nintendo did an incredible job this time around, but it was infact external sources that caused the switch to be hacked/


----------



## leon315 (Dec 18, 2018)

i WISH THE MIGHTY hackers could stay close code so this amazing discovery could fuck some money leechers up!


----------



## trainboy2019 (Dec 18, 2018)

leon315 said:


> i WISH THE MIGHTY hackers could stay close code so this amazing discovery could fuck some money leechers up!


Closed source doesn't have the best reputation in the nintendo hacking scene *cough*themely*cough*


----------



## tech3475 (Dec 18, 2018)

leon315 said:


> All Nintendo consoles are killed by Browser's hand, why ninty still implement such ''useless'' feature? after 2 of their console got hacked?
> 
> 
> quote from an AAA game dev
> ...



Its meant for wireless access points which require user input e.g. accepting TOS.

If they didn’t include something people would be complaining because they can’t play online or download games/updates.


----------



## leon315 (Dec 18, 2018)

trainboy2019 said:


> Closed source doesn't have the best reputation in the nintendo hacking scene *cough*themely*cough*


THEY CAN ALWAYS chose to release the source code 3-4 months later when everyone hack their switch, while money leechers watching


----------



## Illuminaticy (Dec 18, 2018)

Oh, so when I win the switch from the gbatemp giveaway, I won't just have to sell it for an unpathched unit


----------



## trainboy2019 (Dec 18, 2018)

leon315 said:


> THEY CAN ALWAYS chose to release the source code 3-4 months later when everyone hack their switch, while money leechers watching


That's not how it works, if the source sin't released alongside the release, the creator will have a ton of pressure to release it from the get-go. Also, by releasing it, they're giving a pretty big hint as to where it is for the hunters to look, so might as well open the floodgates


----------



## leon315 (Dec 18, 2018)

trainboy2019 said:


> That's not how it works, if the source sin't released alongside the release, the creator will have a *ton of pressure *to release it from the get-go. Also, by releasing it, they're giving a pretty big hint as to where it is for the hunters to look, so might as well open the floodgates



*ton of pressure huh?* why certain people ever got pressured? u know who.


----------



## guily6669 (Dec 18, 2018)

raxadian said:


> I honesty think Nintendo should have made the Switch games  only, is like they forgot everyone who buys a Switch also has a smartphone.


Actually I think everything should have multimedia capabilities, poor is having good performance chips like the Xone\PS4 Pro and just let you play games and nothing else while a similar or better PC can do just anything out there...

I can't say I use the browser or multimedia in the console, but sometimes I'm in a game and I just use the console browser\youtube to see some hint\guide to do something in the game like in red dead redemption 2...

And yeah I have the phone near me, but I prefer not wasting battery in it, I barely connect it to 3G or WiFi and my tablet was OFF so I was even lazy to turn it ON and also waste battery 4 the next day so If I'm on PS4 I just use the browser\youtube and If I'm playing in the PC same thing, I use Firefox in it...


----------



## trainboy2019 (Dec 18, 2018)

leon315 said:


> *ton of pressure huh?* why certain people ever got pressured? u know who.


One example that comes to mind was Erman, who went and deleted everything related to the project.


----------



## the_randomizer (Dec 18, 2018)

Will this allow homebrew to be launched without using that dongle for once?


----------



## Kubas_inko (Dec 18, 2018)

inb4 Xecuter saying how they hacked ipatched units.


----------



## leon315 (Dec 18, 2018)

anyway ALL THE HEIR to the HACKERS for this amazing hack! for this great xmas gift for Switch owners!

hope it will stay Close code, so TX won't STEAL IT!


----------



## PRAGMA (Dec 18, 2018)

Wonder if unpatched units can take advantage of this in some way to boot CFW without annoying RCM


----------



## Kubas_inko (Dec 18, 2018)

PRAGMA said:


> Wonder if unpatched units can take advantage of this in some way to boot CFW without annoying RCM


Nope, until we get trust zone from it. It is only userland exploit for now.


----------



## raxadian (Dec 18, 2018)

Arras said:


> The reason it has a browser is so it can connect to the internet in places where you're forced to click OK or login on a web page before getting internet access. It's the only circumstance where you can even access it, iirc. Maybe also the facebook or twitter login, but I don't remember.



Why add Facebook and Twitter? Is for playing games. Adding a web browser made sence when the 3DS launched, nowadays with everyone and their mother having smartphones, it seems pointless.

And yes Smartphones can use Wifi too.  

The Switch is never gonna have all the functionalities of a Smartphone or tablet anyway. 

But I understand people might not share my opinion.  

I miss the days when videogame consoles were just videogame consoles.


----------



## Kioku_Dreams (Dec 18, 2018)

the_randomizer said:


> Will this allow homebrew to be launched without using that dongle for once?


Didn't the first browser hax allow this? If so, then I don't see this being any different.


----------



## raxadian (Dec 18, 2018)

PRAGMA said:


> Wonder if unpatched units can take advantage of this in some way to boot CFW without annoying RCM



So far this exploit doesn't let you  run Switch game roms. Of course a work around will probably be found.


----------



## Kioku_Dreams (Dec 18, 2018)

raxadian said:


> I miss the days when videogame consoles were just videogame consoles.


Agreed. It's a shame that a web browser is now a "standard" in some eyes. You don't need a web browser on a game console. It's just asinine and redundant. Especially with, as you said, smartphones being such a social pillar these days. Damn near everyone has one.


----------



## EmanueleBGN (Dec 18, 2018)

Exploit and Homebrew: Browser's Inside Story


----------



## trainboy2019 (Dec 18, 2018)

EmanueleBGN said:


> Exploit and Homebrew: Browser's Inside Story


I'm adding that to my signature


----------



## EmanueleBGN (Dec 18, 2018)

trainboy2019 said:


> I'm adding that to my signature


I'm honored


----------



## Arras (Dec 18, 2018)

Kubas_inko said:


> inb4 Xecuter saying how they hacked ipatched units.


They won't claim that until they have a way to run XCIs on it, and if they do at this point, they deserve to brag.


----------



## the_randomizer (Dec 18, 2018)

Memoir said:


> Didn't the first browser hax allow this? If so, then I don't see this being any different.



I thought the dongle and/or using a paperclip was required to enter RCM? A 100% software solution would be enough of a reason for me to try, otherwise, I'll have to pass.

I personally couldn't care less about "backups".


----------



## Kioku_Dreams (Dec 18, 2018)

the_randomizer said:


> I thought the dongle and/or using a paperclip was required to enter RCM? A 100% software solution would be enough of a reason for me to try, otherwise, I'll have to pass.
> 
> I personally couldn't care less about "backups".


Oh, I'm talking about the 3.0.0 pegaswitch or whatever it was called. You had to enter the browser to access homebrew.


----------



## the_randomizer (Dec 18, 2018)

Memoir said:


> Oh, I'm talking about the 3.0.0 pegaswitch or whatever it was called. You had to enter the browser to access homebrew.



Damn, never mind then. It's useless to those on 6.x.x.


----------



## Prior22 (Dec 18, 2018)

Should we be looking to buy a Switch to safeguard against stock firmware upgrades?  I know with the PS4 if the firmware is beyond a certain point you're out of luck when it comes to modding.  Is this the same thing with a Switch?


----------



## PRAGMA (Dec 18, 2018)

Prior22 said:


> Should we be looking to buy a Switch to safeguard against stock firmware upgrades?  I know with the PS4 if the firmware is beyond a certain point you're out of luck when it comes to modding.  Is this the same thing with a Switch?


Pre june units doesnt really matter aslong as they dont throw us another 6.2.0, with a after june unit, it does matter


----------



## Rabbid4240 (Dec 18, 2018)

Get nae naed nintendorks


----------



## Subtle Demise (Dec 18, 2018)

leon315 said:


> All Nintendo consoles are killed by Browser's hand, why ninty still implement such ''useless'' feature? after 2 of their console got hacked?
> 
> 
> quote from an AAA game dev
> ...


It's a necessary feature though. Some wi-fi setups, especially public ones, require you to authenticate on a webpage before you can use the internet. That's why it's there.


----------



## MikaDubbz (Dec 18, 2018)

Wait, is this the kind of exploit that would not require a jig and could let me play emulators on my Switch and that new homebrew app that lets you stream your computer to the Switch?  Cuz if so, holy shit, that's what I want.  I don't care about playing backups, I don't want that, I'm not interested in piracy on my Switch, so if we're just limited to that kind of homebrew with this and there is no external hardware needed, then this would be exactly what I've been looking for.

But is that the case?  Or do you still need to physically do something with your Switch?  Beyond that, would having homebrew on my Switch be detectable by Nintendo and if so would I get banned just for having homebrew on my system?


----------



## SexiestManAlive (Dec 18, 2018)

SexySpai said:


> Get nae naed nintendorks


i cant breathe!


----------



## JordenNixNix (Dec 18, 2018)

But what about console bundles which come with a game or Bayonetta 1? In order to get the game you need to enter the eShop, but to enter the eShop, you must update to 6.2.0. 

Is there a way to use this new hombrew entry and get the game bundled with the console? 

I know in the 3DS scene, we can spoof the firmware version. Is there something similar for the Switch?
I am pretty new to the Switch hacking scene.

Would be great having hombrew and the bundled (download code) game.


----------



## |<roni&g (Dec 18, 2018)

Fantastic news. If we owned mario kart 8 on wiiu we deserve the same switch version free if they’re recycling games we already bought


----------



## PikachuR77 (Dec 18, 2018)

Not even not having a web browser can save Nintendo from browser exploits.


----------



## Techjunky90 (Dec 18, 2018)

MikaDubbz said:


> Wait, is this the kind of exploit that would not require a jig and could let me play emulators on my Switch and that new homebrew app that lets you stream your computer to the Switch?  Cuz if so, holy shit, that's what I want.  I don't care about playing backups, I don't want that, I'm not interested in piracy on my Switch, so if we're just limited to that kind of homebrew with this and there is no external hardware needed, then this would be exactly what I've been looking for.
> 
> But is that the case?  Or do you still need to physically do something with your Switch?  Beyond that, would having homebrew on my Switch be detectable by Nintendo and if so would I get banned just for having homebrew on my system?


Not interested in piracy, yet you want to play emulators. Where do you get the roms for those emulators? Do you dump your own physical cartridges? No, you pirate them. You look like an idiot, oh I'm not interested in piracy, even though that's exactly what I do when I emulate games.


----------



## Slim45 (Dec 18, 2018)

raxadian said:


> I honesty think Nintendo should have made the Switch games  only, is like they forgot everyone who buys a Switch also has a smartphone.


meanwhile Blizzard reps feel validated reading this comment.


----------



## PatrickD85 (Dec 18, 2018)

Oeh...  2 questions;
1]  Is it < 6.2.0 or <= 6.2.0 ?
2] In userland, is something like Checkpoint on the table?


----------



## PhiZero (Dec 18, 2018)

I wonder how long it's going to take to pry open these ipatched units like the original models, if it hasn't already been done behind the scenes.


----------



## Prior22 (Dec 18, 2018)

PRAGMA said:


> Pre june units doesnt really matter aslong as they dont throw us another 6.2.0, with a after june unit, it does matter



So if a system has firmware at 6.2 or higher it can't be modded?  Would it be tough to find a new system sold at a store like Best Buy or Amazon with lower firmware?


----------



## Paulsar99 (Dec 18, 2018)

Great news. Sadly I wouldn't be also surprised if most ipatched units are on 6.2.0 by now because of smash.


----------



## THYPLEX (Dec 18, 2018)

Interested for emulators purposes


----------



## LightyKD (Dec 18, 2018)

The is cool and all but I just want Android apps support. In waiting for the day where I can turn my Switch into a cable box!


----------



## hippy dave (Dec 18, 2018)

Prior22 said:


> So if a system has firmware at 6.2 or higher it can't be modded?


It can if it's unpatched (made before ~June).


----------



## YugamiSekai (Dec 19, 2018)

This is great for ipatched switches, but where's the warmboot exploit for 4.1.0 and below? Also, from looking at these replies, doesn't consoles need at least some form of a web browser, since there are wifi connections that require authorizations (which is how the 3.0.0 web exploit even worked)?


----------



## LovesSwitch223 (Dec 19, 2018)

But what about the risk of a ban using this compared to RCM?


----------



## ertaboy356b (Dec 19, 2018)

Thanks WebKit! You're the best/buggiest browser ever!


----------



## Milenko (Dec 19, 2018)

Prior22 said:


> So if a system has firmware at 6.2 or higher it can't be modded?  Would it be tough to find a new system sold at a store like Best Buy or Amazon with lower firmware?



Consoles don't ship with anything higher than 5.1.0 currently


----------



## Molhel (Dec 19, 2018)

Neat. Hopefully it leads to CFW/other exploits soon.


----------



## gnmmarechal (Dec 19, 2018)

trainboy2019 said:


> Another browser exploit on a Nintendo console, why am I not surprised


I mean.... WebKit.


----------



## RocketRobz (Dec 19, 2018)

Haven't been watching the Switch scene much.

I've been wanting to run homebrew on my Switch console, but I didn't feel like doing the RCM jig thing, and risk a brick if done wrong (at least, that's what I've heard). 
Assuming this also works on non-iPatched units, even though this is just userland, my console would be banned from using this, right?

EDIT: Found @LovesSwitch223 already asked this.


----------



## medoli900 (Dec 19, 2018)

Techjunky90 said:


> Not interested in piracy, yet you want to play emulators. Where do you get the roms for those emulators? Do you dump your own physical cartridges? No, you pirate them. You look like an idiot, oh I'm not interested in piracy, even though that's exactly what I do when I emulate games.


Why couldn't he dump their own cartridge? You are assuming they download them, you have no proof. I myself dump my games when I play them on emulator, since I am against all piracy.


----------



## Chrisssj2 (Dec 19, 2018)

StarGazerTom said:


> I'm..... not sure what this means? Some sort of Browser exploit?


You have to unlock bowser mini in smash brothers and glitch masterhand to get exploit.


----------



## ciaomao (Dec 19, 2018)

Chrisssj2 said:


> You have to unlock bowser mini in smash brothers and glitch masterhand to get exploit.



Sir, this is a BROWSER hack, not a common BOWSER hack


----------



## DJravingMonkey (Dec 19, 2018)

It sure is no new exploit. I would guess it gets published because it was closed in 6.2.0


----------



## PedroKeitawa (Dec 19, 2018)

I assume if you use this exploit you still need to take your console offline right? Even if is just userland.


----------



## aos10 (Dec 19, 2018)

how you can use the browser in the switch?


----------



## Dontwait00 (Dec 19, 2018)

jjbredesen said:


> Needs to be clear that this is only a USERLAND exploit. As in you can only play around with the perms userland apps get. (normal apps) this is not CFW.
> 
> So yes you can play around with emulators, and most stuff found on the homebrew appstore, but this does not allow mods, piracy, themes and other more advanced homebrew / patches to HOS.


wasnt there a SXOS ROMENU .nro version? if yes, is it useful?

--------------------- MERGED ---------------------------



aos10 said:


> how you can use the browser in the switch?


With very limited ways.
1) - throw a game; (very unlikely)
2) - throw a custom DNS which connects to a server hosting the payload & exploit

edit: if you want, you can join in my server which im making a guide for exploiting in different ways.


----------



## _hexkyz_ (Dec 19, 2018)

Just to provide a bit more context and hopefully clear some doubts:
- The déjà-vu exploit chain goes browserhax > nvhax > gmmuhax > nspwn > [undisclosed] > warmboothax;
- What is going to be released is a browser exploit for firmware versions 4.0.0 to 6.0.1 and the "nvhax" exploit which allows you to take over the nvservices' process and access the GPU MMU (which we used for gmmuhax).

I know it's not much yet, but this will grant those with ipatched units the ability to explore the system further and look for even more vulnerabilities on a higher privilege level.
For general users (with ipatched units), the benefits will depend on the firmware version you are on:
- 4.1.0: vulnerable to the entire déjà-vu chain so it can go up to nspwn right away (full userland takeover and therefore, homebrew);
- 5.0.0 to 5.1.0: nspwn was patched in this version, but workarounds are possible by abusing gmmuhax;
- 6.0.0 to 6.0.1: many changes made exploitation really hard to achieve, but there are still workarounds.

6.1.0 patched the browser exploit that will be released (others are already being worked on) and 6.2.0 patched "nvhax" (closing down the current exploit chain).


----------



## PatrickD85 (Dec 20, 2018)

Thanks for that @_hexkyz_ 
Bummer then, already on 6.2 with the ipatched switch. So no options for now ... and thus no checkpoint acces.
Ah well ...  still great to see this coming though for others


----------



## THYPLEX (Dec 21, 2018)

It will require some sort of accessories or nothing but the switch and the software that Will be released soon ?

--------------------- MERGED ---------------------------

If i'm already at 6.2 , i can't do this exploit ?


----------



## SexiestManAlive (Dec 21, 2018)

luckily im on 5.1.0 although i might have burned some fuses when i updated my emunand


----------



## aos10 (Dec 22, 2018)

so, anytime now?


----------



## henkp (Dec 23, 2018)

THYPLEX said:


> It will require some sort of accessories or nothing but the switch and the software that Will be released soon ?
> 
> If i'm already at 6.2 , i can't do this exploit ?


It will require nothing, and correct, you can't do it on 6.2 (hence <6.2 instead of =<6.2)/


----------



## Deleted User (Dec 23, 2018)

Keylogger said:


> The switch has a web browser?



I guess not


----------



## THYPLEX (Dec 23, 2018)

henkp said:


> It will require nothing, and correct, you can't do it on 6.2 (hence <6.2 instead of =<6.2)/


Oh man...


----------



## Deleted_444986 (Dec 23, 2018)

Where is it ?
We are last day of week


----------



## Keylogger (Dec 23, 2018)

Sumandora said:


> I guess not


Oh ok so we have a web browser exploit but the switch has no web browser 

I understand now...


----------



## Deleted_444986 (Dec 23, 2018)

With a DNS we can


----------



## Milenko (Dec 23, 2018)

June 15th


----------



## itsjch (Dec 23, 2018)

ETA 5 hours!


----------



## gnmmarechal (Dec 23, 2018)

Arras said:


> Browsers are very complex pieces of software with the ability to run arbitrary scripts. The Vita and PS4 had(/have?) browser-based hacks too. Barring the RCM thing, which is more of an overlooked feature on Nvidia's side than an actual bug, the Switch is a lot more secure than past Nintendo consoles, so yes, they do learn.


Erm, RCM itself is an intended feature. It's definitely a bug's fault that we can run arbitrary code with it.


----------



## Kioku_Dreams (Dec 23, 2018)

gnmmarechal said:


> Erm, RCM itself is an intended feature. It's definitely a bug's fault that we can run arbitrary code with it.


I think that's what they were referring to. Not the ability to enter RCM, but the fact that we can run code through it.


----------



## gnmmarechal (Dec 23, 2018)

Memoir said:


> I think that's what they were referring to. Not the ability to enter RCM, but the fact that we can run code through it.


That's totally a bug and not an overlooked feature.


----------



## Deleted member 457158 (Dec 23, 2018)

so could this be used with "lockpick" and dump keys? prob not, but if we manage to get kernel access thru browserhax, it could be possible (maybe), and what also might be possible, anybody willing to do a hardmod nand backup with an ipatched switch and decrypt using these keys, i think it might be possible to inject nsps into the nand backup or something like an nsp forwarder to the hbmenu. this is just a guess, idk if this would actually be true or not


----------



## Kioku_Dreams (Dec 23, 2018)

gnmmarechal said:


> That's totally a bug and not an overlooked feature.


Well, I'm not too sure of the technical side of things. However, is running unofficial code a bug?... Or an unintended feature? Did it involve a complex workaround to take advantage of, or could we just build third party tools right off the bat? These are all serious questions as I'm still hazy about it.


----------



## Friendsxix (Dec 23, 2018)

Memoir said:


> Well, I'm not too sure of the technical side of things. However, is running unofficial code a bug?... Or an unintended feature? Did it involve a complex workaround to take advantage of, or could we just build third party tools right off the bat? These are all serious questions as I'm still hazy about it.


It is most certainly a bug. Here is a writeup authored by Kate Temkin: https://misc.ktemkin.com/fusee_gelee_nvidia.pdf

Unless I am misunderstanding what you're saying, in which case I apologize.


----------



## Kioku_Dreams (Dec 23, 2018)

Friendsxix said:


> It is most certainly a bug. Here is a writeup authored by Kate Temkin: https://misc.ktemkin.com/fusee_gelee_nvidia.pdf
> 
> Unless I am misunderstanding what you're saying, in which case I apologize.


No, you're right. I'm ignorant on this part..


----------



## Deleted User (Dec 24, 2018)

Keylogger said:


> Oh ok so we have a web browser exploit but the switch has no web browser
> 
> I understand now...



hope you know that this post was a joke


----------



## _hexkyz_ (Dec 24, 2018)

Sorry for missing my own ETA on the browserhax + nvhax release. I wasn't counting on spending the last days dealing with food poisoning.The exploit will, obviously, be released during this week (there isn't that much left to justify another delay).— Mike Heskin (@hexkyz) December 24, 2018


Sorry about that.
In case anyone is interested in knowing which bugs make up the exploit chain that will be released:
https://switchbrew.org/wiki/Switch_System_Flaws#System_Modules (see nvhax)
https://switchbrew.org/wiki/Switch_Userland_Flaws (see CVE-2016-4622)


----------



## Mythical (Dec 27, 2018)

Can Userland do nand backups?


----------



## Yamathedestroyer (Dec 27, 2018)

no


----------



## NoNAND (Dec 28, 2018)

history repeats itself


----------



## radicalwookie (Dec 28, 2018)

I'm deeply sorry if this was discussed already, but does this mean that the patched Switches on market now, will be able to run CFW?
Only userland access means no CFW a la SX or am I wrong?


----------



## _hexkyz_ (Dec 28, 2018)

Write-up is up: The Switch - A Memoir https://t.co/hqGNcKkSQf— Mike Heskin (@hexkyz) December 28, 2018


The updated exploit code (for 4.1.0, 5.x and 6.0.0) will be pushed to PegaSwitch over the next few days.


----------



## radicalwookie (Dec 28, 2018)

_hexkyz_ said:


> Write-up is up: https://twitter.com/hexkyz/status/1078753939305054208
> 
> The updated exploit code (for 4.1.0, 5.x and 6.0.0) will be pushed to PegaSwitch over the next few days.


This was a better read than most of the books I’ve read so far... thank you!


----------



## MyconMama (Jan 3, 2019)

_hexkyz_ said:


> Write-up is up: https://twitter.com/hexkyz/status/1078753939305054208
> 
> The updated exploit code (for 4.1.0, 5.x and 6.0.0) will be pushed to PegaSwitch over the next few days.



Thanks for your tireless efforts and the hilarious write-up "what should we do next? What about take the entire system down?"  

I hope you're feeling better!


----------



## Gmoney122352 (Jan 6, 2019)

Can i use this to edit my save files for games like zelda BOTW


----------



## MicShadow (Jan 7, 2019)

Gmoney122352 said:


> Can i use this to edit my save files for games like zelda BOTW


As much as I'd also love this, *not currently*.

We (will) only have user land access from within the browser, which would not have access to the save files for games.

With luck, someone will find an exploit to escape the browser sandbox and get generic file system access.
But wouldn't hold your breath.


----------



## Scarlet (Jan 7, 2019)

MicShadow said:


> As much as I'd also love this, *not currently*.
> 
> We (will) only have user land access from within the browser, which would not have access to the save files for games.
> 
> ...


Are you sure? I swear when I used PegaSwitch on 3.0.0 before all this CFW fun, I could grab saves, albeit via some wonky script that took some effort. Is this going to be different to how PegaSwitch was then?


----------



## MicShadow (Jan 7, 2019)

Scarlet said:


> Are you sure? I swear when I used PegaSwitch on 3.0.0 before all this CFW fun, I could grab saves, albeit via some wonky script that took some effort. Is this going to be different to how PegaSwitch was then?



Hmm taking another look at the write up it does look possible. But @hexkyz would have to confirm as he doesn't specifically mention in his write up the control nvservices has from this point of view
.
Looks like it can write anywhere to DRAM (with some handle exhaustion/mem tricks), which hopefully will mean escaping sandbox protections.
Also, the home brew may need to be written specifically for this mode of exploit (or someone makes a new loader.

Happy to be completely corrected! Haven't been around the switch scene long


----------



## DPyro (Jan 10, 2019)

Are there instructions on how to run this?


----------



## Deleted User (Jan 11, 2019)

Since this isn’t a CFW exploit, I won’t get banned from online services right?


----------



## SexiestManAlive (Jan 20, 2019)

gary4356767 said:


> Since this isn’t a CFW exploit, I won’t get banned from online services right?


i think youll still get banned


----------

