Toggle sidebar

Hacking Speculations about Switch 2 hacking

  • Thread starter Thread starter KeeperCP1
  • Start date Start date
  • Views Views 303,885
  • Replies Replies 803
  • Likes Likes 10
mad_dog said:
We have already seen teardowns of the switch 2.
Does anybody know if a kind of hard mod that was design on the switch 1 would be feasible on the switch 2 or will it be harder due to the fact that switch 2 might have a smaller engraving ?
Click to expand...
No, the Hardmod used for Switch 1 is not feasible.
Switch 1 Hardmods aimed at triggering the RCM after Nintendo removed previous entry points such as the bridging of pins on the right joycon rail. However, I doubt RCM as a concept even exists for the Switch 2 anymore.
 
  • Like
Reactions: mad_dog, Dat0_ and retrofan_k
Theres a few questions that I've had for a little while now and I thought I would ask them here so some more knowledgeable people could answer them.

  • 1. What's stopping people from just copying their games to the SD card and then extracting them on their computer?
  • 2. Why can't you just rip switch 2 games/firmware updates from cartridges the same way you rip switch 1 cartridges?
  • 3. Why hasn't anyone just taken the Switch 2 data chip and extracted the firmware and stuff from there?
I hope someone who's way smarter than me can explain this stuff lol.
 
  • Haha
Reactions: bamboocappucino and Calipup
TankedThomas said:
Here's something to get people's hopes up for no good reason:

He won't name his source but apparently someone has found an exploit that Nintendo is investigating. No idea what to make of this but I wouldn't put much stock in it right now.

View attachment 510278

It'll be hacked, it's just a matter of when. I don't expect it to be soon but maybe this is real.

I believe the guy who found the userland exploit mentioned using a save exploit too, so possibly Switch 1 to Switch 2 transfer, but it's impossible to say more right now.

Hey, it's a speculation thread after all. I just figured someone might get a kick out of this supposed news.
Click to expand...

The entire exploit makes zero sense.
The tweet says its before secure boot, which in the context of a kernel bug makes no sense. How the hell are you exploiting the kernel without it even being loaded, unless they're trying to describe an exploit which reboots. Before secure boot means something akin to RCM but again no source?
Also the big red flag is MK World being mentioned. Game exploits aren't really a thing these days because of how sandboxed games are. Games have to ask for kernel system calls and they are only allowed a very strict set of permissions. If this is true though, it means that someone managed to get MK World running arbitrary code somehow, broke out of a sandbox. triggered a kernel bug and rebooted to run code before secure boot.
 
  • Like
Reactions: RednaxelaNnamtra, Nekomaru and Dat0_
Has someone put a switch 2 cart in a hacked switch and tried to read its contents or anything like that yet?

I was also wondering how the switch 2 runs switch 1 games, and if old versions of games with ACE could be used to exploit the switch. Im sure that nintendo thought of this, but idk maybe worth considering.
 
  • Haha
Reactions: Calipup
Dogewowkay said:
Theres a few questions that I've had for a little while now and I thought I would ask them here so some more knowledgeable people could answer them.

  • 1. What's stopping people from just copying their games to the SD card and then extracting them on their computer?
  • 2. Why can't you just rip switch 2 games/firmware updates from cartridges the same way you rip switch 1 cartridges?
  • 3. Why hasn't anyone just taken the Switch 2 data chip and extracted the firmware and stuff from there?
I hope someone who's way smarter than me can explain this stuff lol.
Click to expand...
These ideas scream "I'm thought of these based on TV hackers". but since you noted that you'd like to educate yourself I'll indulge you

They are because of encryption. The Switch 1 can be made to cough up its encryption keys after you get it to run unsigned code. This enables decrypting cartridge data and storage data. The S2 has many more protections around its encryption keys.
awzi said:
Has someone put a switch 2 cart in a hacked switch and tried to read its contents or anything like that yet?

I was also wondering how the switch 2 runs switch 1 games, and if old versions of games with ACE could be used to exploit the switch. Im sure that nintendo thought of this, but idk maybe worth considering.
Click to expand...
The answer to your first question is again encryption keys

The ability of games to exploit the system was stamped out long ago via sandboxing.
 
  • Like
Reactions: Nekomaru, mad_dog, awzi and 1 other person
Dogewowkay said:
Theres a few questions that I've had for a little while now and I thought I would ask them here so some more knowledgeable people could answer them.

  • 1. What's stopping people from just copying their games to the SD card and then extracting them on their computer?
  • 2. Why can't you just rip switch 2 games/firmware updates from cartridges the same way you rip switch 1 cartridges?
  • 3. Why hasn't anyone just taken the Switch 2 data chip and extracted the firmware and stuff from there?
I hope someone who's way smarter than me can explain this stuff lol.
Click to expand...

Because everything is encrypted and inaccessible unless you have the decryption keys. You're naive if you think all data on the Switch and it's game carts are in a nice folder system for people to mess with. The reason things like dumping games from Switch 1 was because we had those keys. And if you ever set up a Switch 1 emulator, you'd know one of the first steps was uploading a keys file to do that work (recommended from your own Switch so it's "legal" but ya know how things go).
 
  • Like
Reactions: Nekomaru
Calipup said:
Because everything is encrypted and inaccessible unless you have the decryption keys. You're naive if you think all data on the Switch and it's game carts are in a nice folder system for people to mess with. The reason things like dumping games from Switch 1 was because we had those keys. And if you ever set up a Switch 1 emulator, you'd know one of the first steps was uploading a keys file to do that work (recommended from your own Switch so it's "legal" but ya know how things go).
Click to expand...
I knew it had something to do with the encryption keys but I was thinking that there might be more to it then you just needing the encryption keys to be able to access the roms in the sd card. (Sorry if I'm not making much sense, I'm pretty tired rn lol.)
Post automatically merged:

l7777 said:
These ideas scream "I'm thought of these based on TV hackers". but since you noted that you'd like to educate yourself I'll indulge you

They are because of encryption. The Switch 1 can be made to cough up its encryption keys after you get it to run unsigned code. This enables decrypting cartridge data and storage data. The S2 has many more protections around its encryption keys.

The answer to your first question is again encryption keys

The ability of games to exploit the system was stamped out long ago via sandboxing.
Click to expand...
Yet again I knew it was something with the encryption keys, but I was mainly curious about the last 2 questions I was asking. Also, if you were to get the key files off of the switch 2's nand by extracting them directly from the chip, wouldn't you then be able to decrypt the files from a cartridge if you dumped them the same way you would dump a switch 1 cart? (Again, sorry if I'm not making much sense, pretty tired rn.)
 
Last edited by Dogewowkay,


BooM... one of the games he transfers is Minecraft, even if nintendo doesn't let him do it, the game itself does... and crashes. BUT, the thing is, wasn't Minecraft done in Java ? I don't know but... if the game uses some sort of Java byte code compilation ( JIT/dynarec/... ) and generates executable code on the fly... well, that might mean the process could be exploited and usermode code run in RWX pages... ?

This transferring saves thing... doesn't seem like that easy to limit. Of course nintendo can blacklist games and so on, compulsory updates delivered, etc., but...

We may be onto something here.
 
Dogewowkay said:
I knew it had something to do with the encryption keys but I was thinking that there might be more to it then you just needing the encryption keys to be able to access the roms in the sd card. (Sorry if I'm not making much sense, I'm pretty tired rn lol.)
Post automatically merged:


Yet again I knew it was something with the encryption keys, but I was mainly curious about the last 2 questions I was asking. Also, if you were to get the key files off of the switch 2's nand by extracting them directly from the chip, wouldn't you then be able to decrypt the files from a cartridge if you dumped them the same way you would dump a switch 1 cart? (Again, sorry if I'm not making much sense, pretty tired rn.)
Click to expand...
Keys are not on the nand, they are used to decrypt it and the games. They are also used to encrypt the content stored on the sd card. I believe the keys on the S2 are stored in a security specific chip and are unique to each S2. To have the same level of access as the S1 those keys will need to be exposed somehow which is unlikely as everything around them is designed to prevent such an exposure.
 
  • Like
Reactions: Dat0_ and mad_dog
l7777 said:
Keys are not on the nand, they are used to decrypt it and the games. They are also used to encrypt the content stored on the sd card. I believe the keys on the S2 are stored in a security specific chip and are unique to each S2. To have the same level of access as the S1 those keys will need to be exposed somehow which is unlikely as everything around them is designed to prevent such an exposure.
Click to expand...
It's weird no one has even attempted to rip any files from any of the chips directly yet though.
 
  • Haha
Reactions: bamboocappucino and Calipup
Dogewowkay said:
I knew it had something to do with the encryption keys but I was thinking that there might be more to it then you just needing the encryption keys to be able to access the roms in the sd card. (Sorry if I'm not making much sense, I'm pretty tired rn lol.)
Post automatically merged:


Yet again I knew it was something with the encryption keys, but I was mainly curious about the last 2 questions I was asking. Also, if you were to get the key files off of the switch 2's nand by extracting them directly from the chip, wouldn't you then be able to decrypt the files from a cartridge if you dumped them the same way you would dump a switch 1 cart? (Again, sorry if I'm not making much sense, pretty tired rn.)
Click to expand...

To put it as simply as I can, "getting the keys" is where everything falls apart. It is a core function of the security features of the system to do everything they can to not give up keys or any other hidden information that would be used to compromise the system.

Dogewowkay said:
It's weird no one has even attempted to rip any files from any of the chips directly yet though.
Click to expand...

I honestly don't even know where to begin to try and explain why this statement does not make sense.
 
  • Like
Reactions: Dat0_ and mad_dog
kingaz said:
To put it as simply as I can, "getting the keys" is where everything falls apart. It is a core function of the security features of the system to do everything they can to not give up keys or any other hidden information that would be used to compromise the system.



I honestly don't even know where to begin to try and explain why this statement does not make sense.
Click to expand...
sorry I'm really tired rn and struggling to try to even make sense in the first place
 
Dogewowkay said:
It's weird no one has even attempted to rip any files from any of the chips directly yet though.
Click to expand...
That's the thing, the files you speak of are encrypted by the keys. The keys are protected by many many layers of security. There is no getting files without the keys.
 
I'm sure I'm going to get made fun of for posting this, but I did want to post what I've identified as a potential entry point on the Switch 2. I was looking for gameplay of Jinki Resurrection on YouTube and stumbled across this video:



Initially, I didn't think anything of it. But after seeing this video, I discovered there is a Nintendo Switch version of this game. I know this is probably a bit of a long shot, but does anyone here think this game could be used to hack the Switch 2 in the same way it can be used to hacked the PS4 and PS5? It appears to be some sort of save file exploit that has made the game function as a lua loader.

I'm just posting this because if I find ANYTHING AT ALL that looks like it could be relevant to this scene, I'd rather say something so we can all get our Switch 2s hacked. And yes, I know people will make the argument about the Switch 1 games being sandboxed until the end of time, but that hasn't stopped people in the past from breaking out of it somehow.
 
Kai_98 said:
I'm sure I'm going to get made fun of for posting this, but I did want to post what I've identified as a potential entry point on the Switch 2. I was looking for gameplay of Jinki Resurrection on YouTube and stumbled across this video:



Initially, I didn't think anything of it. But after seeing this video, I discovered there is a Nintendo Switch version of this game. I know this is probably a bit of a long shot, but does anyone here think this game could be used to hack the Switch 2 in the same way it can be used to hacked the PS4 and PS5? It appears to be some sort of save file exploit that has made the game function as a lua loader.

I'm just posting this because if I find ANYTHING AT ALL that looks like it could be relevant to this scene, I'd rather say something so we can all get our Switch 2s hacked. And yes, I know people will make the argument about the Switch 1 games being sandboxed until the end of time, but that hasn't stopped people in the past from breaking out of it somehow.
Click to expand...


This has been posted about earlier in the thread and a few people downloaded the betas from the Japan eshop, but like you said the main argument against it is that the games are sandboxed so probably nothing will come of it. Doesn't hurt to go download the demos though if you really want to be covering all bases.
 
  • Like
Reactions: Dat0_, Blythe93 and Nekomaru

Site & Scene News

Go to forum More news

Popular threads in this forum

Why was there almost no outrage about game keys?

bought a switch 2 from amazon.de(europe) and its banned,what are my chances nitendo unbans it?(i dint know if its seconds hand or not

Gaming  Pokemon Wind/Wave will be the first Pokemon game since X/Y that won't be datamined

STARFOX DIRECT!

Lack of Proper Game Streaming...

Hardware  Mobapad M12 HD

Gaming  Are you enjoying Yoshi and the Mysterious Book?

The Switch interface beats the Wii U's in one aspect