Hardware Good and Bad things About Nintendo Switch (For Hackers)

[comput3rus3r]

The good: you can hack your switch day 1 using a very simple one-step process.
The bad: that process is "swing your axe at the switch until it consists of as many pieces you want".

The good: nintendo might include a "press this button to automatically hack your switch and start downloading our entire catalog for free NOW!!! "
The bad: chances of that are less likely than everyone in the world winning the lottery on the same day...today.

The good: the portability of the thing allows you to showcase your 1337 haxxor skillz to your friends
The bad: your "1337 haxxor skillz" consists of lurking on gbatemp and scriptkiddie'ing the work of others

The good: maybe the browser will have a day 0 java buffer overflow error that could lead to low-level access to the switch registry where you can bypass main security to inject programs with loopholes so you can run unsigned stuff on kernel level.
The bad: the last sentence is just a bunch of regular hacking terms thrown together to make me look smart, while the "maybe" word at the start neatly conceals the fact that I don't know what the fuck I'm talking about.

Lol

 

[nmkd]

The Switch might get hacked for Linux.
That's what hackers do, they don't hack for pirates to pirate, they hack for themselves to run their own software and or because it's fun reverse engineering software.
IF, the switch allows for Linux to be installed on it, hackers see no point in hacking it.

Want an example?
PS3.

Honestly, I won't give a fuck about piracy if we get Android one day.

PSP emulation

//Sent from my glorious OnePlus X

 

[DinohScene]

Honestly, I won't give a fuck about piracy if we get Android one day.

PSP emulation

//Sent from my glorious OnePlus X

I doubt we'll see Android ported to it.
Otherwise it would've already happened on previous consoles/handhelds.

 

[mikey420]

Given that it can work much like a tablet I could see android being ported to it however I wouldn't hold my breath as I honestly think it'd be a waste of time. I doubt it would run the best but then since only Nintendo knows the kind of power there will be to work with I can't say.

 

[nmkd]

I doubt we'll see Android ported to it.
Otherwise it would've already happened on previous consoles/handhelds.

Well, there are barely ARM consoles that are technically (RAM and performance) able to run it, or to make it worth porting.

//Sent from my glorious OnePlus X

 

[spotanjo3]

Number 1 and 2 is fine with me but I do not care about number 3. I never used online at all.

 

[SamTheSaminator]

1- Good: the Hackers could Hack The Nintendo Switch.

We're decent hackers, we can do it.

Bad: it will take a years to Hack it

Nintendo don't really like doing this so they shield their system. We need to find a workaround for this shield to get in, which takes a while.

 

[Yil]

We're decent hackers, we can do it.

Nintendo don't really like doing this so they shield their system. We need to find a workaround for this shield to get in, which takes a while.

What if it requires removing a physical chip (inside the soc) that monitors all your instructions and create errors whenever you execute things beyong a certain bound? Some smartphones already had this.

 

[sarkwalvein]

What if it requires removing a physical chip (inside the soc) that monitors all your instructions and create errors whenever you execute things beyong a certain bound? Some smartphones already had this.

The Wii had that, so did the Wii U and the 3DS.

 

[SamTheSaminator]

What if it requires removing a physical chip (inside the soc) that monitors all your instructions and create errors whenever you execute things beyong a certain bound? Some smartphones already had this.

There is that, but I didn't say we can't do it.

 

[Yil]

The Wii had that, so did the Wii U and the 3DS.

But what if it sits above the kernel this time? And being put inside the soc made this a lot harder.

 

[TotalInsanity4]

But what if it sits above the kernel this time? And being put inside the soc made this a lot harder.

IOSU on the Wii U is literally what you're describing

 

[Yil]

IOSU on the Wii U is literally what you're describing

How do you even bypass it if the kernel don't give you access? Unless we hijack other things.

 

[TotalInsanity4]

How do you even bypass it if the kernel don't give you access? Unless we hijack other things.

That's outside my knowledge. I'm guessing there's probably an oversight where IOSU reads something and instead of responding and eliminating it just bugs out

 

[shinyquagsire23]

What if it requires removing a physical chip (inside the soc) that monitors all your instructions and create errors whenever you execute things beyong a certain bound? Some smartphones already had this.

That idea is closer to a hypervisor than anything else, to be honest. Enforcing memory permissions with an NX bit has been a feature since ARMv6 and is almost a requirement in modern devices (even 3DS has it). It's also a CPU feature so can't be removed. With Wii U's IOS, NX was provided by an external controller in the die.

If the RAM is part of the SoC then that would eliminate any chances of RAM dumping early on (which is the only reason the DSi was remotely hacked, 3DS probably would have happened eventually but happened sooner with RAM dumping).

If the 3DS didn't have gspwn it would have been much more difficult to have homebrew to the extent it is at now, since you would need kernel access to write to executable memory. This is the case with Wii U, but Nintendo doesn't seem to care much for the Wii U and hasn't patched any of the existing vulnerabilities which have existed on the latest firmware for months. Wii U also has a JIT area which at least made things a bit easier. With 3DS, very few ARM11 kernel exploits have been found, and fewer ARM9 privilege escalation exploits exist.

My guess for even just a decent homebrew environment in userland would be a few years. The 3DS didn't have the worst security (though it made some critical mistakes), and the Wii U was ~OK in PPC, but pretty decent with IOSU, and the Switch should only get better. Luckily webkit is basically a given if it's a portable, so bypassing ASLR should be feasible. Actually going from ROP to real code execution will be the hard part.

EDIT: Actually I guess code execution could be doable if there's a JIT area like with Wii U, but it didn't exist on 3DS so whether it'll be included is a mystery. Could also go full iOS where there's a JIT area, but it's actually secure.

 

[zoogie]

The big reason the 3ds got hacked was the ability to dump FCRAM from hardware. That lead to userland exploitation and that led to all the rest.

It will likely be much more difficult given the high probability the switch's RAM will be embedded in its SOC.

edit: shinyninja'd

 

[TheToaster]

TBH, the first "disadvantage" in the OP isn't really a disadvantage to me. Every device takes time to be hacked. That's the fun about it. For example, the 3DS is nearing the end of its lifespan. Of course, Nintendo will still release software updates and patches, but ultimately it will be really easy to find new vulnerabilities and create exploits. If Nintendo were to just give up and completely stop releasing software updates for the 3DS, where is the fun in that? There is no purpose in hacking a console at all. So, when the switch is released, of course it will take another year to hack it, but that's what makes hacking fun: Discovering vulnerabilities, creating exploits, Nintendo patches the vulnerabilities, and repeat the process.

 

[Alkéryn]

None of them are true and actually the switch will be hacked in few weeks /month

 

[ethanwa79]

Good: Real software and hardware engineers are actually already looking into ways to hack the Switch.

Bad: You're not one of them, because people who know what they are doing don't post shit threads like this.

 

[WiiUBricker]

1- Good: the Hackers could Hack The Nintendo Switch. Bad: it will take a years to Hack it
2- Good: it could be access a Flashcard (Maybe). Bad: it could NOT have a flashcard or it's Protected from flashcards.
3- Good: it could be hacked by the web browser of the Switch. Bad: it could Not Have a DNS (for preventing updates and the Updates could prevent you from playing online or opening the Web browser or it could force you to update to use a software (like the nintendo 3DS).

I just noticed this thread for the first time. From the title, I thought that it would list facts but there is nothing but useless ifs and even those ifs don't make any sense. So what's the point?